From no-reply at appveyor.com Mon Mar 1 00:18:20 2021 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 01 Mar 2021 00:18:20 +0000 Subject: Build completed: openssl master.40296 Message-ID: <20210301001820.1.91775034D4FBC7FE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Mar 1 01:12:49 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Mar 2021 01:12:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm Message-ID: <1614561169.471092.3657606.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslapitest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/sslapitest \ test/helpers/sslapitest-bin-ssltestlib.o \ test/sslapitest-bin-filterprov.o \ test/sslapitest-bin-sslapitest.o \ test/sslapitest-bin-tls-provider.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslbuffertest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/sslbuffertest \ test/helpers/sslbuffertest-bin-ssltestlib.o \ test/sslbuffertest-bin-sslbuffertest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslcorrupttest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/sslcorrupttest \ test/helpers/sslcorrupttest-bin-ssltestlib.o \ test/sslcorrupttest-bin-sslcorrupttest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sysdefaulttest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/sysdefaulttest \ test/sysdefaulttest-bin-sysdefaulttest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13ccstest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/tls13ccstest \ test/helpers/tls13ccstest-bin-ssltestlib.o \ test/tls13ccstest-bin-tls13ccstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13secretstest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/tls13secretstest \ crypto/tls13secretstest-bin-packet.o \ ssl/tls13secretstest-bin-tls13_enc.o \ test/tls13secretstest-bin-tls13secretstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/uitest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/uitest \ apps/lib/uitest-bin-apps_ui.o test/uitest-bin-uitest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread make[1]: Leaving directory '/home/openssl/run-checker/no-asm' $ make test make depend && make _tests make[1]: Entering directory '/home/openssl/run-checker/no-asm' make[1]: Leaving directory '/home/openssl/run-checker/no-asm' make[1]: Entering directory '/home/openssl/run-checker/no-asm' ( SRCTOP=../openssl \ BLDTOP=. \ PERL="/usr/bin/perl" \ FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \ EXE_EXT= \ /usr/bin/perl ../openssl/test/run_tests.pl ) 01-test_abort.t .................... ok 01-test_sanity.t ................... ok 01-test_symbol_presence.t .......... ok 01-test_test.t ..................... ok 02-test_errstr.t ................... ok 02-test_internal_context.t ......... ok 02-test_internal_ctype.t ........... ok 02-test_internal_keymgmt.t ......... ok 02-test_internal_provider.t ........ ok 02-test_lhash.t .................... ok 02-test_ordinals.t ................. ok 02-test_sparse_array.t ............. ok 02-test_stack.t .................... ok 03-test_exdata.t ................... ok 03-test_fipsinstall.t .............. ok 03-test_internal_asn1.t ............ ok 03-test_internal_asn1_dsa.t ........ ok 03-test_internal_bn.t .............. ok 03-test_internal_chacha.t .......... ok 03-test_internal_curve448.t ........ ok 03-test_internal_ec.t .............. ok 03-test_internal_ffc.t ............. ok 03-test_internal_mdc2.t ............ ok 03-test_internal_modes.t ........... ok 03-test_internal_namemap.t ......... ok 03-test_internal_poly1305.t ........ ok 03-test_internal_rsa_sp800_56b.t ... ok 03-test_internal_siphash.t ......... ok 03-test_internal_sm2.t ............. ok 03-test_internal_sm4.t ............. ok 03-test_internal_ssl_cert_table.t .. ok 03-test_internal_x509.t ............ ok 03-test_params_api.t ............... ok 03-test_property.t ................. ok 03-test_ui.t ....................... ok 04-test_asn1_decode.t .............. ok 04-test_asn1_encode.t .............. ok 04-test_asn1_string_table.t ........ ok 04-test_bio_callback.t ............. ok 04-test_bioprint.t ................. ok 04-test_conf.t ..................... ok 04-test_encoder_decoder.t .......... ok make[1]: *** [Makefile:3269: _tests] Terminated From openssl at openssl.org Mon Mar 1 02:07:23 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Mar 2021 02:07:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1614564443.274582.3771726.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=232, Tests=3165, 926 wallclock secs (14.22 usr 1.38 sys + 834.85 cusr 87.94 csys = 938.39 CPU) Result: FAIL make[1]: *** [Makefile:3277: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' make: *** [Makefile:3274: tests] Error 2 From no-reply at appveyor.com Mon Mar 1 08:09:41 2021 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 01 Mar 2021 08:09:41 +0000 Subject: Build failed: openssl master.40304 Message-ID: <20210301080941.1.8B876098BC08E448@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Mar 1 08:29:49 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Mar 2021 08:29:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1614587389.372552.317476.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 90 Failed: 2) Failed tests: 14, 40 Non-zero exit status: 2 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=232, Tests=3167, 1088 wallclock secs (15.04 usr 1.70 sys + 982.44 cusr 92.53 csys = 1091.71 CPU) Result: FAIL make[1]: *** [Makefile:3218: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' make: *** [Makefile:3215: tests] Error 2 From dev at ddvo.net Mon Mar 1 09:31:05 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 01 Mar 2021 09:31:05 +0000 Subject: [openssl] master update Message-ID: <1614591065.174725.7201.nullmailer@dev.openssl.org> The branch master has been updated via d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c (commit) via 7932982b88f5095f60397fe727d27ddf7234f4d6 (commit) from e60e974414a7e637ff2f946dc2aa24c381a32cc2 (commit) - Log ----------------------------------------------------------------- commit d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c Author: Dr. David von Oheimb Date: Wed Feb 17 17:24:19 2021 +0100 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14009) commit 7932982b88f5095f60397fe727d27ddf7234f4d6 Author: Dr. David von Oheimb Date: Thu Jan 28 22:10:47 2021 +0100 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14009) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 4 + apps/cmp.c | 3 +- apps/lib/apps.c | 3 +- apps/ocsp.c | 7 +- apps/s_server.c | 10 +- crypto/err/openssl.txt | 2 +- crypto/http/http_client.c | 28 ++--- crypto/http/http_err.c | 4 +- crypto/http/http_lib.c | 260 ++++++++++++++++++++++++++------------- doc/man1/openssl-cmp.pod.in | 16 ++- doc/man1/openssl-ocsp.pod.in | 2 + doc/man1/openssl-s_server.pod.in | 2 + doc/man3/OSSL_HTTP_parse_url.pod | 83 +++++++++++++ doc/man3/OSSL_HTTP_transfer.pod | 57 +++------ include/openssl/http.h | 17 +-- include/openssl/httperr.h | 2 +- include/openssl/ocsp.h.in | 2 +- test/http_test.c | 63 ++++++++-- util/libcrypto.num | 1 + util/missingcrypto.txt | 1 - 20 files changed, 391 insertions(+), 176 deletions(-) create mode 100644 doc/man3/OSSL_HTTP_parse_url.pod diff --git a/CHANGES.md b/CHANGES.md index 335b492e4f..0bc5f81100 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -119,6 +119,10 @@ OpenSSL 3.0 *Rich Salz and Richard Levitte* + * Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`. + + *David von Oheimb* + * Validation of SM2 keys has been separated from the validation of regular EC keys, allowing to improve the SM2 validation process to reject loaded private keys that are not conforming to the SM2 ISO standard. diff --git a/apps/cmp.c b/apps/cmp.c index 5778fd95a7..d04af4177b 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1855,7 +1855,8 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) CMP_err("missing -server option"); goto err; } - if (!OSSL_HTTP_parse_url(opt_server, &server, &port, &portnum, &path, &ssl)) { + if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &server, &port, + &portnum, &path, NULL /* q */, NULL /* frag */)) { CMP_err1("cannot parse -server URL: %s", opt_server); goto err; } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 634bebde42..2a5ec6bb65 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2271,7 +2271,8 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, return NULL; } - if (!OSSL_HTTP_parse_url(url, &server, &port, NULL, NULL, &use_ssl)) + if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port, + NULL /* port_num, */, NULL, NULL, NULL)) return NULL; if (use_ssl && ssl_ctx == NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER, diff --git a/apps/ocsp.c b/apps/ocsp.c index 97f9403ff1..e61774a8a3 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -275,9 +275,10 @@ int ocsp_main(int argc, char **argv) OPENSSL_free(tport); OPENSSL_free(tpath); thost = tport = tpath = NULL; - if (!OSSL_HTTP_parse_url(opt_arg(), - &host, &port, NULL, &path, &use_ssl)) { - BIO_printf(bio_err, "%s Error parsing URL\n", prog); + if (!OSSL_HTTP_parse_url(opt_arg(), &use_ssl, NULL /* userinfo */, + &host, &port, NULL /* port_num */, + &path, NULL /* qry */, NULL /* frag */)) { + BIO_printf(bio_err, "%s Error parsing -url argument\n", prog); goto end; } thost = host; diff --git a/apps/s_server.c b/apps/s_server.c index 9bd9338a31..bbbe3cf877 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -472,8 +472,8 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, x = SSL_get_certificate(s); aia = X509_get1_ocsp(x); if (aia != NULL) { - if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), - &host, &port, NULL, &path, &use_ssl)) { + if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &use_ssl, + NULL, &host, &port, NULL, &path, NULL, NULL)) { BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); goto err; } @@ -1337,10 +1337,10 @@ int s_server_main(int argc, char *argv[]) case OPT_STATUS_URL: #ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; - if (!OSSL_HTTP_parse_url(opt_arg(), + if (!OSSL_HTTP_parse_url(opt_arg(), &tlscstatp.use_ssl, NULL, &tlscstatp.host, &tlscstatp.port, NULL, - &tlscstatp.path, &tlscstatp.use_ssl)) { - BIO_printf(bio_err, "Error parsing URL\n"); + &tlscstatp.path, NULL, NULL)) { + BIO_printf(bio_err, "Error parsing -status_url argument\n"); goto end; } #endif diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 530e3217e4..e9a179c362 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -757,7 +757,7 @@ HTTP_R_FAILED_READING_DATA:128:failed reading data HTTP_R_INCONSISTENT_CONTENT_LENGTH:120:inconsistent content length HTTP_R_INVALID_PORT_NUMBER:123:invalid port number HTTP_R_INVALID_URL_PATH:125:invalid url path -HTTP_R_INVALID_URL_PREFIX:124:invalid url prefix +HTTP_R_INVALID_URL_SCHEME:124:invalid url scheme HTTP_R_MAX_RESP_LEN_EXCEEDED:117:max resp len exceeded HTTP_R_MISSING_ASN1_ENCODING:110:missing asn1 encoding HTTP_R_MISSING_CONTENT_TYPE:121:missing content type diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 56fb876ee6..259bad366b 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -75,8 +75,7 @@ struct ossl_http_req_ctx_st { OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int method_POST, int maxline, unsigned long max_resp_len, - int timeout, - const char *expected_content_type, + int timeout, const char *expected_ct, int expect_asn1) { OSSL_HTTP_REQ_CTX *rctx; @@ -98,7 +97,7 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, return NULL; } rctx->method_POST = method_POST; - rctx->expected_ct = expected_content_type; + rctx->expected_ct = expected_ct; rctx->expect_asn1 = expect_asn1; rctx->resp_len = 0; OSSL_HTTP_REQ_CTX_set_max_response_length(rctx, max_resp_len); @@ -298,8 +297,7 @@ OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy, const char *content_type, BIO *req_mem, int maxline, unsigned long max_resp_len, int timeout, - const char *expected_content_type, - int expect_asn1) + const char *expected_ct, int expect_asn1) { OSSL_HTTP_REQ_CTX *rctx; @@ -311,7 +309,7 @@ OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy, if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, req_mem != NULL, maxline, max_resp_len, timeout, - expected_content_type, expect_asn1)) + expected_ct, expect_asn1)) == NULL) return NULL; @@ -986,7 +984,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, int maxline, unsigned long max_resp_len, int timeout, - const char *expected_content_type, int expect_asn1) + const char *expected_ct, int expect_asn1) { time_t start_time = timeout > 0 ? time(NULL) : 0; char *current_url, *redirection_url; @@ -1005,8 +1003,8 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, return NULL; for (;;) { - if (!OSSL_HTTP_parse_url(current_url, &host, &port, NULL /* port_num */, - &path, &use_ssl)) + if (!OSSL_HTTP_parse_url(current_url, &use_ssl, NULL /* user */, &host, + &port, NULL /* port_num */, &path, NULL, NULL)) break; new_rpath: @@ -1015,7 +1013,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, bio_update_fn, arg, headers, NULL, NULL, maxline, max_resp_len, update_timeout(timeout, start_time), - expected_content_type, expect_asn1, + expected_ct, expect_asn1, &redirection_url); OPENSSL_free(path); if (resp == NULL && redirection_url != NULL) { @@ -1048,21 +1046,21 @@ ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, int maxline, unsigned long max_resp_len, - int timeout, const char *expected_content_type, - const ASN1_ITEM *it) + int timeout, const char *expected_ct, + const ASN1_ITEM *rsp_it) { BIO *mem; ASN1_VALUE *resp = NULL; - if (url == NULL || it == NULL) { + if (url == NULL || rsp_it == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if ((mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn, arg, headers, maxline, max_resp_len, timeout, - expected_content_type, 1 /* expect_asn1 */)) + expected_ct, 1 /* expect_asn1 */)) != NULL) - resp = BIO_mem_d2i(mem, it); + resp = BIO_mem_d2i(mem, rsp_it); BIO_free(mem); return resp; } diff --git a/crypto/http/http_err.c b/crypto/http/http_err.c index 20235ba0f8..2bb6d97290 100644 --- a/crypto/http/http_err.c +++ b/crypto/http/http_err.c @@ -32,8 +32,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = { {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER), "invalid port number"}, {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PATH), "invalid url path"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PREFIX), - "invalid url prefix"}, + {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_SCHEME), + "invalid url scheme"}, {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MAX_RESP_LEN_EXCEEDED), "max resp len exceeded"}, {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_ASN1_ENCODING), diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index 028ef12383..6b8c15471e 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -15,55 +15,73 @@ #include "http_local.h" -/* - * Parse a URL and split it up into host, port and path components and - * whether it indicates SSL/TLS. Return 1 on success, 0 on error. - */ +static void init_pstring(char **pstr) +{ + if (pstr != NULL) { + *pstr = NULL; + } +} -int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, - int *pport_num, char **ppath, int *pssl) +static int copy_substring(char **dest, const char *start, const char *end) { - char *p, *buf; - char *host, *host_end; - const char *path, *port = OSSL_HTTP_PORT; - long portnum = 80; - - if (phost != NULL) - *phost = NULL; - if (pport != NULL) - *pport = NULL; - if (ppath != NULL) - *ppath = NULL; - if (pssl != NULL) - *pssl = 0; + return dest == NULL + || (*dest = OPENSSL_strndup(start, end - start)) != NULL; +} + +static void free_pstring(char **pstr) +{ + if (pstr != NULL) { + OPENSSL_free(*pstr); + *pstr = NULL; + } +} + +int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag) +{ + const char *p, *tmp; + const char *scheme, *scheme_end; + const char *user, *user_end; + const char *host, *host_end; + const char *port, *port_end; + unsigned int portnum; + const char *path, *path_end; + const char *query, *query_end; + const char *frag, *frag_end; + + init_pstring(pscheme); + init_pstring(puser); + init_pstring(phost); + init_pstring(pport); + init_pstring(ppath); + init_pstring(pfrag); + init_pstring(pquery); if (url == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return 0; } - /* dup the buffer since we are going to mess with it */ - if ((buf = OPENSSL_strdup(url)) == NULL) - goto err; - - /* check for optional prefix "http[s]://" */ - p = strstr(buf, "://"); + /* check for optional prefix "://" */ + scheme = scheme_end = url; + p = strstr(url, "://"); if (p == NULL) { - p = buf; + p = url; } else { - *p = '\0'; /* p points to end of scheme name */ - if (strcmp(buf, OSSL_HTTPS_NAME) == 0) { - if (pssl != NULL) - *pssl = 1; - port = OSSL_HTTPS_PORT; - portnum = 443; - } else if (strcmp(buf, OSSL_HTTP_NAME) != 0) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PREFIX); - goto err; - } - p += 3; + scheme_end = p; + if (scheme_end == scheme) + goto parse_err; + p += strlen("://"); } - host = p; + + /* parse optional "userinfo@" */ + user = user_end = host = p; + host = strchr(p, '@'); + if (host != NULL) + user_end = host++; + else + host = p; /* parse host name/address as far as needed here */ if (host[0] == '[') { @@ -72,76 +90,152 @@ int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, host_end = strchr(host, ']'); if (host_end == NULL) goto parse_err; - *host_end++ = '\0'; + p = host_end + 1; } else { - host_end = strchr(host, ':'); /* look for start of optional port */ + /* look for start of optional port, path, query, or fragment */ + host_end = strchr(host, ':'); if (host_end == NULL) - host_end = strchr(host, '/'); /* look for start of optional path */ + host_end = strchr(host, '/'); if (host_end == NULL) - /* the remaining string is just the hostname */ + host_end = strchr(host, '?'); + if (host_end == NULL) + host_end = strchr(host, '#'); + if (host_end == NULL) /* the remaining string is just the hostname */ host_end = host + strlen(host); + p = host_end; } /* parse optional port specification starting with ':' */ - p = host_end; - if (*p == ':') { + port = "0"; /* default */ + if (*p == ':') port = ++p; - if (pport_num == NULL) { - p = strchr(port, '/'); - if (p == NULL) - p = host_end + 1 + strlen(port); - } else { /* make sure a numerical port value is given */ - portnum = strtol(port, &p, 10); - if (p == port || (*p != '\0' && *p != '/')) - goto parse_err; - if (portnum <= 0 || portnum >= 65536) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER); - goto err; - } - } + /* remaining port spec handling is also done for the default values */ + /* make sure a decimal port number is given */ + if (!sscanf(port, "%u", &portnum) || portnum > 65535) { + ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER); + goto err; } - *host_end = '\0'; - *p = '\0'; /* terminate port string */ - - /* check for optional path at end of url starting with '/' */ - path = url + (p - buf); - /* cannot use p + 1 because *p is '\0' and path must start with '/' */ - if (*path == '\0') { - path = "/"; - } else if (*path != '/') { + for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++) + ; + if (port == p) /* port was given explicitly */ + p += port_end - port; + + /* check for optional path starting with '/' or '?'. Else must start '#' */ + path = p; + if (*path != '\0' && *path != '/' && *path != '?' && *path != '#') { ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PATH); goto parse_err; } + path_end = query = query_end = frag = frag_end = path + strlen(path); - if (phost != NULL && (*phost = OPENSSL_strdup(host)) == NULL) - goto err; - if (pport != NULL && (*pport = OPENSSL_strdup(port)) == NULL) + /* parse optional "?query" */ + tmp = strchr(p, '?'); + if (tmp != NULL) { + p = tmp; + if (pquery != NULL) { + path_end = p; + query = p + 1; + } + } + + /* parse optional "#fragment" */ + tmp = strchr(p, '#'); + if (tmp != NULL) { + if (query == path_end) /* we did not record a query component */ + path_end = tmp; + query_end = tmp; + frag = tmp + 1; + } + + if (!copy_substring(pscheme, scheme, scheme_end) + || !copy_substring(phost, host, host_end) + || !copy_substring(pport, port, port_end) + || !copy_substring(puser, user, user_end) + || !copy_substring(pquery, query, query_end) + || !copy_substring(pfrag, frag, frag_end)) goto err; if (pport_num != NULL) *pport_num = (int)portnum; - if (ppath != NULL && (*ppath = OPENSSL_strdup(path)) == NULL) - goto err; + if (*path == '/') { + if (!copy_substring(ppath, path, path_end)) + goto err; + } else if (ppath != NULL) { /* must prepend '/' */ + size_t buflen = 1 + path_end - path + 1; - OPENSSL_free(buf); + if ((*ppath = OPENSSL_malloc(buflen)) == NULL) + goto err; + snprintf(*ppath, buflen, "/%s", path); + } return 1; parse_err: ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL); err: - if (ppath != NULL) { - OPENSSL_free(*ppath); - *ppath = NULL; - } - if (pport != NULL) { - OPENSSL_free(*pport); - *pport = NULL; + free_pstring(pscheme); + free_pstring(puser); + free_pstring(phost); + free_pstring(pport); + free_pstring(ppath); + free_pstring(pquery); + free_pstring(pfrag); + return 0; +} + +int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag) +{ + char *scheme, *port; + int ssl = 0, portnum; + + init_pstring(pport); + if (pssl != NULL) + *pssl = 0; + if (!OSSL_parse_url(url, &scheme, puser, phost, &port, pport_num, + ppath, pquery, pfrag)) + return 0; + + /* check for optional HTTP scheme "http[s]" */ + if (strcmp(scheme, OSSL_HTTPS_NAME) == 0) { + ssl = 1; + if (pssl != NULL) + *pssl = ssl; + } else if (*scheme != '\0' && strcmp(scheme, OSSL_HTTP_NAME) != 0) { + ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_SCHEME); + OPENSSL_free(scheme); + OPENSSL_free(port); + goto err; } - if (phost != NULL) { - OPENSSL_free(*phost); - *phost = NULL; + OPENSSL_free(scheme); + + if (strcmp(port, "0") == 0) { + /* set default port */ + OPENSSL_free(port); + port = ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; + if (!ossl_assert(sscanf(port, "%d", &portnum) == 1)) + goto err; + if (pport_num != NULL) + *pport_num = portnum; + if (pport != NULL) { + *pport = OPENSSL_strdup(port); + if (*pport == NULL) + goto err; + } + } else { + if (pport != NULL) + *pport = port; + else + OPENSSL_free(port); } - OPENSSL_free(buf); + return 1; + + err: + free_pstring(puser); + free_pstring(phost); + free_pstring(ppath); + free_pstring(pquery); + free_pstring(pfrag); return 0; } diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index dcb3ceedac..640505e4fb 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -47,9 +47,9 @@ Certificate enrollment and revocation options: Message transfer options: -[B<-server> I<[http[s]://]address[:port][/path]>] +[B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>] [B<-path> I] -[B<-proxy> I<[http[s]://]address[:port][/path]>] +[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>] [B<-no_proxy> I] [B<-msg_timeout> I] [B<-total_timeout> I] @@ -429,11 +429,13 @@ Reason numbers defined in RFC 5280 are: =over 4 -=item B<-server> I<[http[s]://]address[:port][/path]> +=item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> The IP address or DNS hostname and optionally port (defaulting to 80 or 443) of the CMP server to connect to using HTTP(S) transport. -The optional I or I prefix is ignored. +The scheme I may be given only if the B option is used. +The optional userinfo and fragment components are ignored. +Any given query component is handled as part of the path component. If a path is included it provides the default value for the B<-path> option. =item B<-path> I @@ -441,11 +443,13 @@ If a path is included it provides the default value for the B<-path> option. HTTP path at the CMP server (aka CMP alias) to use for POST requests. Defaults to any path given with B<-server>, else C<"/">. -=item B<-proxy> I<[http[s]://]address[:port][/path]> +=item B<-proxy> I<[http[s]://][userinfo@]host[:port] [/path][?query][#fragment]> The HTTP(S) proxy server to use for reaching the CMP server unless B applies, see below. -The optional I or I prefix and any trailing path are ignored. +The optional I or I prefix is ignored (note that TLS may be +selected by B), as well as any path, userinfo, and query, and fragment +components. Defaults to the environment variable C if set, else C in case no TLS is used, otherwise C if set, else C. diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index 8cd9c7de19..96fe6acbc9 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -157,6 +157,8 @@ with B<-serial>, B<-cert> and B<-host> options). =item B<-url> I Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. +The optional userinfo and fragment components are ignored. +Any given query component is handled as part of the path component. =item B<-host> I:I, B<-path> I diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index cb6a1378a0..2bc307dca1 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -470,6 +470,8 @@ Sets the timeout for OCSP response to I seconds. Sets a fallback responder URL to use if no responder URL is present in the server certificate. Without this option an error is returned if the server certificate does not contain a responder address. +The optional userinfo and fragment URL components are ignored. +Any given query component is handled as part of the path component. =item B<-status_file> I diff --git a/doc/man3/OSSL_HTTP_parse_url.pod b/doc/man3/OSSL_HTTP_parse_url.pod new file mode 100644 index 0000000000..60589b6bf9 --- /dev/null +++ b/doc/man3/OSSL_HTTP_parse_url.pod @@ -0,0 +1,83 @@ +=pod + +=head1 NAME + +OSSL_parse_url, +OSSL_HTTP_parse_url, +OCSP_parse_url +- http utility functions + +=head1 SYNOPSIS + + #include + + int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); + int OSSL_HTTP_parse_url(const char *url, + int *pssl, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); + +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +=head1 DESCRIPTION + +OSSL_parse_url() parses its input string I as a URL of the form +C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up +into scheme, userinfo, host, port, path, query, and fragment components. +The host component may be a DNS name or an IP address +where IPv6 addresses should be enclosed in square brackets C<[> and C<]>. +The port component is optional and defaults to C<0>. +If given, it must be in decimal form. If the I argument is not NULL +the integer value of the port number is assigned to I<*pport_num> on success. +The path component is also optional and defaults to C. +Each non-NULL result pointer argument I, I, I, I, +I, I, and I, is assigned the respective url component. +On success, they are guaranteed to contain non-NULL string pointers, else NULL. +It is the reponsibility of the caller to free them using L. +If I is NULL, any given query component is handled as part of the path. +A string returned via I<*ppath> is guaranteed to begin with a C character. +For absent scheme, userinfo, port, query, and fragment components +an empty string is provided. + +OSSL_HTTP_parse_url() is a special form of OSSL_parse_url() +where the scheme, if given, must be C or C. +If I is not NULL, I<*pssl> is assigned 1 in case parsing was successful +and the scheme is C, else 0. +The port component is optional and defaults to C<443> if the scheme is C, +else C<80>. + +Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl) +is equivalent to +OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL). + +=head1 RETURN VALUES + +OSSL_HTTP_parse_url() and OCSP_parse_url() +return 1 on success, 0 on error. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +OOSSL_HTTP_parse_url() was added in OpenSSL 3.0. +OCSP_parse_url() was deprecated in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index cb38d0124f..7de213670d 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -7,8 +7,7 @@ OSSL_HTTP_get_asn1, OSSL_HTTP_post_asn1, OSSL_HTTP_transfer, OSSL_HTTP_bio_cb_t, -OSSL_HTTP_proxy_connect, -OSSL_HTTP_parse_url +OSSL_HTTP_proxy_connect - http client functions =head1 SYNOPSIS @@ -22,15 +21,15 @@ OSSL_HTTP_parse_url OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, int maxline, unsigned long max_resp_len, int timeout, - const char *expected_content_type, int expect_asn1); + const char *expected_ct, int expect_asn1); ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, const char *proxy, const char *no_proxy, BIO *bio, BIO *rbio, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, int maxline, unsigned long max_resp_len, - int timeout, const char *expected_content_type, - const ASN1_ITEM *it); + int timeout, const char *expected_ct, + const ASN1_ITEM *rsp_it); ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, const char *path, int use_ssl, const char *proxy, const char *no_proxy, @@ -54,27 +53,26 @@ OSSL_HTTP_parse_url int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, const char *proxyuser, const char *proxypass, int timeout, BIO *bio_err, const char *prog); - int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, - int *pport_num, char **ppath, int *pssl); =head1 DESCRIPTION OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given I and returns it as a memory BIO. +If the schema component of the I is C a TLS connection is requested +and the I parameter, described below, must be provided. +Any userinfo and fragment components in the I are ignored. +Any query component is handled as part of the path component. -OSSL_HTTP_get_asn1() uses HTTP GET to obtain an ASN.1-encoded value -(e.g., an X.509 certificate) with the expected structure specified by I -(e.g., I) from the given I +OSSL_HTTP_get_asn1() is like OSSL_HTTP_get() but in addition +parses the received contents (e.g., an X.509 certificate) +as an ASN.1 DER encoded value with the expected structure specified by I and returns it on success as a pointer to I. -OSSL_HTTP_post_asn1() uses the HTTP POST method to send a request I -with the ASN.1 structure defined in I and the given I to -the given I and optional I and I. +OSSL_HTTP_post_asn1() is like OSSL_HTTP_get_asn1() but uses the HTTP POST method +to send a request I with the ASN.1 structure defined in I and the +given I to the given I and optional I and I. If I is nonzero a TLS connection is requested and the I parameter, described below, must be provided. -The optional list I may contain additional custom HTTP header lines. -The expected structure of the response is specified by I. -On success it returns the response as a pointer to B. OSSL_HTTP_transfer() exchanges any form of HTTP request and response. It implements the core of the functions described above. @@ -137,7 +135,7 @@ an ASN.1-encoded response is expected, which should include a total length, the length indications received are checked for consistency and for not exceeding the maximum response length. -If the parameter I (or I, respectively) +If the parameter I is not NULL then the HTTP client checks that the given content type string is included in the HTTP header of the response and returns an error if not. @@ -192,24 +190,6 @@ Since this function is typically called by applications such as L it uses the I and I parameters (unless NULL) to print additional diagnostic information in a user-oriented way. -OSSL_HTTP_parse_url() parses its input string I as a URL -of the form C<[http[s]://]address[:port][/path]> and splits it up into host, -port, and path components and a flag indicating whether it begins with 'https'. -The host component may be a DNS name or an IP address -where IPv6 addresses should be enclosed in square brackets C<[> and C<]>. -The port component is optional and defaults to "443" for HTTPS, else "80". -If the I argument is NULL the port specification -can be in mnemonic form such as "http" like with L, else -it must be in numerical form and its integer value is assigned to I<*pport_num>. -The path component is also optional and defaults to "/". -On success the function assigns via each non-NULL result pointer argument -I, I, I, I, and I -the respective url component. -On error, I<*phost>, I<*pport>, and I<*ppath> are assigned to NULL, -else they are guaranteed to contain non-NULL string pointers. -It is the reponsibility of the caller to free them using L. -A string returned via I<*ppath> is guaranteed to begin with a C character. - =head1 NOTES The names of the environment variables used by this implementation: @@ -224,17 +204,18 @@ OSSL_HTTP_transfer() return a memory BIO containing the data received via HTTP. This must be freed by the caller. On failure, NULL is returned. Failure conditions include connection/transfer timeout, parse errors, etc. -OSSL_HTTP_proxy_connect() and OSSL_HTTP_parse_url() -return 1 on success, 0 on error. +OSSL_HTTP_proxy_connect() returns 1 on success, 0 on error. =head1 SEE ALSO +L L =head1 HISTORY OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), -OSSL_HTTP_proxy_connect(), and OSSL_HTTP_parse_url() were added in OpenSSL 3.0. +OSSL_HTTP_transfer(), and OSSL_HTTP_proxy_connect() +were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/http.h b/include/openssl/http.h index 6c3ddd8ce8..c39049918f 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -41,8 +41,7 @@ typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int method_GET, int maxline, unsigned long max_resp_len, - int timeout, - const char *expected_content_type, + int timeout, const char *expected_ct, int expect_asn1); void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, @@ -64,15 +63,15 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, int maxline, unsigned long max_resp_len, int timeout, - const char *expected_content_type, int expect_asn1); + const char *expected_ct, int expect_asn1); ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, const char *proxy, const char *no_proxy, BIO *bio, BIO *rbio, OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, const STACK_OF(CONF_VALUE) *headers, int maxline, unsigned long max_resp_len, - int timeout, const char *expected_content_type, - const ASN1_ITEM *it); + int timeout, const char *expected_ct, + const ASN1_ITEM *rsp_it); ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, const char *path, int use_ssl, const char *proxy, const char *no_proxy, @@ -97,8 +96,12 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, const char *proxyuser, const char *proxypass, int timeout, BIO *bio_err, const char *prog); -int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, - int *pport_num, char **ppath, int *pssl); +int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); +int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); # ifdef __cplusplus } diff --git a/include/openssl/httperr.h b/include/openssl/httperr.h index 796bc15a49..af5717d3dc 100644 --- a/include/openssl/httperr.h +++ b/include/openssl/httperr.h @@ -32,7 +32,7 @@ # define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 # define HTTP_R_INVALID_PORT_NUMBER 123 # define HTTP_R_INVALID_URL_PATH 125 -# define HTTP_R_INVALID_URL_PREFIX 124 +# define HTTP_R_INVALID_URL_SCHEME 124 # define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 # define HTTP_R_MISSING_ASN1_ENCODING 110 # define HTTP_R_MISSING_CONTENT_TYPE 121 diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index 3c5de15494..5e11987dc5 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -260,7 +260,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); # define OCSP_parse_url(url, host, port, path, ssl) \ - OSSL_HTTP_parse_url(url, host, port, NULL, path, ssl) /* backward compat */ + OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL) int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); diff --git a/test/http_test.c b/test/http_test.c index 019a6c0f7a..ef0a1d4bf0 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -135,37 +135,75 @@ static int test_http_x509(int do_get) return res; } -static int test_http_url_ok(const char *url, const char *exp_host, int exp_ssl) +static int test_http_url_ok(const char *url, int exp_ssl, const char *exp_host, + const char *exp_port, const char *exp_path) { - char *host, *port, *path; - int num, ssl; + char *user, *host, *port, *path, *query, *frag; + int exp_num, num, ssl; int res; - res = TEST_true(OSSL_HTTP_parse_url(url, &host, &port, &num, &path, &ssl)) + TEST_int_eq(sscanf(exp_port, "%d", &exp_num), 1); + res = TEST_true(OSSL_HTTP_parse_url(url, &ssl, &user, &host, &port, &num, + &path, &query, &frag)) && TEST_str_eq(host, exp_host) - && TEST_str_eq(port, "65535") - && TEST_int_eq(num, 65535) - && TEST_str_eq(path, "/pkix") + && TEST_str_eq(port, exp_port) + && TEST_int_eq(num, exp_num) + && TEST_str_eq(path, exp_path) && TEST_int_eq(ssl, exp_ssl); + if (res && *user != '\0') + res = TEST_str_eq(user, "user:pass"); + if (res && *frag != '\0') + res = TEST_str_eq(frag, "fr"); + if (res && *query != '\0') + res = TEST_str_eq(query, "q"); + OPENSSL_free(user); OPENSSL_free(host); OPENSSL_free(port); OPENSSL_free(path); + OPENSSL_free(query); + OPENSSL_free(frag); + return res; +} + +static int test_http_url_path_query_ok(const char *url, const char *exp_path_qu) +{ + char *host, *path; + int res; + + res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL, + &path, NULL, NULL)) + && TEST_str_eq(host, "host") + && TEST_str_eq(path, exp_path_qu); + OPENSSL_free(host); + OPENSSL_free(path); return res; } static int test_http_url_dns(void) { - return test_http_url_ok("server:65535/pkix", "server", 0); + return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path"); +} + +static int test_http_url_path_query(void) +{ + return test_http_url_path_query_ok("http://usr at host:1/p?q=x#frag", "/p?q=x") + && test_http_url_path_query_ok("http://host?query#frag", "/?query") + && test_http_url_path_query_ok("http://host:9999#frag", "/"); +} + +static int test_http_url_userinfo_query_fragment(void) +{ + return test_http_url_ok("user:pass at host/p?q#fr", 0, "host", "80", "/p"); } static int test_http_url_ipv4(void) { - return test_http_url_ok("https://1.2.3.4:65535/pkix", "1.2.3.4", 1); + return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q"); } static int test_http_url_ipv6(void) { - return test_http_url_ok("http://[FF01::101]:65535/pkix", "FF01::101", 0); + return test_http_url_ok("http://[FF01::101]:6", 0, "FF01::101", "6", "/"); } static int test_http_url_invalid(const char *url) @@ -174,7 +212,8 @@ static int test_http_url_invalid(const char *url) int num = 1, ssl = 1; int res; - res = TEST_false(OSSL_HTTP_parse_url(url, &host, &port, &num, &path, &ssl)) + res = TEST_false(OSSL_HTTP_parse_url(url, &ssl, NULL, &host, &port, &num, + &path, NULL, NULL)) && TEST_ptr_null(host) && TEST_ptr_null(port) && TEST_ptr_null(path); @@ -228,6 +267,8 @@ int setup_tests(void) return 1; ADD_TEST(test_http_url_dns); + ADD_TEST(test_http_url_path_query); + ADD_TEST(test_http_url_userinfo_query_fragment); ADD_TEST(test_http_url_ipv4); ADD_TEST(test_http_url_ipv6); ADD_TEST(test_http_url_invalid_prefix); diff --git a/util/libcrypto.num b/util/libcrypto.num index aa3071ec30..0c5318db8f 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4880,6 +4880,7 @@ ASN1_item_verify_ex ? 3_0_0 EXIST::FUNCTION: BIO_socket_wait ? 3_0_0 EXIST::FUNCTION:SOCK BIO_wait ? 3_0_0 EXIST::FUNCTION: BIO_do_connect_retry ? 3_0_0 EXIST::FUNCTION: +OSSL_parse_url ? 3_0_0 EXIST::FUNCTION: OSSL_HTTP_get ? 3_0_0 EXIST::FUNCTION: OSSL_HTTP_get_asn1 ? 3_0_0 EXIST::FUNCTION: OSSL_HTTP_post_asn1 ? 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 61d91b0c92..60d2572bb2 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -829,7 +829,6 @@ OCSP_crlID2_new(3) OCSP_crlID_new(3) OCSP_crl_reason_str(3) OCSP_onereq_get0_id(3) -OCSP_parse_url(3) OCSP_request_is_signed(3) OCSP_request_set1_name(3) OCSP_request_verify(3) From tomas at openssl.org Mon Mar 1 09:56:25 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 01 Mar 2021 09:56:25 +0000 Subject: [openssl] master update Message-ID: <1614592585.430436.32300.nullmailer@dev.openssl.org> The branch master has been updated via b0aae913246af1d07e728d24f53f55028f61c696 (commit) from d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c (commit) - Log ----------------------------------------------------------------- commit b0aae913246af1d07e728d24f53f55028f61c696 Author: Rich Salz Date: Mon Feb 22 12:55:25 2021 -0500 Remove RSA SSLv23 padding mode Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14248) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 + apps/rsautl.c | 6 +- crypto/evp/ctrl_params_translate.c | 1 - crypto/rsa/build.info | 2 +- crypto/rsa/rsa_local.h | 3 - crypto/rsa/rsa_ossl.c | 11 -- crypto/rsa/rsa_pmeth.c | 2 - crypto/rsa/rsa_ssl.c | 189 ------------------------ doc/man1/openssl-pkeyutl.pod.in | 2 +- doc/man1/openssl-rsautl.pod.in | 10 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 +- doc/man3/RSA_padding_add_PKCS1_type_1.pod | 11 -- doc/man3/RSA_public_encrypt.pod | 5 - doc/man7/EVP_SIGNATURE-RSA.pod | 2 - doc/man7/provider-asym_cipher.pod | 2 +- include/openssl/core_names.h | 1 - include/openssl/rsa.h | 8 - providers/implementations/asymciphers/rsa_enc.c | 1 - providers/implementations/signature/rsa.c | 4 - test/rsa_test.c | 23 --- util/libcrypto.num | 4 +- 21 files changed, 16 insertions(+), 280 deletions(-) delete mode 100644 crypto/rsa/rsa_ssl.c diff --git a/CHANGES.md b/CHANGES.md index 0bc5f81100..33a335e689 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -77,6 +77,13 @@ OpenSSL 3.0 *Tom?? Mr?z* + * Removed RSA padding mode for SSLv23 (which was only used for + SSLv2). This includes the functions RSA_padding_check_SSLv23() and + RSA_padding_add_SSLv23() and the `-ssl` option in the deprecated + `rsautl` command. + + *Rich Salz* + * Deprecated the obsolete X9.31 RSA key generation related functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and BN_X931_generate_prime_ex(). diff --git a/apps/rsautl.c b/apps/rsautl.c index ef0b1f66c7..05b2b189af 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -28,7 +28,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, - OPT_RSA_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931, + OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931, OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, OPT_R_ENUM, OPT_PROV_ENUM @@ -56,7 +56,6 @@ const OPTIONS rsautl_options[] = { OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output file"}, - {"ssl", OPT_SSL, '-', "Use SSL v2 padding"}, {"raw", OPT_RSA_RAW, '-', "Use no padding"}, {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, @@ -123,9 +122,6 @@ int rsautl_main(int argc, char **argv) case OPT_OAEP: pad = RSA_PKCS1_OAEP_PADDING; break; - case OPT_SSL: - pad = RSA_SSLV23_PADDING; - break; case OPT_PKCS: pad = RSA_PKCS1_PADDING; break; diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index e0f849d236..ae3340395d 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1186,7 +1186,6 @@ static int fix_rsa_padding_mode(enum state state, { static const OSSL_ITEM str_value_map[] = { { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_SSLV23_PADDING, "sslv23" }, { RSA_NO_PADDING, "none" }, { RSA_PKCS1_OAEP_PADDING, "oaep" }, { RSA_PKCS1_OAEP_PADDING, "oeap" }, diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info index f0c7668bf2..ad3370db39 100644 --- a/crypto/rsa/build.info +++ b/crypto/rsa/build.info @@ -7,7 +7,7 @@ $COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \ SOURCE[../../libcrypto]=$COMMON\ rsa_saos.c rsa_err.c rsa_asn1.c rsa_ameth.c rsa_prn.c \ - rsa_pmeth.c rsa_meth.c rsa_mp.c rsa_ssl.c + rsa_pmeth.c rsa_meth.c rsa_mp.c IF[{- !$disabled{'deprecated-0.9.8'} -}] SOURCE[../../libcrypto]=rsa_depr.c ENDIF diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 49a0071031..6d3bc05c14 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -195,9 +195,6 @@ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); -int ossl_rsa_padding_add_SSLv23_ex(OSSL_LIB_CTX *libctx, unsigned char *to, - int tlen, const unsigned char *from, - int flen); int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to, int tlen, const unsigned char *from, int flen); diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 7964244ab5..1fd0057202 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -119,11 +119,6 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, from, flen, NULL, 0, NULL, NULL); break; -#ifndef FIPS_MODULE - case RSA_SSLV23_PADDING: - i = ossl_rsa_padding_add_SSLv23_ex(rsa->libctx, buf, num, from, flen); - break; -#endif case RSA_NO_PADDING: i = RSA_padding_add_none(buf, num, from, flen); break; @@ -278,7 +273,6 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, case RSA_NO_PADDING: i = RSA_padding_add_none(buf, num, from, flen); break; - case RSA_SSLV23_PADDING: default: ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE); goto err; @@ -487,11 +481,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, case RSA_PKCS1_OAEP_PADDING: r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); break; -#ifndef FIPS_MODULE - case RSA_SSLV23_PADDING: - r = RSA_padding_check_SSLv23(to, num, buf, j, num); - break; -#endif case RSA_NO_PADDING: memcpy(to, buf, (r = j)); break; diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index fc2799af7c..def5641682 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -604,8 +604,6 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, if (strcmp(value, "pkcs1") == 0) { pm = RSA_PKCS1_PADDING; - } else if (strcmp(value, "sslv23") == 0) { - pm = RSA_SSLV23_PADDING; } else if (strcmp(value, "none") == 0) { pm = RSA_NO_PADDING; } else if (strcmp(value, "oeap") == 0) { diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c deleted file mode 100644 index 7cb743d219..0000000000 --- a/crypto/rsa/rsa_ssl.c +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "internal/constant_time.h" -#include "rsa_local.h" - -int ossl_rsa_padding_add_SSLv23_ex(OSSL_LIB_CTX *libctx, unsigned char *to, - int tlen, const unsigned char *from, - int flen) -{ - int i, j; - unsigned char *p; - - if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } - - p = (unsigned char *)to; - - *(p++) = 0; - *(p++) = 2; /* Public Key BT (Block Type) */ - - /* pad out with non-zero random data */ - j = tlen - 3 - 8 - flen; - - if (RAND_bytes_ex(libctx, p, j) <= 0) - return 0; - for (i = 0; i < j; i++) { - if (*p == '\0') - do { - if (RAND_bytes_ex(libctx, p, 1) <= 0) - return 0; - } while (*p == '\0'); - p++; - } - - memset(p, 3, 8); - p += 8; - *(p++) = '\0'; - - memcpy(p, from, (unsigned int)flen); - return 1; -} - -int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *from, int flen) -{ - return ossl_rsa_padding_add_SSLv23_ex(NULL, to, tlen, from, flen); -} - -/* - * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding - * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also - * preserves error code reporting for backward compatibility. - */ -int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) -{ - int i; - /* |em| is the encoded message, zero-padded to exactly |num| bytes */ - unsigned char *em = NULL; - unsigned int good, found_zero_byte, mask, threes_in_row; - int zero_index = 0, msg_index, mlen = -1, err; - - if (tlen <= 0 || flen <= 0) - return -1; - - if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL); - return -1; - } - - em = OPENSSL_malloc(num); - if (em == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return -1; - } - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad. Trouble is that since we can't read out of |from|'s - * bounds, it's impossible to have an invariant memory access pattern - * in case |from| was not zero-padded in advance. - */ - for (from += flen, em += num, i = 0; i < num; i++) { - mask = ~constant_time_is_zero(flen); - flen -= 1 & mask; - from -= 1 & mask; - *--em = *from & mask; - } - - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); - err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02); - mask = ~good; - - /* scan over padding data */ - found_zero_byte = 0; - threes_in_row = 0; - for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); - - zero_index = constant_time_select_int(~found_zero_byte & equals0, - i, zero_index); - found_zero_byte |= equals0; - - threes_in_row += 1 & ~found_zero_byte; - threes_in_row &= found_zero_byte | constant_time_eq(em[i], 3); - } - - /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. - * If we never found a 0-byte, then |zero_index| is 0 and the check - * also fails. - */ - good &= constant_time_ge(zero_index, 2 + 8); - err = constant_time_select_int(mask | good, err, - RSA_R_NULL_BEFORE_BLOCK_MISSING); - mask = ~good; - - /* - * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note - * that RFC5246 incorrectly states this the other way around, i.e. reject - * if it is not preceded by 8 consecutive 0x03 bytes. However this is - * corrected in subsequent errata for that RFC. - */ - good &= constant_time_lt(threes_in_row, 8); - err = constant_time_select_int(mask | good, err, - RSA_R_SSLV3_ROLLBACK_ATTACK); - mask = ~good; - - /* - * Skip the zero byte. This is incorrect if we never found a zero-byte - * but in this case we also do not copy the message out. - */ - msg_index = zero_index + 1; - mlen = num - msg_index; - - /* - * For good measure, do this check in constant time as well. - */ - good &= constant_time_ge(tlen, mlen); - err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); - - /* - * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. - * Otherwise leave |to| unchanged. - * Copy the memory back in a way that does not reveal the size of - * the data being copied via a timing side channel. This requires copying - * parts of the buffer multiple times based on the bits set in the real - * length. Clear bits do a non-copy with identical access pattern. - * The loop below has overall complexity of O(N*log(N)). - */ - tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), - num - RSA_PKCS1_PADDING_SIZE, tlen); - for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); - for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) - em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); - } - for (i = 0; i < tlen; i++) { - mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); - } - - OPENSSL_clear_free(em, num); - ERR_raise(ERR_LIB_RSA, err); - err_clear_last_constant_time(1 & good); - - return constant_time_select_int(good, mlen, -1); -} diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 3ba0955425..bc5fab5895 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -236,7 +236,7 @@ B values are supported: =item BI This sets the RSA padding mode. Acceptable values for I are B for -PKCS#1 padding, B for SSLv23 padding, B for no padding, B +PKCS#1 padding, B for no padding, B for B mode, B for X9.31 mode and B for PSS. In PKCS#1 padding if the message digest is not set then the supplied data is diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index 21d641aa27..516c4bc10b 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -24,10 +24,6 @@ B B [B<-pkcs>] [B<-x931>] [B<-oaep>] -[B<-ssl>] -[B<-raw>] -[B<-pkcs>] -[B<-ssl>] [B<-raw>] [B<-hexdump>] [B<-asn1parse>] @@ -106,12 +102,10 @@ Encrypt the input data using an RSA public key. Decrypt the input data using an RSA private key. -=item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw> +=item B<-pkcs>, B<-oaep>, B<-x931> B<-raw> The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, -ANSI X9.31, -special padding used in SSL v2 backwards compatible handshakes, -or no padding, respectively. +ANSI X9.31, or no padding, respectively. For signatures, only B<-pkcs> and B<-raw> can be used. =item B<-hexdump> diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 54e4f5506e..37630920c0 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -249,7 +249,7 @@ terminating NUL byte. EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for I. The I parameter can take the value B for PKCS#1 -padding, B for SSLv23 padding, B for +padding, B for no padding, B for OAEP padding (encrypt and decrypt only), B for X9.31 padding (signature operations only), B (sign and verify only) and diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod index f45f6356d1..17eb86b9d2 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -6,7 +6,6 @@ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, -RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption padding @@ -48,12 +47,6 @@ L: const unsigned char *p, int pl, const EVP_MD *md, const EVP_MD *mgf1md); - int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl); - - int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len); - int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, int fl); @@ -95,10 +88,6 @@ PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2) PKCS #1 v2.0 EME-OAEP -=item SSLv23 - -PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification - =item none simply copy the data diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod index 0aa18d7616..6012e911de 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -43,11 +43,6 @@ new applications. SEE WARNING BELOW. EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications. -=item RSA_SSLV23_PADDING - -PKCS #1 v1.5 padding with an SSL-specific modification that denotes -that the server is SSL3 capable. - =item RSA_NO_PADDING Raw RSA encryption. This mode should I be used to implement diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod index 0cc3336bc9..41e8ad9a42 100644 --- a/doc/man7/EVP_SIGNATURE-RSA.pod +++ b/doc/man7/EVP_SIGNATURE-RSA.pod @@ -34,8 +34,6 @@ The type of padding to be used. Its value can be one of the following: =item "pkcs1" (B) -=item "sslv23" (B) - =item "x931" (B) =item "pss" (B) diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod index ac0dd14fb6..939dc76f76 100644 --- a/doc/man7/provider-asym_cipher.pod +++ b/doc/man7/provider-asym_cipher.pod @@ -183,7 +183,7 @@ algorithms: The type of padding to be used. The interpretation of this value will depend on the algorithm in use. The default provider understands these RSA padding -modes: 1 (RSA_PKCS1_PADDING), 2 (RSA_SSLV23_PADDING), 3 (RSA_NO_PADDING), +modes: 1 (RSA_PKCS1_PADDING), 3 (RSA_NO_PADDING), 4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and 7 (RSA_PKCS1_WITH_TLS_PADDING). See L for further details. diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 0f242e3605..ab669cfd3f 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -384,7 +384,6 @@ extern "C" { /* RSA padding modes */ #define OSSL_PKEY_RSA_PAD_MODE_NONE "none" #define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" -#define OSSL_PKEY_RSA_PAD_MODE_SSLV23 "sslv23" #define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" #define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" #define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 0aeab1560a..8822345d5a 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -184,7 +184,6 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) # define RSA_PKCS1_PADDING 1 -# define RSA_SSLV23_PADDING 2 # define RSA_NO_PADDING 3 # define RSA_PKCS1_OAEP_PADDING 4 # define RSA_X931_PADDING 5 @@ -405,13 +404,6 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, int num, const unsigned char *param, int plen, const EVP_MD *md, const EVP_MD *mgf1md); -OSSL_DEPRECATEDIN_3_0 -int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl); -OSSL_DEPRECATEDIN_3_0 -int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, int fl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_none(unsigned char *to, int tlen, diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 461dee8c6d..5484c3d54a 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -47,7 +47,6 @@ static OSSL_FUNC_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params; static OSSL_ITEM padding_item[] = { { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, - { RSA_SSLV23_PADDING, OSSL_PKEY_RSA_PAD_MODE_SSLV23 }, { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ { RSA_PKCS1_OAEP_PADDING, "oeap" }, diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index a19dc0129c..ca1510e718 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -61,7 +61,6 @@ static OSSL_FUNC_signature_settable_ctx_md_params_fn rsa_settable_ctx_md_params; static OSSL_ITEM padding_item[] = { { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, - { RSA_SSLV23_PADDING, OSSL_PKEY_RSA_PAD_MODE_SSLV23 }, { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, { RSA_PKCS1_PSS_PADDING, OSSL_PKEY_RSA_PAD_MODE_PSS }, @@ -1187,9 +1186,6 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) case RSA_PKCS1_PADDING: err_extra_text = "PKCS#1 padding not allowed with RSA-PSS"; goto cont; - case RSA_SSLV23_PADDING: - err_extra_text = "SSLv3 padding not allowed with RSA-PSS"; - goto cont; case RSA_NO_PADDING: err_extra_text = "No padding not allowed with RSA-PSS"; goto cont; diff --git a/test/rsa_test.c b/test/rsa_test.c index 5e3a66233c..c2c8b6ef5e 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -278,28 +278,6 @@ static int test_rsa_pkcs1(int idx) NULL, NULL); } -static int test_rsa_sslv23(int idx) -{ - int ret; - - /* Simulate an SSLv2 only client talking to a TLS capable server */ - ret = test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_SSLV23_PADDING, 1, NULL, - NULL, NULL); - - /* Simulate a TLS capable client talking to an SSLv2 only server */ - ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_PKCS1_PADDING, 1, NULL, - NULL, NULL); - - /* - * Simulate a TLS capable client talking to a TLS capable server. Should - * fail due to detecting a rollback attack. - */ - ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_SSLV23_PADDING, 0, NULL, - NULL, NULL); - - return ret; -} - static int test_rsa_oaep(int idx) { int ret = 0; @@ -411,7 +389,6 @@ err: int setup_tests(void) { ADD_ALL_TESTS(test_rsa_pkcs1, 3); - ADD_ALL_TESTS(test_rsa_sslv23, 3); ADD_ALL_TESTS(test_rsa_oaep, 3); ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); return 1; diff --git a/util/libcrypto.num b/util/libcrypto.num index 0c5318db8f..88b5648a74 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1392,7 +1392,7 @@ EVP_PBE_get 1424 3_0_0 EXIST::FUNCTION: CRYPTO_nistcts128_encrypt 1425 3_0_0 EXIST::FUNCTION: CONF_modules_finish 1426 3_0_0 EXIST::FUNCTION: BN_value_one 1427 3_0_0 EXIST::FUNCTION: -RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +RSA_padding_add_SSLv23 1428 3_0_0 NOEXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION: OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP @@ -3302,7 +3302,7 @@ PKCS7_ENVELOPE_new 3369 3_0_0 EXIST::FUNCTION: EDIPARTYNAME_new 3370 3_0_0 EXIST::FUNCTION: CMS_add1_cert 3371 3_0_0 EXIST::FUNCTION:CMS DSO_convert_filename 3372 3_0_0 EXIST::FUNCTION: -RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +RSA_padding_check_SSLv23 3373 3_0_0 NOEXIST::FUNCTION:DEPRECATEDIN_3_0 CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION: PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION: From beldmit at gmail.com Mon Mar 1 11:03:52 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Mon, 01 Mar 2021 11:03:52 +0000 Subject: [openssl] master update Message-ID: <1614596632.131072.1239.nullmailer@dev.openssl.org> The branch master has been updated via bed963d58d837c5cbf0707bffe250cafffc64690 (commit) from b0aae913246af1d07e728d24f53f55028f61c696 (commit) - Log ----------------------------------------------------------------- commit bed963d58d837c5cbf0707bffe250cafffc64690 Author: UndefBehavior Date: Fri Feb 26 13:36:08 2021 +0300 Fix build of /dev/crypto engine with no-dynamic-engine option CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14329) ----------------------------------------------------------------------- Summary of changes: engines/e_devcrypto.c | 1 - 1 file changed, 1 deletion(-) diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index e1c4372f72..76255a978d 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -1361,7 +1361,6 @@ void engine_load_devcrypto_int(void) */ ERR_pop_to_mark(); } -} #else From openssl at openssl.org Mon Mar 1 11:23:29 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Mar 2021 11:23:29 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1614597809.041317.651130.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp_extra.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=232, Tests=2691, 1133 wallclock secs (13.26 usr 1.38 sys + 1055.43 cusr 74.71 csys = 1144.78 CPU) Result: FAIL make[1]: *** [Makefile:3276: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' make: *** [Makefile:3273: tests] Error 2 From levitte at openssl.org Mon Mar 1 12:39:50 2021 From: levitte at openssl.org (Richard Levitte) Date: Mon, 01 Mar 2021 12:39:50 +0000 Subject: [openssl] master update Message-ID: <1614602390.621050.19844.nullmailer@dev.openssl.org> The branch master has been updated via 0647162f6af7c2e0edb4c770bf501ad7e0302970 (commit) from bed963d58d837c5cbf0707bffe250cafffc64690 (commit) - Log ----------------------------------------------------------------- commit 0647162f6af7c2e0edb4c770bf501ad7e0302970 Author: Richard Levitte Date: Mon Mar 1 12:06:36 2021 +0100 make update Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14352) ----------------------------------------------------------------------- Summary of changes: doc/build.info | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/build.info b/doc/build.info index e753b06e12..e53b3d1007 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1594,6 +1594,10 @@ DEPEND[html/man3/OSSL_HTTP_REQ_CTX.html]=man3/OSSL_HTTP_REQ_CTX.pod GENERATE[html/man3/OSSL_HTTP_REQ_CTX.html]=man3/OSSL_HTTP_REQ_CTX.pod DEPEND[man/man3/OSSL_HTTP_REQ_CTX.3]=man3/OSSL_HTTP_REQ_CTX.pod GENERATE[man/man3/OSSL_HTTP_REQ_CTX.3]=man3/OSSL_HTTP_REQ_CTX.pod +DEPEND[html/man3/OSSL_HTTP_parse_url.html]=man3/OSSL_HTTP_parse_url.pod +GENERATE[html/man3/OSSL_HTTP_parse_url.html]=man3/OSSL_HTTP_parse_url.pod +DEPEND[man/man3/OSSL_HTTP_parse_url.3]=man3/OSSL_HTTP_parse_url.pod +GENERATE[man/man3/OSSL_HTTP_parse_url.3]=man3/OSSL_HTTP_parse_url.pod DEPEND[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod GENERATE[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod DEPEND[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod @@ -3024,6 +3028,7 @@ html/man3/OSSL_ENCODER_CTX.html \ html/man3/OSSL_ENCODER_CTX_new_for_pkey.html \ html/man3/OSSL_ENCODER_to_bio.html \ html/man3/OSSL_HTTP_REQ_CTX.html \ +html/man3/OSSL_HTTP_parse_url.html \ html/man3/OSSL_HTTP_transfer.html \ html/man3/OSSL_LIB_CTX.html \ html/man3/OSSL_PARAM.html \ @@ -3593,6 +3598,7 @@ man/man3/OSSL_ENCODER_CTX.3 \ man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 \ man/man3/OSSL_ENCODER_to_bio.3 \ man/man3/OSSL_HTTP_REQ_CTX.3 \ +man/man3/OSSL_HTTP_parse_url.3 \ man/man3/OSSL_HTTP_transfer.3 \ man/man3/OSSL_LIB_CTX.3 \ man/man3/OSSL_PARAM.3 \ From openssl at openssl.org Tue Mar 2 02:01:00 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Mar 2021 02:01:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1614650460.964529.2345580.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/80-test_cmp_http.t line 145. # cmp_main:../openssl/apps/cmp.c:2692:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2291:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:694:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2008:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2058:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 5 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335. # Looks like you failed 3 tests of 5.80-test_cmp_http.t ................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/5 subtests # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a shared build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_cmp_http.t (Wstat: 768 Tests: 5 Failed: 3) Failed tests: 2-3, 5 Non-zero exit status: 3 Files=232, Tests=2737, 806 wallclock secs (10.59 usr 1.38 sys + 726.62 cusr 72.16 csys = 810.75 CPU) Result: FAIL make[1]: *** [Makefile:2482: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2479: tests] Error 2 From pauli at openssl.org Tue Mar 2 03:24:26 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 02 Mar 2021 03:24:26 +0000 Subject: [openssl] master update Message-ID: <1614655466.715470.4957.nullmailer@dev.openssl.org> The branch master has been updated via e1f946630f06c2d3a112022472bb13a1586f599f (commit) via 740582cfaffb26c60c72cdc789b39da5c7ec8c66 (commit) via fccdb61aee9538268e2eecfdc5b1e31327803ee4 (commit) via 5a11de50a41054ed17d4280c39825a2bdaa96b96 (commit) from 0647162f6af7c2e0edb4c770bf501ad7e0302970 (commit) - Log ----------------------------------------------------------------- commit e1f946630f06c2d3a112022472bb13a1586f599f Author: Pauli Date: Sat Feb 27 12:18:15 2021 +1000 test: use the new set public and private together call Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) commit 740582cfaffb26c60c72cdc789b39da5c7ec8c66 Author: Pauli Date: Sat Feb 27 12:17:57 2021 +1000 test: add utility function to set the fake random callback on both the public and private instances Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) commit fccdb61aee9538268e2eecfdc5b1e31327803ee4 Author: Pauli Date: Sat Feb 27 11:57:13 2021 +1000 test: update ECDSA and SM2 internal tests in line with the fake_random change Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) commit 5a11de50a41054ed17d4280c39825a2bdaa96b96 Author: Pauli Date: Sat Feb 27 11:55:59 2021 +1000 test: update test_random to create real contexts instead of sharing one Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) ----------------------------------------------------------------------- Summary of changes: test/ecdsatest.c | 11 +++++---- test/sm2_internal_test.c | 10 +++++--- test/testutil.h | 9 ++++++- test/testutil/fake_random.c | 58 ++++++++++++++++++++++++++++++++++----------- 4 files changed, 66 insertions(+), 22 deletions(-) diff --git a/test/ecdsatest.c b/test/ecdsatest.c index d03eb6f01e..cf09419c94 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -25,18 +25,21 @@ # include "internal/nelem.h" # include "ecdsatest.h" +static fake_random_generate_cb fbytes; + static const char *numbers[2]; static size_t crv_len = 0; static EC_builtin_curve *curves = NULL; static OSSL_PROVIDER *fake_rand = NULL; -static int fbytes(unsigned char *buf, size_t num) +static int fbytes(unsigned char *buf, size_t num, ossl_unused const char *name, + EVP_RAND_CTX *ctx) { int ret = 0; static int fbytes_counter = 0; BIGNUM *tmp = NULL; - fake_rand_set_callback(NULL); + fake_rand_set_callback(ctx, NULL); if (!TEST_ptr(tmp = BN_new()) || !TEST_int_lt(fbytes_counter, OSSL_NELEM(numbers)) @@ -114,7 +117,7 @@ static int x9_62_tests(int n) goto err; /* public key must match KAT */ - fake_rand_set_callback(&fbytes); + fake_rand_set_callback(RAND_get0_private(NULL), &fbytes); if (!TEST_true(EC_KEY_generate_key(key)) || !TEST_true(p_len = EC_KEY_key2buf(key, POINT_CONVERSION_UNCOMPRESSED, &pbuf, NULL)) @@ -124,7 +127,7 @@ static int x9_62_tests(int n) goto err; /* create the signature via ECDSA_sign_setup to avoid use of ECDSA nonces */ - fake_rand_set_callback(&fbytes); + fake_rand_set_callback(RAND_get0_private(NULL), &fbytes); if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)) || !TEST_ptr(signature = ECDSA_do_sign_ex(digest, dgst_len, kinv, rp, key)) diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index aaa337b57b..6b80611dd2 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -28,12 +28,16 @@ # include "crypto/sm2.h" +static fake_random_generate_cb get_faked_bytes; + static OSSL_PROVIDER *fake_rand = NULL; static uint8_t *fake_rand_bytes = NULL; static size_t fake_rand_bytes_offset = 0; static size_t fake_rand_size = 0; -static int get_faked_bytes(unsigned char *buf, size_t num) +static int get_faked_bytes(unsigned char *buf, size_t num, + ossl_unused const char *name, + ossl_unused EVP_RAND_CTX *ctx) { if (!TEST_ptr(fake_rand_bytes) || !TEST_size_t_gt(fake_rand_size, 0)) return 0; @@ -56,14 +60,14 @@ static int start_fake_rand(const char *hex_bytes) return 0; /* use own random function */ - fake_rand_set_callback(get_faked_bytes); + fake_rand_set_public_private_callbacks(NULL, get_faked_bytes); return 1; } static void restore_rand(void) { - fake_rand_set_callback(NULL); + fake_rand_set_public_private_callbacks(NULL, NULL); OPENSSL_free(fake_rand_bytes); fake_rand_bytes = NULL; fake_rand_bytes_offset = 0; diff --git a/test/testutil.h b/test/testutil.h index 93c91a4a41..8457a2a384 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -567,9 +567,16 @@ uint32_t test_random(void); void test_random_seed(uint32_t sd); /* Fake non-secure random number generator */ +typedef int fake_random_generate_cb(unsigned char *out, size_t outlen, + const char *name, EVP_RAND_CTX *ctx); + OSSL_PROVIDER *fake_rand_start(OSSL_LIB_CTX *libctx); void fake_rand_finish(OSSL_PROVIDER *p); -void fake_rand_set_callback(int (*cb)(unsigned char *out, size_t outlen)); +void fake_rand_set_callback(EVP_RAND_CTX *ctx, + int (*cb)(unsigned char *out, size_t outlen, + const char *name, EVP_RAND_CTX *ctx)); +void fake_rand_set_public_private_callbacks(OSSL_LIB_CTX *libctx, + fake_random_generate_cb *cb); /* Create a file path from a directory and a filename */ char *test_mk_file_path(const char *dir, const char *file); diff --git a/test/testutil/fake_random.c b/test/testutil/fake_random.c index f8b97d2287..bdd48d394c 100644 --- a/test/testutil/fake_random.c +++ b/test/testutil/fake_random.c @@ -12,15 +12,17 @@ #include #include #include +#include "../include/crypto/evp.h" +#include "../../crypto/evp/evp_local.h" #include "../testutil.h" typedef struct { - int (*cb)(unsigned char *out, size_t outlen); + fake_random_generate_cb *cb; int state; + const char *name; + EVP_RAND_CTX *ctx; } FAKE_RAND; -static FAKE_RAND fake_rand; - static OSSL_FUNC_rand_newctx_fn fake_rand_newctx; static OSSL_FUNC_rand_freectx_fn fake_rand_freectx; static OSSL_FUNC_rand_instantiate_fn fake_rand_instantiate; @@ -33,16 +35,16 @@ static OSSL_FUNC_rand_enable_locking_fn fake_rand_enable_locking; static void *fake_rand_newctx(void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch) { - fake_rand.state = EVP_RAND_STATE_UNINITIALISED; - return &fake_rand; + FAKE_RAND *r = OPENSSL_zalloc(sizeof(*r)); + + if (r != NULL) + r->state = EVP_RAND_STATE_UNINITIALISED; + return r; } static void fake_rand_freectx(void *vrng) { - FAKE_RAND *frng = (FAKE_RAND *)vrng; - - frng->cb = NULL; - frng->state = EVP_RAND_STATE_UNINITIALISED; + OPENSSL_free(vrng); } static int fake_rand_instantiate(void *vrng, ossl_unused unsigned int strength, @@ -74,7 +76,7 @@ static int fake_rand_generate(void *vrng, unsigned char *out, size_t outlen, uint32_t r; if (frng->cb != NULL) - return (*frng->cb)(out, outlen); + return (*frng->cb)(out, outlen, frng->name, frng->ctx); while (outlen > 0) { r = test_random(); l = outlen < sizeof(r) ? outlen : sizeof(r); @@ -169,6 +171,20 @@ static int fake_rand_provider_init(const OSSL_CORE_HANDLE *handle, return 1; } +static int check_rng(EVP_RAND_CTX *rng, const char *name) +{ + FAKE_RAND *f; + + if (!TEST_ptr(rng)) { + TEST_info("random: %s", name); + return 0; + } + f = rng->data; + f->name = name; + f->ctx = rng; + return 1; +} + OSSL_PROVIDER *fake_rand_start(OSSL_LIB_CTX *libctx) { OSSL_PROVIDER *p; @@ -180,8 +196,9 @@ OSSL_PROVIDER *fake_rand_start(OSSL_LIB_CTX *libctx) return NULL; /* Ensure that the fake rand is initialized. */ - if (!TEST_ptr(RAND_get0_private(libctx)) - || !TEST_ptr(RAND_get0_public(libctx))) { + if (!TEST_true(check_rng(RAND_get0_primary(libctx), "primary")) + || !TEST_true(check_rng(RAND_get0_private(libctx), "private")) + || !TEST_true(check_rng(RAND_get0_public(libctx), "public"))) { OSSL_PROVIDER_unload(p); return NULL; } @@ -194,8 +211,21 @@ void fake_rand_finish(OSSL_PROVIDER *p) OSSL_PROVIDER_unload(p); } -void fake_rand_set_callback(int (*cb)(unsigned char *out, size_t outlen)) +void fake_rand_set_callback(EVP_RAND_CTX *rng, + int (*cb)(unsigned char *out, size_t outlen, + const char *name, EVP_RAND_CTX *ctx)) +{ + if (rng != NULL) + ((FAKE_RAND *)rng->data)->cb = cb; +} + +void fake_rand_set_public_private_callbacks(OSSL_LIB_CTX *libctx, + int (*cb)(unsigned char *out, + size_t outlen, + const char *name, + EVP_RAND_CTX *ctx)) { - fake_rand.cb = cb; + fake_rand_set_callback(RAND_get0_private(libctx), cb); + fake_rand_set_callback(RAND_get0_public(libctx), cb); } From dev at ddvo.net Tue Mar 2 10:05:57 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 02 Mar 2021 10:05:57 +0000 Subject: [openssl] master update Message-ID: <1614679557.658008.6103.nullmailer@dev.openssl.org> The branch master has been updated via 025c0f5289d9f124dac799fe4eeb663035736df2 (commit) via dd5fa5f5afcb58d75f22d45075224ce3c80f91f3 (commit) from e1f946630f06c2d3a112022472bb13a1586f599f (commit) - Log ----------------------------------------------------------------- commit 025c0f5289d9f124dac799fe4eeb663035736df2 Author: Dr. David von Oheimb Date: Mon Mar 1 10:23:41 2021 +0100 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14018) commit dd5fa5f5afcb58d75f22d45075224ce3c80f91f3 Author: Dr. David von Oheimb Date: Sat Jan 23 12:54:39 2021 +0100 CMP: On NULL-DN subject or issuer input omit field in cert template Also improve diagnostics on inconsistent cert request input in apps/cmp.c, add trace output for transactionIDs on new sessions, and update the documentation in openssl-cmp.pod.in. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14018) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 117 ++++++++++++++++++++++++++++---------------- crypto/cmp/cmp_hdr.c | 24 ++++++--- crypto/cmp/cmp_local.h | 3 ++ crypto/cmp/cmp_msg.c | 5 +- doc/man1/openssl-cmp.pod.in | 52 ++++++++++++-------- 5 files changed, 131 insertions(+), 70 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index d04af4177b..40815930cf 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1610,11 +1610,84 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL && opt_cmd != CMP_RR && opt_cmd != CMP_GENM) CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback"); - if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") - || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) + + if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) { + if (opt_newkey == NULL && opt_key == NULL && opt_csr == NULL) { + CMP_err("missing -newkey (or -key) to be certified and no -csr given"); + return 0; + } + if (opt_certout == NULL) { + CMP_err("-certout not given, nowhere to save newly enrolled certificate"); + return 0; + } + if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") + || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) + return 0; + } else { + const char *msg = "option is ignored for commands other than 'ir', 'cr', and 'kur'"; + + if (opt_subject != NULL) { + if (opt_ref == NULL && opt_cert == NULL) { + /* use subject as default sender unless oldcert subject is used */ + if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject")) + return 0; + } else { + CMP_warn1("-subject %s since -ref or -cert is given", msg); + } + } + if (opt_issuer != NULL) + CMP_warn1("-issuer %s", msg); + if (opt_reqexts != NULL) + CMP_warn1("-reqexts %s", msg); + if (opt_san_nodefault) + CMP_warn1("-san_nodefault %s", msg); + if (opt_sans != NULL) + CMP_warn1("-sans %s", msg); + if (opt_policies != NULL) + CMP_warn1("-policies %s", msg); + if (opt_policy_oids != NULL) + CMP_warn1("-policy_oids %s", msg); + } + if (opt_cmd == CMP_KUR) { + char *ref_cert = opt_oldcert != NULL ? opt_oldcert : opt_cert; + + if (ref_cert == NULL && opt_csr == NULL) { + CMP_err("missing -oldcert for certificate to be updated and no -csr given"); + return 0; + } + if (opt_subject != NULL) + CMP_warn2("given -subject '%s' overrides the subject of '%s' for KUR", + opt_subject, ref_cert != NULL ? ref_cert : opt_csr); + } + if (opt_cmd == CMP_RR) { + if (opt_oldcert == NULL && opt_csr == NULL) { + CMP_err("missing -oldcert for certificate to be revoked and no -csr given"); + return 0; + } + if (opt_oldcert != NULL && opt_csr != NULL) + CMP_warn("ignoring -csr since certificate to be revoked is given"); + } + if (opt_cmd == CMP_P10CR && opt_csr == NULL) { + CMP_err("missing PKCS#10 CSR for p10cr"); return 0; + } - if (opt_newkey != NULL) { + if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL + && opt_oldcert == NULL && opt_cert == NULL) + CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\""); + + if (opt_cmd == CMP_P10CR || opt_cmd == CMP_RR) { + const char *msg = "option is ignored for 'p10cr' and 'rr' commands"; + + if (opt_newkeypass != NULL) + CMP_warn1("-newkeytype %s", msg); + if (opt_newkey != NULL) + CMP_warn1("-newkey %s", msg); + if (opt_days != 0) + CMP_warn1("-days %s", msg); + if (opt_popo != OSSL_CRMF_POPO_NONE - 1) + CMP_warn1("-popo %s", msg); + } else if (opt_newkey != NULL) { const char *file = opt_newkey; const int format = opt_keyform; const char *pass = opt_newkeypass; @@ -1884,44 +1957,6 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (!transform_opts()) goto err; - if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) { - if (opt_newkey == NULL && opt_key == NULL && opt_csr == NULL) { - CMP_err("missing -newkey (or -key) to be certified"); - goto err; - } - if (opt_certout == NULL) { - CMP_err("-certout not given, nowhere to save certificate"); - goto err; - } - } - if (opt_cmd == CMP_KUR) { - char *ref_cert = opt_oldcert != NULL ? opt_oldcert : opt_cert; - - if (ref_cert == NULL && opt_csr == NULL) { - CMP_err("missing -oldcert for certificate to be updated and no fallback -csr given"); - goto err; - } - if (opt_subject != NULL) - CMP_warn2("given -subject '%s' overrides the subject of '%s' for KUR", - opt_subject, ref_cert != NULL ? ref_cert : opt_csr); - } - if (opt_cmd == CMP_RR) { - if (opt_oldcert == NULL && opt_csr == NULL) { - CMP_err("missing -oldcert for certificate to be revoked and no fallback -csr given"); - goto err; - } - if (opt_oldcert != NULL && opt_csr != NULL) - CMP_warn("ignoring -csr since certificate to be revoked is given"); - } - if (opt_cmd == CMP_P10CR && opt_csr == NULL) { - CMP_err("missing PKCS#10 CSR for p10cr"); - goto err; - } - - if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL - && opt_oldcert == NULL && opt_cert == NULL) - CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\""); - if (opt_infotype_s != NULL) { char id_buf[100] = "id-it-"; diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 5882d9c9de..58b07dd8b2 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -72,15 +72,11 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr) return hdr->recipNonce; } +/* a NULL-DN as an empty sequence of RDNs */ int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name) { - X509_NAME *null = X509_NAME_new(); - int res = name == NULL || null == NULL - || (name->type == GEN_DIRNAME - && X509_NAME_cmp(name->d.directoryName, null) == 0); - - X509_NAME_free(null); - return res; + return name == NULL + || (name->type == GEN_DIRNAME && IS_NULL_DN(name->d.directoryName)); } /* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */ @@ -273,6 +269,20 @@ int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) */ int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) { + if (ctx->transactionID == NULL) { + char *tid; + + if (!set_random(&ctx->transactionID, ctx, + OSSL_CMP_TRANSACTIONID_LENGTH)) + return 0; + tid = OPENSSL_buf2hexstr(ctx->transactionID->data, + ctx->transactionID->length); + if (tid != NULL) + ossl_cmp_log1(DEBUG, ctx, + "Starting new transaction with ID=%s", tid); + OPENSSL_free(tid); + } + if (ctx->transactionID == NULL && !set_random(&ctx->transactionID, ctx, OSSL_CMP_TRANSACTIONID_LENGTH)) return 0; diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index a4d3cf9ea4..c5f4fd198d 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -25,6 +25,8 @@ # include # include "crypto/x509.h" +#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL) + /* * this structure is used to store the context for CMP sessions */ @@ -778,6 +780,7 @@ int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, # define ossl_cmp_warn(ctx, msg) ossl_cmp_log(WARN, ctx, msg) # define ossl_cmp_info(ctx, msg) ossl_cmp_log(INFO, ctx, msg) # define ossl_cmp_debug(ctx, msg) ossl_cmp_log(DEBUG, ctx, msg) +# define ossl_cmp_trace(ctx, msg) ossl_cmp_log(TRACE, ctx, msg) int ossl_cmp_ctx_set0_validatedSrvCert(OSSL_CMP_CTX *ctx, X509 *cert); int ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status); int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 8514336801..09b2d7b03b 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -218,7 +218,7 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR) { if (ctx->subjectName != NULL) - return ctx->subjectName; + return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; if (ref_subj != NULL && (for_KUR || !HAS_SAN(ctx))) /* @@ -241,7 +241,8 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) refcert != NULL ? X509_get_subject_name(refcert) : NULL; const X509_NAME *subject = determine_subj(ctx, ref_subj, for_KUR); const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL - ? ctx->issuer : X509_get_issuer_name(refcert); + ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer) + : X509_get_issuer_name(refcert); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 640505e4fb..5d09557e04 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -209,14 +209,14 @@ Currently implemented commands are: =back -B requests initialization of an End Entity into a PKI hierarchy +B requests initialization of an end entity into a PKI hierarchy by issuing a first certificate. -B requests issuing an additional certificate for an End Entity already +B requests issuing an additional certificate for an end entity already initialized to the PKI hierarchy. B requests issuing an additional certificate similarly to B -but using PKCS#10 CSR format. +but using legacy PKCS#10 CSR format. B requests a (key) update for an existing certificate. @@ -263,15 +263,17 @@ L. X509 Distinguished Name (DN) of subject to use in the requested certificate template. -For KUR, it defaults to the subject DN of any given CSR +For KUR, it defaults to the public key +in the PKCS#10 CSR given with the B<-csr> option, if provided, or of the reference certificate (see B<-oldcert>) if provided. This default is used for IR and CR only if no SANs are set. +If the NULL-DN (C) is given then no subject is placed in the template. -The provided subject DN is also used as fallback sender of outgoing CMP messages -if no B<-cert> and no B<-oldcert> are given. +If provided and neither B<-cert> nor B<-oldcert> is given, +the subject DN is used as fallback sender of outgoing CMP messages. The argument must be formatted as I. -Special characters may be escaped by C<\> (backslash), whitespace is retained. +Special characters may be escaped by C<\> (backslash); whitespace is retained. Empty values are permitted, but the corresponding type will not be included. Giving a single C will lead to an empty sequence of RDNs (a NULL-DN). Multi-valued RDNs can be formed by placing a C<+> character instead of a C @@ -284,9 +286,13 @@ C X509 issuer Distinguished Name (DN) of the CA server to place in the requested certificate template in IR/CR/KUR. +If the NULL-DN (C) is given then no issuer is placed in the template. -If neither B<-srvcert> nor B<-recipient> is available, -the name given in this option is also set as the recipient of the CMP message. +If provided and neither B<-recipient> nor B<-srvcert> is given, +the issuer DN is used as fallback recipient of outgoing CMP messages. + +The argument must be formatted as I. +For details see the description of the B<-subject> option. =item B<-days> I @@ -348,11 +354,11 @@ With B<-cmd> I it is used directly in a legacy P10CR message. When used with B<-cmd> I, I, or I, it is transformed into the respective regular CMP request. It may also be used with B<-cmd> I to specify the certificate to be revoked -via the included subject and public key. +via the included subject name and public key. =item B<-out_trusted> I|I -Trusted certificate(s) to use for verifying the newly enrolled certificate. +Trusted certificate(s) to use for validating the newly enrolled certificate. Multiple sources may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). @@ -391,9 +397,9 @@ The file where the chain of the newly enrolled certificate should be saved. The certificate to be updated (i.e., renewed or re-keyed) in Key Update Request (KUR) messages or to be revoked in Revocation Request (RR) messages. -For RR the certificate to be revoked can also be specified using B<-csr>. For KUR the certificate to be updated defaults to B<-cert>, and the resulting certificate is called I. +For RR the certificate to be revoked can also be specified using B<-csr>. The reference certificate, if any, is also used for deriving default subject DN and Subject Alternative Names and the @@ -480,7 +486,7 @@ Default is 0 (infinite). =item B<-trusted> I|I -When verifying signature-based protection of CMP response messages, +When validating signature-based protection of CMP response messages, these are the CA certificate(s) to trust while checking certificate chains during CMP server authentication. This option gives more flexibility than the B<-srvcert> option because the @@ -506,8 +512,8 @@ All these certificates may be useful for cert path construction for the CMP client certificate (to include in the extraCerts field of outgoing messages) and for the TLS client certificate (if TLS is enabled) as well as for chain building -when verifying the CMP server certificate (checking signature-based -CMP message protection) and when verifying newly enrolled certificates. +when validating the CMP server certificate (checking signature-based +CMP message protection) and when validating newly enrolled certificates. Multiple sources may be given, separated by commas and/or whitespace. Each file may contain multiple certificates. @@ -515,7 +521,7 @@ Each file may contain multiple certificates. =item B<-srvcert> I|I] The specific CMP server certificate to expect and directly trust (even if it is -expired) when verifying signature-based protection of CMP response messages. +expired) when validating signature-based protection of CMP response messages. May be set alternatively to the B<-trusted> option to pin the accepted server. If set, the subject of the certificate is also used @@ -535,6 +541,9 @@ the issuer of the certificate given with the B<-oldcert> option, the issuer of the CMP client certificate (B<-cert> option), as far as any of those is present, else the NULL-DN as last resort. +The argument must be formatted as I. +For details see the description of the B<-subject> option. + =item B<-expect_sender> I Distinguished Name (DN) expected in the sender field of incoming CMP messages. @@ -547,9 +556,12 @@ Note that this option gives slightly more freedom than setting the B<-srvcert>, which pins the server to the holder of a particular certificate, while the expected sender name will continue to match after updates of the server cert. +The argument must be formatted as I. +For details see the description of the B<-subject> option. + =item B<-ignore_keyusage> -Ignore key usage restrictions in CMP signer certificates when verifying +Ignore key usage restrictions in CMP signer certificates when validating signature-based protection of incoming CMP messages, else C must be allowed for signer certificate. @@ -615,7 +627,7 @@ is typically used when authenticating with pre-shared key (password-based MAC). Prefer PBM-based message protection with given source of a secret value. The secret is used for creating PBM-based protection of outgoing messages -and (as far as needed) for verifying PBM-based protection of incoming messages. +and (as far as needed) for validating PBM-based protection of incoming messages. PBM stands for Password-Based Message Authentication Code. This takes precedence over the B<-cert> and B<-key> options. @@ -781,7 +793,7 @@ Extra certificates to provide to TLS server during TLS handshake =item B<-tls_trusted> I|I -Trusted certificate(s) to use for verifying the TLS server certificate. +Trusted certificate(s) to use for validating the TLS server certificate. This implies hostname validation. Multiple sources may be given, separated by commas and/or whitespace @@ -903,7 +915,7 @@ have no effect on the certificate verification enabled via this option. =item B<-srv_untrusted> I|I -Intermediate CA certs that may be useful when verifying client certificates. +Intermediate CA certs that may be useful when validating client certificates. =item B<-rsp_cert> I|I] From pauli at openssl.org Tue Mar 2 11:25:21 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 02 Mar 2021 11:25:21 +0000 Subject: [openssl] master update Message-ID: <1614684321.357359.9534.nullmailer@dev.openssl.org> The branch master has been updated via d7d8e2c894e242f7e4d25f986c5ff15758853b67 (commit) from 025c0f5289d9f124dac799fe4eeb663035736df2 (commit) - Log ----------------------------------------------------------------- commit d7d8e2c894e242f7e4d25f986c5ff15758853b67 Author: Fangming.Fang Date: Thu Feb 25 08:21:56 2021 +0000 Fix compiling error on arm Fixes #14313 Change-Id: I0dc9dd475a1ed1331738355fbbec0c51fbcb37f1 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14346) ----------------------------------------------------------------------- Summary of changes: test/p_test.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/test/p_test.c b/test/p_test.c index 57597086aa..02a822c486 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -115,11 +115,15 @@ static int p_get_params(void *provctx, OSSL_PARAM params[]) } static void p_set_error(int lib, int reason, const char *file, int line, - const char *func) + const char *func, const char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); c_new_error(NULL); c_set_error_debug(NULL, file, line, func); - c_vset_error(NULL, ERR_PACK(lib, 0, reason), NULL, NULL); + c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, ap); + va_end(ap); } static const OSSL_ITEM *p_get_reason_strings(void *_) @@ -192,7 +196,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, * Set a spurious error to check error handling works correctly. This will * be ignored */ - p_set_error(ERR_LIB_PROV, 1, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc); + p_set_error(ERR_LIB_PROV, 1, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc, NULL); *provctx = (void *)ctx; *out = p_test_table; From matt at openssl.org Tue Mar 2 15:10:20 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Mar 2021 15:10:20 +0000 Subject: [openssl] master update Message-ID: <1614697820.237181.20737.nullmailer@dev.openssl.org> The branch master has been updated via d36a5dd05ec58dec8a6175a25958f008166c421b (commit) from d7d8e2c894e242f7e4d25f986c5ff15758853b67 (commit) - Log ----------------------------------------------------------------- commit d36a5dd05ec58dec8a6175a25958f008166c421b Author: Matt Caswell Date: Mon Mar 1 10:48:59 2021 +0000 Fix a copy&paste error in evp_extra_test test_EC_priv_pub fails to test the case where both a private and public key have been supplied. Fixes #14349 Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/14351) ----------------------------------------------------------------------- Summary of changes: test/evp_extra_test.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 2195f21a9d..33a8af717b 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -700,9 +700,8 @@ static int test_EC_priv_pub(void) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, ec_pub, sizeof(ec_pub))) - || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_PUB_KEY, - ec_pub, sizeof(ec_pub)))) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, + priv))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; From openssl at openssl.org Tue Mar 2 15:13:03 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Mar 2021 15:13:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1614697983.705138.3856500.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): 70-test_sslrecords.t ............... skipped: test_sslrecords needs the sock feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the sock feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the sock feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the sock feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the sock feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the sock feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the sock feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the sock feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the sock feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the sock feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the sock feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the sock feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the sock feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the sock feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the sock feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok Label not found for "last SKIP" at /usr/share/perl/5.30/Test/More.pm line 1372. # Looks like your test exited with 1 just after 5.80-test_cmp_http.t ................. Dubious, test returned 1 (wstat 256, 0x100) All 5 subtests passed (less 5 skipped subtests: 0 okay) # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_cmp_http.t (Wstat: 256 Tests: 5 Failed: 0) Non-zero exit status: 1 Files=232, Tests=3109, 851 wallclock secs (11.13 usr 1.39 sys + 780.13 cusr 76.31 csys = 868.96 CPU) Result: FAIL make[1]: *** [Makefile:3273: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make: *** [Makefile:3270: tests] Error 2 From no-reply at appveyor.com Tue Mar 2 21:05:27 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Mar 2021 21:05:27 +0000 Subject: Build failed: openssl master.40332 Message-ID: <20210302210527.1.60057B815BC49C02@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Mar 2 23:45:15 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Mar 2021 23:45:15 +0000 Subject: Build completed: openssl master.40333 Message-ID: <20210302234515.1.0A28054062601B1E@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Mar 3 00:06:37 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 03 Mar 2021 00:06:37 +0000 Subject: [openssl] master update Message-ID: <1614729997.833615.22748.nullmailer@dev.openssl.org> The branch master has been updated via 81f9af3460dca0fe37d3a240cb385efbf0f0d362 (commit) via 77b03f0e8fd97a57f84294d085e7730de5b4da4c (commit) via f5c629a00aaf47fc1a90b435504662205ec0ee64 (commit) via fffb67343e6e5bdfce34f2b3e0add058c1be420a (commit) via 8d05a65256294f70a3bc34b7d13cc38e41a17402 (commit) via f378755d62e1646b36683de37408dd98549bef69 (commit) via 5e2f580d4ae51e60892adcdde6c5c25d83fe88e9 (commit) via 21b7dfa8adb67eb2abcffff529a8bda6dd92b9d9 (commit) via b3c155b83c984116ef1828664bbe77c66f53df6b (commit) from d36a5dd05ec58dec8a6175a25958f008166c421b (commit) - Log ----------------------------------------------------------------- commit 81f9af3460dca0fe37d3a240cb385efbf0f0d362 Author: Tomas Mraz Date: Mon Mar 1 16:14:30 2021 +0100 Remove todos in decode_der2key.c and decode_ms2key.c Those TODOs do not really apply to 3.0 as the legacy internal keys will stay. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit 77b03f0e8fd97a57f84294d085e7730de5b4da4c Author: Tomas Mraz Date: Mon Mar 1 16:07:15 2021 +0100 Improve error reporting in key exchange provider implementations Added some error reporting in dh_exch.c and unified error reporting with it in other key exchange methods. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit f5c629a00aaf47fc1a90b435504662205ec0ee64 Author: Tomas Mraz Date: Mon Mar 1 15:52:34 2021 +0100 Remove unused MAX_TLS_MAC_SIZE define Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit fffb67343e6e5bdfce34f2b3e0add058c1be420a Author: Tomas Mraz Date: Mon Mar 1 15:49:50 2021 +0100 Remove todos in providers/implementations/include/prov Those TODOs are not relevant anymore as the headers are now in providers. Also make the header guard defines better reflect the header placement. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit 8d05a65256294f70a3bc34b7d13cc38e41a17402 Author: Tomas Mraz Date: Fri Feb 26 18:28:48 2021 +0100 Resolve TODOs in signature implementations. The DER writing errors can be ignored safely. Document that the EVP_MAX_MD_SIZE is a hardcoded limit for digest sizes. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit f378755d62e1646b36683de37408dd98549bef69 Author: Tomas Mraz Date: Fri Feb 26 15:31:23 2021 +0100 statem_lib.c: Remove TODOs that are unnecessary If the EVP_MD_CTX_ctrl is deprecated the code will generate deprecation warnings. So there is no point in marking all EVP_MD_CTX_ctrl() calls with TODOs. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit 5e2f580d4ae51e60892adcdde6c5c25d83fe88e9 Author: Tomas Mraz Date: Fri Feb 26 14:42:57 2021 +0100 test_ssl_new: X448, X25519, and EdDSA are supported with fips Removed the related TODOs. Also adjusted the DH parameters used for the DH test to be acceptable for FIPS as that now allows only known safe prime parameters. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit 21b7dfa8adb67eb2abcffff529a8bda6dd92b9d9 Author: Tomas Mraz Date: Fri Feb 26 13:10:00 2021 +0100 evp_extra_test2: Remove TODO 3.0 The TODO marks optional cleanup that can be done any time in future. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) commit b3c155b83c984116ef1828664bbe77c66f53df6b Author: Tomas Mraz Date: Fri Feb 26 13:05:39 2021 +0100 evp_extra_test: Remove TODO comment as setting the curve is mandatory Even with the SM2 algorithm the curve is needed for the paramgen. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14367) ----------------------------------------------------------------------- Summary of changes: doc/man7/provider-digest.pod | 6 + .../implementations/encode_decode/decode_der2key.c | 2 +- .../implementations/encode_decode/decode_ms2key.c | 2 +- providers/implementations/exchange/dh_exch.c | 14 +- providers/implementations/exchange/ecdh_exch.c | 7 +- providers/implementations/exchange/ecx_exch.c | 4 +- providers/implementations/include/prov/blake2.h | 7 +- .../implementations/include/prov/ciphercommon.h | 3 - providers/implementations/include/prov/md5_sha1.h | 7 +- providers/implementations/signature/dsa.c | 6 +- providers/implementations/signature/eddsa.c | 2 +- providers/implementations/signature/sm2sig.c | 2 +- ssl/statem/statem_lib.c | 8 - test/certs/dhp2048.pem | 12 +- test/evp_extra_test.c | 1 - test/evp_extra_test2.c | 2 +- test/ssl-tests/20-cert-select.cnf | 238 ++++++++++----------- test/ssl-tests/20-cert-select.cnf.in | 129 +++++------ test/ssl-tests/28-seclevel.cnf.in | 5 +- 19 files changed, 222 insertions(+), 235 deletions(-) diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 4f90cf8b62..a0327a85df 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -249,6 +249,12 @@ OSSL_FUNC_digest_size() should return the digest size. OSSL_FUNC_digest_block_size() should return the block size of the underlying digest algorithm. +=head1 BUGS + +The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not +expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which +produces larger digests is unusable with those API calls. + =head1 SEE ALSO L, L, L, diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index fed30bf952..09601fc335 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -339,7 +339,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, * Tear out the low-level key pointer from the pkey, * but only if it matches the expected key type. * - * TODO: The check should be done with EVP_PKEY_is_a(), but + * The check should be done with EVP_PKEY_is_a(), but * as long as we still have #legacy internal keys, it's safer * to use the type numbers inside the provider. */ diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c index 339b347fa0..e1741f4e53 100644 --- a/providers/implementations/encode_decode/decode_ms2key.c +++ b/providers/implementations/encode_decode/decode_ms2key.c @@ -148,7 +148,7 @@ static int ms2key_post(struct ms2key_ctx_st *ctx, EVP_PKEY *pkey, * Tear out the low-level key pointer from the pkey, * but only if it matches the expected key type. * - * TODO(3.0): The check should be done with EVP_PKEY_is_a(), but + * The check should be done with EVP_PKEY_is_a(), but * as long as we still have #legacy internal keys, it's safer to * use the type numbers in side the provider. */ diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 2638675da5..7f0fa3295e 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "prov/providercommon.h" #include "prov/implementations.h" @@ -130,17 +131,20 @@ static int dh_plain_derive(void *vpdhctx, size_t dhsize; const BIGNUM *pub_key = NULL; - /* TODO(3.0): Add errors to stack */ - if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) + if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; + } dhsize = (size_t)DH_size(pdhctx->dh); if (secret == NULL) { *secretlen = dhsize; return 1; } - if (outlen < dhsize) + if (outlen < dhsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } DH_get0_key(pdhctx->dhpeer, &pub_key, NULL); if (pdhctx->pad) @@ -167,8 +171,10 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret, return 1; } - if (pdhctx->kdf_outlen > outlen) + if (pdhctx->kdf_outlen > outlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index 6c24643255..a1b984769e 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "prov/provider_ctx.h" #include "prov/providercommon.h" #include "prov/implementations.h" @@ -408,7 +409,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, int key_cofactor_mode; if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) { - ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET); + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -486,8 +487,10 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, return 1; } - if (pecdhctx->kdf_outlen > outlen) + if (pecdhctx->kdf_outlen > outlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c index 6d4471be3c..17861c0d75 100644 --- a/providers/implementations/exchange/ecx_exch.c +++ b/providers/implementations/exchange/ecx_exch.c @@ -123,7 +123,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, if (ecxctx->key == NULL || ecxctx->key->privkey == NULL || ecxctx->peerkey == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -138,7 +138,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, return 1; } if (outlen < ecxctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } diff --git a/providers/implementations/include/prov/blake2.h b/providers/implementations/include/prov/blake2.h index 33b82490ef..305f7a3c53 100644 --- a/providers/implementations/include/prov/blake2.h +++ b/providers/implementations/include/prov/blake2.h @@ -7,9 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ -#ifndef OSSL_PROVIDERS_DEFAULT_INCLUDE_INTERNAL_BLAKE2_H -# define OSSL_PROVIDERS_DEFAULT_INCLUDE_INTERNAL_BLAKE2_H +#ifndef OSSL_PROV_BLAKE2_H +# define OSSL_PROV_BLAKE2_H # include @@ -118,4 +117,4 @@ void ossl_blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, void ossl_blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length); -#endif /* OSSL_PROVIDERS_DEFAULT_INCLUDE_INTERNAL_BLAKE2_H */ +#endif /* OSSL_PROV_BLAKE2_H */ diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index d5212c3c81..7ccc9c7047 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -31,9 +31,6 @@ typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX; typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len); -/* TODO(3.0): VERIFY ME */ -#define MAX_TLS_MAC_SIZE 48 - /* Internal flags that can be queried */ #define PROV_CIPHER_FLAG_AEAD 0x0001 #define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002 diff --git a/providers/implementations/include/prov/md5_sha1.h b/providers/implementations/include/prov/md5_sha1.h index 33bfa29b51..284ec957ba 100644 --- a/providers/implementations/include/prov/md5_sha1.h +++ b/providers/implementations/include/prov/md5_sha1.h @@ -7,9 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ -#ifndef OSSL_INTERNAL_MD5_SHA1_H -# define OSSL_INTERNAL_MD5_SHA1_H +#ifndef OSSL_PROV_MD5_SHA1_H +# define OSSL_PROV_MD5_SHA1_H # include @@ -34,4 +33,4 @@ int ossl_md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms); # endif /* OPENSSL_NO_MD5 */ -#endif /* OSSL_INTERNAL_MD5_SHA1_H */ +#endif /* OSSL_PROV_MD5_SHA1_H */ diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index 81e435c419..eadf62361a 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -148,7 +148,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, EVP_MD_free(ctx->md); /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct @@ -313,7 +313,7 @@ int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, */ if (sig != NULL) { /* - * TODO(3.0): There is the possibility that some externally provided + * There is the possibility that some externally provided * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - * but that problem is much larger than just in DSA. */ @@ -338,7 +338,7 @@ int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, return 0; /* - * TODO(3.0): There is the possibility that some externally provided + * There is the possibility that some externally provided * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - * but that problem is much larger than just in DSA. */ diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 71b57d70ea..93b98dbbbc 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -105,7 +105,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, } /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c index d12c7191fb..18fdf62487 100644 --- a/providers/implementations/signature/sm2sig.c +++ b/providers/implementations/signature/sm2sig.c @@ -192,7 +192,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, goto error; /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index ba1fe75070..a7ed843aa4 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -329,10 +329,6 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) * in order to add the EVP_CTRL_SSL3_MASTER_SECRET call between them. */ if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 - /* - * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated - * with a call to ssl3_digest_master_key_set_params() - */ || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, (int)s->session->master_key_length, s->session->master_key) <= 0 @@ -520,10 +516,6 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } if (s->version == SSL3_VERSION) { - /* - * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated - * with a call to ssl3_digest_master_key_set_params() - */ if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, (int)s->session->master_key_length, diff --git a/test/certs/dhp2048.pem b/test/certs/dhp2048.pem index 9ee474b820..5e32efe779 100644 --- a/test/certs/dhp2048.pem +++ b/test/certs/dhp2048.pem @@ -1,8 +1,8 @@ -----BEGIN DH PARAMETERS----- -MIIBCAKCAQEAoI0V5HKAcsG4LlAnVJhYnnl2ErOcdvz7WN4n+LoSkZVkfPcPExAF -uXnT6v16rYfxCgZDPB/tSYaRhOxpJgaAHGA9PrfwprM4xQm9HLIWtidyIGtkgynQ -rrtxaCculbPOMxc1od7V0jw8/Sj4pdKjijmdvY3VsvuQPu6Lo7qV94u3pYN+WSP9 -ESPcY0lvIV0s0eYxzU5LOU7FZRv6gpe658yxnpaQf13M3sFBqcQEnw+vIjNyaBBK -Nm4jVFeKCN3aIz+yJL8y14HEnV/tnhtIrr33MAJvsG1qFBY7iFvbvlx/gKDW7qyk -V0/iN2uElrJZIGxD2uPMZNXO+dci+EriMwIBAg== +MIIBDAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAgICB/8= -----END DH PARAMETERS----- diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 33a8af717b..62840d0d19 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1319,7 +1319,6 @@ static int test_EVP_SM2(void) if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) goto done; - /* TODO is this even needed? */ if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) goto done; diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index bb8e897536..e61f50baad 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -8,7 +8,7 @@ */ /* - * TODO(3.0): Really these tests should be in evp_extra_test - but that doesn't + * Really these tests should be in evp_extra_test - but that doesn't * yet support testing with a non-default libctx. Once it does we should move * everything into one file. Consequently some things are duplicated between * the two files. diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index b0e3b79013..267690ee35 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -17,14 +17,14 @@ test-11 = 11-RSA-PSS Signature Algorithm Selection test-12 = 12-RSA key exchange with all RSA certificate types test-13 = 13-Suite B P-256 Hash Algorithm Selection test-14 = 14-Suite B P-384 Hash Algorithm Selection -test-15 = 15-ECDSA Signature Algorithm Selection SHA1 -test-16 = 16-Ed25519 CipherString and Signature Algorithm Selection -test-17 = 17-Ed448 CipherString and Signature Algorithm Selection -test-18 = 18-ECDSA with brainpool -test-19 = 19-Ed25519 CipherString and Curves Selection -test-20 = 20-Ed448 CipherString and Curves Selection -test-21 = 21-TLS 1.2 Ed25519 Client Auth -test-22 = 22-TLS 1.2 Ed448 Client Auth +test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection +test-16 = 16-Ed448 CipherString and Signature Algorithm Selection +test-17 = 17-Ed25519 CipherString and Curves Selection +test-18 = 18-Ed448 CipherString and Curves Selection +test-19 = 19-TLS 1.2 Ed25519 Client Auth +test-20 = 20-TLS 1.2 Ed448 Client Auth +test-21 = 21-ECDSA Signature Algorithm Selection SHA1 +test-22 = 22-ECDSA with brainpool test-23 = 23-RSA-PSS Certificate CipherString Selection test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection @@ -529,48 +529,14 @@ ExpectedServerSignType = EC # =========================================================== -[15-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 15-ECDSA Signature Algorithm Selection SHA1-ssl +[15-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl -[15-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 15-ECDSA Signature Algorithm Selection SHA1-server -client = 15-ECDSA Signature Algorithm Selection SHA1-client +[15-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 15-Ed25519 CipherString and Signature Algorithm Selection-server +client = 15-Ed25519 CipherString and Signature Algorithm Selection-client -[15-ECDSA Signature Algorithm Selection SHA1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-ECDSA Signature Algorithm Selection SHA1-client] -CipherString = DEFAULT:@SECLEVEL=0 -SignatureAlgorithms = ECDSA+SHA1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA1 -ExpectedServerSignType = EC - - -# =========================================================== - -[16-Ed25519 CipherString and Signature Algorithm Selection] -ssl_conf = 16-Ed25519 CipherString and Signature Algorithm Selection-ssl - -[16-Ed25519 CipherString and Signature Algorithm Selection-ssl] -server = 16-Ed25519 CipherString and Signature Algorithm Selection-server -client = 16-Ed25519 CipherString and Signature Algorithm Selection-client - -[16-Ed25519 CipherString and Signature Algorithm Selection-server] +[15-Ed25519 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -582,7 +548,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-Ed25519 CipherString and Signature Algorithm Selection-client] +[15-Ed25519 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -590,7 +556,7 @@ SignatureAlgorithms = ed25519:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-15] ExpectedResult = Success ExpectedServerCANames = empty ExpectedServerCertType = Ed25519 @@ -599,14 +565,14 @@ ExpectedServerSignType = Ed25519 # =========================================================== -[17-Ed448 CipherString and Signature Algorithm Selection] -ssl_conf = 17-Ed448 CipherString and Signature Algorithm Selection-ssl +[16-Ed448 CipherString and Signature Algorithm Selection] +ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl -[17-Ed448 CipherString and Signature Algorithm Selection-ssl] -server = 17-Ed448 CipherString and Signature Algorithm Selection-server -client = 17-Ed448 CipherString and Signature Algorithm Selection-client +[16-Ed448 CipherString and Signature Algorithm Selection-ssl] +server = 16-Ed448 CipherString and Signature Algorithm Selection-server +client = 16-Ed448 CipherString and Signature Algorithm Selection-client -[17-Ed448 CipherString and Signature Algorithm Selection-server] +[16-Ed448 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -618,7 +584,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-Ed448 CipherString and Signature Algorithm Selection-client] +[16-Ed448 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem @@ -626,7 +592,7 @@ SignatureAlgorithms = ed448:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer -[test-17] +[test-16] ExpectedResult = Success ExpectedServerCANames = empty ExpectedServerCertType = Ed448 @@ -635,43 +601,14 @@ ExpectedServerSignType = Ed448 # =========================================================== -[18-ECDSA with brainpool] -ssl_conf = 18-ECDSA with brainpool-ssl - -[18-ECDSA with brainpool-ssl] -server = 18-ECDSA with brainpool-server -client = 18-ECDSA with brainpool-client - -[18-ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +[17-Ed25519 CipherString and Curves Selection] +ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl -[18-ECDSA with brainpool-client] -CipherString = aECDSA -Groups = brainpoolP256r1 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +[17-Ed25519 CipherString and Curves Selection-ssl] +server = 17-Ed25519 CipherString and Curves Selection-server +client = 17-Ed25519 CipherString and Curves Selection-client -[test-18] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = brainpoolP256r1 -ExpectedServerSignType = EC - - -# =========================================================== - -[19-Ed25519 CipherString and Curves Selection] -ssl_conf = 19-Ed25519 CipherString and Curves Selection-ssl - -[19-Ed25519 CipherString and Curves Selection-ssl] -server = 19-Ed25519 CipherString and Curves Selection-server -client = 19-Ed25519 CipherString and Curves Selection-client - -[19-Ed25519 CipherString and Curves Selection-server] +[17-Ed25519 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -683,7 +620,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-Ed25519 CipherString and Curves Selection-client] +[17-Ed25519 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X25519 MaxProtocol = TLSv1.2 @@ -691,7 +628,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-17] ExpectedResult = Success ExpectedServerCertType = Ed25519 ExpectedServerSignType = Ed25519 @@ -699,14 +636,14 @@ ExpectedServerSignType = Ed25519 # =========================================================== -[20-Ed448 CipherString and Curves Selection] -ssl_conf = 20-Ed448 CipherString and Curves Selection-ssl +[18-Ed448 CipherString and Curves Selection] +ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl -[20-Ed448 CipherString and Curves Selection-ssl] -server = 20-Ed448 CipherString and Curves Selection-server -client = 20-Ed448 CipherString and Curves Selection-client +[18-Ed448 CipherString and Curves Selection-ssl] +server = 18-Ed448 CipherString and Curves Selection-server +client = 18-Ed448 CipherString and Curves Selection-client -[20-Ed448 CipherString and Curves Selection-server] +[18-Ed448 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -718,7 +655,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-Ed448 CipherString and Curves Selection-client] +[18-Ed448 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X448 MaxProtocol = TLSv1.2 @@ -726,7 +663,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer -[test-20] +[test-18] ExpectedResult = Success ExpectedServerCertType = Ed448 ExpectedServerSignType = Ed448 @@ -734,21 +671,21 @@ ExpectedServerSignType = Ed448 # =========================================================== -[21-TLS 1.2 Ed25519 Client Auth] -ssl_conf = 21-TLS 1.2 Ed25519 Client Auth-ssl +[19-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl -[21-TLS 1.2 Ed25519 Client Auth-ssl] -server = 21-TLS 1.2 Ed25519 Client Auth-server -client = 21-TLS 1.2 Ed25519 Client Auth-client +[19-TLS 1.2 Ed25519 Client Auth-ssl] +server = 19-TLS 1.2 Ed25519 Client Auth-server +client = 19-TLS 1.2 Ed25519 Client Auth-client -[21-TLS 1.2 Ed25519 Client Auth-server] +[19-TLS 1.2 Ed25519 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[21-TLS 1.2 Ed25519 Client Auth-client] +[19-TLS 1.2 Ed25519 Client Auth-client] CipherString = DEFAULT Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem @@ -757,7 +694,7 @@ MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-19] ExpectedClientCertType = Ed25519 ExpectedClientSignType = Ed25519 ExpectedResult = Success @@ -765,21 +702,21 @@ ExpectedResult = Success # =========================================================== -[22-TLS 1.2 Ed448 Client Auth] -ssl_conf = 22-TLS 1.2 Ed448 Client Auth-ssl +[20-TLS 1.2 Ed448 Client Auth] +ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl -[22-TLS 1.2 Ed448 Client Auth-ssl] -server = 22-TLS 1.2 Ed448 Client Auth-server -client = 22-TLS 1.2 Ed448 Client Auth-client +[20-TLS 1.2 Ed448 Client Auth-ssl] +server = 20-TLS 1.2 Ed448 Client Auth-server +client = 20-TLS 1.2 Ed448 Client Auth-client -[22-TLS 1.2 Ed448 Client Auth-server] +[20-TLS 1.2 Ed448 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[22-TLS 1.2 Ed448 Client Auth-client] +[20-TLS 1.2 Ed448 Client Auth-client] CipherString = DEFAULT Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem @@ -788,12 +725,75 @@ MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-20] ExpectedClientCertType = Ed448 ExpectedClientSignType = Ed448 ExpectedResult = Success +# =========================================================== + +[21-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl + +[21-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 21-ECDSA Signature Algorithm Selection SHA1-server +client = 21-ECDSA Signature Algorithm Selection SHA1-client + +[21-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT:@SECLEVEL=0 +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + +# =========================================================== + +[22-ECDSA with brainpool] +ssl_conf = 22-ECDSA with brainpool-ssl + +[22-ECDSA with brainpool-ssl] +server = 22-ECDSA with brainpool-server +client = 22-ECDSA with brainpool-client + +[22-ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[22-ECDSA with brainpool-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = brainpoolP256r1 +ExpectedServerSignType = EC + + # =========================================================== [23-RSA-PSS Certificate CipherString Selection] diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index ddb9ff4747..1aa3b0aeec 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -12,26 +12,15 @@ use OpenSSL::Test::Utils; our $fips_mode; our $no_deflt_libctx; -my $server; - -if ($fips_mode) { - #TODO(3.0): No EdDSA support in FIPS mode at the moment - $server = { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "MaxProtocol" => "TLSv1.2" - }; -} else { - $server = { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" - }; -} +my $server = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; my $server_pss = { "PSS.Certificate" => test_pem("server-pss-cert.pem"), @@ -304,33 +293,6 @@ our @tests = ( "ExpectedResult" => "Success" }, }, -); - -my @tests_non_fips = ( - { - name => "ECDSA Signature Algorithm Selection SHA1", - server => { - "CipherString" => "DEFAULT:\@SECLEVEL=0", - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" - }, - client => { - "CipherString" => "DEFAULT:\@SECLEVEL=0", - "SignatureAlgorithms" => "ECDSA+SHA1", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA1", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - # TODO(3.0) No Ed25519/Ed448 in FIPS mode at the moment { name => "Ed25519 CipherString and Signature Algorithm Selection", server => $server, @@ -366,28 +328,6 @@ my @tests_non_fips = ( "ExpectedResult" => "Success" }, }, - { - name => "ECDSA with brainpool", - server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", - }, - client => { - #We don't restrict this to TLSv1.2, although use of brainpool - #should force this anyway so that this should succeed - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", - }, - test => { - "ExpectedServerCertType" =>, "brainpoolP256r1", - "ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, { name => "Ed25519 CipherString and Curves Selection", server => $server, @@ -461,6 +401,54 @@ my @tests_non_fips = ( }, ); +my @tests_non_fips = ( + { + name => "ECDSA Signature Algorithm Selection SHA1", + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA1", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + #We don't restrict this to TLSv1.2, although use of brainpool + #should force this anyway so that this should succeed + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + }, + test => { + "ExpectedServerCertType" =>, "brainpoolP256r1", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +); + my @tests_pss = ( { name => "RSA-PSS Certificate CipherString Selection", @@ -980,7 +968,6 @@ my @tests_dsa_tls_1_3 = ( ); if (!disabled("dsa")) { - #TODO(3.0): Temporary workaround for DH issues in FIPS. Needs investigation - push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_mode; + push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); } diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in index 56c23eba3a..945f4599d1 100644 --- a/test/ssl-tests/28-seclevel.cnf.in +++ b/test/ssl-tests/28-seclevel.cnf.in @@ -81,6 +81,5 @@ our @tests_tls1_2 = ( }, ); -#TODO(3.0): No Ed448 or X25519 in FIPS mode at the moment -push @tests, @tests_ec unless disabled("ec") || $fips_mode; -push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec")|| $fips_mode; +push @tests, @tests_ec unless disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); From openssl at openssl.org Wed Mar 3 01:06:37 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Mar 2021 01:06:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1614733597.561364.780063.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 70-test_sslextension.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 2 Non-zero exit status: 1 Parse errors: Bad plan. You planned 8 tests but ran 7. Files=232, Tests=3215, 910 wallclock secs (12.15 usr 1.17 sys + 836.23 cusr 75.40 csys = 924.95 CPU) Result: FAIL make[1]: *** [Makefile:3271: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' make: *** [Makefile:3268: tests] Error 2 From openssl at openssl.org Wed Mar 3 02:01:29 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Mar 2021 02:01:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1614736889.553084.885758.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): # false # OPENSSL_TEST_RAND_ORDER=1614736215 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1614736215 not ok 54 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/muDx33hleT default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8021F4050A7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 8021F4050A7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:944 # false # OPENSSL_TEST_RAND_ORDER=1614736229 not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8021F4050A7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 8021F4050A7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1425 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1503 # false # OPENSSL_TEST_RAND_ORDER=1614736229 not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8021F4050A7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 8021F4050A7F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6574 # false # OPENSSL_TEST_RAND_ORDER=1614736229 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1614736229 not ok 54 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/muDx33hleT fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3) Failed tests: 8, 17, 19 Non-zero exit status: 3 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=232, Tests=3301, 938 wallclock secs (14.37 usr 1.44 sys + 846.65 cusr 90.46 csys = 952.92 CPU) Result: FAIL make[1]: *** [Makefile:3290: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' make: *** [Makefile:3287: tests] Error 2 From openssl at openssl.org Wed Mar 3 03:50:37 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Mar 2021 03:50:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1614743437.950526.1095261.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 70-test_sslextension.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 2 Non-zero exit status: 1 Parse errors: Bad plan. You planned 8 tests but ran 7. Files=232, Tests=3215, 914 wallclock secs (12.73 usr 1.42 sys + 828.31 cusr 83.64 csys = 926.10 CPU) Result: FAIL make[1]: *** [Makefile:3270: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' make: *** [Makefile:3267: tests] Error 2 From openssl at openssl.org Wed Mar 3 04:47:42 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Mar 2021 04:47:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1614746862.193497.1201941.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): # false # OPENSSL_TEST_RAND_ORDER=1614746190 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1614746190 not ok 54 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/M2DQ1K9931 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80F1DC0E227F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80F1DC0E227F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:944 # false # OPENSSL_TEST_RAND_ORDER=1614746203 not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80F1DC0E227F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80F1DC0E227F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1425 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1503 # false # OPENSSL_TEST_RAND_ORDER=1614746203 not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80F1DC0E227F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80F1DC0E227F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6574 # false # OPENSSL_TEST_RAND_ORDER=1614746203 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1614746203 not ok 54 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/M2DQ1K9931 fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 768 Tests: 31 Failed: 3) Failed tests: 8, 17, 19 Non-zero exit status: 3 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=232, Tests=3301, 1143 wallclock secs (14.34 usr 1.41 sys + 1050.99 cusr 91.02 csys = 1157.76 CPU) Result: FAIL make[1]: *** [Makefile:3261: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' make: *** [Makefile:3258: tests] Error 2 From openssl at openssl.org Wed Mar 3 05:38:16 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Mar 2021 05:38:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1614749896.899973.1306856.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified gettable/settable ctx calls for MACs 1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs de43d82b6d core: support modified gettable/settable ctx calls for KDFs a5120afda3 evp: support modified gettable/settable ctx calls for KDFs 530cacb56f doc: changes to match the updated context gettable/settable calls caa60428cd evp: support modified gettable/settable ctx calls for RNGs 1c9eaf4251 core: update RNG gettable/settable ctx param calls a3f091fddd prov: update RNGs to support modified gettable/settable CTX params 90fec26dc6 doc: note changes to rand gettable/settable provider call d618ac6fd7 doc: note changes to digest gettable/settable provider calls 6de3a06dd4 modify EVP to support digest gettable/settable calls aa95e08b29 core: update digest gettable/settable ctx params calls e772f25ca8 prov: update digests to support modified ctx params 5a6a6d59a6 Makefile: Only update doc/build.info when there's an actual change 32ab57cbb4 Fix external symbols related to ec & sm2 keys 5af02212a5 Fix external symbols related to dsa keys 19dbb742cd Fix external symbols related to dh keys 94553e85b6 Fix external symbols for bn 2d96895122 Fix filename escaping in c_rehash 1cba86234a evp_extra_test: Do not manipulate providers in default context 8cdc3425af fake_random: Do not overwrite the callback on instatiation 0c84139c98 Ensure that the fake rand is initialized 75de543635 Fix an integer overflow in o_time.c 5eb73cfb37 Add a test for a names_do_all function d84f5515fa Don't hold a lock when calling a callback in ossl_namemap_doall_names Build log ended with (last 100 lines): # ------------------------------------------------------------------------------ # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1614749258 not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1614749258 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1614749258 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1614749258 not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 14-curves.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 14-curves.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 14-curves.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 176. # Looks like you failed 3 tests of 9. not ok 15 - Test configuration 14-curves.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 15 Non-zero exit status: 1 Files=232, Tests=3224, 906 wallclock secs (13.04 usr 1.37 sys + 813.79 cusr 87.15 csys = 915.35 CPU) Result: FAIL make[1]: *** [Makefile:3272: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' make: *** [Makefile:3269: tests] Error 2 From shane.lontis at oracle.com Wed Mar 3 06:21:36 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 03 Mar 2021 06:21:36 +0000 Subject: [openssl] master update Message-ID: <1614752496.146316.8130.nullmailer@dev.openssl.org> The branch master has been updated via 4e4ae84056133c863860e27ceedae8bd3fb0a402 (commit) from 81f9af3460dca0fe37d3a240cb385efbf0f0d362 (commit) - Log ----------------------------------------------------------------- commit 4e4ae84056133c863860e27ceedae8bd3fb0a402 Author: Shane Lontis Date: Wed Feb 24 15:59:14 2021 +1000 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. Fixes #14294 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14295) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_cert.c | 2 +- .../Mock/signer.crt => certs/leaf-chain.pem} | 26 ++++++++-- test/sslapitest.c | 57 ++++++++++++++++++++++ 3 files changed, 79 insertions(+), 6 deletions(-) copy test/{recipes/80-test_cmp_http_data/Mock/signer.crt => certs/leaf-chain.pem} (75%) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a9d9b9ca06..f78cb99c18 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -878,7 +878,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) untrusted = cpk->chain; } - xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, ctx->propq); + xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq); if (xs_ctx == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/test/recipes/80-test_cmp_http_data/Mock/signer.crt b/test/certs/leaf-chain.pem similarity index 75% copy from test/recipes/80-test_cmp_http_data/Mock/signer.crt copy to test/certs/leaf-chain.pem index cb72e33bff..a2e4a50513 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/signer.crt +++ b/test/certs/leaf-chain.pem @@ -1,4 +1,3 @@ -Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = leaf -----BEGIN CERTIFICATE----- MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX @@ -20,8 +19,6 @@ QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== -----END CERTIFICATE----- - -Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA -----BEGIN CERTIFICATE----- MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX @@ -43,8 +40,6 @@ mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== -----END CERTIFICATE----- - -Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = interCA -----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX @@ -66,3 +61,24 @@ Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/test/sslapitest.c b/test/sslapitest.c index 3fa60538e9..06d8e80200 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -641,6 +641,61 @@ end: return testresult; } +static int test_ssl_build_cert_chain(void) +{ + int ret = 0; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); + + if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + if (!TEST_ptr(ssl = SSL_new(ssl_ctx))) + goto end; + /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ + if (!TEST_int_eq(SSL_use_certificate_chain_file(ssl, leaf_chain), 1) + || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_check_private_key(ssl), 1)) + goto end; + if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT + | SSL_BUILD_CHAIN_FLAG_CHECK))) + goto end; + ret = 1; +end: + SSL_free(ssl); + SSL_CTX_free(ssl_ctx); + OPENSSL_free(leaf_chain); + OPENSSL_free(skey); + return ret; +} + +static int test_ssl_ctx_build_cert_chain(void) +{ + int ret = 0; + SSL_CTX *ctx = NULL; + char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ + if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1)) + goto end; + if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT + | SSL_BUILD_CHAIN_FLAG_CHECK))) + goto end; + ret = 1; +end: + SSL_CTX_free(ctx); + OPENSSL_free(leaf_chain); + OPENSSL_free(skey); + return ret; +} + #ifndef OPENSSL_NO_TLS1_2 static int full_client_hello_callback(SSL *s, int *al, void *arg) { @@ -8710,6 +8765,8 @@ int setup_tests(void) ADD_TEST(test_keylog_no_master_key); #endif ADD_TEST(test_client_cert_verify_cb); + ADD_TEST(test_ssl_build_cert_chain); + ADD_TEST(test_ssl_ctx_build_cert_chain); #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_client_hello_cb); ADD_TEST(test_no_ems); From tomas at openssl.org Wed Mar 3 10:25:52 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 03 Mar 2021 10:25:52 +0000 Subject: [openssl] master update Message-ID: <1614767152.776794.22390.nullmailer@dev.openssl.org> The branch master has been updated via fb67126ea8a1a9fadb9b60641d84808fc123cd9d (commit) from 4e4ae84056133c863860e27ceedae8bd3fb0a402 (commit) - Log ----------------------------------------------------------------- commit fb67126ea8a1a9fadb9b60641d84808fc123cd9d Author: Tomas Mraz Date: Fri Feb 26 18:02:36 2021 +0100 EVP_PKEY_CTX_get/settable_params: pass provider operation context This allows making the signature operations return different settable params when the context is initialized with EVP_DigestSign/VerifyInit. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14338) ----------------------------------------------------------------------- Summary of changes: crypto/evp/asymcipher.c | 4 +-- crypto/evp/exchange.c | 4 +-- crypto/evp/kem.c | 4 +-- crypto/evp/keymgmt_meth.c | 2 +- crypto/evp/pmeth_lib.c | 32 +++++++++++++++------- crypto/evp/signature.c | 4 +-- doc/man7/provider-kem.pod | 4 +-- doc/man7/provider-keyexch.pod | 6 ++-- doc/man7/provider-keymgmt.pod | 3 +- doc/man7/provider-signature.pod | 7 +++-- include/openssl/core_dispatch.h | 25 ++++++++--------- providers/implementations/asymciphers/rsa_enc.c | 6 ++-- providers/implementations/asymciphers/sm2_enc.c | 6 ++-- providers/implementations/exchange/dh_exch.c | 6 ++-- providers/implementations/exchange/ecdh_exch.c | 6 ++-- providers/implementations/exchange/kdf_exch.c | 8 ++++-- providers/implementations/kem/rsa_kem.c | 6 ++-- providers/implementations/keymgmt/dh_kmgmt.c | 3 +- providers/implementations/keymgmt/dsa_kmgmt.c | 3 +- providers/implementations/keymgmt/ec_kmgmt.c | 3 +- providers/implementations/keymgmt/ecx_kmgmt.c | 3 +- .../implementations/keymgmt/mac_legacy_kmgmt.c | 6 ++-- providers/implementations/keymgmt/rsa_kmgmt.c | 6 ++-- providers/implementations/signature/dsa.c | 30 ++++++++++---------- providers/implementations/signature/ecdsa.c | 21 ++++++++++---- providers/implementations/signature/eddsa.c | 3 +- providers/implementations/signature/mac_legacy.c | 8 ++++-- providers/implementations/signature/rsa.c | 30 ++++++++++++-------- providers/implementations/signature/sm2sig.c | 6 ++-- test/tls-provider.c | 3 +- 30 files changed, 158 insertions(+), 100 deletions(-) diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index f096c19345..ee8e8662b0 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -452,7 +452,7 @@ const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip return NULL; provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip)); - return cip->gettable_ctx_params(provctx); + return cip->gettable_ctx_params(NULL, provctx); } const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip) @@ -463,5 +463,5 @@ const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip return NULL; provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip)); - return cip->settable_ctx_params(provctx); + return cip->settable_ctx_params(NULL, provctx); } diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 67f4c5389f..e0f15026c8 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -478,7 +478,7 @@ const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch) return NULL; provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch)); - return keyexch->gettable_ctx_params(provctx); + return keyexch->gettable_ctx_params(NULL, provctx); } const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch) @@ -488,5 +488,5 @@ const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch) if (keyexch == NULL || keyexch->settable_ctx_params == NULL) return NULL; provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch)); - return keyexch->settable_ctx_params(provctx); + return keyexch->settable_ctx_params(NULL, provctx); } diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index 2b81cc1586..e26c3502db 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -367,7 +367,7 @@ const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem) return NULL; provctx = ossl_provider_ctx(EVP_KEM_provider(kem)); - return kem->gettable_ctx_params(provctx); + return kem->gettable_ctx_params(NULL, provctx); } const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem) @@ -378,5 +378,5 @@ const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem) return NULL; provctx = ossl_provider_ctx(EVP_KEM_provider(kem)); - return kem->settable_ctx_params(provctx); + return kem->settable_ctx_params(NULL, provctx); } diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index aecb7ec368..3142996cab 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -340,7 +340,7 @@ const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt) if (keymgmt->gen_settable_params == NULL) return NULL; - return keymgmt->gen_settable_params(provctx); + return keymgmt->gen_settable_params(NULL, provctx); } void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 478ae40a26..2cc30f1af4 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -744,27 +744,31 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx) && ctx->op.kex.exchange != NULL && ctx->op.kex.exchange->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange)); - return ctx->op.kex.exchange->gettable_ctx_params(provctx); + return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.exchprovctx, + provctx); } if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx( EVP_SIGNATURE_provider(ctx->op.sig.signature)); - return ctx->op.sig.signature->gettable_ctx_params(provctx); + return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.sigprovctx, + provctx); } if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx( EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher)); - return ctx->op.ciph.cipher->gettable_ctx_params(provctx); + return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.ciphprovctx, + provctx); } if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem)); - return ctx->op.encap.kem->gettable_ctx_params(provctx); + return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.kemprovctx, + provctx); } return NULL; } @@ -777,30 +781,38 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx) && ctx->op.kex.exchange != NULL && ctx->op.kex.exchange->settable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange)); - return ctx->op.kex.exchange->settable_ctx_params(provctx); + return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.exchprovctx, + provctx); } if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->settable_ctx_params != NULL) { provctx = ossl_provider_ctx( EVP_SIGNATURE_provider(ctx->op.sig.signature)); - return ctx->op.sig.signature->settable_ctx_params(provctx); + return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.sigprovctx, + provctx); } if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->settable_ctx_params != NULL) { provctx = ossl_provider_ctx( EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher)); - return ctx->op.ciph.cipher->settable_ctx_params(provctx); + return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.ciphprovctx, + provctx); } if (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->keymgmt != NULL) - return EVP_KEYMGMT_gen_settable_params(ctx->keymgmt); + && ctx->keymgmt != NULL + && ctx->keymgmt->gen_settable_params != NULL) { + provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(ctx->keymgmt)); + return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx, + provctx); + } if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->settable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem)); - return ctx->op.encap.kem->settable_ctx_params(provctx); + return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.kemprovctx, + provctx); } return NULL; } diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 4a1692ce98..277e972414 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -347,7 +347,7 @@ const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig) return NULL; provctx = ossl_provider_ctx(EVP_SIGNATURE_provider(sig)); - return sig->gettable_ctx_params(provctx); + return sig->gettable_ctx_params(NULL, provctx); } const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig) @@ -358,7 +358,7 @@ const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig) return NULL; provctx = ossl_provider_ctx(EVP_SIGNATURE_provider(sig)); - return sig->settable_ctx_params(provctx); + return sig->settable_ctx_params(NULL, provctx); } static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) diff --git a/doc/man7/provider-kem.pod b/doc/man7/provider-kem.pod index 4d16a3e625..d4467dbd79 100644 --- a/doc/man7/provider-kem.pod +++ b/doc/man7/provider-kem.pod @@ -34,9 +34,9 @@ provider-kem - The kem library E-E provider functions /* KEM parameters */ int OSSL_FUNC_kem_get_ctx_params(void *ctx, OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_kem_gettable_ctx_params(void *provctx); + const OSSL_PARAM *OSSL_FUNC_kem_gettable_ctx_params(void *ctx, void *provctx); int OSSL_FUNC_kem_set_ctx_params(void *ctx, const OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_kem_settable_ctx_params(void *provctx); + const OSSL_PARAM *OSSL_FUNC_kem_settable_ctx_params(void *ctx, void *provctx); =head1 DESCRIPTION diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod index 01a8ec5e4d..bf97096cb2 100644 --- a/doc/man7/provider-keyexch.pod +++ b/doc/man7/provider-keyexch.pod @@ -30,9 +30,11 @@ provider-keyexch - The keyexch library E-E provider functions /* Key Exchange parameters */ int OSSL_FUNC_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_keyexch_settable_ctx_params(void *provctx); + const OSSL_PARAM *OSSL_FUNC_keyexch_settable_ctx_params(void *ctx, + void *provctx); int OSSL_FUNC_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_keyexch_gettable_ctx_params(void *provctx); + const OSSL_PARAM *OSSL_FUNC_keyexch_gettable_ctx_params(void *ctx, + void *provctx); =head1 DESCRIPTION diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 08d7df6d5b..2156ed9b7f 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -22,7 +22,8 @@ provider-keymgmt - The KEYMGMT library E-E provider functions void *OSSL_FUNC_keymgmt_gen_init(void *provctx, int selection); int OSSL_FUNC_keymgmt_gen_set_template(void *genctx, void *template); int OSSL_FUNC_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_settable_params(void *provctx); + const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_settable_params(void *genctx, + void *provctx); void *OSSL_FUNC_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg); void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx); diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod index 9c2a7d0c2b..0d17d58367 100644 --- a/doc/man7/provider-signature.pod +++ b/doc/man7/provider-signature.pod @@ -64,10 +64,11 @@ provider-signature - The signature library E-E provider functions /* Signature parameters */ int OSSL_FUNC_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *provctx); + const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *ctx, + void *provctx); int OSSL_FUNC_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]); - const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *provctx); - + const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *ctx, + void *provctx); /* MD parameters */ int OSSL_FUNC_signature_get_ctx_md_params(void *ctx, OSSL_PARAM params[]); const OSSL_PARAM * OSSL_FUNC_signature_gettable_ctx_md_params(void *ctx); diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index f88645f0f6..76fd0ada6c 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -528,11 +528,8 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template, OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params, (void *genctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, - keymgmt_gen_settable_params, (void *provctx)) -OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_get_params, - (void *genctx, OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, - keymgmt_gen_gettable_params, (void *provctx)) + keymgmt_gen_settable_params, + (void *genctx, void *provctx)) OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen, (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx)) @@ -623,11 +620,11 @@ OSSL_CORE_MAKE_FUNC(void *, keyexch_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, keyexch_set_ctx_params, (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_settable_ctx_params, - (void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, keyexch_get_ctx_params, (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params, - (void *provctx)) + (void *ctx, void *provctx)) /* Signature */ @@ -702,11 +699,11 @@ OSSL_CORE_MAKE_FUNC(void *, signature_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_params, (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_params, - (void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_params, (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_params, - (void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_md_params, (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_md_params, @@ -749,11 +746,11 @@ OSSL_CORE_MAKE_FUNC(void *, asym_cipher_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, asym_cipher_get_ctx_params, (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_gettable_ctx_params, - (void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, asym_cipher_set_ctx_params, (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params, - (void *provctx)) + (void *ctx, void *provctx)) /* Asymmetric Key encapsulation */ # define OSSL_FUNC_KEM_NEWCTX 1 @@ -781,10 +778,12 @@ OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx, OSSL_CORE_MAKE_FUNC(void, kem_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, kem_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, kem_get_ctx_params, (void *ctx, OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_gettable_ctx_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_gettable_ctx_params, + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, kem_set_ctx_params, (void *ctx, const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_settable_ctx_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_settable_ctx_params, + (void *ctx, void *provctx)) /* Encoders and decoders */ # define OSSL_FUNC_ENCODER_NEWCTX 1 diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 5484c3d54a..8bf93dc7a2 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -408,7 +408,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -552,7 +553,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_settable_ctx_params; } diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index 0068e504e2..efd87f9d6a 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -176,7 +176,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2_gettable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -202,7 +203,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2_settable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 7f0fa3295e..b74adfbc34 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -389,7 +389,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *dh_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *dh_settable_ctx_params(ossl_unused void *vpdhctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -404,7 +405,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *dh_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *dh_gettable_ctx_params(ossl_unused void *vpdhctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index a1b984769e..d468d2a8a2 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -298,7 +298,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { }; static -const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *provctx) +const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *vpecdhctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -375,7 +376,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { }; static -const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *provctx) +const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *vpecdhctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c index 7b6b12af69..6979ce5c11 100644 --- a/providers/implementations/exchange/kdf_exch.c +++ b/providers/implementations/exchange/kdf_exch.c @@ -149,7 +149,8 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params); } -static const OSSL_PARAM *kdf_settable_ctx_params(void *provctx, +static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, + void *provctx, const char *kdfname) { EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, @@ -166,9 +167,10 @@ static const OSSL_PARAM *kdf_settable_ctx_params(void *provctx, } #define KDF_SETTABLE_CTX_PARAMS(funcname, kdfname) \ - static const OSSL_PARAM *kdf_##funcname##_settable_ctx_params(void *provctx) \ + static const OSSL_PARAM *kdf_##funcname##_settable_ctx_params(void *vpkdfctx, \ + void *provctx) \ { \ - return kdf_settable_ctx_params(provctx, kdfname); \ + return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ } KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c index 0bf0607735..559d7d0c52 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -156,7 +156,8 @@ static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_gettable_rsakem_ctx_params; } @@ -187,7 +188,8 @@ static const OSSL_PARAM known_settable_rsakem_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_settable_rsakem_ctx_params; } diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 9b1679e4fa..5731b73418 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -558,7 +558,8 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *dh_gen_settable_params(void *provctx) +static const OSSL_PARAM *dh_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 18313aa329..92ab579b66 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -476,7 +476,8 @@ static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *dsa_gen_settable_params(void *provctx) +static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 6a74196600..92521b66ec 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -1121,7 +1121,8 @@ err: return ret; } -static const OSSL_PARAM *ec_gen_settable_params(void *provctx) +static const OSSL_PARAM *ec_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 6cb0e9bc41..0adfd01173 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -529,7 +529,8 @@ static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *ecx_gen_settable_params(void *provctx) +static const OSSL_PARAM *ecx_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index 77efe145d9..9d98d32fb2 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -428,7 +428,8 @@ static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *mac_gen_settable_params(void *provctx) +static const OSSL_PARAM *mac_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), @@ -437,7 +438,8 @@ static const OSSL_PARAM *mac_gen_settable_params(void *provctx) return settable; } -static const OSSL_PARAM *cmac_gen_settable_params(void *provctx) +static const OSSL_PARAM *cmac_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 0d3782e830..ac8443a739 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -502,7 +502,8 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) -static const OSSL_PARAM *rsa_gen_settable_params(void *provctx) +static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { rsa_gen_basic, @@ -512,7 +513,8 @@ static const OSSL_PARAM *rsa_gen_settable_params(void *provctx) return settable; } -static const OSSL_PARAM *rsapss_gen_settable_params(void *provctx) +static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { rsa_gen_basic, diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index eadf62361a..214238e7cc 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -434,7 +434,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *vctx) +static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -470,27 +471,24 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { +static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_END }; -static const OSSL_PARAM *dsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM settable_ctx_params_no_digest[] = { + OSSL_PARAM_END +}; + +static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, + ossl_unused void *provctx) { - /* - * TODO(3.0): Should this function return a different set of settable ctx - * params if the ctx is being used for a DigestSign/DigestVerify? In that - * case it is not allowed to set the digest size/digest name because the - * digest is explicitly set as part of the init. - * NOTE: Ideally we would check pdsactx->flag_allow_md, but this is - * problematic because there is no nice way of passing the - * PROV_DSA_CTX down to this function... - * Because we have API's that dont know about their parent.. - * e.g: EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig). - * We could pass NULL for that case (but then how useful is the check?). - */ - return known_settable_ctx_params; + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx != NULL && !pdsactx->flag_allow_md) + return settable_ctx_params_no_digest; + return settable_ctx_params; } static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 74717c9b56..0e99cb2a5d 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -433,7 +433,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -481,17 +482,27 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), +static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), OSSL_PARAM_END }; -static const OSSL_PARAM *ecdsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM settable_ctx_params_no_digest[] = { + OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, + ossl_unused void *provctx) { - return known_settable_ctx_params; + PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; + + if (ctx != NULL && !ctx->flag_allow_md) + return settable_ctx_params_no_digest; + return settable_ctx_params; } static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params) diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 93b98dbbbc..0427d38241 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -293,7 +293,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *vpeddsactx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c index fb99221f08..81bf8f27a1 100644 --- a/providers/implementations/signature/mac_legacy.c +++ b/providers/implementations/signature/mac_legacy.c @@ -202,7 +202,8 @@ static int mac_set_ctx_params(void *vpmacctx, const OSSL_PARAM params[]) return EVP_MAC_CTX_set_params(ctx->macctx, params); } -static const OSSL_PARAM *mac_settable_ctx_params(void *provctx, +static const OSSL_PARAM *mac_settable_ctx_params(ossl_unused void *ctx, + void *provctx, const char *macname) { EVP_MAC *mac = EVP_MAC_fetch(PROV_LIBCTX_OF(provctx), macname, @@ -219,9 +220,10 @@ static const OSSL_PARAM *mac_settable_ctx_params(void *provctx, } #define MAC_SETTABLE_CTX_PARAMS(funcname, macname) \ - static const OSSL_PARAM *mac_##funcname##_settable_ctx_params(void *provctx) \ + static const OSSL_PARAM *mac_##funcname##_settable_ctx_params(void *ctx, \ + void *provctx) \ { \ - return mac_settable_ctx_params(provctx, macname); \ + return mac_settable_ctx_params(ctx, provctx, macname); \ } MAC_SETTABLE_CTX_PARAMS(hmac, "HMAC") diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index ca1510e718..d3189b0d1a 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -1097,7 +1097,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vctx) +static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -1324,25 +1325,32 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), +static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM settable_ctx_params_no_digest[] = { + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *rsa_settable_ctx_params(void *vprsactx, + ossl_unused void *provctx) { - /* - * TODO(3.0): Should this function return a different set of settable ctx - * params if the ctx is being used for a DigestSign/DigestVerify? In that - * case it is not allowed to set the digest size/digest name because the - * digest is explicitly set as part of the init. - */ - return known_settable_ctx_params; + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + + if (prsactx != NULL && !prsactx->flag_allow_md) + return settable_ctx_params_no_digest; + return settable_ctx_params; } static int rsa_get_ctx_md_params(void *vprsactx, OSSL_PARAM *params) diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c index 18fdf62487..5463b000e0 100644 --- a/providers/implementations/signature/sm2sig.c +++ b/providers/implementations/signature/sm2sig.c @@ -381,7 +381,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2sig_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2sig_gettable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -446,7 +447,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2sig_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2sig_settable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { /* * TODO(3.0): Should this function return a different set of settable ctx diff --git a/test/tls-provider.c b/test/tls-provider.c index e8da24be0b..03e2ae1f0e 100644 --- a/test/tls-provider.c +++ b/test/tls-provider.c @@ -573,7 +573,8 @@ static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *xor_gen_settable_params(void *provctx) +static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), From pauli at openssl.org Wed Mar 3 11:22:37 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 03 Mar 2021 11:22:37 +0000 Subject: [openssl] master update Message-ID: <1614770557.235405.20182.nullmailer@dev.openssl.org> The branch master has been updated via 87994aa847f7c650cd3c06a2a4abdeee2ef71574 (commit) from fb67126ea8a1a9fadb9b60641d84808fc123cd9d (commit) - Log ----------------------------------------------------------------- commit 87994aa847f7c650cd3c06a2a4abdeee2ef71574 Author: Pauli Date: Tue Mar 2 07:38:00 2021 +1000 rand: remove FIPS mode conditional code. The FIPS provider no longer has seeding sources inside the boundary, the related conditional code can therefore be removed. Fixes #14358 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14382) ----------------------------------------------------------------------- Summary of changes: .../implementations/rands/seeding/rand_unix.c | 36 +--------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index 81fd50c430..3e99fce70a 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -40,35 +40,6 @@ # include # include #endif -/* - * Provide a compile time error if the FIPS module is being built and none - * of the supported entropy sources are available. - */ -#if defined(FIPS_MODULE) -# if !defined(OPENSSL_RAND_SEED_GETRANDOM) \ - && !defined(OPENSSL_RAND_SEED_DEVRANDOM) \ - && !defined(OPENSSL_RAND_SEED_RDCPU) \ - && !defined(OPENSSL_RAND_SEED_OS) -# error FIPS mode without supported randomness source -# endif -/* Remove the sources that are not permitted in FIPS */ -# ifdef OPENSSL_RAND_SEED_LIBRANDOM -# undef OPENSSL_RAND_SEED_LIBRANDOM -# warning FIPS mode does not support the _librandom_ randomness source -# endif -# ifdef OPENSSL_RAND_SEED_RDTSC -# undef OPENSSL_RAND_SEED_RDTSC -# warning FIPS mode does not support the _RDTSC_ randomness source -# endif -# ifdef OPENSSL_RAND_SEED_EGD -# undef OPENSSL_RAND_SEED_EGD -# warning FIPS mode does not support the _EGD_ randomness source -# endif -# ifdef OPENSSL_RAND_SEED_NONE -# undef OPENSSL_RAND_SEED_NONE -# warning FIPS mode does not support the _none_ randomness source -# endif -#endif #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ || defined(__DJGPP__) @@ -393,7 +364,7 @@ static ssize_t syscall_random(void *buf, size_t buflen) if (errno != ENOSYS) return -1; } -# elif !defined(FIPS_MODULE) +# else union { void *p; int (*f)(void *buffer, size_t length); @@ -441,12 +412,10 @@ static int keep_random_devices_open = 1; && defined(OPENSSL_RAND_SEED_GETRANDOM) static void *shm_addr; -# if !defined(FIPS_MODULE) static void cleanup_shm(void) { shmdt(shm_addr); } -# endif /* * Ensure that the system randomness source has been adequately seeded. @@ -512,11 +481,8 @@ static int wait_random_seeded(void) * If this call fails, it isn't a big problem. */ shm_addr = shmat(shm_id, NULL, SHM_RDONLY); -# ifndef FIPS_MODULE - /* TODO 3.0: The FIPS provider doesn't have OPENSSL_atexit */ if (shm_addr != (void *)-1) OPENSSL_atexit(&cleanup_shm); -# endif } } return seeded; From tomas at openssl.org Wed Mar 3 11:53:33 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 03 Mar 2021 11:53:33 +0000 Subject: [openssl] master update Message-ID: <1614772413.223066.26409.nullmailer@dev.openssl.org> The branch master has been updated via f21afe636067f9aa27cef94c31d8e32128da0ecb (commit) from 87994aa847f7c650cd3c06a2a4abdeee2ef71574 (commit) - Log ----------------------------------------------------------------- commit f21afe636067f9aa27cef94c31d8e32128da0ecb Author: Tomas Mraz Date: Tue Mar 2 11:33:48 2021 +0100 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys Fixes #13995 For small keys the MR test on the modulus can return BN_PRIMETEST_COMPOSITE_WITH_FACTOR status although the modulus is correct. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14389) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_sp800_56b_check.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index c2066236f9..3bccbe4373 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -290,21 +290,19 @@ int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, int ossl_rsa_sp800_56b_check_public(const RSA *rsa) { int ret = 0, status; -#ifdef FIPS_MODULE int nbits; -#endif BN_CTX *ctx = NULL; BIGNUM *gcd = NULL; if (rsa->n == NULL || rsa->e == NULL) return 0; + nbits = BN_num_bits(rsa->n); #ifdef FIPS_MODULE /* * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1) * NOTE: changed to allow keys >= 2048 */ - nbits = BN_num_bits(rsa->n); if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1)) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEY_LENGTH); return 0; @@ -336,7 +334,13 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa) } ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status); +#ifdef FIPS_MODULE if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) { +#else + if (ret != 1 || (status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME + && (nbits >= RSA_MIN_MODULUS_BITS + || status != BN_PRIMETEST_COMPOSITE_WITH_FACTOR))) { +#endif ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS); ret = 0; goto err; From pauli at openssl.org Wed Mar 3 12:03:52 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 03 Mar 2021 12:03:52 +0000 Subject: [openssl] master update Message-ID: <1614773032.058408.30690.nullmailer@dev.openssl.org> The branch master has been updated via cb54d1b9d7f0d386aa22550d8b12ecd43e248a3f (commit) from f21afe636067f9aa27cef94c31d8e32128da0ecb (commit) - Log ----------------------------------------------------------------- commit cb54d1b9d7f0d386aa22550d8b12ecd43e248a3f Author: Pauli Date: Tue Mar 2 18:33:55 2021 +1000 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. The type needs to be set before the DRBGs are created. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14386) ----------------------------------------------------------------------- Summary of changes: doc/man3/RAND_get0_primary.pod | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/man3/RAND_get0_primary.pod b/doc/man3/RAND_get0_primary.pod index cf0fae95f7..6ee3da2df7 100644 --- a/doc/man3/RAND_get0_primary.pod +++ b/doc/man3/RAND_get0_primary.pod @@ -57,9 +57,14 @@ During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely. +To set the type of DRBG that will be instantiated, use the +L call before accessing the random number generation +infrastructure. + =head1 SEE ALSO -L +L, +L =head1 HISTORY From levitte at openssl.org Wed Mar 3 13:44:50 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Mar 2021 13:44:50 +0000 Subject: [openssl] master update Message-ID: <1614779090.246299.2565.nullmailer@dev.openssl.org> The branch master has been updated via 8593ff00cc66e330228164ae5422f80ef93ed35d (commit) from cb54d1b9d7f0d386aa22550d8b12ecd43e248a3f (commit) - Log ----------------------------------------------------------------- commit 8593ff00cc66e330228164ae5422f80ef93ed35d Author: Richard Levitte Date: Mon Mar 1 18:46:20 2021 +0100 DOCS: Fix provider-mac.pod and the docs of our implementations The idea being that doc/man7/provider-mac.pod is for provider authors, while provider users find the documentation for each implementation in doc/man7/EVP_MAC-*.pod, the documentation of parameters wasn't quite aligned. This change re-arranges the parameter documentation to be more aligned with this idea. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14380) ----------------------------------------------------------------------- Summary of changes: doc/man7/EVP_MAC-BLAKE2.pod | 23 ++++++++------- doc/man7/EVP_MAC-CMAC.pod | 12 ++++++++ doc/man7/EVP_MAC-GMAC.pod | 16 +++++++++++ doc/man7/EVP_MAC-HMAC.pod | 26 ++++++++++++++--- doc/man7/EVP_MAC-KMAC.pod | 9 ++++++ doc/man7/EVP_MAC-Poly1305.pod | 5 ++++ doc/man7/EVP_MAC-Siphash.pod | 5 ++++ doc/man7/provider-mac.pod | 65 ++++++++++++------------------------------- 8 files changed, 100 insertions(+), 61 deletions(-) diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index 51bac880b5..042e2bfaa0 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -36,25 +36,28 @@ The length of the "size" parameter should not exceed that of a B. =item "key" (B) -This may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and -at least 1 byte in both cases. +Sets the MAC key. +It may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and at +least 1 byte in both cases. +Setting this parameter is identical to passing a I to L. =item "custom" (B) -This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for -BLAKE2SMAC. -It is empty by default. +Sets the custom value. +It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC, and is empty by default. =item "salt" (B) -This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for -BLAKE2SMAC. -It is empty by default. +Sets the salt. +It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC, and is empty by default. =item "size" (B) -When set, this can be any number between between 1 and 32 for -EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B. +Sets the MAC size. +It can be any number between 1 and 32 for EVP_MAC_BLAKE2S or between 1 +and 64 for EVP_MAC_BLAKE2B. It is 32 and 64 respectively by default. =back diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index 4d05919b8f..3c6af827b9 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -8,6 +8,9 @@ EVP_MAC-CMAC - The CMAC EVP_MAC implementation Support for computing CMAC MACs through the B API. +This implementation uses EVP_CIPHER functions to get access to the underlying +cipher. + =head2 Identity This implementation is identified with this name and properties, to be @@ -30,10 +33,19 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "cipher" (B) +Sets the name of the underlying cipher to be used. + =item "properties" (B) +Sets the properties to be queried when trying to fetch the underlying cipher. +This must be given together with the cipher naming parameter to be considered +valid. + =back The following parameters can be retrieved with diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index d662e7d5d2..a392cf3dfe 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -8,6 +8,9 @@ EVP_MAC-GMAC - The GMAC EVP_MAC implementation Support for computing GMAC MACs through the B API. +This implementation uses EVP_CIPHER functions to get access to the underlying +cipher. + =head2 Identity This implementation is identified with this name and properties, to be @@ -30,12 +33,23 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "iv" (B) +Sets the IV of the underlying cipher, when applicable. + =item "cipher" (B) +Sets the name of the underlying cipher to be used. + =item "properties" (B) +Sets the properties to be queried when trying to fetch the underlying cipher. +This must be given together with the cipher naming parameter to be considered +valid. + =back The following parameters can be retrieved with @@ -45,6 +59,8 @@ EVP_MAC_CTX_get_params(): =item "size" (B) +Gets the MAC size. + =back The "size" parameter can also be retrieved with EVP_MAC_CTX_get_mac_size(). diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index fe63b329f9..790f01f094 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -8,6 +8,9 @@ EVP_MAC-HMAC - The HMAC EVP_MAC implementation Support for computing HMAC MACs through the B API. +This implementation uses EVP_MD functions to get access to the underlying +digest. + =head2 Identity This implementation is identified with this name and properties, to be @@ -30,22 +33,37 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "digest" (B) +Sets the name of the underlying digest to be used. + +=item "properties" (B) + +Sets the properties to be queried when trying to fetch the underlying digest. +This must be given together with the digest naming parameter ("digest", or +B) to be considered valid. + =item "digest-noinit" (B) +A flag to set the MAC digest to not initialise the implementation +specific data. +The value 0 or 1 is expected. + =item "digest-oneshot" (B) -=item "properties" (B) +A flag to set the MAC digest to be a one-shot operation. +The value 0 or 1 is expected. =item "tls-data-size" (B) =back -The "flags" parameter is passed directly to HMAC_CTX_set_flags(). +=for comment The "flags" parameter is passed directly to HMAC_CTX_set_flags(). -The following parameter can be retrieved with -EVP_MAC_CTX_get_params(): +The following parameter can be retrieved with EVP_MAC_CTX_get_params(): =over 4 diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index 46fce76274..504622b7d1 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -36,10 +36,19 @@ The length of the "size" parameter should not exceed that of a B. =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "custom" (B) +Sets the custom value. +It is an optional value of at most 127 bytes, and is empty by default. + =item "size" (B) +Sets the MAC size. +By default, it is 16 for C and 32 for C. + =item "xof" (B) The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF mode. diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index 8a0989ab71..a7e2f23439 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -30,6 +30,9 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =back The following parameters can be retrieved with @@ -39,6 +42,8 @@ EVP_MAC_CTX_get_params(): =item "size" (B) +Gets the MAC size. + =back The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size(). diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index 2b6f2ae4e4..01849f7c4a 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -34,8 +34,13 @@ The length of the "size" parameter should not exceed that of a B. =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "size" (B) +Sets the MAC size. + =item "c-rounds" (B) Specifies the number of rounds per message block. By default this is I<2>. diff --git a/doc/man7/provider-mac.pod b/doc/man7/provider-mac.pod index 47f26ca89b..8b4ce93613 100644 --- a/doc/man7/provider-mac.pod +++ b/doc/man7/provider-mac.pod @@ -152,9 +152,11 @@ with the provider side context I in its current state if it is not NULL. Otherwise, they return the parameters associated with the provider side algorithm I. +All MAC implementations are expected to handle the following parameters: -Parameters currently recognised by built-in macs are as follows. Not all -parameters are relevant to, or are understood by all macs: +=over 4 + +=item with OSSL_FUNC_set_ctx_params(): =over 4 @@ -163,56 +165,21 @@ parameters are relevant to, or are understood by all macs: Sets the key in the associated MAC ctx. This is identical to passing a I argument to the OSSL_FUNC_mac_init() function. -=item "iv" (B) - -Sets the IV of the underlying cipher, when applicable. - -=item "custom" (B) - -Sets the custom string in the associated MAC ctx. - -=item "salt" (B) - -Sets the salt of the underlying cipher, when applicable. - -=item "xof" (B) - -Sets XOF mode in the associated MAC ctx. -0 means no XOF mode, 1 means XOF mode. - -=item "digest-noinit" (B) - -A simple flag to set the MAC digest to not initialise the -implementation specific data. The value 0 or 1 is expected. - -=item "digest-oneshot" (B) - -A simple flag to set the MAC digest to be a oneshot operation. -The value 0 or 1 is expected. - - -=for comment We need to investigate if this is the right approach - -=item "cipher" (B) - -=item "digest" (B) - -Sets the name of the underlying cipher or digest to be used. -It must name a suitable algorithm for the MAC that's being used. +=back -=item "properties" (B) +=item with OSSL_FUNC_get_params(): -Sets the properties to be queried when trying to fetch the underlying algorithm. -This must be given together with the algorithm naming parameter to be -considered valid. +=over 4 =item "size" (B) -Can be used to get the resulting MAC size. +Can be used to get the default MAC size (which might be the only allowable +MAC size for the implementation). -With some MAC algorithms, it can also be used to set the size that the -resulting MAC should have. -Allowable sizes are decided within each implementation. +Note that some implementations allow setting the size that the resulting MAC +should have as well, see the documentation of the implementation. + +=back =back @@ -231,7 +198,11 @@ array, or NULL if none is offered. =head1 SEE ALSO -L, L +L, +L, L, L, +L, L, L, +L + =head1 HISTORY From levitte at openssl.org Wed Mar 3 13:49:10 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Mar 2021 13:49:10 +0000 Subject: [openssl] master update Message-ID: <1614779350.863872.24065.nullmailer@dev.openssl.org> The branch master has been updated via 33ac7b324bdf6791b3ec4a2e3bde74fee8686ff4 (commit) via c9b0214edeb7fdbedd36cf403583e016d9fbbd38 (commit) via e25b4db754b2327be27fa0c1a4f6e66f57368293 (commit) via e9d74dbd3676603a257cedcdcbd720a3a9a775a5 (commit) via 05869bba7fbe59d04bb8605b81b470d4dedb38ac (commit) via 79f47ef507c945f4c73bcf8eb12f2caef19dc04e (commit) via 3f399e3787788b1cc3832e254c53cda42873d847 (commit) from 8593ff00cc66e330228164ae5422f80ef93ed35d (commit) - Log ----------------------------------------------------------------- commit 33ac7b324bdf6791b3ec4a2e3bde74fee8686ff4 Author: Richard Levitte Date: Fri Feb 26 10:46:27 2021 +0100 Add a new test recipe to verify the generated test fipsmodule.cnf Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) commit c9b0214edeb7fdbedd36cf403583e016d9fbbd38 Author: Richard Levitte Date: Thu Feb 25 19:40:50 2021 +0100 Fix the perl code to get FIPSMODULENAME Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) commit e25b4db754b2327be27fa0c1a4f6e66f57368293 Author: Richard Levitte Date: Tue Sep 29 10:26:19 2020 +0200 TEST: Remove the build of fipsmodule.cnf from test recipes The exception is the test recipe that tests 'openssl fipsinstall'. However, that one uses a different output file name, so it's safe. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) commit e9d74dbd3676603a257cedcdcbd720a3a9a775a5 Author: Richard Levitte Date: Mon Sep 28 21:29:56 2020 +0200 APPS: Modify 'fipsinstall' to output all notifications on stderr The actual output of the 'fipsinstall' is the config file it outputs. It should be possible to output that to standard output, and diverse notification messages shouldn't be mixed in. Therefore, we output them to standard error instead. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) commit 05869bba7fbe59d04bb8605b81b470d4dedb38ac Author: Richard Levitte Date: Thu Feb 25 17:46:36 2021 +0100 Make 'tests' depend on a generated 'providers/fipsmodule.cnf' providers/fipsmodule.cnf is generated using 'openssl fipsinstall' with the openssl program in the build directory. Fixes #14315 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) commit 79f47ef507c945f4c73bcf8eb12f2caef19dc04e Author: Richard Levitte Date: Thu Feb 25 17:43:57 2021 +0100 build.info: Make it possible to use compiled programs as generators Our goal is to be able to produce fipsmodule.cnf with the help of 'openssl fipsinstall', using the openssl program that we build. This refactors the generatesrc code in all the build file templates to replace $generator and $generator_incs with $gen0, $gen_args and $gen_incs, which makes it easier and more consistent to manipulate different bits of the generator command, and also keeps the variable names consistent while not overly long. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) commit 3f399e3787788b1cc3832e254c53cda42873d847 Author: Richard Levitte Date: Thu Feb 25 16:55:39 2021 +0100 build.info: Add the possibility to add dependencies on raw targets We need to add something for the 'tests' target to depend on, so a special syntax for those is introduced: DEPEND[|tests|]=fipsmodule.cnf Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14320) ----------------------------------------------------------------------- Summary of changes: Configurations/common.tmpl | 18 ++++- Configurations/descrip.mms.tmpl | 130 +++++++++++++++++++++--------- Configurations/unix-Makefile.tmpl | 141 +++++++++++++++++++++++---------- Configurations/windows-makefile.tmpl | 129 +++++++++++++++++++++--------- Configure | 24 ++++-- apps/fipsinstall.c | 12 +-- doc/internal/man7/build.info.pod | 6 ++ providers/build.info | 10 +++ test/recipes/01-test_fipsmodule_cnf.t | 37 +++++++++ test/recipes/03-test_fipsinstall.t | 7 +- test/recipes/15-test_gendsa.t | 11 +-- test/recipes/15-test_genrsa.t | 11 +-- test/recipes/15-test_rsaoaep.t | 40 ++++------ test/recipes/20-test_cli_fips.t | 17 +--- test/recipes/30-test_acvp.t | 10 +-- test/recipes/30-test_defltfips.t | 10 +-- test/recipes/30-test_evp.t | 11 --- test/recipes/30-test_evp_fetch_prov.t | 15 +--- test/recipes/30-test_evp_libctx.t | 8 +- test/recipes/30-test_provider_status.t | 10 +-- test/recipes/65-test_cmp_client.t | 8 +- test/recipes/65-test_cmp_msg.t | 8 +- test/recipes/65-test_cmp_protect.t | 8 +- test/recipes/65-test_cmp_server.t | 8 +- test/recipes/65-test_cmp_vfy.t | 8 +- test/recipes/80-test_cmp_http.t | 2 +- test/recipes/80-test_cms.t | 8 -- test/recipes/80-test_ssl_new.t | 12 +-- test/recipes/80-test_ssl_old.t | 12 +-- test/recipes/81-test_cmp_cli.t | 2 +- test/recipes/90-test_sslapi.t | 8 +- test/recipes/90-test_threads.t | 12 +-- 32 files changed, 411 insertions(+), 342 deletions(-) create mode 100644 test/recipes/01-test_fipsmodule_cnf.t diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl index 5db3471fe2..e25a61fbed 100644 --- a/Configurations/common.tmpl +++ b/Configurations/common.tmpl @@ -137,6 +137,8 @@ # generated source file. sub dogenerate { my $src = shift; + # Safety measure + return "" unless defined $unified_info{generate}->{$_}; return "" if $cache{$src}; my $obj = shift; my $bin = shift; @@ -171,6 +173,17 @@ $cache{$src} = 1; } + sub dotarget { + my $target = shift; + return "" if $cache{$target}; + $OUT .= generatetarget(target => $target, + deps => $unified_info{depends}->{$target}); + foreach (@{$unified_info{depends}->{$target}}) { + dogenerate($_); + } + $cache{$target} = 1; + } + # doobj is responsible for producing all the recipes that build # object files as well as dependency files. sub doobj { @@ -463,11 +476,12 @@ # Start with populating the cache with all the overrides %cache = map { $_ => 1 } @{$unified_info{overrides}}; - # Build mandatory generated headers + # Build mandatory header file generators foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); } - # Build all known libraries, modules, programs and scripts. + # Build all known targets, libraries, modules, programs and scripts. # Everything else will be handled as a consequence. + foreach (@{$unified_info{targets}}) { dotarget($_); } foreach (@{$unified_info{libraries}}) { dolib($_); } foreach (@{$unified_info{modules}}) { domodule($_); } foreach (@{$unified_info{programs}}) { dobin($_); } diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 3f015a0eb5..a3b3a44785 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -122,12 +122,13 @@ SHLIB_TARGET={- $target{shared_target} -} LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -} SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -} FIPSMODULENAME={- # We do some extra checking here, as there should be only one + use File::Basename; my @fipsmodules = grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} && $unified_info{attributes}->{modules}->{$_}->{fips} } @{$unified_info{modules}}; die "More that one FIPS module" if scalar @fipsmodules > 1; - join(", ", map { basename platform->dso($_) } @fipsmodules) -} + join(", ", map { basename(platform->dso($_)) } @fipsmodules) -} MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{modules}}) -} PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -} SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -} @@ -795,21 +796,37 @@ reconfigure reconf : return ([ @before ], [ @after ]); } + sub generatetarget { + my %args = @_; + my $deps = join(" ", @{$args{deps}}); + return <<"EOF"; +$args{target} : $deps +EOF + } + sub generatesrc { my %args = @_; - my $generator = join(" ", @{$args{generator}}); - my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}}); + my $gen0 = $args{generator}->[0]; + my $gen_args = join('', map { " $_" } + @{$args{generator}}[1..$#{$args{generator}}]); + my $gen_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}}); my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}}); if ($args{src} =~ /\.html$/) { - my $title = basename($args{src}, ".html"); - my $pod = $args{generator}->[0]; - my $mkpod2html = sourcefile('util', 'mkpod2html.pl'); - return <<"EOF"; + # + # HTML generator + # + my $title = basename($args{src}, ".html"); + my $pod = $gen0; + my $mkpod2html = sourcefile('util', 'mkpod2html.pl'); + return <<"EOF"; $args{src}: $pod \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" EOF } elsif (platform->isdef($args{src})) { + # + # Linker script-ish generator + # my $target = platform->def($args{src}); my $mkdef = sourcefile('util', 'mkdef.pl'); my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION)' : ''; @@ -819,31 +836,13 @@ EOF $target{$args{intent}.'_cflags'} =~ m|/NAMES=[^/]*AS_IS|i ? '' : ' --case-insensitive'; return <<"EOF"; -$target : $args{generator}->[0] $deps $mkdef - \$(PERL) $mkdef$ord_ver --ordinals $args{generator}->[0] --name $ord_name "--OS" "VMS"$case_insensitive > $target -EOF - } elsif (!platform->isasm($args{src})) { - my $target = $args{src}; - if ($args{generator}->[0] =~ m|^.*\.in$|) { - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - my @modules = ( 'configdata.pm', - grep { $_ =~ m|\.pm$| } @{$args{deps}} ); - my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules; - @modules = map { '"-M'.basename($_, '.pm').'"' } @modules; - my $modules = join(' ', '', sort keys %moduleincs, @modules); - return <<"EOF"; -$target : $args{generator}->[0] $deps - \$(PERL)$modules $dofile "-o$target{build_file}" $generator > \$\@ -EOF - } else { - return <<"EOF"; -$target : $args{generator}->[0] $deps - \$(PERL)$generator_incs $generator > \$\@ +$target : $gen0 $deps $mkdef + \$(PERL) $mkdef$ord_ver --ordinals $gen0 --name $ord_name "--OS" "VMS"$case_insensitive > $target EOF - } - } else { + } elsif (platform->isasm($args{src})) { + # + # Assembler generator + # my $cppflags = { shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', @@ -862,13 +861,14 @@ EOF my $defs = join("", map { ",".$_ } @{$args{defs}}); my $target = platform->asm($args{src}); - if ($args{generator}->[0] =~ /\.pl$/) { - $generator = '$(PERL)'.$generator_incs.' '.$generator + my $generator; + if ($gen0 =~ /\.pl$/) { + $generator = '$(PERL)'.$gen_incs.' '.$gen0.$gen_args .' '.$cppflags; - } elsif ($args{generator}->[0] =~ /\.S$/) { + } elsif ($gen0 =~ /\.S$/) { $generator = undef; } else { - die "Generator type for $src unknown: $generator\n"; + die "Generator type for $src unknown: $gen0.$gen_args\n"; } if (defined($generator)) { @@ -876,7 +876,7 @@ EOF # end up generating foo.s in two steps. if ($args{src} =~ /\.S$/) { return <<"EOF"; -$target : $args{generator}->[0] $deps +$target : $gen0 $deps $generator \$\@-S \@ $incs_on \@ extradefines = "$defs" @@ -890,7 +890,7 @@ EOF } # Otherwise.... return <<"EOF"; -$target : $args{generator}->[0] $deps +$target : $gen0 $deps \@ $incs_on \@ extradefines = "$defs" $generator \$\@ @@ -899,14 +899,66 @@ $target : $args{generator}->[0] $deps EOF } return <<"EOF"; -$target : $args{generator}->[0] $deps +$target : $gen0 $deps \@ $incs_on \@ extradefines = "$defs" SHOW SYMBOL qual_includes - PIPE \$(CPP) $cppflags $args{generator}->[0] | - + PIPE \$(CPP) $cppflags $gen0 | - \$(PERL) "-ne" "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@ \@ DELETE/SYMBOL/LOCAL extradefines \@ $incs_off +EOF + } elsif ($gen0 =~ m|^.*\.in$|) { + # + # "dofile" generator (file.in -> file) + # + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + my @modules = ( 'configdata.pm', + grep { $_ =~ m|\.pm$| } @{$args{deps}} ); + my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules; + $deps = join(' ', $deps, @modules); + @modules = map { '"-M'.basename($_, '.pm').'"' } @modules; + my $modules = join(' ', '', sort keys %moduleincs, @modules); + return <<"EOF"; +$target : $gen0 $deps + \$(PERL)$modules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@ +EOF + } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { + # + # Generic generator using OpenSSL programs + # + + # Redo $deps, because programs aren't expected to have deps of their + # own. This is a little more tricky, though, because running programs + # may have dependencies on all sorts of files, so we search through + # our database of programs and modules to see if our dependencies + # are one of those. + $deps = join(' ', map { my $x = $_; + if (grep { $x eq $_ } + @{$unified_info{programs}}) { + platform->bin($x); + } elsif (grep { $x eq $_ } + @{$unified_info{modules}}) { + platform->dso($x); + } else { + $x; + } + } @{$args{deps}}); + # Also redo $gen0, to ensure that we have the proper extension + $gen0 = platform->bin($gen0); + return <<"EOF"; +$args{src}: $gen0 $deps + PIPE $gen0$gen_args > \$@ +EOF + } else { + # + # Generic generator using Perl + # + return <<"EOF"; +$target : $gen0 $deps + \$(PERL)$gen_incs $gen0$gen_args > \$\@ EOF } } diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index aa4b3ec0ec..249652296c 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -89,12 +89,13 @@ MODULES={- join(" \\\n" . ' ' x 8, map { platform->dso($_) } @{$unified_info{modules}})) -} FIPSMODULENAME={- # We do some extra checking here, as there should be only one + use File::Basename; my @fipsmodules = grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} && $unified_info{attributes}->{modules}->{$_}->{fips} } @{$unified_info{modules}}; die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { basename platform->dso($_) } @fipsmodules) -} + join(" ", map { basename(platform->dso($_)) } @fipsmodules) -} PROGRAMS={- join(" \\\n" . ' ' x 9, fill_lines(" ", $COLUMNS - 9, @@ -1305,60 +1306,62 @@ reconfigure reconf: } @_; } + sub generatetarget { + my %args = @_; + my $deps = join(" ", @{$args{deps}}); + return <<"EOF"; +$args{target}: $deps +EOF + } + sub generatesrc { my %args = @_; - my $generator = join(" ", @{$args{generator}}); - my $generator_incs = join("", map { " -I".$_ } @{$args{generator_incs}}); + my $gen0 = $args{generator}->[0]; + my $gen_args = join('', map { " $_" } + @{$args{generator}}[1..$#{$args{generator}}]); + my $gen_incs = join("", map { " -I".$_ } @{$args{generator_incs}}); my $incs = join("", map { " -I".$_ } @{$args{incs}}); my $defs = join("", map { " -D".$_ } @{$args{defs}}); my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}}); if ($args{src} =~ /\.html$/) { - my $title = basename($args{src}, ".html"); - my $pod = $args{generator}->[0]; - return <<"EOF"; + # + # HTML generator + # + my $title = basename($args{src}, ".html"); + my $pod = $gen0; + return <<"EOF"; $args{src}: $pod \$(PERL) \$(SRCDIR)/util/mkpod2html.pl -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" EOF } elsif ($args{src} =~ /\.(\d)$/) { - my $section = $1; - my $name = uc basename($args{src}, ".$section"); - my $pod = $args{generator}->[0]; - return <<"EOF"; + # + # Man-page generator + # + my $section = $1; + my $name = uc basename($args{src}, ".$section"); + my $pod = $gen0; + return <<"EOF"; $args{src}: $pod pod2man --name=$name --section=$section --center=OpenSSL \\ --release=\$(VERSION) $pod >\$\@ EOF } elsif (platform->isdef($args{src})) { + # + # Linker script-ish generator + # my $target = platform->def($args{src}); (my $mkdef_os = $target{shared_target}) =~ s|-shared$||; my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION)' : ''; my $ord_name = $args{generator}->[1] || $args{product}; return <<"EOF"; -$target: $args{generator}->[0] $deps \$(SRCDIR)/util/mkdef.pl - \$(PERL) \$(SRCDIR)/util/mkdef.pl$ord_ver --ordinals $args{generator}->[0] --name $ord_name --OS $mkdef_os > $target +$target: $gen0 $deps \$(SRCDIR)/util/mkdef.pl + \$(PERL) \$(SRCDIR)/util/mkdef.pl$ord_ver --ordinals $gen0 --name $ord_name --OS $mkdef_os > $target EOF - } elsif (!platform->isasm($args{src})) { - if ($args{generator}->[0] =~ m|^.*\.in$|) { - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - my @modules = ( 'configdata.pm', - grep { $_ =~ m|\.pm$| } @{$args{deps}} ); - my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules; - @modules = map { "-M".basename($_, '.pm') } @modules; - my $modules = join(' ', '', sort keys %moduleincs, @modules); - return <<"EOF"; -$args{src}: $args{generator}->[0] $deps \$(BLDDIR)/configdata.pm - \$(PERL)$modules "$dofile" "-o$target{build_file}" $generator > \$@ -EOF - } else { - return <<"EOF"; -$args{src}: $args{generator}->[0] $deps - \$(PERL)$generator_incs $generator > \$@ -EOF - } - } else { + } elsif (platform->isasm($args{src})) { + # + # Assembler generator + # my $cppflags = { shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', @@ -1366,27 +1369,81 @@ EOF bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' } -> {$args{intent}}; - if ($args{generator}->[0] =~ /\.pl$/) { - $generator = 'CC="$(CC)" $(PERL)'.$generator_incs.' '.$generator + my $generator; + if ($gen0 =~ /\.pl$/) { + $generator = 'CC="$(CC)" $(PERL)'.$gen_incs.' '.$gen0.$gen_args .' "$(PERLASM_SCHEME)"'.$incs.' '.$cppflags.$defs.' $(PROCESSOR)'; - } elsif ($args{generator}->[0] =~ /\.m4$/) { - $generator = 'm4 -B 8192'.$generator_incs.' '.$generator.' >' - } elsif ($args{generator}->[0] =~ /\.S$/) { + } elsif ($gen0 =~ /\.m4$/) { + $generator = 'm4 -B 8192'.$gen_incs.' '.$gen0.$gen_args.' >' + } elsif ($gen0 =~ /\.S$/) { $generator = undef; } else { - die "Generator type for $args{src} unknown: $generator\n"; + die "Generator type for $args{src} unknown: $gen0\n"; } if (defined($generator)) { return <<"EOF"; -$args{src}: $args{generator}->[0] $deps +$args{src}: $gen0 $deps $generator \$@ EOF } return <<"EOF"; -$args{src}: $args{generator}->[0] $deps - \$(CC) $incs $cppflags $defs -E $args{generator}->[0] | \\ +$args{src}: $gen0 $deps + \$(CC) $incs $cppflags $defs -E $gen0 | \\ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ +EOF + } elsif ($gen0 =~ m|^.*\.in$|) { + # + # "dofile" generator (file.in -> file) + # + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + my @modules = ( 'configdata.pm', + grep { $_ =~ m|\.pm$| } @{$args{deps}} ); + my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules; + $deps = join(' ', $deps, @modules); + @modules = map { "-M".basename($_, '.pm') } @modules; + my $modules = join(' ', '', sort keys %moduleincs, @modules); + return <<"EOF"; +$args{src}: $gen0 $deps + \$(PERL)$modules "$dofile" "-o$target{build_file}" $gen0$gen_args > \$@ +EOF + } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { + # + # Generic generator using OpenSSL programs + # + + # Redo $deps, because programs aren't expected to have deps of their + # own. This is a little more tricky, though, because running programs + # may have dependencies on all sorts of files, so we search through + # our database of programs and modules to see if our dependencies + # are one of those. + $deps = join(' ', map { my $x = $_; + if (grep { $x eq $_ } + @{$unified_info{programs}}) { + platform->bin($x); + } elsif (grep { $x eq $_ } + @{$unified_info{modules}}) { + platform->dso($x); + } else { + $x; + } + } @{$args{deps}}); + # Also redo $gen0, to ensure that we have the proper extension where + # necessary. + $gen0 = platform->bin($gen0); + return <<"EOF"; +$args{src}: $gen0 $deps \$(BLDDIR)/util/wrap.pl + \$(BLDDIR)/util/wrap.pl $gen0$gen_args > \$@ +EOF + } else { + # + # Generic generator using Perl + # + return <<"EOF"; +$args{src}: $gen0 $deps + \$(PERL)$gen_incs $gen0$gen_args > \$@ EOF } } diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index ce042d6ee8..846c500bef 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -52,12 +52,13 @@ MODULES={- our @MODULES = map { platform->dso($_) } @{$unified_info{modules}}; join(" ", @MODULES) -} MODULEPDBS={- join(" ", map { platform->dsopdb($_) } @{$unified_info{modules}}) -} FIPSMODULENAME={- # We do some extra checking here, as there should be only one + use File::Basename; my @fipsmodules = grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} && $unified_info{attributes}->{modules}->{$_}->{fips} } @{$unified_info{modules}}; die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { basename platform->dso($_) } @fipsmodules) -} + join(" ", map { basename(platform->dso($_)) } @fipsmodules) -} PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -} PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -} SCRIPTS={- our @SCRIPTS = @{$unified_info{scripts}}; join(" ", @SCRIPTS) -} @@ -627,24 +628,39 @@ reconfigure reconf: return map { platform->sharedlib_import($_) // platform->staticlib($_) } @_; } + sub generatetarget { + my %args = @_; + my $deps = join(" ", @{$args{deps}}); + return <<"EOF"; +$args{target}: $deps +EOF + } + sub generatesrc { my %args = @_; - my ($gen0, @gens) = @{$args{generator}}; - my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens); - my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}}); + my $gen0 = $args{generator}->[0]; + my $gen_args = join('', map { " $_" } + @{$args{generator}}[1..$#{$args{generator}}]); + my $gen_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}}); my $incs = join("", map { " -I \"$_\"" } @{$args{incs}}); my $defs = join("", map { " -D".$_ } @{$args{defs}}); my $deps = @{$args{deps}} ? '"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : ''; if ($args{src} =~ /\.html$/) { - my $title = basename($args{src}, ".html"); - my $pod = $args{generator}->[0]; - return <<"EOF"; + # + # HTML generator + # + my $title = basename($args{src}, ".html"); + my $pod = $gen0; + return <<"EOF"; $args{src}: "$pod" \$(PERL) \$(SRCDIR)/util/mkpod2html.pl -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" EOF } elsif (platform->isdef($args{src})) { + # + # Linker script-ish generator + # my $target = platform->def($args{src}); my $mkdef = abs2rel(rel2abs(catfile($config{sourcedir}, "util", "mkdef.pl")), @@ -653,31 +669,13 @@ EOF my $ord_name = $args{generator}->[1] || platform->dsoname($args{product}); return <<"EOF"; -$target: $args{generator}->[0] $deps $mkdef - "\$(PERL)" $mkdef$ord_ver --ordinals $args{generator}->[0] --name $ord_name --OS windows > $target -EOF - } elsif (!platform->isasm($args{src})) { - my $target = $args{src}; - if ($args{generator}->[0] =~ m|^.*\.in$|) { - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - my @modules = ( 'configdata.pm', - grep { $_ =~ m|\.pm$| } @{$args{deps}} ); - my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules; - @modules = map { "-M".basename($_, '.pm') } @modules; - my $modules = join(' ', '', sort keys %moduleincs, @modules); - return <<"EOF"; -$target: "$args{generator}->[0]" $deps - "\$(PERL)"$modules "$dofile" "-o$target{build_file}" $generator > \$@ -EOF - } else { - return <<"EOF"; -$target: "$args{generator}->[0]" $deps - "\$(PERL)"$generator_incs $generator > \$@ +$target: $gen0 $deps $mkdef + "\$(PERL)" $mkdef$ord_ver --ordinals $gen0 --name $ord_name --OS windows > $target EOF - } - } else { + } elsif (platform->isasm($args{src})) { + # + # Assembler generator + # my $cppflags = { shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', @@ -686,13 +684,14 @@ EOF } -> {$args{intent}}; my $target = platform->asm($args{src}); - if ($args{generator}->[0] =~ /\.pl$/) { - $generator = '"$(PERL)"'.$generator_incs.' '.$generator + my $generator; + if ($gen0 =~ /\.pl$/) { + $generator = '"$(PERL)"'.$gen_incs.' '.$gen0.$gen_args .' "$(PERLASM_SCHEME)"'.$incs.' '.$cppflags.$defs.' $(PROCESSSOR)'; - } elsif ($args{generator}->[0] =~ /\.S$/) { + } elsif ($gen0 =~ /\.S$/) { $generator = undef; } else { - die "Generator type for $src unknown: $generator\n"; + die "Generator type for $src unknown: $gen0\n"; } if (defined($generator)) { @@ -700,7 +699,7 @@ EOF # end up generating foo.s in two steps. if ($args{src} =~ /\.S$/) { return <<"EOF"; -$target: "$args{generator}->[0]" $deps +$target: "$gen0" $deps set ASM=\$(AS) $generator \$@.S \$(CPP) $incs $cppflags $defs \$@.S > \$@.i && move /Y \$@.i \$@ @@ -709,14 +708,66 @@ EOF } # Otherwise.... return <<"EOF"; -$target: "$args{generator}->[0]" $deps +$target: "$gen0" $deps set ASM=\$(AS) $generator \$@ EOF } return <<"EOF"; -$target: "$args{generator}->[0]" $deps - \$(CPP) $incs $cppflags $defs "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@ +$target: "$gen0" $deps + \$(CPP) $incs $cppflags $defs "$gen0" > \$@.i && move /Y \$@.i \$@ +EOF + } elsif ($gen0 =~ m|^.*\.in$|) { + # + # "dofile" generator (file.in -> file) + # + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + my @modules = ( 'configdata.pm', + grep { $_ =~ m|\.pm$| } @{$args{deps}} ); + my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules; + $deps = join(' ', $deps, @modules); + @modules = map { "-M".basename($_, '.pm') } @modules; + my $modules = join(' ', '', sort keys %moduleincs, @modules); + return <<"EOF"; +$args{src}: "$gen0" $deps + "\$(PERL)"$modules "$dofile" "-o$target{build_file}" "$gen0"$gen_args > \$@ +EOF + } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { + # + # Generic generator using OpenSSL programs + # + + # Redo $deps, because programs aren't expected to have deps of their + # own. This is a little more tricky, though, because running programs + # may have dependencies on all sorts of files, so we search through + # our database of programs and modules to see if our dependencies + # are one of those. + $deps = join(' ', map { my $x = $_; + if (grep { $x eq $_ } + @{$unified_info{programs}}) { + platform->bin($x); + } elsif (grep { $x eq $_ } + @{$unified_info{modules}}) { + platform->dso($x); + } else { + $x; + } + } @{$args{deps}}); + # Also redo $gen0, to ensure that we have the proper extension. + $gen0 = platform->bin($gen0); + return <<"EOF"; +$args{src}: $gen0 $deps + $gen0$gen_args > \$@ +EOF + } else { + # + # Generic generator using Perl + # + return <<"EOF"; +$args{src}: "$gen0" $deps + "\$(PERL)"$gen_incs $gen0$gen_args > \$@ EOF } } diff --git a/Configure b/Configure index 12911d988a..5f2be9cf3c 100755 --- a/Configure +++ b/Configure @@ -2320,7 +2320,7 @@ EOF $generator[0] = cleanfile($sourced, $gen, $blddir); # If the generator is itself generated, it's in the build tree - if ($generate{$gen}) { + if ($generate{$gen} || ! -f $generator[0]) { $generator[0] = cleanfile($buildd, $gen, $blddir); } $check_generate{$ddest}->{$generator[0]}++; @@ -2330,12 +2330,22 @@ EOF foreach (keys %depends) { my $dest = $_; - my $ddest = $dest eq "" ? "" : cleanfile($sourced, $_, $blddir); + my $ddest = $dest; + + if ($dest =~ /^\|(.*)\|$/) { + # Collect the raw target + $unified_info{targets}->{$1} = 1; + $ddest = $1; + } elsif ($dest eq '') { + $ddest = ''; + } else { + $ddest = cleanfile($sourced, $_, $blddir); - # If the destination doesn't exist in source, it can only be - # a generated file in the build tree. - if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) { - $ddest = cleanfile($buildd, $_, $blddir); + # If the destination doesn't exist in source, it can only be + # a generated file in the build tree. + if ($ddest eq $src_configdata || ! -f $ddest) { + $ddest = cleanfile($buildd, $_, $blddir); + } } foreach (@{$depends{$dest}}) { my $d = cleanfile($sourced, $_, $blddir); @@ -2628,7 +2638,7 @@ EOF ### Make unified_info a bit more efficient # One level structures - foreach (("programs", "libraries", "modules", "scripts")) { + foreach (("programs", "libraries", "modules", "scripts", "targets")) { $unified_info{$_} = [ sort keys %{$unified_info{$_}} ]; } # Two level structures diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index ade983169b..9aaa7522d2 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -384,7 +384,7 @@ opthelp: if (verify_module_load(parent_config)) { ret = OSSL_PROVIDER_available(NULL, prov_name) ? 0 : 1; if (!quiet) - BIO_printf(bio_out, "FIPS provider is %s\n", + BIO_printf(bio_err, "FIPS provider is %s\n", ret == 0 ? "available" : " not available"); } goto end; @@ -478,7 +478,7 @@ opthelp: install_mac, install_mac_len)) goto end; if (!quiet) - BIO_printf(bio_out, "VERIFY PASSED\n"); + BIO_printf(bio_err, "VERIFY PASSED\n"); } else { conf = generate_config_and_load(prov_name, section_name, module_mac, @@ -502,7 +502,7 @@ opthelp: install_mac, install_mac_len)) goto end; if (!quiet) - BIO_printf(bio_out, "INSTALL PASSED\n"); + BIO_printf(bio_err, "INSTALL PASSED\n"); } ret = 0; @@ -550,10 +550,10 @@ static int self_test_events(const OSSL_PARAM params[], void *arg) if (self_test_log) { if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0) - BIO_printf(bio_out, "%s : (%s) : ", desc, type); + BIO_printf(bio_err, "%s : (%s) : ", desc, type); else if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0 || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) - BIO_printf(bio_out, "%s\n", phase); + BIO_printf(bio_err, "%s\n", phase); } /* * The self test code will internally corrupt the KAT test result if an @@ -568,7 +568,7 @@ static int self_test_events(const OSSL_PARAM params[], void *arg) if (self_test_corrupt_type != NULL && strcmp(self_test_corrupt_type, type) != 0) goto end; - BIO_printf(bio_out, "%s ", phase); + BIO_printf(bio_err, "%s ", phase); goto err; } end: diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod index 5a2fdd13ed..9acfd02a8d 100644 --- a/doc/internal/man7/build.info.pod +++ b/doc/internal/man7/build.info.pod @@ -444,6 +444,12 @@ rather than the specific I. The I may be any program, library, module, script, or any filename used as a value anywhere. +The I may also be literal build file targets. Those are +recognised by being surrounded be vertical bars (also known as the +"pipe" character), C<|>. For example: + + DEPEND[|tests|]=fipsmodule.cnf + B statements may have attributes, which apply to each individual dependency in such a statement. For example: diff --git a/providers/build.info b/providers/build.info index b365bda0ec..1fab34c28d 100644 --- a/providers/build.info +++ b/providers/build.info @@ -142,6 +142,16 @@ IF[{- !$disabled{fips} -}] # statements, the final build file will not have a trace of it. MODULES{fips}=$FIPSGOAL LIBS{noinst}=$LIBFIPS + + # For tests that try to use the FIPS module, we need to make a local fips + # module installation. We have the output go to standard output, because + # the generated commands in build templates are expected to catch that, + # and thereby keep control over the exact output file location. + DEPEND[|tests|]=fipsmodule.cnf + GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \ + -module providers/$(FIPSMODULENAME) -provider_name fips \ + -mac_name HMAC -section_name fips_sect -out - + DEPEND[fipsmodule.cnf]=$FIPSGOAL ENDIF # diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t new file mode 100644 index 0000000000..16a89faa58 --- /dev/null +++ b/test/recipes/01-test_fipsmodule_cnf.t @@ -0,0 +1,37 @@ +#! /usr/bin/env perl +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# This is a sanity checker to see that the fipsmodule.cnf that's been +# generated for testing is valid. + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file srctop_file data_file/; +use OpenSSL::Test::Utils; + +BEGIN { + setup("test_fipsmodule"); +} + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_check = disabled("fips"); +plan skip_all => "Test only supported in a fips build" + if $no_check; +plan tests => 1; + +my $fipsmodule = bldtop_file('providers', platform->dso('fips')); +my $fipsmoduleconf = bldtop_file('providers', 'fipsmodule.cnf'); + +# verify the $fipsconf file +ok(run(app(['openssl', 'fipsinstall', + '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])), + "fipsinstall verify"); diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 4b189420ea..d603b24356 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -9,7 +9,7 @@ use strict; use warnings; -use File::Spec; +use File::Spec::Functions qw(:DEFAULT abs2rel); use File::Copy; use OpenSSL::Glob; use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; @@ -235,7 +235,8 @@ SKIP: { "fipsinstall fails when the asymmetric cipher result is corrupted"); } -$ENV{OPENSSL_CONF_INCLUDE} = "."; +# 'local' ensures that this change is only done in this file. +local $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir()); ok(replace_parent_line_file('fips.cnf', 'fips_parent.cnf') && run(app(['openssl', 'fipsinstall', '-config', 'fips_parent.cnf'])), @@ -271,5 +272,3 @@ ok(replace_parent_line_file('fips_bad_module_mac.cnf', && !run(app(['openssl', 'fipsinstall', '-config', 'fips_parent_bad_module_mac.cnf'])), "verify load config fail bad module mac"); - -delete $ENV{OPENSSL_CONF_INCLUDE}; diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t index 36189c4767..b495b08bda 100644 --- a/test/recipes/15-test_gendsa.t +++ b/test/recipes/15-test_gendsa.t @@ -20,7 +20,6 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; plan skip_all => "This test is unsupported in a no-dsa build" if disabled("dsa"); @@ -28,7 +27,7 @@ plan skip_all => "This test is unsupported in a no-dsa build" my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => - ($no_fips ? 0 : 3) # FIPS install test + fips related tests + ($no_fips ? 0 : 2) # FIPS related tests + 11; ok(run(app([ 'openssl', 'genpkey', '-genparam', @@ -113,14 +112,6 @@ unless ($no_fips) { my $provpath = bldtop_dir("providers"); my @prov = ( "-provider-path", $provpath, "-config", $provconf); - my $infile = bldtop_file('providers', platform->dso('fips')); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-section_name', 'fips_sect'])), - "fipsinstall"); $ENV{OPENSSL_TEST_LIBCTX} = "1"; diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index 504e279f75..95390c5ff4 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -20,12 +20,11 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => - ($no_fips ? 0 : 2) # FIPS install test + fips related test + ($no_fips ? 0 : 1) # Extra FIPS related test + 13; # We want to know that an absurdly small number of bits isn't support @@ -124,14 +123,6 @@ unless ($no_fips) { my $provpath = bldtop_dir("providers"); my @prov = ( "-provider-path", $provpath, "-config", $provconf); - my $infile = bldtop_file('providers', platform->dso('fips')); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-section_name', 'fips_sect'])), - "fipsinstall"); $ENV{OPENSSL_TEST_LIBCTX} = "1"; ok(run(app(['openssl', 'genpkey', diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t index ddbfe84bd7..47aac78f35 100644 --- a/test/recipes/15-test_rsaoaep.t +++ b/test/recipes/15-test_rsaoaep.t @@ -18,13 +18,11 @@ BEGIN { } use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $no_check = disabled('fips-securitychecks'); plan tests => - ($no_fips ? 0 : 1 + ($no_check ? 0 : 1)) # FIPS install test + ($no_check ? 0 : 1) # FIPS security check + 9; my @prov = ( ); @@ -40,29 +38,21 @@ my $dec3_file = "dec3.txt"; my $key_file = srctop_file("test", "testrsa2048.pem"); my $small_key_file = srctop_file("test", "testrsa.pem"); -unless ($no_fips) { +$ENV{OPENSSL_TEST_LIBCTX} = "1"; + +unless ($no_check) { @prov = ( "-provider-path", $provpath, "-config", $provconf ); - my $infile = bldtop_file('providers', platform->dso('fips')); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); - $ENV{OPENSSL_TEST_LIBCTX} = "1"; - - unless ($no_check) { - ok(!run(app(['openssl', 'pkeyutl', - @prov, - '-encrypt', - '-in', $msg_file, - '-inkey', $small_key_file, - '-pkeyopt', 'pad-mode:oaep', - '-pkeyopt', 'oaep-label:123', - '-pkeyopt', 'digest:sha1', - '-pkeyopt', 'mgf1-digest:sha1', - '-out', $enc1_file])), - "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail"); - } + ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $small_key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-out', $enc1_file])), + "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail"); } ok(run(app(['openssl', 'pkeyutl', diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t index 591b497027..e7291df456 100644 --- a/test/recipes/20-test_cli_fips.t +++ b/test/recipes/20-test_cli_fips.t @@ -23,10 +23,10 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; -my $no_check = disabled('fips-securitychecks'); +my $no_check = disabled("fips") || disabled('fips-securitychecks'); plan skip_all => "Test only supported in a fips build with security checks" - if disabled("fips") || disabled("fips-securitychecks"); -plan tests => 13; + if $no_check; +plan tests => 11; my $fipsmodule = bldtop_file('providers', platform->dso('fips')); my $fipsconf = srctop_file("test", "fips-and-base.cnf"); @@ -34,17 +34,6 @@ my $defaultconf = srctop_file("test", "default.cnf"); my $tbs_data = $fipsmodule; my $bogus_data = $fipsconf; -# output a fipsmodule.cnf file containing mac data -ok(run(app(['openssl', 'fipsinstall', '-out', 'fipsmodule.cnf', - '-module', $fipsmodule, ])), - "fipsinstall"); - -# verify the $fipsconf file -ok(run(app(['openssl', 'fipsinstall', '-in', 'fipsmodule.cnf', '-module', $fipsmodule, - '-verify'])), - "fipsinstall verify"); - -$ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir()); $ENV{OPENSSL_CONF} = $fipsconf; ok(run(app(['openssl', 'list', '-public-key-methods', '-verbose'])), diff --git a/test/recipes/30-test_acvp.t b/test/recipes/30-test_acvp.t index 8cfc07ecf7..f86055666e 100644 --- a/test/recipes/30-test_acvp.t +++ b/test/recipes/30-test_acvp.t @@ -23,16 +23,8 @@ plan skip_all => "ACVP is not supported by this test" use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; -my $infile = bldtop_file('providers', platform->dso('fips')); - -plan tests => 2; - -ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); +plan tests => 1; ok(run(test(["acvp_test", "-config", srctop_file("test","fips.cnf")])), "running acvp_test"); diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t index c98591eb86..afdfd0ac70 100644 --- a/test/recipes/30-test_defltfips.t +++ b/test/recipes/30-test_defltfips.t @@ -20,21 +20,13 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => - ($no_fips ? 1 : 3); + ($no_fips ? 1 : 2); unless ($no_fips) { - my $infile = bldtop_file('providers', platform->dso('fips')); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); - $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "fips.cnf")); ok(run(test(["defltfips_test", "fips"])), "running defltfips_test fips"); } diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 44ea3d01f3..3398a1ab9a 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -19,7 +19,6 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); @@ -108,20 +107,10 @@ push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; plan tests => - ($no_fips ? 0 : 1) # FIPS install test + (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 3; # error output tests -unless ($no_fips) { - my $infile = bldtop_file('providers', platform->dso('fips')); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); -} - foreach (@configs) { my $conf = srctop_file("test", $_); diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index 81b3c62cc4..e033f49d63 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -18,14 +18,11 @@ setup("test_evp_fetch_prov"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -my $infile = bldtop_file('providers', platform->dso('fips')); my @types = ( "digest", "cipher" ); -my @setups = (); my @testdata = ( { config => srctop_file("test", "default.cnf"), providers => [ 'default' ], @@ -44,12 +41,6 @@ my @testdata = ( ); unless ($no_fips) { - push @setups, { - cmd => app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile]), - message => "fipsinstall" - }; push @testdata, ( { config => srctop_file("test", "fips.cnf"), providers => [ 'fips' ], @@ -105,15 +96,11 @@ foreach (@testdata) { $testcount += scalar @{$_->{tests}}; } -plan tests => 1 + scalar @setups + $testcount * scalar(@types); +plan tests => 1 + $testcount * scalar(@types); ok(run(test(["evp_fetch_prov_test", "-defaultctx"])), "running evp_fetch_prov_test using the default libctx"); -foreach my $setup (@setups) { - ok(run($setup->{cmd}), $setup->{message}); -} - foreach my $alg (@types) { foreach my $testcase (@testdata) { $ENV{OPENSSL_CONF} = ""; diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t index 602f29a831..36802c8d7b 100644 --- a/test/recipes/30-test_evp_libctx.t +++ b/test/recipes/30-test_evp_libctx.t @@ -20,24 +20,18 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; -my $infile = bldtop_file('providers', platform->dso('fips')); # If no fips then run the test with no extra arguments. my @test_args = ( ); plan tests => - ($no_fips ? 0 : 2) # FIPS install test + ($no_fips ? 0 : 1) # FIPS install test + 1; unless ($no_fips) { @test_args = ("-config", srctop_file("test","fips-and-base.cnf"), "-provider", "fips"); - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); ok(run(test(["evp_libctx_test", @test_args])), "running fips evp_libctx_test"); } diff --git a/test/recipes/30-test_provider_status.t b/test/recipes/30-test_provider_status.t index 03304ba4a2..0aaaf7ef49 100644 --- a/test/recipes/30-test_provider_status.t +++ b/test/recipes/30-test_provider_status.t @@ -19,21 +19,13 @@ setup("test_provider_status"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan skip_all => "provider_status is not supported by this test" if $no_fips; -plan tests => 2; - -my $infile = bldtop_file('providers', platform->dso('fips')); - -ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); +plan tests => 1; ok(run(test(["provider_status_test", "-config", srctop_file("test","fips.cnf"), "-provider_name", "fips"])), diff --git a/test/recipes/65-test_cmp_client.t b/test/recipes/65-test_cmp_client.t index a25be81996..0cd4982e89 100644 --- a/test/recipes/65-test_cmp_client.t +++ b/test/recipes/65-test_cmp_client.t @@ -18,14 +18,13 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan skip_all => "This test is not supported in a no-cmp or no-ec build" if disabled("cmp") || disabled("ec"); -plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test +plan tests => 2 + ($no_fips ? 0 : 1); # fips test my @basic_cmd = ("cmp_client_test", data_file("server.key"), @@ -39,10 +38,5 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips'))])), - "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t index 8525b6539f..3fc091a461 100644 --- a/test/recipes/65-test_cmp_msg.t +++ b/test/recipes/65-test_cmp_msg.t @@ -18,14 +18,13 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan skip_all => "This test is not supported in a no-cmp build" if disabled("cmp"); -plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test +plan tests => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_msg_test", data_file("new.key"), @@ -37,11 +36,6 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips'))])), - "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t index 54219e386a..4fa7c8298b 100644 --- a/test/recipes/65-test_cmp_protect.t +++ b/test/recipes/65-test_cmp_protect.t @@ -18,7 +18,6 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -28,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a shared library build on Windows" if $^O eq 'MSWin32' && !disabled("shared"); -plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test +plan tests => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_protect_test", data_file("server.pem"), @@ -47,11 +46,6 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips'))])), - "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_server.t b/test/recipes/65-test_cmp_server.t index 5864163f01..fb9dcef081 100644 --- a/test/recipes/65-test_cmp_server.t +++ b/test/recipes/65-test_cmp_server.t @@ -18,7 +18,6 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -28,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a no-ec build" if disabled("ec"); -plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test +plan tests => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_server_test", data_file("CR_protected_PBM_1234.der")); @@ -37,10 +36,5 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips'))])), - "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); } diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t index 800dabcd85..c1851cbc6e 100644 --- a/test/recipes/65-test_cmp_vfy.t +++ b/test/recipes/65-test_cmp_vfy.t @@ -18,7 +18,6 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -28,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a no-ec build" if disabled("ec"); -plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test +plan tests => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"), @@ -48,10 +47,5 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips'))])), - "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); } diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 88c3b3c750..e68844ebf1 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -20,7 +20,7 @@ BEGIN { } use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; + plan skip_all => "These tests are not supported in a fuzz build" if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/; diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 8e1478c386..8e3275c2e5 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -23,7 +23,6 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -52,16 +51,9 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) $no_rc2 = 1 if disabled("legacy"); plan tests => - ($no_fips ? 0 : 1) # FIPS install test + 10; unless ($no_fips) { - my $infile = bldtop_file('providers', platform->dso('fips')); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); @config = ( "-config", srctop_file("test", "fips-and-base.cnf") ); $provname = 'fips'; } diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 99dbdea1bb..4dc2529593 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -22,10 +22,8 @@ setup("test_ssl_new"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -my $infile = bldtop_file('providers', platform->dso('fips')); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); @@ -36,8 +34,7 @@ map { s/\^// } @conf_files if $^O eq "VMS"; # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 30 # = scalar @conf_srcs - + ($no_fips ? 0 : 1); # fipsinstall +plan tests => 30; # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. @@ -118,13 +115,6 @@ my %skip = ( "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"), ); -unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); -} - foreach my $conf (@conf_files) { subtest "Test configuration $conf" => sub { plan tests => 6 + ($no_fips ? 0 : 3); diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 2f3d5d1c8c..d01b2b72a8 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -22,11 +22,8 @@ setup("test_ssl_old"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -my $infile = bldtop_file('providers', platform->dso('fips')); - my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = @@ -81,18 +78,11 @@ my $client_sess="client.ss"; # If you're adding tests here, you probably want to convert them to the # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. plan tests => - ($no_fips ? 0 : 1 + 5) # For fipsinstall + testssl with fips provider + ($no_fips ? 0 : 5) # testssl with fips provider + 1 # For testss + 5 # For the testssl with default provider ; -unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); -} - subtest 'test_ss' => sub { if (testss()) { open OUT, ">", "intP1.ss"; diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 03ad986e78..e5c19a1745 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -21,7 +21,7 @@ BEGIN { } use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; + plan skip_all => "These tests are not supported in a fuzz build" if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/; diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 8cef077a66..02a620367d 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -17,7 +17,6 @@ setup("test_sslapi"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -25,7 +24,7 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); plan tests => - ($no_fips ? 0 : 2) # FIPS install test + sslapitest with fips + ($no_fips ? 0 : 1) # sslapitest with fips + 1; # sslapitest with default provider (undef, my $tmpfilename) = tempfile(); @@ -37,11 +36,6 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"), "running sslapitest"); unless ($no_fips) { - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips'))])), - "fipsinstall"); - ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "fips", diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t index 0410cd8007..53883ee629 100644 --- a/test/recipes/90-test_threads.t +++ b/test/recipes/90-test_threads.t @@ -18,20 +18,10 @@ setup("test_threads"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); - -plan tests => 1 + ($no_fips ? 0 : 1); - -if (!$no_fips) { - my $infile = bldtop_file('providers', platform->dso('fips')); - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile])), - "fipsinstall"); -} +plan tests => 1; if ($no_fips) { $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf")); From no-reply at appveyor.com Wed Mar 3 18:32:03 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Mar 2021 18:32:03 +0000 Subject: Build failed: openssl master.40362 Message-ID: <20210303183203.1.8C9F2AC0329AAEC2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Mar 3 21:24:30 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Mar 2021 21:24:30 +0000 Subject: Build completed: openssl master.40363 Message-ID: <20210303212430.1.AEC011FA54478723@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Mar 4 00:17:53 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 04 Mar 2021 00:17:53 +0000 Subject: [openssl] master update Message-ID: <1614817073.390491.17479.nullmailer@dev.openssl.org> The branch master has been updated via e3a2ba75474eebffe14b4bab1a34a1c2012a3888 (commit) from 33ac7b324bdf6791b3ec4a2e3bde74fee8686ff4 (commit) - Log ----------------------------------------------------------------- commit e3a2ba75474eebffe14b4bab1a34a1c2012a3888 Author: Tobias Nie?en Date: Tue Mar 2 18:15:32 2021 +0100 crypto: rename error flags in internal structures Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14405) ----------------------------------------------------------------------- Summary of changes: crypto/encode_decode/decoder_meth.c | 8 ++++---- crypto/encode_decode/decoder_pkey.c | 10 +++++----- crypto/encode_decode/encoder_meth.c | 8 ++++---- crypto/encode_decode/encoder_pkey.c | 24 ++++++++++++------------ crypto/evp/evp_fetch.c | 8 ++++---- crypto/store/store_meth.c | 8 ++++---- 6 files changed, 33 insertions(+), 33 deletions(-) diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index 6baf5836e8..c2182c2e53 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -88,7 +88,7 @@ struct decoder_data_st { const char *names; /* For get_decoder_from_store() */ const char *propquery; /* For get_decoder_from_store() */ - unsigned int flag_construct_error_occured : 1; + unsigned int flag_construct_error_occurred : 1; }; /* @@ -268,7 +268,7 @@ static void *construct_decoder(const OSSL_ALGORITHM *algodef, * record on inaccessible algorithms. */ if (method == NULL) - methdata->flag_construct_error_occured = 1; + methdata->flag_construct_error_occurred = 1; return method; } @@ -340,7 +340,7 @@ static OSSL_DECODER *inner_ossl_decoder_fetch(OSSL_LIB_CTX *libctx, int id, mcmdata.id = id; mcmdata.names = name; mcmdata.propquery = properties; - mcmdata.flag_construct_error_occured = 0; + mcmdata.flag_construct_error_occurred = 0; if ((method = ossl_method_construct(libctx, OSSL_OP_DECODER, 0 /* !force_cache */, &mcm, &mcmdata)) != NULL) { @@ -360,7 +360,7 @@ static OSSL_DECODER *inner_ossl_decoder_fetch(OSSL_LIB_CTX *libctx, int id, * If we never were in the constructor, the algorithm to be fetched * is unsupported. */ - unsupported = !mcmdata.flag_construct_error_occured; + unsupported = !mcmdata.flag_construct_error_occurred; } if (method == NULL) { diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index 0fff6823bd..38764b418b 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -219,7 +219,7 @@ struct collect_decoder_data_st { STACK_OF(OPENSSL_CSTRING) *names; OSSL_DECODER_CTX *ctx; - unsigned int error_occured:1; + unsigned int error_occurred:1; }; static void collect_decoder(OSSL_DECODER *decoder, void *arg) @@ -229,10 +229,10 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) const OSSL_PROVIDER *prov = OSSL_DECODER_provider(decoder); void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); - if (data->error_occured) + if (data->error_occurred) return; - data->error_occured = 1; /* Assume the worst */ + data->error_occurred = 1; /* Assume the worst */ if (data->names == NULL) return; @@ -266,7 +266,7 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) decoder->freectx(decoderctx); } - data->error_occured = 0; /* All is good now */ + data->error_occurred = 0; /* All is good now */ } int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, @@ -326,7 +326,7 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, collect_decoder, &collect_decoder_data); sk_OPENSSL_CSTRING_free(names); - if (collect_decoder_data.error_occured) + if (collect_decoder_data.error_occurred) goto err; } diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index 191ca8640f..490eeb2e0a 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -88,7 +88,7 @@ struct encoder_data_st { const char *names; /* For get_encoder_from_store() */ const char *propquery; /* For get_encoder_from_store() */ - unsigned int flag_construct_error_occured : 1; + unsigned int flag_construct_error_occurred : 1; }; /* @@ -280,7 +280,7 @@ static void *construct_encoder(const OSSL_ALGORITHM *algodef, * record on inaccessible algorithms. */ if (method == NULL) - methdata->flag_construct_error_occured = 1; + methdata->flag_construct_error_occurred = 1; return method; } @@ -352,7 +352,7 @@ static OSSL_ENCODER *inner_ossl_encoder_fetch(OSSL_LIB_CTX *libctx, mcmdata.id = id; mcmdata.names = name; mcmdata.propquery = properties; - mcmdata.flag_construct_error_occured = 0; + mcmdata.flag_construct_error_occurred = 0; if ((method = ossl_method_construct(libctx, OSSL_OP_ENCODER, 0 /* !force_cache */, &mcm, &mcmdata)) != NULL) { @@ -372,7 +372,7 @@ static OSSL_ENCODER *inner_ossl_encoder_fetch(OSSL_LIB_CTX *libctx, * If we never were in the constructor, the algorithm to be fetched * is unsupported. */ - unsupported = !mcmdata.flag_construct_error_occured; + unsupported = !mcmdata.flag_construct_error_occurred; } if (method == NULL) { diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index fb86631a8d..fc5a391420 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -78,7 +78,7 @@ struct collected_encoder_st { OSSL_ENCODER_CTX *ctx; - int error_occured; + int error_occurred; }; static void collect_encoder(OSSL_ENCODER *encoder, void *arg) @@ -86,10 +86,10 @@ static void collect_encoder(OSSL_ENCODER *encoder, void *arg) struct collected_encoder_st *data = arg; size_t i, end_i; - if (data->error_occured) + if (data->error_occurred) return; - data->error_occured = 1; /* Assume the worst */ + data->error_occurred = 1; /* Assume the worst */ if (data->names == NULL) return; @@ -110,27 +110,27 @@ static void collect_encoder(OSSL_ENCODER *encoder, void *arg) break; } - data->error_occured = 0; /* All is good now */ + data->error_occurred = 0; /* All is good now */ } struct collected_names_st { STACK_OF(OPENSSL_CSTRING) *names; - unsigned int error_occured:1; + unsigned int error_occurred:1; }; static void collect_name(const char *name, void *arg) { struct collected_names_st *data = arg; - if (data->error_occured) + if (data->error_occurred) return; - data->error_occured = 1; /* Assume the worst */ + data->error_occurred = 1; /* Assume the worst */ if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0) return; - data->error_occured = 0; /* All is good now */ + data->error_occurred = 0; /* All is good now */ } /* @@ -241,9 +241,9 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, * First, collect the keymgmt names, then the encoders that match. */ keymgmt_data.names = sk_OPENSSL_CSTRING_new_null(); - keymgmt_data.error_occured = 0; + keymgmt_data.error_occurred = 0; EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data); - if (keymgmt_data.error_occured) { + if (keymgmt_data.error_occurred) { sk_OPENSSL_CSTRING_free(keymgmt_data.names); goto err; } @@ -251,11 +251,11 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, encoder_data.names = keymgmt_data.names; encoder_data.output_type = ctx->output_type; encoder_data.output_structure = ctx->output_structure; - encoder_data.error_occured = 0; + encoder_data.error_occurred = 0; encoder_data.ctx = ctx; OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data); sk_OPENSSL_CSTRING_free(keymgmt_data.names); - if (encoder_data.error_occured) { + if (encoder_data.error_occurred) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 589c15fb1e..d635db7c3e 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -48,7 +48,7 @@ struct evp_method_data_st { const char *names; /* For get_evp_method_from_store() */ const char *propquery; /* For get_evp_method_from_store() */ - unsigned int flag_construct_error_occured : 1; + unsigned int flag_construct_error_occurred : 1; void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *, OSSL_PROVIDER *); @@ -203,7 +203,7 @@ static void *construct_evp_method(const OSSL_ALGORITHM *algodef, * record on inaccessible algorithms. */ if (method == NULL) - methdata->flag_construct_error_occured = 1; + methdata->flag_construct_error_occurred = 1; return method; } @@ -299,7 +299,7 @@ inner_evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id, mcmdata.method_from_dispatch = new_method; mcmdata.refcnt_up_method = up_ref_method; mcmdata.destruct_method = free_method; - mcmdata.flag_construct_error_occured = 0; + mcmdata.flag_construct_error_occurred = 0; if ((method = ossl_method_construct(libctx, operation_id, 0 /* !force_cache */, &mcm, &mcmdata)) != NULL) { @@ -320,7 +320,7 @@ inner_evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id, * If we never were in the constructor, the algorithm to be fetched * is unsupported. */ - unsupported = !mcmdata.flag_construct_error_occured; + unsupported = !mcmdata.flag_construct_error_occurred; } if (method == NULL) { diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c index 04f7249ddc..c74a634e9e 100644 --- a/crypto/store/store_meth.c +++ b/crypto/store/store_meth.c @@ -93,7 +93,7 @@ struct loader_data_st { const char *scheme; /* For get_loader_from_store() */ const char *propquery; /* For get_loader_from_store() */ - unsigned int flag_construct_error_occured : 1; + unsigned int flag_construct_error_occurred : 1; }; /* @@ -253,7 +253,7 @@ static void *construct_loader(const OSSL_ALGORITHM *algodef, * record on inaccessible algorithms. */ if (method == NULL) - methdata->flag_construct_error_occured = 1; + methdata->flag_construct_error_occurred = 1; return method; } @@ -316,7 +316,7 @@ static OSSL_STORE_LOADER *inner_loader_fetch(OSSL_LIB_CTX *libctx, mcmdata.scheme_id = id; mcmdata.scheme = scheme; mcmdata.propquery = properties; - mcmdata.flag_construct_error_occured = 0; + mcmdata.flag_construct_error_occurred = 0; if ((method = ossl_method_construct(libctx, OSSL_OP_STORE, 0 /* !force_cache */, &mcm, &mcmdata)) != NULL) { @@ -335,7 +335,7 @@ static OSSL_STORE_LOADER *inner_loader_fetch(OSSL_LIB_CTX *libctx, * If we never were in the constructor, the algorithm to be fetched * is unsupported. */ - unsupported = !mcmdata.flag_construct_error_occured; + unsupported = !mcmdata.flag_construct_error_occurred; } if (method == NULL) { From openssl at openssl.org Thu Mar 4 01:09:55 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Mar 2021 01:09:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm Message-ID: <1614820195.748709.1747923.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): make depend && make _tests make[1]: Entering directory '/home/openssl/run-checker/no-asm' make[1]: Leaving directory '/home/openssl/run-checker/no-asm' make[1]: Entering directory '/home/openssl/run-checker/no-asm' ( SRCTOP=../openssl \ BLDTOP=. \ PERL="/usr/bin/perl" \ FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \ EXE_EXT= \ /usr/bin/perl ../openssl/test/run_tests.pl ) 01-test_abort.t .................... ok 01-test_fipsmodule_cnf.t ........... ok 01-test_sanity.t ................... ok 01-test_symbol_presence.t .......... ok 01-test_test.t ..................... ok 02-test_errstr.t ................... ok 02-test_internal_context.t ......... ok 02-test_internal_ctype.t ........... ok 02-test_internal_keymgmt.t ......... ok 02-test_internal_provider.t ........ ok 02-test_lhash.t .................... ok 02-test_ordinals.t ................. ok 02-test_sparse_array.t ............. ok 02-test_stack.t .................... ok 03-test_exdata.t ................... ok 03-test_fipsinstall.t .............. ok 03-test_internal_asn1.t ............ ok 03-test_internal_asn1_dsa.t ........ ok 03-test_internal_bn.t .............. ok 03-test_internal_chacha.t .......... ok 03-test_internal_curve448.t ........ ok 03-test_internal_ec.t .............. ok 03-test_internal_ffc.t ............. ok 03-test_internal_mdc2.t ............ ok 03-test_internal_modes.t ........... ok 03-test_internal_namemap.t ......... ok 03-test_internal_poly1305.t ........ ok 03-test_internal_rsa_sp800_56b.t ... ok 03-test_internal_siphash.t ......... ok 03-test_internal_sm2.t ............. ok 03-test_internal_sm4.t ............. ok 03-test_internal_ssl_cert_table.t .. ok 03-test_internal_x509.t ............ ok 03-test_params_api.t ............... ok 03-test_property.t ................. ok 03-test_ui.t ....................... ok 04-test_asn1_decode.t .............. ok 04-test_asn1_encode.t .............. ok 04-test_asn1_string_table.t ........ ok 04-test_bio_callback.t ............. ok 04-test_bioprint.t ................. ok 04-test_conf.t ..................... ok 04-test_encoder_decoder.t .......... ok 04-test_encoder_decoder_legacy.t ... ok 04-test_err.t ...................... ok 04-test_hexstring.t ................ ok 04-test_param_build.t .............. ok 04-test_params.t ................... ok 04-test_params_conversion.t ........ ok 04-test_pem.t ...................... ok 04-test_pem_read_depr.t ............ ok 04-test_provider.t ................. ok 04-test_provider_fallback.t ........ ok 05-test_bf.t ....................... ok 05-test_cast.t ..................... ok 05-test_cmac.t ..................... ok 05-test_des.t ...................... ok 05-test_hmac.t ..................... ok 05-test_idea.t ..................... ok 05-test_rand.t ..................... ok 05-test_rc2.t ...................... ok 05-test_rc4.t ...................... ok 05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build 06-test-rdrand.t ................... ok 06-test_algorithmid.t .............. ok 10-test_bn.t ....................... ok 10-test_exp.t ...................... ok 15-test_dh.t ....................... ok 15-test_dsa.t ...................... ok 15-test_dsaparam.t ................. ok 15-test_ec.t ....................... ok 15-test_ecdsa.t .................... ok 15-test_ecparam.t .................. ok 15-test_gendh.t .................... ok 15-test_gendsa.t ................... ok 15-test_genec.t .................... ok 15-test_genrsa.t ................... ok 15-test_mp_rsa.t ................... ok 15-test_out_option.t ............... ok 15-test_rsa.t ...................... ok 15-test_rsaoaep.t .................. ok 15-test_rsapss.t ................... ok 20-test_app.t ...................... ok 20-test_cli_fips.t ................. ok 20-test_dgst.t ..................... ok 20-test_dhparam.t .................. ok make[1]: *** wait: No child processes. Stop. make[1]: *** Waiting for unfinished jobs.... make[1]: *** wait: No child processes. Stop. make: *** [Makefile:3269: tests] Terminated From openssl at openssl.org Thu Mar 4 01:39:04 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Mar 2021 01:39:04 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoalginit Message-ID: <1614821944.128209.1808490.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoalginit Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.o ../openssl/providers/implementations/ciphers/cipher_rc2_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4.o ../openssl/providers/implementations/ciphers/cipher_rc4.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_seed.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_seed.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_seed.o ../openssl/providers/implementations/ciphers/cipher_seed.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o ../openssl/providers/implementations/ciphers/cipher_seed_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o ../openssl/providers/implementations/ciphers/cipher_tdes_common.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-md4_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-md4_prov.o -c -o providers/implementations/digests/liblegacy-lib-md4_prov.o ../openssl/providers/implementations/digests/md4_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-mdc2_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-mdc2_prov.o -c -o providers/implementations/digests/liblegacy-lib-mdc2_prov.o ../openssl/providers/implementations/digests/mdc2_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-ripemd_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-ripemd_prov.o -c -o providers/implementations/digests/liblegacy-lib-ripemd_prov.o ../openssl/providers/implementations/digests/ripemd_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-wp_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-wp_prov.o -c -o providers/implementations/digests/liblegacy-lib-wp_prov.o ../openssl/providers/implementations/digests/wp_prov.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-fipsprov.d.tmp -MT providers/fips/fips-dso-fipsprov.o -c -o providers/fips/fips-dso-fipsprov.o ../openssl/providers/fips/fipsprov.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-self_test.d.tmp -MT providers/fips/fips-dso-self_test.o -c -o providers/fips/fips-dso-self_test.o ../openssl/providers/fips/self_test.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-self_test_kats.d.tmp -MT providers/fips/fips-dso-self_test_kats.o -c -o providers/fips/fips-dso-self_test_kats.o ../openssl/providers/fips/self_test_kats.c /usr/bin/perl ../openssl/util/mkdef.pl --ordinals ../openssl/util/providers.num --name providers/fips --OS linux > providers/fips.ld clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/legacy-dso-legacyprov.d.tmp -MT providers/legacy-dso-legacyprov.o -c -o providers/legacy-dso-legacyprov.o ../openssl/providers/legacyprov.c /usr/bin/perl ../openssl/util/mkdef.pl --ordinals ../openssl/util/providers.num --name providers/legacy --OS linux > providers/legacy.ld /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPADLOCK_ASM -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o engines/libcrypto-lib-e_padlock-x86_64.o engines/e_padlock-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encode_key2any.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o -c -o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o ../openssl/providers/implementations/encode_decode/encode_key2any.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-ecdsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-ecdsa.o -c -o providers/implementations/signature/libimplementations-lib-ecdsa.o ../openssl/providers/implementations/signature/ecdsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-eddsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-eddsa.o -c -o providers/implementations/signature/libimplementations-lib-eddsa.o ../openssl/providers/implementations/signature/eddsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-sm2sig.d.tmp -MT providers/implementations/signature/libimplementations-lib-sm2sig.o -c -o providers/implementations/signature/libimplementations-lib-sm2sig.o ../openssl/providers/implementations/signature/sm2sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_key.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_key.o -c -o providers/common/der/libnonfips-lib-der_dsa_key.o ../openssl/providers/common/der/der_dsa_key.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_sig.o -c -o providers/common/der/libnonfips-lib-der_dsa_sig.o ../openssl/providers/common/der/der_dsa_sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_gen.o -c -o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/der_ec_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ecx_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_ecx_gen.o -c -o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/der_ecx_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_rsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_rsa_gen.o -c -o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/der_rsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_sm2_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_sm2_gen.o -c -o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/der_sm2_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_wrap_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_wrap_gen.o -c -o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/der/der_wrap_gen.c rm -f libssl.a ar qc libssl.a crypto/libssl-lib-packet.o ssl/libssl-lib-bio_ssl.o ssl/libssl-lib-d1_lib.o ssl/libssl-lib-d1_msg.o ssl/libssl-lib-d1_srtp.o ssl/libssl-lib-methods.o ssl/libssl-lib-pqueue.o ssl/libssl-lib-s3_cbc.o ssl/libssl-lib-s3_enc.o ssl/libssl-lib-s3_lib.o ssl/libssl-lib-s3_msg.o ssl/libssl-lib-ssl_asn1.o ssl/libssl-lib-ssl_cert.o ssl/libssl-lib-ssl_ciph.o ssl/libssl-lib-ssl_conf.o ssl/libssl-lib-ssl_err.o ssl/libssl-lib-ssl_err_legacy.o ssl/libssl-lib-ssl_init.o ssl/libssl-lib-ssl_lib.o ssl/libssl-lib-ssl_mcnf.o ssl/libssl-lib-ssl_rsa.o ssl/libssl-lib-ssl_rsa_legacy.o ssl/libssl-lib-ssl_sess.o ssl/libssl-lib-ssl_stat.o ssl/libssl-lib-ssl_txt.o ssl/libssl-lib-ssl_utst.o ssl/libssl-lib-t1_enc.o ssl/libssl-lib-t1_lib.o ssl/libssl-lib-t1_trce.o ssl/libssl-lib-tls13_enc.o ssl/libssl-lib-tls_depr.o ssl/libssl-lib-tls_srp.o ssl/record/libssl-lib-dtls1_bitmap.o ssl/record/libssl-lib-rec_layer_d1.o ssl/record/libssl-lib-rec_layer_s3.o ssl/record/libssl-lib-ssl3_buffer.o ssl/record/libssl-lib-ssl3_record.o ssl/record/libssl-lib-ssl3_record_tls13.o ssl/record/libssl-lib-tls_pad.o ssl/statem/libssl-lib-extensions.o ssl/statem/libssl-lib-extensions_clnt.o ssl/statem/libssl-lib-extensions_cust.o ssl/statem/libssl-lib-extensions_srvr.o ssl/statem/libssl-lib-statem.o ssl/statem/libssl-lib-statem_clnt.o ssl/statem/libssl-lib-statem_dtls.o ssl/statem/libssl-lib-statem_lib.o ssl/statem/libssl-lib-statem_srvr.o rm -f providers/libfips.a ar qc providers/libfips.a crypto/aes/libfips-lib-aes-x86_64.o crypto/aes/libfips-lib-aes_ecb.o crypto/aes/libfips-lib-aes_misc.o crypto/aes/libfips-lib-aesni-mb-x86_64.o crypto/aes/libfips-lib-aesni-sha1-x86_64.o crypto/aes/libfips-lib-aesni-sha256-x86_64.o crypto/aes/libfips-lib-aesni-x86_64.o crypto/aes/libfips-lib-bsaes-x86_64.o crypto/aes/libfips-lib-vpaes-x86_64.o crypto/bn/asm/libfips-lib-x86_64-gcc.o crypto/bn/libfips-lib-bn_add.o crypto/bn/libfips-lib-bn_blind.o crypto/bn/libfips-lib-bn_const.o crypto/bn/libfips-lib-bn_conv.o crypto/bn/libfips-lib-bn_ctx.o crypto/bn/libfips-lib-bn_dh.o crypto/bn/libfips-lib-bn_div.o crypto/bn/libfips-lib-bn_exp.o crypto/bn/libfips-lib-bn_exp2.o crypto/bn/libfips-lib-bn_gcd.o crypto/bn/libfips-lib-bn_gf2m.o crypto/bn/libfips-lib-bn_intern.o crypto/bn/libfips-lib-bn_kron.o crypto/bn/libfips-lib-bn_lib.o crypto/bn/libfips-lib-bn_mod.o crypto/bn/libfips-lib-bn_mont.o crypto/bn/libfips-lib-bn_mpi.o crypto/bn/libfips-lib-bn_mul.o crypto/bn/libfips-lib-bn_nist.o crypto/bn/libfips-lib-bn_prime.o crypto/bn/libfips-lib-bn_rand.o crypto/bn/libfips-lib-bn_recp.o crypto/bn/libfips-lib-bn_rsa_fips186_4.o crypto/bn/libfips-lib-bn_shift.o crypto/bn/libfips-lib-bn_sqr.o crypto/bn/libfips-lib-bn_sqrt.o crypto/bn/libfips-lib-bn_word.o crypto/bn/libfips-lib-rsaz-avx2.o crypto/bn/libfips-lib-rsaz-x86_64.o crypto/bn/libfips-lib-rsaz_exp.o crypto/bn/libfips-lib-x86_64-gf2m.o crypto/bn/libfips-lib-x86_64-mont.o crypto/bn/libfips-lib-x86_64-mont5.o crypto/buffer/libfips-lib-buffer.o crypto/cmac/libfips-lib-cmac.o crypto/des/libfips-lib-des_enc.o crypto/des/libfips-lib-ecb3_enc.o crypto/des/libfips-lib-fcrypt_b.o crypto/des/libfips-lib-set_key.o crypto/dh/libfips-lib-dh_backend.o crypto/dh/libfips-lib-dh_check.o crypto/dh/libfips-lib-dh_gen.o crypto/dh/libfips-lib-dh_group_params.o crypto/dh/libfips-lib-dh_kdf.o crypto/dh/libfips-lib-dh_key.o crypto/dh/libfips-lib-dh_lib.o crypto/dsa/libfips-lib-dsa_backend.o crypto/dsa/libfips-lib-dsa_check.o crypto/dsa/libfips-lib-dsa_gen.o crypto/dsa/libfips-lib-dsa_key.o crypto/dsa/libfips-lib-dsa_lib.o crypto/dsa/libfips-lib-dsa_ossl.o crypto/dsa/libfips-lib-dsa_sign.o crypto/dsa/libfips-lib-dsa_vrf.o crypto/ec/curve448/arch_32/libfips-lib-f_impl.o crypto/ec/curve448/libfips-lib-curve448.o crypto/ec/curve448/libfips-lib-curve448_tables.o crypto/ec/curve448/libfips-lib-eddsa.o crypto/ec/curve448/libfips-lib-f_generic.o crypto/ec/curve448/libfips-lib-scalar.o crypto/ec/libfips-lib-curve25519.o crypto/ec/libfips-lib-ec2_oct.o crypto/ec/libfips-lib-ec2_smpl.o crypto/ec/libfips-lib-ec_asn1.o crypto/ec/libfips-lib-ec_backend.o crypto/ec/libfips-lib-ec_check.o crypto/ec/libfips-lib-ec_curve.o crypto/ec/libfips-lib-ec_cvt.o crypto/ec/libfips-lib-ec_deprecated.o crypto/ec/libfips-lib-ec_key.o crypto/ec/libfips-lib-ec_kmeth.o crypto/ec/libfips-lib-ec_lib.o crypto/ec/libfips-lib-ec_mult.o crypto/ec/libfips-lib-ec_oct.o crypto/ec/libfips-lib-ec_print.o crypto/ec/libfips-lib-ecdh_kdf.o crypto/ec/libfips-lib-ecdh_ossl.o crypto/ec/libfips-lib-ecdsa_ossl.o crypto/ec/libfips-lib-ecdsa_sign.o crypto/ec/libfips-lib-ecdsa_vrf.o crypto/ec/libfips-lib-ecp_mont.o crypto/ec/libfips-lib-ecp_nist.o crypto/ec/libfips-lib-ecp_nistz256-x86_64.o crypto/ec/libfips-lib-ecp_nistz256.o crypto/ec/libfips-lib-ecp_oct.o crypto/ec/libfips-lib-ecp_smpl.o crypto/ec/libfips-lib-ecx_backend.o crypto/ec/libfips-lib-ecx_key.o crypto/ec/libfips-lib-x25519-x86_64.o crypto/evp/libfips-lib-asymcipher.o crypto/evp/libfips-lib-cmeth_lib.o crypto/evp/libfips-lib-dh_support.o crypto/evp/libfips-lib-digest.o crypto/evp/libfips-lib-ec_support.o crypto/evp/libfips-lib-evp_enc.o crypto/evp/libfips-lib-evp_fetch.o crypto/evp/libfips-lib-evp_lib.o crypto/evp/libfips-lib-evp_rand.o crypto/evp/libfips-lib-evp_utils.o crypto/evp/libfips-lib-exchange.o crypto/evp/libfips-lib-kdf_lib.o crypto/evp/libfips-lib-kdf_meth.o crypto/evp/libfips-lib-kem.o crypto/evp/libfips-lib-keymgmt_lib.o crypto/evp/libfips-lib-keymgmt_meth.o crypto/evp/libfips-lib-m_sigver.o crypto/evp/libfips-lib-mac_lib.o crypto/evp/libfips-lib-mac_meth.o crypto/evp/libfips-lib-p_lib.o crypto/evp/libfips-lib-pmeth_check.o crypto/evp/libfips-lib-pmeth_gn.o crypto/evp/libfips-lib-pmeth_lib.o crypto/evp/libfips-lib-signature.o crypto/ffc/libfips-lib-ffc_backend.o crypto/ffc/libfips-lib-ffc_dh.o crypto/ffc/libfips-lib-ffc_key_generate.o crypto/ffc/libfips-lib-ffc_key_validate.o crypto/ffc/libfips-lib-ffc_params.o crypto/ffc/libfips-lib-ffc_params_generate.o crypto/ffc/libfips-lib-ffc_params_validate.o crypto/hmac/libfips-lib-hmac.o crypto/lhash/libfips-lib-lhash.o crypto/libfips-lib-asn1_dsa.o crypto/libfips-lib-bsearch.o crypto/libfips-lib-context.o crypto/libfips-lib-core_algorithm.o crypto/libfips-lib-core_fetch.o crypto/libfips-lib-core_namemap.o crypto/libfips-lib-cryptlib.o crypto/libfips-lib-ctype.o crypto/libfips-lib-der_writer.o crypto/libfips-lib-ex_data.o crypto/libfips-lib-initthread.o crypto/libfips-lib-o_str.o crypto/libfips-lib-packet.o crypto/libfips-lib-param_build.o crypto/libfips-lib-param_build_set.o crypto/libfips-lib-params.o crypto/libfips-lib-params_from_text.o crypto/libfips-lib-passphrase.o crypto/libfips-lib-provider_core.o crypto/libfips-lib-provider_predefined.o crypto/libfips-lib-self_test_core.o crypto/libfips-lib-sparse_array.o crypto/libfips-lib-threads_lib.o crypto/libfips-lib-threads_none.o crypto/libfips-lib-threads_pthread.o crypto/libfips-lib-threads_win.o crypto/libfips-lib-x86_64cpuid.o crypto/modes/libfips-lib-aesni-gcm-x86_64.o crypto/modes/libfips-lib-cbc128.o crypto/modes/libfips-lib-ccm128.o crypto/modes/libfips-lib-cfb128.o crypto/modes/libfips-lib-ctr128.o crypto/modes/libfips-lib-gcm128.o crypto/modes/libfips-lib-ghash-x86_64.o crypto/modes/libfips-lib-ofb128.o crypto/modes/libfips-lib-wrap128.o crypto/modes/libfips-lib-xts128.o crypto/property/libfips-lib-defn_cache.o crypto/property/libfips-lib-property.o crypto/property/libfips-lib-property_parse.o crypto/property/libfips-lib-property_string.o crypto/rand/libfips-lib-rand_lib.o crypto/rand/libfips-lib-rand_meth.o crypto/rsa/libfips-lib-rsa_acvp_test_params.o crypto/rsa/libfips-lib-rsa_backend.o crypto/rsa/libfips-lib-rsa_chk.o crypto/rsa/libfips-lib-rsa_crpt.o crypto/rsa/libfips-lib-rsa_gen.o crypto/rsa/libfips-lib-rsa_lib.o crypto/rsa/libfips-lib-rsa_mp_names.o crypto/rsa/libfips-lib-rsa_none.o crypto/rsa/libfips-lib-rsa_oaep.o crypto/rsa/libfips-lib-rsa_ossl.o crypto/rsa/libfips-lib-rsa_pk1.o crypto/rsa/libfips-lib-rsa_pss.o crypto/rsa/libfips-lib-rsa_schemes.o crypto/rsa/libfips-lib-rsa_sign.o crypto/rsa/libfips-lib-rsa_sp800_56b_check.o crypto/rsa/libfips-lib-rsa_sp800_56b_gen.o crypto/rsa/libfips-lib-rsa_x931.o crypto/sha/libfips-lib-keccak1600-x86_64.o crypto/sha/libfips-lib-sha1-mb-x86_64.o crypto/sha/libfips-lib-sha1-x86_64.o crypto/sha/libfips-lib-sha1dgst.o crypto/sha/libfips-lib-sha256-mb-x86_64.o crypto/sha/libfips-lib-sha256-x86_64.o crypto/sha/libfips-lib-sha256.o crypto/sha/libfips-lib-sha3.o crypto/sha/libfips-lib-sha512-x86_64.o crypto/sha/libfips-lib-sha512.o crypto/stack/libfips-lib-stack.o providers/common/der/libfips-lib-der_digests_gen.o providers/common/der/libfips-lib-der_dsa_gen.o providers/common/der/libfips-lib-der_dsa_key.o providers/common/der/libfips-lib-der_dsa_sig.o providers/common/der/libfips-lib-der_ec_gen.o providers/common/der/libfips-lib-der_ec_key.o providers/common/der/libfips-lib-der_ec_sig.o providers/common/der/libfips-lib-der_ecx_gen.o providers/common/der/libfips-lib-der_ecx_key.o providers/common/der/libfips-lib-der_rsa_gen.o providers/common/der/libfips-lib-der_rsa_key.o providers/common/der/libfips-lib-der_rsa_sig.o providers/common/der/libfips-lib-der_sm2_gen.o providers/common/der/libfips-lib-der_sm2_key.o providers/common/der/libfips-lib-der_sm2_sig.o providers/common/der/libfips-lib-der_wrap_gen.o providers/common/libfips-lib-bio_prov.o providers/common/libfips-lib-capabilities.o providers/common/libfips-lib-digest_to_nid.o providers/common/libfips-lib-provider_seeding.o providers/common/libfips-lib-provider_util.o providers/common/libfips-lib-securitycheck.o providers/common/libfips-lib-securitycheck_fips.o providers/implementations/ciphers/libfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libfips-lib-rsa_kmgmt.o providers/implementations/rands/libfips-lib-crngt.o providers/implementations/rands/libfips-lib-drbg.o providers/implementations/rands/libfips-lib-drbg_ctr.o providers/implementations/rands/libfips-lib-drbg_hash.o providers/implementations/rands/libfips-lib-drbg_hmac.o providers/implementations/rands/libfips-lib-test_rng.o providers/implementations/signature/libfips-lib-mac_legacy.o providers/implementations/signature/libfips-lib-rsa.o ranlib libssl.a || echo Never mind. rm -f providers/libimplementations.a ar qc providers/libimplementations.a crypto/md5/libimplementations-lib-md5-x86_64.o crypto/md5/libimplementations-lib-md5_dgst.o crypto/md5/libimplementations-lib-md5_one.o crypto/md5/libimplementations-lib-md5_sha1.o providers/implementations/asymciphers/libimplementations-lib-rsa_enc.o providers/implementations/asymciphers/libimplementations-lib-sm2_enc.o providers/implementations/ciphers/libimplementations-lib-cipher_aes.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha1_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha256_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_wrp.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_null.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_common.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o providers/implementations/digests/libimplementations-lib-blake2_prov.o providers/implementations/digests/libimplementations-lib-blake2b_prov.o providers/implementations/digests/libimplementations-lib-blake2s_prov.o providers/implementations/digests/libimplementations-lib-md5_prov.o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o providers/implementations/digests/libimplementations-lib-sha2_prov.o providers/implementations/digests/libimplementations-lib-sha3_prov.o providers/implementations/digests/libimplementations-lib-sm3_prov.o providers/implementations/encode_decode/libimplementations-lib-decode_der2key.o providers/implementations/encode_decode/libimplementations-lib-decode_ms2key.o providers/implementations/encode_decode/libimplementations-lib-decode_pem2der.o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o providers/implementations/encode_decode/libimplementations-lib-encode_key2blob.o providers/implementations/encode_decode/libimplementations-lib-encode_key2ms.o providers/implementations/encode_decode/libimplementations-lib-encode_key2text.o providers/implementations/encode_decode/libimplementations-lib-endecoder_common.o providers/implementations/exchange/libimplementations-lib-dh_exch.o providers/implementations/exchange/libimplementations-lib-ecdh_exch.o providers/implementations/exchange/libimplementations-lib-ecx_exch.o providers/implementations/exchange/libimplementations-lib-kdf_exch.o providers/implementations/kdfs/libimplementations-lib-hkdf.o providers/implementations/kdfs/libimplementations-lib-kbkdf.o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o providers/implementations/kdfs/libimplementations-lib-pkcs12kdf.o providers/implementations/kdfs/libimplementations-lib-scrypt.o providers/implementations/kdfs/libimplementations-lib-sshkdf.o providers/implementations/kdfs/libimplementations-lib-sskdf.o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o providers/implementations/kdfs/libimplementations-lib-x942kdf.o providers/implementations/kem/libimplementations-lib-rsa_kem.o providers/implementations/keymgmt/libimplementations-lib-ecx_kmgmt.o providers/implementations/keymgmt/libimplementations-lib-kdf_legacy_kmgmt.o providers/implementations/macs/libimplementations-lib-blake2b_mac.o providers/implementations/macs/libimplementations-lib-blake2s_mac.o providers/implementations/macs/libimplementations-lib-cmac_prov.o providers/implementations/macs/libimplementations-lib-gmac_prov.o providers/implementations/macs/libimplementations-lib-hmac_prov.o providers/implementations/macs/libimplementations-lib-kmac_prov.o providers/implementations/macs/libimplementations-lib-poly1305_prov.o providers/implementations/macs/libimplementations-lib-siphash_prov.o providers/implementations/signature/libimplementations-lib-dsa.o providers/implementations/signature/libimplementations-lib-ecdsa.o providers/implementations/signature/libimplementations-lib-eddsa.o providers/implementations/signature/libimplementations-lib-sm2sig.o providers/implementations/storemgmt/libimplementations-lib-file_store.o providers/implementations/storemgmt/libimplementations-lib-file_store_der2obj.o ssl/libimplementations-lib-s3_cbc.o rm -f providers/liblegacy.a ar qc providers/liblegacy.a crypto/bn/asm/liblegacy-lib-x86_64-gcc.o crypto/bn/liblegacy-lib-rsaz-avx2.o crypto/bn/liblegacy-lib-rsaz-x86_64.o crypto/bn/liblegacy-lib-rsaz_exp.o crypto/bn/liblegacy-lib-x86_64-gf2m.o crypto/bn/liblegacy-lib-x86_64-mont.o crypto/bn/liblegacy-lib-x86_64-mont5.o crypto/des/liblegacy-lib-des_enc.o crypto/des/liblegacy-lib-fcrypt_b.o crypto/liblegacy-lib-asn1_dsa.o crypto/liblegacy-lib-bsearch.o crypto/liblegacy-lib-context.o crypto/liblegacy-lib-cryptlib.o crypto/liblegacy-lib-ctype.o crypto/liblegacy-lib-der_writer.o crypto/liblegacy-lib-ex_data.o crypto/liblegacy-lib-initthread.o crypto/liblegacy-lib-o_str.o crypto/liblegacy-lib-packet.o crypto/liblegacy-lib-param_build.o crypto/liblegacy-lib-param_build_set.o crypto/liblegacy-lib-params.o crypto/liblegacy-lib-params_from_text.o crypto/liblegacy-lib-passphrase.o crypto/liblegacy-lib-sparse_array.o crypto/liblegacy-lib-threads_lib.o crypto/liblegacy-lib-threads_none.o crypto/liblegacy-lib-threads_pthread.o crypto/liblegacy-lib-threads_win.o crypto/liblegacy-lib-x86_64cpuid.o crypto/md5/liblegacy-lib-md5-x86_64.o crypto/md5/liblegacy-lib-md5_dgst.o crypto/md5/liblegacy-lib-md5_one.o crypto/md5/liblegacy-lib-md5_sha1.o crypto/property/liblegacy-lib-defn_cache.o crypto/property/liblegacy-lib-property.o crypto/property/liblegacy-lib-property_parse.o crypto/property/liblegacy-lib-property_string.o providers/implementations/ciphers/liblegacy-lib-cipher_blowfish.o providers/implementations/ciphers/liblegacy-lib-cipher_blowfish_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_cast5.o providers/implementations/ciphers/liblegacy-lib-cipher_cast5_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_des.o providers/implementations/ciphers/liblegacy-lib-cipher_des_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_desx.o providers/implementations/ciphers/liblegacy-lib-cipher_desx_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_idea.o providers/implementations/ciphers/liblegacy-lib-cipher_idea_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc2.o providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_seed.o providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o providers/implementations/digests/liblegacy-lib-md4_prov.o providers/implementations/digests/liblegacy-lib-mdc2_prov.o providers/implementations/digests/liblegacy-lib-ripemd_prov.o providers/implementations/digests/liblegacy-lib-wp_prov.o ranlib providers/libfips.a || echo Never mind. ranlib providers/libimplementations.a || echo Never mind. ranlib providers/liblegacy.a || echo Never mind. rm -f libcrypto.a rm -f providers/libnonfips.a ar qc libcrypto.a crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/libcrypto-lib-aes_cfb.o crypto/aes/libcrypto-lib-aes_ecb.o crypto/aes/libcrypto-lib-aes_ige.o crypto/aes/libcrypto-lib-aes_misc.o crypto/aes/libcrypto-lib-aes_ofb.o crypto/aes/libcrypto-lib-aes_wrap.o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aria/libcrypto-lib-aria.o crypto/asn1/libcrypto-lib-a_bitstr.o crypto/asn1/libcrypto-lib-a_d2i_fp.o crypto/asn1/libcrypto-lib-a_digest.o crypto/asn1/libcrypto-lib-a_dup.o crypto/asn1/libcrypto-lib-a_gentm.o crypto/asn1/libcrypto-lib-a_i2d_fp.o crypto/asn1/libcrypto-lib-a_int.o crypto/asn1/libcrypto-lib-a_mbstr.o crypto/asn1/libcrypto-lib-a_object.o crypto/asn1/libcrypto-lib-a_octet.o crypto/asn1/libcrypto-lib-a_print.o crypto/asn1/libcrypto-lib-a_sign.o crypto/asn1/libcrypto-lib-a_strex.o crypto/asn1/libcrypto-lib-a_strnid.o crypto/asn1/libcrypto-lib-a_time.o crypto/asn1/libcrypto-lib-a_type.o crypto/asn1/libcrypto-lib-a_utctm.o crypto/asn1/libcrypto-lib-a_utf8.o crypto/asn1/libcrypto-lib-a_verify.o crypto/asn1/libcrypto-lib-ameth_lib.o crypto/asn1/libcrypto-lib-asn1_err.o crypto/asn1/libcrypto-lib-asn1_gen.o crypto/asn1/libcrypto-lib-asn1_item_list.o crypto/asn1/libcrypto-lib-asn1_lib.o crypto/asn1/libcrypto-lib-asn1_par.o crypto/asn1/libcrypto-lib-asn_mime.o crypto/asn1/libcrypto-lib-asn_moid.o crypto/asn1/libcrypto-lib-asn_mstbl.o crypto/asn1/libcrypto-lib-asn_pack.o crypto/asn1/libcrypto-lib-bio_asn1.o crypto/asn1/libcrypto-lib-bio_ndef.o crypto/asn1/libcrypto-lib-d2i_param.o crypto/asn1/libcrypto-lib-d2i_pr.o crypto/asn1/libcrypto-lib-d2i_pu.o crypto/asn1/libcrypto-lib-evp_asn1.o crypto/asn1/libcrypto-lib-f_int.o crypto/asn1/libcrypto-lib-f_string.o crypto/asn1/libcrypto-lib-i2d_evp.o crypto/asn1/libcrypto-lib-n_pkey.o crypto/asn1/libcrypto-lib-nsseq.o crypto/asn1/libcrypto-lib-p5_pbe.o crypto/asn1/libcrypto-lib-p5_pbev2.o crypto/asn1/libcrypto-lib-p5_scrypt.o crypto/asn1/libcrypto-lib-p8_pkey.o crypto/asn1/libcrypto-lib-t_bitst.o crypto/asn1/libcrypto-lib-t_pkey.o crypto/asn1/libcrypto-lib-t_spki.o crypto/asn1/libcrypto-lib-tasn_dec.o crypto/asn1/libcrypto-lib-tasn_enc.o crypto/asn1/libcrypto-lib-tasn_fre.o crypto/asn1/libcrypto-lib-tasn_new.o crypto/asn1/libcrypto-lib-tasn_prn.o crypto/asn1/libcrypto-lib-tasn_scn.o crypto/asn1/libcrypto-lib-tasn_typ.o crypto/asn1/libcrypto-lib-tasn_utl.o crypto/asn1/libcrypto-lib-x_algor.o crypto/asn1/libcrypto-lib-x_bignum.o crypto/asn1/libcrypto-lib-x_info.o crypto/asn1/libcrypto-lib-x_int64.o crypto/asn1/libcrypto-lib-x_long.o crypto/asn1/libcrypto-lib-x_pkey.o crypto/asn1/libcrypto-lib-x_sig.o crypto/asn1/libcrypto-lib-x_spki.o crypto/asn1/libcrypto-lib-x_val.o crypto/async/arch/libcrypto-lib-async_null.o crypto/async/arch/libcrypto-lib-async_posix.o crypto/async/arch/libcrypto-lib-async_win.o crypto/async/libcrypto-lib-async.o crypto/async/libcrypto-lib-async_err.o crypto/async/libcrypto-lib-async_wait.o crypto/bf/libcrypto-lib-bf_cfb64.o crypto/bf/libcrypto-lib-bf_ecb.o crypto/bf/libcrypto-lib-bf_enc.o crypto/bf/libcrypto-lib-bf_ofb64.o crypto/bf/libcrypto-lib-bf_skey.o crypto/bio/libcrypto-lib-b_addr.o crypto/bio/libcrypto-lib-b_dump.o crypto/bio/libcrypto-lib-b_print.o crypto/bio/libcrypto-lib-b_sock.o crypto/bio/libcrypto-lib-b_sock2.o crypto/bio/libcrypto-lib-bf_buff.o crypto/bio/libcrypto-lib-bf_lbuf.o crypto/bio/libcrypto-lib-bf_nbio.o crypto/bio/libcrypto-lib-bf_null.o crypto/bio/libcrypto-lib-bf_prefix.o crypto/bio/libcrypto-lib-bio_cb.o crypto/bio/libcrypto-lib-bio_err.o crypto/bio/libcrypto-lib-bio_lib.o crypto/bio/libcrypto-lib-bio_meth.o crypto/bio/libcrypto-lib-bss_acpt.o crypto/bio/libcrypto-lib-bss_bio.o crypto/bio/libcrypto-lib-bss_conn.o crypto/bio/libcrypto-lib-bss_dgram.o crypto/bio/libcrypto-lib-bss_fd.o crypto/bio/libcrypto-lib-bss_file.o crypto/bio/libcrypto-lib-bss_log.o crypto/bio/libcrypto-lib-bss_mem.o crypto/bio/libcrypto-lib-bss_null.o crypto/bio/libcrypto-lib-bss_sock.o crypto/bn/asm/libcrypto-lib-x86_64-gcc.o crypto/bn/libcrypto-lib-bn_add.o crypto/bn/libcrypto-lib-bn_blind.o crypto/bn/libcrypto-lib-bn_const.o crypto/bn/libcrypto-lib-bn_conv.o crypto/bn/libcrypto-lib-bn_ctx.o crypto/bn/libcrypto-lib-bn_depr.o crypto/bn/libcrypto-lib-bn_dh.o crypto/bn/libcrypto-lib-bn_div.o crypto/bn/libcrypto-lib-bn_err.o crypto/bn/libcrypto-lib-bn_exp.o crypto/bn/libcrypto-lib-bn_exp2.o crypto/bn/libcrypto-lib-bn_gcd.o crypto/bn/libcrypto-lib-bn_gf2m.o crypto/bn/libcrypto-lib-bn_intern.o crypto/bn/libcrypto-lib-bn_kron.o crypto/bn/libcrypto-lib-bn_lib.o crypto/bn/libcrypto-lib-bn_mod.o crypto/bn/libcrypto-lib-bn_mont.o crypto/bn/libcrypto-lib-bn_mpi.o crypto/bn/libcrypto-lib-bn_mul.o crypto/bn/libcrypto-lib-bn_nist.o crypto/bn/libcrypto-lib-bn_prime.o crypto/bn/libcrypto-lib-bn_print.o crypto/bn/libcrypto-lib-bn_rand.o crypto/bn/libcrypto-lib-bn_recp.o crypto/bn/libcrypto-lib-bn_rsa_fips186_4.o crypto/bn/libcrypto-lib-bn_shift.o crypto/bn/libcrypto-lib-bn_sqr.o crypto/bn/libcrypto-lib-bn_sqrt.o crypto/bn/libcrypto-lib-bn_srp.o crypto/bn/libcrypto-lib-bn_word.o crypto/bn/libcrypto-lib-bn_x931p.o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/libcrypto-lib-rsaz_exp.o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/buffer/libcrypto-lib-buf_err.o crypto/buffer/libcrypto-lib-buffer.o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/libcrypto-lib-cmll_cfb.o crypto/camellia/libcrypto-lib-cmll_ctr.o crypto/camellia/libcrypto-lib-cmll_ecb.o crypto/camellia/libcrypto-lib-cmll_misc.o crypto/camellia/libcrypto-lib-cmll_ofb.o crypto/cast/libcrypto-lib-c_cfb64.o crypto/cast/libcrypto-lib-c_ecb.o crypto/cast/libcrypto-lib-c_enc.o crypto/cast/libcrypto-lib-c_ofb64.o crypto/cast/libcrypto-lib-c_skey.o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/cmac/libcrypto-lib-cmac.o crypto/cmp/libcrypto-lib-cmp_asn.o crypto/cmp/libcrypto-lib-cmp_client.o crypto/cmp/libcrypto-lib-cmp_ctx.o crypto/cmp/libcrypto-lib-cmp_err.o crypto/cmp/libcrypto-lib-cmp_hdr.o crypto/cmp/libcrypto-lib-cmp_http.o crypto/cmp/libcrypto-lib-cmp_msg.o crypto/cmp/libcrypto-lib-cmp_protect.o crypto/cmp/libcrypto-lib-cmp_server.o crypto/cmp/libcrypto-lib-cmp_status.o crypto/cmp/libcrypto-lib-cmp_util.o crypto/cmp/libcrypto-lib-cmp_vfy.o crypto/cms/libcrypto-lib-cms_asn1.o crypto/cms/libcrypto-lib-cms_att.o crypto/cms/libcrypto-lib-cms_cd.o crypto/cms/libcrypto-lib-cms_dd.o crypto/cms/libcrypto-lib-cms_dh.o crypto/cms/libcrypto-lib-cms_ec.o crypto/cms/libcrypto-lib-cms_enc.o crypto/cms/libcrypto-lib-cms_env.o crypto/cms/libcrypto-lib-cms_err.o crypto/cms/libcrypto-lib-cms_ess.o crypto/cms/libcrypto-lib-cms_io.o crypto/cms/libcrypto-lib-cms_kari.o crypto/cms/libcrypto-lib-cms_lib.o crypto/cms/libcrypto-lib-cms_pwri.o crypto/cms/libcrypto-lib-cms_rsa.o crypto/cms/libcrypto-lib-cms_sd.o crypto/cms/libcrypto-lib-cms_smime.o crypto/comp/libcrypto-lib-c_zlib.o crypto/comp/libcrypto-lib-comp_err.o crypto/comp/libcrypto-lib-comp_lib.o crypto/conf/libcrypto-lib-conf_api.o crypto/conf/libcrypto-lib-conf_def.o crypto/conf/libcrypto-lib-conf_err.o crypto/conf/libcrypto-lib-conf_lib.o crypto/conf/libcrypto-lib-conf_mall.o crypto/conf/libcrypto-lib-conf_mod.o crypto/conf/libcrypto-lib-conf_sap.o crypto/conf/libcrypto-lib-conf_ssl.o crypto/crmf/libcrypto-lib-crmf_asn.o crypto/crmf/libcrypto-lib-crmf_err.o crypto/crmf/libcrypto-lib-crmf_lib.o crypto/crmf/libcrypto-lib-crmf_pbm.o crypto/ct/libcrypto-lib-ct_b64.o crypto/ct/libcrypto-lib-ct_err.o crypto/ct/libcrypto-lib-ct_log.o crypto/ct/libcrypto-lib-ct_oct.o crypto/ct/libcrypto-lib-ct_policy.o crypto/ct/libcrypto-lib-ct_prn.o crypto/ct/libcrypto-lib-ct_sct.o crypto/ct/libcrypto-lib-ct_sct_ctx.o crypto/ct/libcrypto-lib-ct_vfy.o crypto/ct/libcrypto-lib-ct_x509v3.o crypto/des/libcrypto-lib-cbc_cksm.o crypto/des/libcrypto-lib-cbc_enc.o crypto/des/libcrypto-lib-cfb64ede.o crypto/des/libcrypto-lib-cfb64enc.o crypto/des/libcrypto-lib-cfb_enc.o crypto/des/libcrypto-lib-des_enc.o crypto/des/libcrypto-lib-ecb3_enc.o crypto/des/libcrypto-lib-ecb_enc.o crypto/des/libcrypto-lib-fcrypt.o crypto/des/libcrypto-lib-fcrypt_b.o crypto/des/libcrypto-lib-ofb64ede.o crypto/des/libcrypto-lib-ofb64enc.o crypto/des/libcrypto-lib-ofb_enc.o crypto/des/libcrypto-lib-pcbc_enc.o crypto/des/libcrypto-lib-qud_cksm.o crypto/des/libcrypto-lib-rand_key.o crypto/des/libcrypto-lib-set_key.o crypto/des/libcrypto-lib-str2key.o crypto/des/libcrypto-lib-xcbc_enc.o crypto/dh/libcrypto-lib-dh_ameth.o crypto/dh/libcrypto-lib-dh_asn1.o crypto/dh/libcrypto-lib-dh_backend.o crypto/dh/libcrypto-lib-dh_check.o crypto/dh/libcrypto-lib-dh_depr.o crypto/dh/libcrypto-lib-dh_err.o crypto/dh/libcrypto-lib-dh_gen.o crypto/dh/libcrypto-lib-dh_group_params.o crypto/dh/libcrypto-lib-dh_kdf.o crypto/dh/libcrypto-lib-dh_key.o crypto/dh/libcrypto-lib-dh_lib.o crypto/dh/libcrypto-lib-dh_meth.o crypto/dh/libcrypto-lib-dh_pmeth.o crypto/dh/libcrypto-lib-dh_prn.o crypto/dh/libcrypto-lib-dh_rfc5114.o crypto/dsa/libcrypto-lib-dsa_ameth.o crypto/dsa/libcrypto-lib-dsa_asn1.o crypto/dsa/libcrypto-lib-dsa_backend.o crypto/dsa/libcrypto-lib-dsa_check.o crypto/dsa/libcrypto-lib-dsa_depr.o crypto/dsa/libcrypto-lib-dsa_err.o crypto/dsa/libcrypto-lib-dsa_gen.o crypto/dsa/libcrypto-lib-dsa_key.o crypto/dsa/libcrypto-lib-dsa_lib.o crypto/dsa/libcrypto-lib-dsa_meth.o crypto/dsa/libcrypto-lib-dsa_ossl.o crypto/dsa/libcrypto-lib-dsa_pmeth.o crypto/dsa/libcrypto-lib-dsa_prn.o crypto/dsa/libcrypto-lib-dsa_sign.o crypto/dsa/libcrypto-lib-dsa_vrf.o crypto/dso/libcrypto-lib-dso_dl.o crypto/dso/libcrypto-lib-dso_dlfcn.o crypto/dso/libcrypto-lib-dso_err.o crypto/dso/libcrypto-lib-dso_lib.o crypto/dso/libcrypto-lib-dso_openssl.o crypto/dso/libcrypto-lib-dso_vms.o crypto/dso/libcrypto-lib-dso_win32.o crypto/ec/curve448/arch_32/libcrypto-lib-f_impl.o crypto/ec/curve448/libcrypto-lib-curve448.o crypto/ec/curve448/libcrypto-lib-curve448_tables.o crypto/ec/curve448/libcrypto-lib-eddsa.o crypto/ec/curve448/libcrypto-lib-f_generic.o crypto/ec/curve448/libcrypto-lib-scalar.o crypto/ec/libcrypto-lib-curve25519.o crypto/ec/libcrypto-lib-ec2_oct.o crypto/ec/libcrypto-lib-ec2_smpl.o crypto/ec/libcrypto-lib-ec_ameth.o crypto/ec/libcrypto-lib-ec_asn1.o crypto/ec/libcrypto-lib-ec_backend.o crypto/ec/libcrypto-lib-ec_check.o crypto/ec/libcrypto-lib-ec_curve.o crypto/ec/libcrypto-lib-ec_cvt.o crypto/ec/libcrypto-lib-ec_deprecated.o crypto/ec/libcrypto-lib-ec_err.o crypto/ec/libcrypto-lib-ec_key.o crypto/ec/libcrypto-lib-ec_kmeth.o crypto/ec/libcrypto-lib-ec_lib.o crypto/ec/libcrypto-lib-ec_mult.o crypto/ec/libcrypto-lib-ec_oct.o crypto/ec/libcrypto-lib-ec_pmeth.o crypto/ec/libcrypto-lib-ec_print.o crypto/ec/libcrypto-lib-ecdh_kdf.o crypto/ec/libcrypto-lib-ecdh_ossl.o crypto/ec/libcrypto-lib-ecdsa_ossl.o crypto/ec/libcrypto-lib-ecdsa_sign.o crypto/ec/libcrypto-lib-ecdsa_vrf.o crypto/ec/libcrypto-lib-eck_prn.o crypto/ec/libcrypto-lib-ecp_mont.o crypto/ec/libcrypto-lib-ecp_nist.o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/libcrypto-lib-ecp_nistz256.o crypto/ec/libcrypto-lib-ecp_oct.o crypto/ec/libcrypto-lib-ecp_smpl.o crypto/ec/libcrypto-lib-ecx_backend.o crypto/ec/libcrypto-lib-ecx_key.o crypto/ec/libcrypto-lib-ecx_meth.o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/encode_decode/libcrypto-lib-decoder_err.o crypto/encode_decode/libcrypto-lib-decoder_lib.o crypto/encode_decode/libcrypto-lib-decoder_meth.o crypto/encode_decode/libcrypto-lib-decoder_pkey.o crypto/encode_decode/libcrypto-lib-encoder_err.o crypto/encode_decode/libcrypto-lib-encoder_lib.o crypto/encode_decode/libcrypto-lib-encoder_meth.o crypto/encode_decode/libcrypto-lib-encoder_pkey.o crypto/engine/libcrypto-lib-eng_all.o crypto/engine/libcrypto-lib-eng_cnf.o crypto/engine/libcrypto-lib-eng_ctrl.o crypto/engine/libcrypto-lib-eng_dyn.o crypto/engine/libcrypto-lib-eng_err.o crypto/engine/libcrypto-lib-eng_fat.o crypto/engine/libcrypto-lib-eng_init.o crypto/engine/libcrypto-lib-eng_lib.o crypto/engine/libcrypto-lib-eng_list.o crypto/engine/libcrypto-lib-eng_openssl.o crypto/engine/libcrypto-lib-eng_pkey.o crypto/engine/libcrypto-lib-eng_rdrand.o crypto/engine/libcrypto-lib-eng_table.o crypto/engine/libcrypto-lib-tb_asnmth.o crypto/engine/libcrypto-lib-tb_cipher.o crypto/engine/libcrypto-lib-tb_dh.o crypto/engine/libcrypto-lib-tb_digest.o crypto/engine/libcrypto-lib-tb_dsa.o crypto/engine/libcrypto-lib-tb_eckey.o crypto/engine/libcrypto-lib-tb_pkmeth.o crypto/engine/libcrypto-lib-tb_rand.o crypto/engine/libcrypto-lib-tb_rsa.o crypto/err/libcrypto-lib-err.o crypto/err/libcrypto-lib-err_all.o crypto/err/libcrypto-lib-err_all_legacy.o crypto/err/libcrypto-lib-err_blocks.o crypto/err/libcrypto-lib-err_prn.o crypto/ess/libcrypto-lib-ess_asn1.o crypto/ess/libcrypto-lib-ess_err.o crypto/ess/libcrypto-lib-ess_lib.o crypto/evp/libcrypto-lib-asymcipher.o crypto/evp/libcrypto-lib-bio_b64.o crypto/evp/libcrypto-lib-bio_enc.o crypto/evp/libcrypto-lib-bio_md.o crypto/evp/libcrypto-lib-bio_ok.o crypto/evp/libcrypto-lib-c_allc.o crypto/evp/libcrypto-lib-c_alld.o crypto/evp/libcrypto-lib-cmeth_lib.o crypto/evp/libcrypto-lib-ctrl_params_translate.o crypto/evp/libcrypto-lib-dh_ctrl.o crypto/evp/libcrypto-lib-dh_support.o crypto/evp/libcrypto-lib-digest.o crypto/evp/libcrypto-lib-dsa_ctrl.o crypto/evp/libcrypto-lib-e_aes.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o crypto/evp/libcrypto-lib-e_aria.o crypto/evp/libcrypto-lib-e_bf.o crypto/evp/libcrypto-lib-e_camellia.o crypto/evp/libcrypto-lib-e_cast.o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o crypto/evp/libcrypto-lib-e_des.o crypto/evp/libcrypto-lib-e_des3.o crypto/evp/libcrypto-lib-e_idea.o crypto/evp/libcrypto-lib-e_null.o crypto/evp/libcrypto-lib-e_old.o crypto/evp/libcrypto-lib-e_rc2.o crypto/evp/libcrypto-lib-e_rc4.o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o crypto/evp/libcrypto-lib-e_rc5.o crypto/evp/libcrypto-lib-e_seed.o crypto/evp/libcrypto-lib-e_sm4.o crypto/evp/libcrypto-lib-e_xcbc_d.o crypto/evp/libcrypto-lib-ec_ctrl.o crypto/evp/libcrypto-lib-ec_support.o crypto/evp/libcrypto-lib-encode.o crypto/evp/libcrypto-lib-evp_cnf.o crypto/evp/libcrypto-lib-evp_enc.o crypto/evp/libcrypto-lib-evp_err.o crypto/evp/libcrypto-lib-evp_fetch.o crypto/evp/libcrypto-lib-evp_key.o crypto/evp/libcrypto-lib-evp_lib.o crypto/evp/libcrypto-lib-evp_pbe.o crypto/evp/libcrypto-lib-evp_pkey.o crypto/evp/libcrypto-lib-evp_rand.o crypto/evp/libcrypto-lib-evp_utils.o crypto/evp/libcrypto-lib-exchange.o crypto/evp/libcrypto-lib-kdf_lib.o crypto/evp/libcrypto-lib-kdf_meth.o crypto/evp/libcrypto-lib-kem.o crypto/evp/libcrypto-lib-keymgmt_lib.o crypto/evp/libcrypto-lib-keymgmt_meth.o crypto/evp/libcrypto-lib-legacy_blake2.o crypto/evp/libcrypto-lib-legacy_md4.o crypto/evp/libcrypto-lib-legacy_md5.o crypto/evp/libcrypto-lib-legacy_md5_sha1.o crypto/evp/libcrypto-lib-legacy_mdc2.o crypto/evp/libcrypto-lib-legacy_ripemd.o crypto/evp/libcrypto-lib-legacy_sha.o crypto/evp/libcrypto-lib-legacy_wp.o crypto/evp/libcrypto-lib-m_null.o crypto/evp/libcrypto-lib-m_sigver.o crypto/evp/libcrypto-lib-mac_lib.o crypto/evp/libcrypto-lib-mac_meth.o crypto/evp/libcrypto-lib-names.o crypto/evp/libcrypto-lib-p5_crpt.o crypto/evp/libcrypto-lib-p5_crpt2.o crypto/evp/libcrypto-lib-p_dec.o crypto/evp/libcrypto-lib-p_enc.o crypto/evp/libcrypto-lib-p_legacy.o crypto/evp/libcrypto-lib-p_lib.o crypto/evp/libcrypto-lib-p_open.o crypto/evp/libcrypto-lib-p_seal.o crypto/evp/libcrypto-lib-p_sign.o crypto/evp/libcrypto-lib-p_verify.o crypto/evp/libcrypto-lib-pbe_scrypt.o crypto/evp/libcrypto-lib-pmeth_check.o crypto/evp/libcrypto-lib-pmeth_gn.o crypto/evp/libcrypto-lib-pmeth_lib.o crypto/evp/libcrypto-lib-signature.o crypto/ffc/libcrypto-lib-ffc_backend.o crypto/ffc/libcrypto-lib-ffc_dh.o crypto/ffc/libcrypto-lib-ffc_key_generate.o crypto/ffc/libcrypto-lib-ffc_key_validate.o crypto/ffc/libcrypto-lib-ffc_params.o crypto/ffc/libcrypto-lib-ffc_params_generate.o crypto/ffc/libcrypto-lib-ffc_params_validate.o crypto/hmac/libcrypto-lib-hmac.o crypto/http/libcrypto-lib-http_client.o crypto/http/libcrypto-lib-http_err.o crypto/http/libcrypto-lib-http_lib.o crypto/idea/libcrypto-lib-i_cbc.o crypto/idea/libcrypto-lib-i_cfb64.o crypto/idea/libcrypto-lib-i_ecb.o crypto/idea/libcrypto-lib-i_ofb64.o crypto/idea/libcrypto-lib-i_skey.o crypto/kdf/libcrypto-lib-kdf_err.o crypto/lhash/libcrypto-lib-lh_stats.o crypto/lhash/libcrypto-lib-lhash.o crypto/libcrypto-lib-asn1_dsa.o crypto/libcrypto-lib-bsearch.o crypto/libcrypto-lib-context.o crypto/libcrypto-lib-core_algorithm.o crypto/libcrypto-lib-core_fetch.o crypto/libcrypto-lib-core_namemap.o crypto/libcrypto-lib-cpt_err.o crypto/libcrypto-lib-cryptlib.o crypto/libcrypto-lib-ctype.o crypto/libcrypto-lib-cversion.o crypto/libcrypto-lib-der_writer.o crypto/libcrypto-lib-ebcdic.o crypto/libcrypto-lib-ex_data.o crypto/libcrypto-lib-getenv.o crypto/libcrypto-lib-info.o crypto/libcrypto-lib-init.o crypto/libcrypto-lib-initthread.o crypto/libcrypto-lib-mem.o crypto/libcrypto-lib-mem_sec.o crypto/libcrypto-lib-o_dir.o crypto/libcrypto-lib-o_fopen.o crypto/libcrypto-lib-o_init.o crypto/libcrypto-lib-o_str.o crypto/libcrypto-lib-o_time.o crypto/libcrypto-lib-packet.o crypto/libcrypto-lib-param_build.o crypto/libcrypto-lib-param_build_set.o crypto/libcrypto-lib-params.o crypto/libcrypto-lib-params_from_text.o crypto/libcrypto-lib-passphrase.o crypto/libcrypto-lib-provider.o crypto/libcrypto-lib-provider_conf.o crypto/libcrypto-lib-provider_core.o crypto/libcrypto-lib-provider_predefined.o crypto/libcrypto-lib-punycode.o crypto/libcrypto-lib-self_test_core.o crypto/libcrypto-lib-sparse_array.o crypto/libcrypto-lib-threads_lib.o crypto/libcrypto-lib-threads_none.o crypto/libcrypto-lib-threads_pthread.o crypto/libcrypto-lib-threads_win.o crypto/libcrypto-lib-trace.o crypto/libcrypto-lib-uid.o crypto/libcrypto-lib-x86_64cpuid.o crypto/md4/libcrypto-lib-md4_dgst.o crypto/md4/libcrypto-lib-md4_one.o ar qc providers/libnonfips.a providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/libnonfips-lib-der_dsa_key.o providers/common/der/libnonfips-lib-der_dsa_sig.o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/libnonfips-lib-der_ec_key.o providers/common/der/libnonfips-lib-der_ec_sig.o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/libnonfips-lib-der_ecx_key.o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/libnonfips-lib-der_rsa_key.o providers/common/der/libnonfips-lib-der_rsa_sig.o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/libnonfips-lib-der_sm2_key.o providers/common/der/libnonfips-lib-der_sm2_sig.o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/libnonfips-lib-bio_prov.o providers/common/libnonfips-lib-capabilities.o providers/common/libnonfips-lib-digest_to_nid.o providers/common/libnonfips-lib-provider_seeding.o providers/common/libnonfips-lib-provider_util.o providers/common/libnonfips-lib-securitycheck.o providers/common/libnonfips-lib-securitycheck_default.o providers/implementations/ciphers/libnonfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libnonfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libnonfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-rsa_kmgmt.o providers/implementations/rands/libnonfips-lib-crngt.o providers/implementations/rands/libnonfips-lib-drbg.o providers/implementations/rands/libnonfips-lib-drbg_ctr.o providers/implementations/rands/libnonfips-lib-drbg_hash.o providers/implementations/rands/libnonfips-lib-drbg_hmac.o providers/implementations/rands/libnonfips-lib-seed_src.o providers/implementations/rands/libnonfips-lib-test_rng.o providers/implementations/rands/seeding/libnonfips-lib-rand_cpu_x86.o providers/implementations/rands/seeding/libnonfips-lib-rand_tsc.o providers/implementations/rands/seeding/libnonfips-lib-rand_unix.o providers/implementations/rands/seeding/libnonfips-lib-rand_win.o providers/implementations/signature/libnonfips-lib-mac_legacy.o providers/implementations/signature/libnonfips-lib-rsa.o providers/libnonfips-lib-prov_running.o clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/fips.so -Wl,--version-script=providers/fips.ld \ providers/fips/fips-dso-fipsprov.o \ providers/fips/fips-dso-self_test.o \ providers/fips/fips-dso-self_test_kats.o \ providers/libimplementations.a providers/libcommon.a providers/libfips.a -ldl -pthread ranlib providers/libnonfips.a || echo Never mind. ar qc libcrypto.a crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/libcrypto-lib-md5_dgst.o crypto/md5/libcrypto-lib-md5_one.o crypto/md5/libcrypto-lib-md5_sha1.o crypto/mdc2/libcrypto-lib-mdc2_one.o crypto/mdc2/libcrypto-lib-mdc2dgst.o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/libcrypto-lib-cbc128.o crypto/modes/libcrypto-lib-ccm128.o crypto/modes/libcrypto-lib-cfb128.o crypto/modes/libcrypto-lib-ctr128.o crypto/modes/libcrypto-lib-cts128.o crypto/modes/libcrypto-lib-gcm128.o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/libcrypto-lib-ocb128.o crypto/modes/libcrypto-lib-ofb128.o crypto/modes/libcrypto-lib-siv128.o crypto/modes/libcrypto-lib-wrap128.o crypto/modes/libcrypto-lib-xts128.o crypto/objects/libcrypto-lib-o_names.o crypto/objects/libcrypto-lib-obj_dat.o crypto/objects/libcrypto-lib-obj_err.o crypto/objects/libcrypto-lib-obj_lib.o crypto/objects/libcrypto-lib-obj_xref.o crypto/ocsp/libcrypto-lib-ocsp_asn.o crypto/ocsp/libcrypto-lib-ocsp_cl.o crypto/ocsp/libcrypto-lib-ocsp_err.o crypto/ocsp/libcrypto-lib-ocsp_ext.o crypto/ocsp/libcrypto-lib-ocsp_http.o crypto/ocsp/libcrypto-lib-ocsp_lib.o crypto/ocsp/libcrypto-lib-ocsp_prn.o crypto/ocsp/libcrypto-lib-ocsp_srv.o crypto/ocsp/libcrypto-lib-ocsp_vfy.o crypto/ocsp/libcrypto-lib-v3_ocsp.o crypto/pem/libcrypto-lib-pem_all.o crypto/pem/libcrypto-lib-pem_err.o crypto/pem/libcrypto-lib-pem_info.o crypto/pem/libcrypto-lib-pem_lib.o crypto/pem/libcrypto-lib-pem_oth.o crypto/pem/libcrypto-lib-pem_pk8.o crypto/pem/libcrypto-lib-pem_pkey.o crypto/pem/libcrypto-lib-pem_sign.o crypto/pem/libcrypto-lib-pem_x509.o crypto/pem/libcrypto-lib-pem_xaux.o crypto/pem/libcrypto-lib-pvkfmt.o crypto/pkcs12/libcrypto-lib-p12_add.o crypto/pkcs12/libcrypto-lib-p12_asn.o crypto/pkcs12/libcrypto-lib-p12_attr.o crypto/pkcs12/libcrypto-lib-p12_crpt.o crypto/pkcs12/libcrypto-lib-p12_crt.o crypto/pkcs12/libcrypto-lib-p12_decr.o crypto/pkcs12/libcrypto-lib-p12_init.o crypto/pkcs12/libcrypto-lib-p12_key.o crypto/pkcs12/libcrypto-lib-p12_kiss.o crypto/pkcs12/libcrypto-lib-p12_mutl.o crypto/pkcs12/libcrypto-lib-p12_npas.o crypto/pkcs12/libcrypto-lib-p12_p8d.o crypto/pkcs12/libcrypto-lib-p12_p8e.o crypto/pkcs12/libcrypto-lib-p12_sbag.o crypto/pkcs12/libcrypto-lib-p12_utl.o crypto/pkcs12/libcrypto-lib-pk12err.o crypto/pkcs7/libcrypto-lib-bio_pk7.o crypto/pkcs7/libcrypto-lib-pk7_asn1.o crypto/pkcs7/libcrypto-lib-pk7_attr.o crypto/pkcs7/libcrypto-lib-pk7_doit.o crypto/pkcs7/libcrypto-lib-pk7_lib.o crypto/pkcs7/libcrypto-lib-pk7_mime.o crypto/pkcs7/libcrypto-lib-pk7_smime.o crypto/pkcs7/libcrypto-lib-pkcs7err.o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/libcrypto-lib-poly1305.o crypto/property/libcrypto-lib-defn_cache.o crypto/property/libcrypto-lib-property.o crypto/property/libcrypto-lib-property_err.o crypto/property/libcrypto-lib-property_parse.o crypto/property/libcrypto-lib-property_string.o crypto/rand/libcrypto-lib-prov_seed.o crypto/rand/libcrypto-lib-rand_deprecated.o crypto/rand/libcrypto-lib-rand_err.o crypto/rand/libcrypto-lib-rand_lib.o crypto/rand/libcrypto-lib-rand_meth.o crypto/rand/libcrypto-lib-rand_pool.o crypto/rand/libcrypto-lib-randfile.o crypto/rc2/libcrypto-lib-rc2_cbc.o crypto/rc2/libcrypto-lib-rc2_ecb.o crypto/rc2/libcrypto-lib-rc2_skey.o crypto/rc2/libcrypto-lib-rc2cfb64.o crypto/rc2/libcrypto-lib-rc2ofb64.o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/ripemd/libcrypto-lib-rmd_dgst.o crypto/ripemd/libcrypto-lib-rmd_one.o crypto/rsa/libcrypto-lib-rsa_ameth.o crypto/rsa/libcrypto-lib-rsa_asn1.o crypto/rsa/libcrypto-lib-rsa_backend.o crypto/rsa/libcrypto-lib-rsa_chk.o crypto/rsa/libcrypto-lib-rsa_crpt.o crypto/rsa/libcrypto-lib-rsa_depr.o crypto/rsa/libcrypto-lib-rsa_err.o crypto/rsa/libcrypto-lib-rsa_gen.o crypto/rsa/libcrypto-lib-rsa_lib.o crypto/rsa/libcrypto-lib-rsa_meth.o crypto/rsa/libcrypto-lib-rsa_mp.o crypto/rsa/libcrypto-lib-rsa_mp_names.o crypto/rsa/libcrypto-lib-rsa_none.o crypto/rsa/libcrypto-lib-rsa_oaep.o crypto/rsa/libcrypto-lib-rsa_ossl.o crypto/rsa/libcrypto-lib-rsa_pk1.o crypto/rsa/libcrypto-lib-rsa_pmeth.o crypto/rsa/libcrypto-lib-rsa_prn.o crypto/rsa/libcrypto-lib-rsa_pss.o crypto/rsa/libcrypto-lib-rsa_saos.o crypto/rsa/libcrypto-lib-rsa_schemes.o crypto/rsa/libcrypto-lib-rsa_sign.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_check.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_gen.o crypto/rsa/libcrypto-lib-rsa_x931.o crypto/rsa/libcrypto-lib-rsa_x931g.o crypto/seed/libcrypto-lib-seed.o crypto/seed/libcrypto-lib-seed_cbc.o crypto/seed/libcrypto-lib-seed_cfb.o crypto/seed/libcrypto-lib-seed_ecb.o crypto/seed/libcrypto-lib-seed_ofb.o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/libcrypto-lib-sha1_one.o crypto/sha/libcrypto-lib-sha1dgst.o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/libcrypto-lib-sha256.o crypto/sha/libcrypto-lib-sha3.o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/libcrypto-lib-sha512.o crypto/siphash/libcrypto-lib-siphash.o crypto/sm2/libcrypto-lib-sm2_crypt.o crypto/sm2/libcrypto-lib-sm2_err.o crypto/sm2/libcrypto-lib-sm2_key.o crypto/sm2/libcrypto-lib-sm2_sign.o crypto/sm3/libcrypto-lib-legacy_sm3.o crypto/sm3/libcrypto-lib-sm3.o crypto/sm4/libcrypto-lib-sm4.o crypto/srp/libcrypto-lib-srp_lib.o crypto/srp/libcrypto-lib-srp_vfy.o crypto/stack/libcrypto-lib-stack.o crypto/store/libcrypto-lib-store_err.o crypto/store/libcrypto-lib-store_init.o crypto/store/libcrypto-lib-store_lib.o crypto/store/libcrypto-lib-store_meth.o crypto/store/libcrypto-lib-store_register.o crypto/store/libcrypto-lib-store_result.o crypto/store/libcrypto-lib-store_strings.o crypto/ts/libcrypto-lib-ts_asn1.o crypto/ts/libcrypto-lib-ts_conf.o crypto/ts/libcrypto-lib-ts_err.o crypto/ts/libcrypto-lib-ts_lib.o crypto/ts/libcrypto-lib-ts_req_print.o crypto/ts/libcrypto-lib-ts_req_utils.o crypto/ts/libcrypto-lib-ts_rsp_print.o crypto/ts/libcrypto-lib-ts_rsp_sign.o crypto/ts/libcrypto-lib-ts_rsp_utils.o crypto/ts/libcrypto-lib-ts_rsp_verify.o crypto/ts/libcrypto-lib-ts_verify_ctx.o crypto/txt_db/libcrypto-lib-txt_db.o crypto/ui/libcrypto-lib-ui_err.o crypto/ui/libcrypto-lib-ui_lib.o crypto/ui/libcrypto-lib-ui_null.o crypto/ui/libcrypto-lib-ui_openssl.o crypto/ui/libcrypto-lib-ui_util.o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/libcrypto-lib-wp_dgst.o crypto/x509/libcrypto-lib-by_dir.o crypto/x509/libcrypto-lib-by_file.o crypto/x509/libcrypto-lib-by_store.o crypto/x509/libcrypto-lib-pcy_cache.o crypto/x509/libcrypto-lib-pcy_data.o crypto/x509/libcrypto-lib-pcy_lib.o crypto/x509/libcrypto-lib-pcy_map.o crypto/x509/libcrypto-lib-pcy_node.o crypto/x509/libcrypto-lib-pcy_tree.o crypto/x509/libcrypto-lib-t_crl.o crypto/x509/libcrypto-lib-t_req.o crypto/x509/libcrypto-lib-t_x509.o crypto/x509/libcrypto-lib-v3_addr.o crypto/x509/libcrypto-lib-v3_admis.o crypto/x509/libcrypto-lib-v3_akeya.o crypto/x509/libcrypto-lib-v3_akid.o crypto/x509/libcrypto-lib-v3_asid.o crypto/x509/libcrypto-lib-v3_bcons.o crypto/x509/libcrypto-lib-v3_bitst.o crypto/x509/libcrypto-lib-v3_conf.o crypto/x509/libcrypto-lib-v3_cpols.o crypto/x509/libcrypto-lib-v3_crld.o crypto/x509/libcrypto-lib-v3_enum.o crypto/x509/libcrypto-lib-v3_extku.o crypto/x509/libcrypto-lib-v3_genn.o crypto/x509/libcrypto-lib-v3_ia5.o crypto/x509/libcrypto-lib-v3_info.o crypto/x509/libcrypto-lib-v3_int.o crypto/x509/libcrypto-lib-v3_ist.o crypto/x509/libcrypto-lib-v3_lib.o crypto/x509/libcrypto-lib-v3_ncons.o crypto/x509/libcrypto-lib-v3_pci.o crypto/x509/libcrypto-lib-v3_pcia.o crypto/x509/libcrypto-lib-v3_pcons.o crypto/x509/libcrypto-lib-v3_pku.o crypto/x509/libcrypto-lib-v3_pmaps.o crypto/x509/libcrypto-lib-v3_prn.o crypto/x509/libcrypto-lib-v3_purp.o crypto/x509/libcrypto-lib-v3_san.o crypto/x509/libcrypto-lib-v3_skid.o crypto/x509/libcrypto-lib-v3_sxnet.o crypto/x509/libcrypto-lib-v3_tlsf.o crypto/x509/libcrypto-lib-v3_utf8.o crypto/x509/libcrypto-lib-v3_utl.o crypto/x509/libcrypto-lib-v3err.o crypto/x509/libcrypto-lib-x509_att.o crypto/x509/libcrypto-lib-x509_cmp.o crypto/x509/libcrypto-lib-x509_d2.o crypto/x509/libcrypto-lib-x509_def.o crypto/x509/libcrypto-lib-x509_err.o crypto/x509/libcrypto-lib-x509_ext.o crypto/x509/libcrypto-lib-x509_lu.o crypto/x509/libcrypto-lib-x509_meth.o crypto/x509/libcrypto-lib-x509_obj.o crypto/x509/libcrypto-lib-x509_r2x.o crypto/x509/libcrypto-lib-x509_req.o crypto/x509/libcrypto-lib-x509_set.o crypto/x509/libcrypto-lib-x509_trs.o crypto/x509/libcrypto-lib-x509_txt.o crypto/x509/libcrypto-lib-x509_v3.o crypto/x509/libcrypto-lib-x509_vfy.o crypto/x509/libcrypto-lib-x509_vpm.o crypto/x509/libcrypto-lib-x509cset.o crypto/x509/libcrypto-lib-x509name.o crypto/x509/libcrypto-lib-x509rset.o crypto/x509/libcrypto-lib-x509spki.o crypto/x509/libcrypto-lib-x509type.o crypto/x509/libcrypto-lib-x_all.o crypto/x509/libcrypto-lib-x_attrib.o crypto/x509/libcrypto-lib-x_crl.o crypto/x509/libcrypto-lib-x_exten.o crypto/x509/libcrypto-lib-x_name.o crypto/x509/libcrypto-lib-x_pubkey.o crypto/x509/libcrypto-lib-x_req.o crypto/x509/libcrypto-lib-x_x509.o crypto/x509/libcrypto-lib-x_x509a.o engines/libcrypto-lib-e_afalg.o engines/libcrypto-lib-e_capi.o engines/libcrypto-lib-e_padlock-x86_64.o engines/libcrypto-lib-e_padlock.o providers/libcrypto-lib-baseprov.o providers/libcrypto-lib-defltprov.o providers/libcrypto-lib-nullprov.o providers/libcrypto-lib-prov_running.o crypto/md5/libimplementations-lib-md5-x86_64.o crypto/md5/libimplementations-lib-md5_dgst.o crypto/md5/libimplementations-lib-md5_one.o crypto/md5/libimplementations-lib-md5_sha1.o providers/implementations/asymciphers/libimplementations-lib-rsa_enc.o providers/implementations/asymciphers/libimplementations-lib-sm2_enc.o providers/implementations/ciphers/libimplementations-lib-cipher_aes.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha1_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha256_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_wrp.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_null.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_common.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o providers/implementations/digests/libimplementations-lib-blake2_prov.o providers/implementations/digests/libimplementations-lib-blake2b_prov.o providers/implementations/digests/libimplementations-lib-blake2s_prov.o providers/implementations/digests/libimplementations-lib-md5_prov.o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o providers/implementations/digests/libimplementations-lib-sha2_prov.o providers/implementations/digests/libimplementations-lib-sha3_prov.o providers/implementations/digests/libimplementations-lib-sm3_prov.o providers/implementations/encode_decode/libimplementations-lib-decode_der2key.o providers/implementations/encode_decode/libimplementations-lib-decode_ms2key.o providers/implementations/encode_decode/libimplementations-lib-decode_pem2der.o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o providers/implementations/encode_decode/libimplementations-lib-encode_key2blob.o providers/implementations/encode_decode/libimplementations-lib-encode_key2ms.o providers/implementations/encode_decode/libimplementations-lib-encode_key2text.o providers/implementations/encode_decode/libimplementations-lib-endecoder_common.o providers/implementations/exchange/libimplementations-lib-dh_exch.o providers/implementations/exchange/libimplementations-lib-ecdh_exch.o providers/implementations/exchange/libimplementations-lib-ecx_exch.o providers/implementations/exchange/libimplementations-lib-kdf_exch.o providers/implementations/kdfs/libimplementations-lib-hkdf.o providers/implementations/kdfs/libimplementations-lib-kbkdf.o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o providers/implementations/kdfs/libimplementations-lib-pkcs12kdf.o providers/implementations/kdfs/libimplementations-lib-scrypt.o providers/implementations/kdfs/libimplementations-lib-sshkdf.o providers/implementations/kdfs/libimplementations-lib-sskdf.o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o providers/implementations/kdfs/libimplementations-lib-x942kdf.o providers/implementations/kem/libimplementations-lib-rsa_kem.o providers/implementations/keymgmt/libimplementations-lib-ecx_kmgmt.o providers/implementations/keymgmt/libimplementations-lib-kdf_legacy_kmgmt.o providers/implementations/macs/libimplementations-lib-blake2b_mac.o providers/implementations/macs/libimplementations-lib-blake2s_mac.o providers/implementations/macs/libimplementations-lib-cmac_prov.o providers/implementations/macs/libimplementations-lib-gmac_prov.o providers/implementations/macs/libimplementations-lib-hmac_prov.o providers/implementations/macs/libimplementations-lib-kmac_prov.o providers/implementations/macs/libimplementations-lib-poly1305_prov.o providers/implementations/macs/libimplementations-lib-siphash_prov.o providers/implementations/signature/libimplementations-lib-dsa.o providers/implementations/signature/libimplementations-lib-ecdsa.o providers/implementations/signature/libimplementations-lib-eddsa.o providers/implementations/signature/libimplementations-lib-sm2sig.o providers/implementations/storemgmt/libimplementations-lib-file_store.o providers/implementations/storemgmt/libimplementations-lib-file_store_der2obj.o ssl/libimplementations-lib-s3_cbc.o providers/common/libcommon-lib-provider_ctx.o providers/common/libcommon-lib-provider_err.o providers/implementations/ciphers/libcommon-lib-ciphercommon.o providers/implementations/ciphers/libcommon-lib-ciphercommon_block.o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm.o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm_hw.o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm.o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm_hw.o providers/implementations/ciphers/libcommon-lib-ciphercommon_hw.o providers/implementations/digests/libcommon-lib-digestcommon.o ssl/record/libcommon-lib-tls_pad.o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/libnonfips-lib-der_dsa_key.o providers/common/der/libnonfips-lib-der_dsa_sig.o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/libnonfips-lib-der_ec_key.o providers/common/der/libnonfips-lib-der_ec_sig.o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/libnonfips-lib-der_ecx_key.o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/libnonfips-lib-der_rsa_key.o providers/common/der/libnonfips-lib-der_rsa_sig.o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/libnonfips-lib-der_sm2_key.o providers/common/der/libnonfips-lib-der_sm2_sig.o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/libnonfips-lib-bio_prov.o providers/common/libnonfips-lib-capabilities.o providers/common/libnonfips-lib-digest_to_nid.o providers/common/libnonfips-lib-provider_seeding.o providers/common/libnonfips-lib-provider_util.o providers/common/libnonfips-lib-securitycheck.o providers/common/libnonfips-lib-securitycheck_default.o providers/implementations/ciphers/libnonfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libnonfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libnonfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-rsa_kmgmt.o providers/implementations/rands/libnonfips-lib-crngt.o providers/implementations/rands/libnonfips-lib-drbg.o providers/implementations/rands/libnonfips-lib-drbg_ctr.o providers/implementations/rands/libnonfips-lib-drbg_hash.o providers/implementations/rands/libnonfips-lib-drbg_hmac.o providers/implementations/rands/libnonfips-lib-seed_src.o providers/implementations/rands/libnonfips-lib-test_rng.o providers/implementations/rands/seeding/libnonfips-lib-rand_cpu_x86.o providers/implementations/rands/seeding/libnonfips-lib-rand_tsc.o providers/implementations/rands/seeding/libnonfips-lib-rand_unix.o providers/implementations/rands/seeding/libnonfips-lib-rand_win.o providers/implementations/signature/libnonfips-lib-mac_legacy.o providers/implementations/signature/libnonfips-lib-rsa.o providers/libnonfips-lib-prov_running.o ranlib libcrypto.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread make[1]: Leaving directory '/home/openssl/run-checker/no-autoalginit' $ make test make: *** No rule to make target 'apps/openssl', needed by 'providers/fipsmodule.cnf'. Stop. From openssl at openssl.org Thu Mar 4 02:04:54 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Mar 2021 02:04:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1614823494.338406.1861429.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=3145, 975 wallclock secs (14.45 usr 1.34 sys + 880.96 cusr 90.60 csys = 987.35 CPU) Result: FAIL make[1]: *** [Makefile:3284: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' make: *** [Makefile:3281: tests] Error 2 From no-reply at appveyor.com Thu Mar 4 03:28:08 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Mar 2021 03:28:08 +0000 Subject: Build failed: openssl master.40374 Message-ID: <20210304032808.1.751438772D06041F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Mar 4 05:01:23 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Mar 2021 05:01:23 +0000 Subject: Build failed: openssl master.40376 Message-ID: <20210304050123.1.A0C070084C093074@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Thu Mar 4 07:54:37 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 04 Mar 2021 07:54:37 +0000 Subject: [openssl] master update Message-ID: <1614844477.340222.30816.nullmailer@dev.openssl.org> The branch master has been updated via 39a61e69b88252dca8aa7d61146b0b2397d1710c (commit) from e3a2ba75474eebffe14b4bab1a34a1c2012a3888 (commit) - Log ----------------------------------------------------------------- commit 39a61e69b88252dca8aa7d61146b0b2397d1710c Author: Dr. David von Oheimb Date: Thu Nov 26 08:35:26 2020 +0100 OSSL_STORE: restore diagnostics on decrypt error; provide password hints Fixes #13493 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13525) ----------------------------------------------------------------------- Summary of changes: crypto/encode_decode/decoder_lib.c | 17 ++++++++++------- crypto/pkcs12/p12_decr.c | 4 +++- crypto/store/store_result.c | 6 ++++-- .../implementations/encode_decode/decode_der2key.c | 8 +++++++- 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 6503b46d63..635a656216 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include "internal/passphrase.h" @@ -511,7 +512,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) BIO *bio = data->bio; long loc; size_t i; - int err, ok = 0; + int err, lib, reason, ok = 0; /* For recursions */ struct decoder_process_data_st new_data; const char *data_type = NULL; @@ -750,14 +751,16 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) * errors, so we preserve them in the error queue and stop. */ err = ERR_peek_last_error(); - if ((ERR_GET_LIB(err) == ERR_LIB_EVP - && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM) + lib = ERR_GET_LIB(err); + reason = ERR_GET_REASON(err); + if ((lib == ERR_LIB_EVP + && reason == EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM) #ifndef OPENSSL_NO_EC - || (ERR_GET_LIB(err) == ERR_LIB_EC - && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) + || (lib == ERR_LIB_EC && reason == EC_R_UNKNOWN_GROUP) #endif - || (ERR_GET_LIB(err) == ERR_LIB_X509 - && ERR_GET_REASON(err) == X509_R_UNSUPPORTED_ALGORITHM)) + || (lib == ERR_LIB_X509 && reason == X509_R_UNSUPPORTED_ALGORITHM) + || (lib == ERR_LIB_PKCS12 + && reason == PKCS12_R_PKCS12_CIPHERFINAL_ERROR)) goto end; } diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 3571ac571a..0f1c00aaca 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -81,7 +81,9 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, if (!EVP_CipherFinal_ex(ctx, out + i, &i)) { OPENSSL_free(out); out = NULL; - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR); + ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR, + passlen == 0 ? "empty password" + : "maybe wrong password"); goto err; } outlen += i; diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 64b0e814b3..d41d7d9b94 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -564,8 +564,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, } pass = tpass; if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { - ERR_raise(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); + ERR_raise_data(ERR_LIB_OSSL_STORE, + OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC, + strlen(pass) == 0 ? "empty password" : + "maybe wrong password"); goto p12_end; } } diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 09601fc335..c8a467fb5b 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -260,6 +260,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, EVP_PKEY *pkey = NULL; void *key = NULL; int orig_selection = selection; + int dec_err; int ok = 0; /* @@ -319,8 +320,13 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, der = new_der; der_len = new_der_len; } - RESET_ERR_MARK(); + /* decryption errors are fatal and should be reported */ + dec_err = ERR_peek_last_error(); + if (ERR_GET_LIB(dec_err) == ERR_LIB_PROV + && ERR_GET_REASON(dec_err) == PROV_R_BAD_DECRYPT) + goto end; + RESET_ERR_MARK(); if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { derp = der; pkey = evp_privatekey_from_binary(ctx->desc->evp_type, NULL, From openssl at openssl.org Thu Mar 4 08:09:22 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Mar 2021 08:09:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1614845362.987334.2596851.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 89 Failed: 2) Failed tests: 13, 39 Non-zero exit status: 2 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=3147, 1018 wallclock secs (14.23 usr 1.37 sys + 927.89 cusr 89.23 csys = 1032.72 CPU) Result: FAIL make[1]: *** [Makefile:3231: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' make: *** [Makefile:3228: tests] Error 2 From openssl at openssl.org Thu Mar 4 09:44:37 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Mar 2021 09:44:37 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso Message-ID: <1614851077.573678.2796987.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a dso build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a dso build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 Files=233, Tests=2743, 813 wallclock secs ( 9.69 usr 1.26 sys + 735.08 cusr 77.84 csys = 823.87 CPU) Result: FAIL make[1]: *** [Makefile:3129: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dso' make: *** [Makefile:3126: tests] Error 2 From openssl at openssl.org Thu Mar 4 10:55:59 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Mar 2021 10:55:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1614855359.840917.2926115.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp_extra.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=2671, 985 wallclock secs (13.18 usr 1.39 sys + 903.66 cusr 78.87 csys = 997.10 CPU) Result: FAIL make[1]: *** [Makefile:3291: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' make: *** [Makefile:3288: tests] Error 2 From tomas at openssl.org Thu Mar 4 11:15:49 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 04 Mar 2021 11:15:49 +0000 Subject: [openssl] master update Message-ID: <1614856549.078037.28601.nullmailer@dev.openssl.org> The branch master has been updated via 2c8a740a9f0d9532050ae9a386506d1135b3a24a (commit) from 39a61e69b88252dca8aa7d61146b0b2397d1710c (commit) - Log ----------------------------------------------------------------- commit 2c8a740a9f0d9532050ae9a386506d1135b3a24a Author: Tomas Mraz Date: Tue Mar 2 18:55:35 2021 +0100 test/x509: Test for issuer being overwritten when printing. The regression from commit 05458fd was fixed, but there is no test for that regression. This adds it simply by having a certificate that we compare for -text output having a different subject and issuer. Reviewed-by: David von Oheimb Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14353) ----------------------------------------------------------------------- Summary of changes: test/certs/cyrillic.msb | 80 +++++++++++++++++++++------------------------ test/certs/cyrillic.pem | 37 ++++++++++----------- test/certs/cyrillic.utf8 | 80 +++++++++++++++++++++------------------------ test/recipes/25-test_x509.t | 4 +-- 4 files changed, 95 insertions(+), 106 deletions(-) diff --git a/test/certs/cyrillic.msb b/test/certs/cyrillic.msb index a6322d5813..092c38aa0b 100644 --- a/test/certs/cyrillic.msb +++ b/test/certs/cyrillic.msb @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - be:47:3c:53:a6:2a:c0:3a + Serial Number: 123456 (0x1e240) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=RU, ST=\U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0414\U043C\U0438\U0442\U0440\U0438\U0439 \U0411\U0435\U043B\U044F\U0432\U0441\U043A\U0438\U0439, OU=\U042F, CN=Dmitry Belyavskiy, emailAddress=beldmit at example.com + Issuer: CN=\U8A8D\U8A3C\U5C40 Validity - Not Before: Feb 21 19:35:22 2017 GMT - Not After : Mar 23 19:35:22 2017 GMT + Not Before: Mar 3 09:24:52 2021 GMT + Not After : Apr 2 09:24:52 2021 GMT Subject: C=RU, ST=\U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0414\U043C\U0438\U0442\U0440\U0438\U0439 \U0411\U0435\U043B\U044F\U0432\U0441\U043A\U0438\U0439, OU=\U042F, CN=Dmitry Belyavskiy, emailAddress=beldmit at example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -36,48 +35,45 @@ Certificate: X509v3 Subject Key Identifier: 11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 X509v3 Authority Key Identifier: - 11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 + A5:77:E3:20:78:77:2A:94:BF:62:8B:0E:61:4B:23:3E:BA:B7:04:1C X509v3 Basic Constraints: - CA:TRUE + CA:FALSE Signature Algorithm: sha256WithRSAEncryption Signature Value: - 04:8f:c3:77:48:06:29:c0:8d:66:2e:6b:48:a3:b3:e0:dd:5b: - 0a:e7:a4:0b:7e:72:91:fc:37:29:7f:81:1e:60:66:7b:ba:94: - 30:f8:c0:79:56:bc:ed:87:88:d9:bd:d8:7b:dc:1b:87:bb:ef: - 15:d0:77:74:59:d7:3f:30:09:71:86:da:d7:d7:50:cb:ef:8f: - 34:26:76:b5:0a:de:d0:ce:ca:40:57:86:ce:13:24:2a:9e:97: - db:5d:3e:73:8c:24:cc:89:84:42:04:45:62:f9:fd:4b:79:b2: - 1b:a0:01:d7:4c:1f:4d:d1:4c:5b:99:0a:27:5e:c9:79:3c:0f: - b7:3c:09:db:32:d6:ca:56:91:32:0d:7f:79:94:bc:bc:a8:ba: - 54:4b:39:6e:2d:9a:21:77:13:f8:b5:62:5d:a8:8c:c8:8d:ec: - 67:6c:14:2d:f6:ce:e6:d3:a6:fa:37:36:5b:31:7a:80:66:83: - 02:64:82:c1:ec:bf:38:8e:49:b0:e5:ec:09:9b:80:16:e4:32: - 91:4e:72:c4:5f:2d:b3:e9:57:b1:00:36:2d:1a:e9:9f:4a:b1: - 1c:d1:ae:fb:15:79:02:0b:14:97:81:ee:42:01:ed:00:58:38: - b2:30:89:f2:89:11:b7:03:7c:16:95:30:eb:32:9c:9f:00:e5: - 22:12:db:7a + 31:92:d1:a9:5e:0e:fb:cc:1c:b7:2d:5e:e8:7e:69:3f:8c:7e: + c5:c9:e1:d0:70:c0:bf:5d:21:58:da:df:4e:cf:27:6a:1b:bc: + df:a1:d4:df:76:4b:40:60:10:42:62:c4:f9:18:83:db:ff:a0: + 02:0f:4b:20:7a:cb:83:3f:95:00:5b:1a:7a:3c:d7:dc:7a:cd: + 1e:6f:8c:4f:78:d0:ec:06:89:6f:2b:a8:92:05:d9:39:08:55: + 95:5f:2a:d0:5c:ac:b8:5c:08:38:ea:e0:22:7a:aa:b7:af:36: + 22:7a:2e:81:ba:3c:e4:d4:f9:3f:f0:ce:a5:e2:3f:2f:c1:57: + 37:0b:1a:74:73:49:22:09:d5:ff:e2:c0:2c:2a:8f:bb:1b:61: + 73:19:50:74:06:48:95:34:b5:08:57:49:11:09:d3:9c:74:11: + e2:7b:9a:98:6e:33:b5:e4:ed:2f:2f:f9:59:28:3a:e6:fa:8d: + 56:8a:cf:e0:b9:d6:4d:4c:43:8e:11:2f:9e:79:34:79:66:5e: + be:20:78:34:8d:aa:05:30:0c:dc:b1:dc:85:ee:81:37:bf:81: + 93:d0:05:c6:f6:36:2e:12:f8:11:91:d3:a1:fd:08:bf:5f:62: + c9:a5:a5:98:e4:8f:8b:57:1f:aa:fb:1e:38:0c:a9:cd:d1:30: + 3f:a5:6f:d8 -----BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIJAL5HPFOmKsA6MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +MIIDkzCCAnugAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCeiq +jeiovOWxgDAeFw0yMTAzMDMwOTI0NTJaFw0yMTA0MDIwOTI0NTJaMIG0MQswCQYD VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQ utCy0LAxKjAoBgNVBAoMIdCU0LzQuNGC0YDQuNC5INCR0LXQu9GP0LLRgdC60LjQ uTELMAkGA1UECwwC0K8xGjAYBgNVBAMMEURtaXRyeSBCZWx5YXZza2l5MSIwIAYJ -KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMB4XDTE3MDIyMTE5MzUyMloX -DTE3MDMyMzE5MzUyMlowgbQxCzAJBgNVBAYTAlJVMRUwEwYDVQQIDAzQnNC+0YHQ -utCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEqMCgGA1UECgwh0JTQvNC40YLR -gNC40Lkg0JHQtdC70Y/QstGB0LrQuNC5MQswCQYDVQQLDALQrzEaMBgGA1UEAwwR -RG1pdHJ5IEJlbHlhdnNraXkxIjAgBgkqhkiG9w0BCQEWE2JlbGRtaXRAZXhhbXBs -ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkV5Y2VW2VISUX -+IWHU7q81ZrW3CFmcjA2ypRDPDcigTGvu48x3yDiagTuEqHqjJRjhKtmyufPrj/w -wDh/Z6i/9IpwZT1cH2AMaoa5aE9FNwyJ70Xoq8S9GohJBUtf9KKNHDjkUFSqJaZN -XGTrHDGR0TjwtIJMxFhgTyGVlFYW3NmnMEZUvM06P6RUWKTqC7B9cgMVSVIiD6Gb -qsoLBcbuDAv0WA1MGnEpk9v3EvXc3wEVGAfU5PbgyakJ2gMj2vy0B/OGGIcb2z9Q -/iF6nMEAXZPs8blfeBRX4QG4qeYH/dN3u3G0HYZlqAoKo/759YOlXM1d6ik8Gthj -a8XFPrLRAgMBAAGjUDBOMB0GA1UdDgQWBBQRSUYZKk5N0cj7eVU9gZki7jRPIjAf -BgNVHSMEGDAWgBQRSUYZKk5N0cj7eVU9gZki7jRPIjAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQAEj8N3SAYpwI1mLmtIo7Pg3VsK56QLfnKR/Dcpf4Ee -YGZ7upQw+MB5Vrzth4jZvdh73BuHu+8V0Hd0Wdc/MAlxhtrX11DL7480Jna1Ct7Q -zspAV4bOEyQqnpfbXT5zjCTMiYRCBEVi+f1LebIboAHXTB9N0UxbmQonXsl5PA+3 -PAnbMtbKVpEyDX95lLy8qLpUSzluLZohdxP4tWJdqIzIjexnbBQt9s7m06b6NzZb -MXqAZoMCZILB7L84jkmw5ewJm4AW5DKRTnLEXy2z6VexADYtGumfSrEc0a77FXkC -CxSXge5CAe0AWDiyMInyiRG3A3wWlTDrMpyfAOUiEtt6 +KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEApFeWNlVtlSElF/iFh1O6vNWa1twhZnIwNsqUQzw3IoEx +r7uPMd8g4moE7hKh6oyUY4SrZsrnz64/8MA4f2eov/SKcGU9XB9gDGqGuWhPRTcM +ie9F6KvEvRqISQVLX/SijRw45FBUqiWmTVxk6xwxkdE48LSCTMRYYE8hlZRWFtzZ +pzBGVLzNOj+kVFik6guwfXIDFUlSIg+hm6rKCwXG7gwL9FgNTBpxKZPb9xL13N8B +FRgH1OT24MmpCdoDI9r8tAfzhhiHG9s/UP4hepzBAF2T7PG5X3gUV+EBuKnmB/3T +d7txtB2GZagKCqP++fWDpVzNXeopPBrYY2vFxT6y0QIDAQABo00wSzAdBgNVHQ4E +FgQUEUlGGSpOTdHI+3lVPYGZIu40TyIwHwYDVR0jBBgwFoAUpXfjIHh3KpS/YosO +YUsjPrq3BBwwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMZLRqV4O+8wc +ty1e6H5pP4x+xcnh0HDAv10hWNrfTs8nahu836HU33ZLQGAQQmLE+RiD2/+gAg9L +IHrLgz+VAFsaejzX3HrNHm+MT3jQ7AaJbyuokgXZOQhVlV8q0FysuFwIOOrgInqq +t682Inougbo85NT5P/DOpeI/L8FXNwsadHNJIgnV/+LALCqPuxthcxlQdAZIlTS1 +CFdJEQnTnHQR4nuamG4zteTtLy/5WSg65vqNVorP4LnWTUxDjhEvnnk0eWZeviB4 +NI2qBTAM3LHche6BN7+Bk9AFxvY2LhL4EZHTof0Iv19iyaWlmOSPi1cfqvseOAyp +zdEwP6Vv2A== -----END CERTIFICATE----- diff --git a/test/certs/cyrillic.pem b/test/certs/cyrillic.pem index 7bf135d4b6..7e479b3ed7 100644 --- a/test/certs/cyrillic.pem +++ b/test/certs/cyrillic.pem @@ -1,25 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIJAL5HPFOmKsA6MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +MIIDkzCCAnugAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCeiq +jeiovOWxgDAeFw0yMTAzMDMwOTI0NTJaFw0yMTA0MDIwOTI0NTJaMIG0MQswCQYD VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQ utCy0LAxKjAoBgNVBAoMIdCU0LzQuNGC0YDQuNC5INCR0LXQu9GP0LLRgdC60LjQ uTELMAkGA1UECwwC0K8xGjAYBgNVBAMMEURtaXRyeSBCZWx5YXZza2l5MSIwIAYJ -KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMB4XDTE3MDIyMTE5MzUyMloX -DTE3MDMyMzE5MzUyMlowgbQxCzAJBgNVBAYTAlJVMRUwEwYDVQQIDAzQnNC+0YHQ -utCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEqMCgGA1UECgwh0JTQvNC40YLR -gNC40Lkg0JHQtdC70Y/QstGB0LrQuNC5MQswCQYDVQQLDALQrzEaMBgGA1UEAwwR -RG1pdHJ5IEJlbHlhdnNraXkxIjAgBgkqhkiG9w0BCQEWE2JlbGRtaXRAZXhhbXBs -ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkV5Y2VW2VISUX -+IWHU7q81ZrW3CFmcjA2ypRDPDcigTGvu48x3yDiagTuEqHqjJRjhKtmyufPrj/w -wDh/Z6i/9IpwZT1cH2AMaoa5aE9FNwyJ70Xoq8S9GohJBUtf9KKNHDjkUFSqJaZN -XGTrHDGR0TjwtIJMxFhgTyGVlFYW3NmnMEZUvM06P6RUWKTqC7B9cgMVSVIiD6Gb -qsoLBcbuDAv0WA1MGnEpk9v3EvXc3wEVGAfU5PbgyakJ2gMj2vy0B/OGGIcb2z9Q -/iF6nMEAXZPs8blfeBRX4QG4qeYH/dN3u3G0HYZlqAoKo/759YOlXM1d6ik8Gthj -a8XFPrLRAgMBAAGjUDBOMB0GA1UdDgQWBBQRSUYZKk5N0cj7eVU9gZki7jRPIjAf -BgNVHSMEGDAWgBQRSUYZKk5N0cj7eVU9gZki7jRPIjAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQAEj8N3SAYpwI1mLmtIo7Pg3VsK56QLfnKR/Dcpf4Ee -YGZ7upQw+MB5Vrzth4jZvdh73BuHu+8V0Hd0Wdc/MAlxhtrX11DL7480Jna1Ct7Q -zspAV4bOEyQqnpfbXT5zjCTMiYRCBEVi+f1LebIboAHXTB9N0UxbmQonXsl5PA+3 -PAnbMtbKVpEyDX95lLy8qLpUSzluLZohdxP4tWJdqIzIjexnbBQt9s7m06b6NzZb -MXqAZoMCZILB7L84jkmw5ewJm4AW5DKRTnLEXy2z6VexADYtGumfSrEc0a77FXkC -CxSXge5CAe0AWDiyMInyiRG3A3wWlTDrMpyfAOUiEtt6 +KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEApFeWNlVtlSElF/iFh1O6vNWa1twhZnIwNsqUQzw3IoEx +r7uPMd8g4moE7hKh6oyUY4SrZsrnz64/8MA4f2eov/SKcGU9XB9gDGqGuWhPRTcM +ie9F6KvEvRqISQVLX/SijRw45FBUqiWmTVxk6xwxkdE48LSCTMRYYE8hlZRWFtzZ +pzBGVLzNOj+kVFik6guwfXIDFUlSIg+hm6rKCwXG7gwL9FgNTBpxKZPb9xL13N8B +FRgH1OT24MmpCdoDI9r8tAfzhhiHG9s/UP4hepzBAF2T7PG5X3gUV+EBuKnmB/3T +d7txtB2GZagKCqP++fWDpVzNXeopPBrYY2vFxT6y0QIDAQABo00wSzAdBgNVHQ4E +FgQUEUlGGSpOTdHI+3lVPYGZIu40TyIwHwYDVR0jBBgwFoAUpXfjIHh3KpS/YosO +YUsjPrq3BBwwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMZLRqV4O+8wc +ty1e6H5pP4x+xcnh0HDAv10hWNrfTs8nahu836HU33ZLQGAQQmLE+RiD2/+gAg9L +IHrLgz+VAFsaejzX3HrNHm+MT3jQ7AaJbyuokgXZOQhVlV8q0FysuFwIOOrgInqq +t682Inougbo85NT5P/DOpeI/L8FXNwsadHNJIgnV/+LALCqPuxthcxlQdAZIlTS1 +CFdJEQnTnHQR4nuamG4zteTtLy/5WSg65vqNVorP4LnWTUxDjhEvnnk0eWZeviB4 +NI2qBTAM3LHche6BN7+Bk9AFxvY2LhL4EZHTof0Iv19iyaWlmOSPi1cfqvseOAyp +zdEwP6Vv2A== -----END CERTIFICATE----- diff --git a/test/certs/cyrillic.utf8 b/test/certs/cyrillic.utf8 index e9a2df2f73..243534e36d 100644 --- a/test/certs/cyrillic.utf8 +++ b/test/certs/cyrillic.utf8 @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - be:47:3c:53:a6:2a:c0:3a + Serial Number: 123456 (0x1e240) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=RU, ST=??????, L=??????, O=??????? ?????????, OU=?, CN=Dmitry Belyavskiy, emailAddress=beldmit at example.com + Issuer: CN=??? Validity - Not Before: Feb 21 19:35:22 2017 GMT - Not After : Mar 23 19:35:22 2017 GMT + Not Before: Mar 3 09:24:52 2021 GMT + Not After : Apr 2 09:24:52 2021 GMT Subject: C=RU, ST=??????, L=??????, O=??????? ?????????, OU=?, CN=Dmitry Belyavskiy, emailAddress=beldmit at example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -36,48 +35,45 @@ Certificate: X509v3 Subject Key Identifier: 11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 X509v3 Authority Key Identifier: - 11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 + A5:77:E3:20:78:77:2A:94:BF:62:8B:0E:61:4B:23:3E:BA:B7:04:1C X509v3 Basic Constraints: - CA:TRUE + CA:FALSE Signature Algorithm: sha256WithRSAEncryption Signature Value: - 04:8f:c3:77:48:06:29:c0:8d:66:2e:6b:48:a3:b3:e0:dd:5b: - 0a:e7:a4:0b:7e:72:91:fc:37:29:7f:81:1e:60:66:7b:ba:94: - 30:f8:c0:79:56:bc:ed:87:88:d9:bd:d8:7b:dc:1b:87:bb:ef: - 15:d0:77:74:59:d7:3f:30:09:71:86:da:d7:d7:50:cb:ef:8f: - 34:26:76:b5:0a:de:d0:ce:ca:40:57:86:ce:13:24:2a:9e:97: - db:5d:3e:73:8c:24:cc:89:84:42:04:45:62:f9:fd:4b:79:b2: - 1b:a0:01:d7:4c:1f:4d:d1:4c:5b:99:0a:27:5e:c9:79:3c:0f: - b7:3c:09:db:32:d6:ca:56:91:32:0d:7f:79:94:bc:bc:a8:ba: - 54:4b:39:6e:2d:9a:21:77:13:f8:b5:62:5d:a8:8c:c8:8d:ec: - 67:6c:14:2d:f6:ce:e6:d3:a6:fa:37:36:5b:31:7a:80:66:83: - 02:64:82:c1:ec:bf:38:8e:49:b0:e5:ec:09:9b:80:16:e4:32: - 91:4e:72:c4:5f:2d:b3:e9:57:b1:00:36:2d:1a:e9:9f:4a:b1: - 1c:d1:ae:fb:15:79:02:0b:14:97:81:ee:42:01:ed:00:58:38: - b2:30:89:f2:89:11:b7:03:7c:16:95:30:eb:32:9c:9f:00:e5: - 22:12:db:7a + 31:92:d1:a9:5e:0e:fb:cc:1c:b7:2d:5e:e8:7e:69:3f:8c:7e: + c5:c9:e1:d0:70:c0:bf:5d:21:58:da:df:4e:cf:27:6a:1b:bc: + df:a1:d4:df:76:4b:40:60:10:42:62:c4:f9:18:83:db:ff:a0: + 02:0f:4b:20:7a:cb:83:3f:95:00:5b:1a:7a:3c:d7:dc:7a:cd: + 1e:6f:8c:4f:78:d0:ec:06:89:6f:2b:a8:92:05:d9:39:08:55: + 95:5f:2a:d0:5c:ac:b8:5c:08:38:ea:e0:22:7a:aa:b7:af:36: + 22:7a:2e:81:ba:3c:e4:d4:f9:3f:f0:ce:a5:e2:3f:2f:c1:57: + 37:0b:1a:74:73:49:22:09:d5:ff:e2:c0:2c:2a:8f:bb:1b:61: + 73:19:50:74:06:48:95:34:b5:08:57:49:11:09:d3:9c:74:11: + e2:7b:9a:98:6e:33:b5:e4:ed:2f:2f:f9:59:28:3a:e6:fa:8d: + 56:8a:cf:e0:b9:d6:4d:4c:43:8e:11:2f:9e:79:34:79:66:5e: + be:20:78:34:8d:aa:05:30:0c:dc:b1:dc:85:ee:81:37:bf:81: + 93:d0:05:c6:f6:36:2e:12:f8:11:91:d3:a1:fd:08:bf:5f:62: + c9:a5:a5:98:e4:8f:8b:57:1f:aa:fb:1e:38:0c:a9:cd:d1:30: + 3f:a5:6f:d8 -----BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIJAL5HPFOmKsA6MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +MIIDkzCCAnugAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCeiq +jeiovOWxgDAeFw0yMTAzMDMwOTI0NTJaFw0yMTA0MDIwOTI0NTJaMIG0MQswCQYD VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQ utCy0LAxKjAoBgNVBAoMIdCU0LzQuNGC0YDQuNC5INCR0LXQu9GP0LLRgdC60LjQ uTELMAkGA1UECwwC0K8xGjAYBgNVBAMMEURtaXRyeSBCZWx5YXZza2l5MSIwIAYJ -KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMB4XDTE3MDIyMTE5MzUyMloX -DTE3MDMyMzE5MzUyMlowgbQxCzAJBgNVBAYTAlJVMRUwEwYDVQQIDAzQnNC+0YHQ -utCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEqMCgGA1UECgwh0JTQvNC40YLR -gNC40Lkg0JHQtdC70Y/QstGB0LrQuNC5MQswCQYDVQQLDALQrzEaMBgGA1UEAwwR -RG1pdHJ5IEJlbHlhdnNraXkxIjAgBgkqhkiG9w0BCQEWE2JlbGRtaXRAZXhhbXBs -ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkV5Y2VW2VISUX -+IWHU7q81ZrW3CFmcjA2ypRDPDcigTGvu48x3yDiagTuEqHqjJRjhKtmyufPrj/w -wDh/Z6i/9IpwZT1cH2AMaoa5aE9FNwyJ70Xoq8S9GohJBUtf9KKNHDjkUFSqJaZN -XGTrHDGR0TjwtIJMxFhgTyGVlFYW3NmnMEZUvM06P6RUWKTqC7B9cgMVSVIiD6Gb -qsoLBcbuDAv0WA1MGnEpk9v3EvXc3wEVGAfU5PbgyakJ2gMj2vy0B/OGGIcb2z9Q -/iF6nMEAXZPs8blfeBRX4QG4qeYH/dN3u3G0HYZlqAoKo/759YOlXM1d6ik8Gthj -a8XFPrLRAgMBAAGjUDBOMB0GA1UdDgQWBBQRSUYZKk5N0cj7eVU9gZki7jRPIjAf -BgNVHSMEGDAWgBQRSUYZKk5N0cj7eVU9gZki7jRPIjAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQAEj8N3SAYpwI1mLmtIo7Pg3VsK56QLfnKR/Dcpf4Ee -YGZ7upQw+MB5Vrzth4jZvdh73BuHu+8V0Hd0Wdc/MAlxhtrX11DL7480Jna1Ct7Q -zspAV4bOEyQqnpfbXT5zjCTMiYRCBEVi+f1LebIboAHXTB9N0UxbmQonXsl5PA+3 -PAnbMtbKVpEyDX95lLy8qLpUSzluLZohdxP4tWJdqIzIjexnbBQt9s7m06b6NzZb -MXqAZoMCZILB7L84jkmw5ewJm4AW5DKRTnLEXy2z6VexADYtGumfSrEc0a77FXkC -CxSXge5CAe0AWDiyMInyiRG3A3wWlTDrMpyfAOUiEtt6 +KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEApFeWNlVtlSElF/iFh1O6vNWa1twhZnIwNsqUQzw3IoEx +r7uPMd8g4moE7hKh6oyUY4SrZsrnz64/8MA4f2eov/SKcGU9XB9gDGqGuWhPRTcM +ie9F6KvEvRqISQVLX/SijRw45FBUqiWmTVxk6xwxkdE48LSCTMRYYE8hlZRWFtzZ +pzBGVLzNOj+kVFik6guwfXIDFUlSIg+hm6rKCwXG7gwL9FgNTBpxKZPb9xL13N8B +FRgH1OT24MmpCdoDI9r8tAfzhhiHG9s/UP4hepzBAF2T7PG5X3gUV+EBuKnmB/3T +d7txtB2GZagKCqP++fWDpVzNXeopPBrYY2vFxT6y0QIDAQABo00wSzAdBgNVHQ4E +FgQUEUlGGSpOTdHI+3lVPYGZIu40TyIwHwYDVR0jBBgwFoAUpXfjIHh3KpS/YosO +YUsjPrq3BBwwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMZLRqV4O+8wc +ty1e6H5pP4x+xcnh0HDAv10hWNrfTs8nahu836HU33ZLQGAQQmLE+RiD2/+gAg9L +IHrLgz+VAFsaejzX3HrNHm+MT3jQ7AaJbyuokgXZOQhVlV8q0FysuFwIOOrgInqq +t682Inougbo85NT5P/DOpeI/L8FXNwsadHNJIgnV/+LALCqPuxthcxlQdAZIlTS1 +CFdJEQnTnHQR4nuamG4zteTtLy/5WSg65vqNVorP4LnWTUxDjhEvnnk0eWZeviB4 +NI2qBTAM3LHche6BN7+Bk9AFxvY2LhL4EZHTof0Iv19iyaWlmOSPi1cfqvseOAyp +zdEwP6Vv2A== -----END CERTIFICATE----- diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 0ef40b0b01..ae934bf420 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -29,11 +29,11 @@ my $utf = srctop_file(@certs, "cyrillic.utf8"); ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_msb, "-nameopt", "esc_msb"]))); -is(cmp_text($out_msb, srctop_file(@certs, "cyrillic.msb")), +is(cmp_text($out_msb, $msb), 0, 'Comparing esc_msb output with cyrillic.msb'); ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, "-nameopt", "utf8"]))); -is(cmp_text($out_utf8, srctop_file(@certs, "cyrillic.utf8")), +is(cmp_text($out_utf8, $utf), 0, 'Comparing utf8 output with cyrillic.utf8'); SKIP: { From tomas at openssl.org Thu Mar 4 13:15:57 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 04 Mar 2021 13:15:57 +0000 Subject: [openssl] master update Message-ID: <1614863757.009612.17301.nullmailer@dev.openssl.org> The branch master has been updated via 8c631cfaa1f812ed990053c1b0c73f3a3f369aca (commit) via 2ad5bbe3205264cbcdd25f50a0c5167a7136ce88 (commit) via 20cca4db9cd69e58b393b09bde85b8731cf12147 (commit) via 22cd04143b2cd21f3285369659e98617dd0a482d (commit) via 0be6cf0c7e3770b0b66862a7212dc8922f4fadd7 (commit) via bffe3ae7b8cc6219de597981370690d31cfe5e01 (commit) via f40fa7b9adbaa5324402429cd15deefe4e884a03 (commit) via 946bdd12a0b366d9d558ec8088f89124bbe42cc3 (commit) via 9522f0a6a9c49d650c773f089ed84b0c1ee0368b (commit) from 2c8a740a9f0d9532050ae9a386506d1135b3a24a (commit) - Log ----------------------------------------------------------------- commit 8c631cfaa1f812ed990053c1b0c73f3a3f369aca Author: Tomas Mraz Date: Wed Mar 3 09:44:25 2021 +0100 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt We can try to do that although for legacy keys the keymgmt will not be set. This function will disappear with legacy support removed. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit 2ad5bbe3205264cbcdd25f50a0c5167a7136ce88 Author: Tomas Mraz Date: Tue Mar 2 17:17:46 2021 +0100 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module We do not want tracing in the FIPS module. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit 20cca4db9cd69e58b393b09bde85b8731cf12147 Author: Tomas Mraz Date: Tue Mar 2 17:05:48 2021 +0100 ecx_set_priv_key: Remove TODO 3.0 related to setting libctx This function is used only for legacy keys so the TODO is not relevant. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit 22cd04143b2cd21f3285369659e98617dd0a482d Author: Tomas Mraz Date: Tue Mar 2 16:55:48 2021 +0100 do_sigver_init: Remove fallback for missing provider implementations. We now have everything implemented in providers. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit 0be6cf0c7e3770b0b66862a7212dc8922f4fadd7 Author: Tomas Mraz Date: Tue Mar 2 16:16:06 2021 +0100 Remove some of the TODO 3.0 in crypto/evp related to legacy support. The legacy support stays in 3.0. The TODOs are dropped. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit bffe3ae7b8cc6219de597981370690d31cfe5e01 Author: Tomas Mraz Date: Mon Mar 1 17:48:19 2021 +0100 crypto/param_build_set.c: Remove irrelevant TODO 3.0 The OSSL_PARAM_set_BN() pads to data_size so there is no need for OSSL_PARAM_set_BN_pad(). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit f40fa7b9adbaa5324402429cd15deefe4e884a03 Author: Tomas Mraz Date: Mon Mar 1 17:24:55 2021 +0100 crypto/ppccap.c: Remove useless TODO 3.0 The chacha and poly1305 algorithms are not FIPS approved so they should stay out of FIPS module. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit 946bdd12a0b366d9d558ec8088f89124bbe42cc3 Author: Tomas Mraz Date: Mon Mar 1 16:55:23 2021 +0100 include/crypto: Remove TODOs that are irrelevant for 3.0 The legacy support will not be removed in 3.0. Remove the related TODO 3.0 marks. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) commit 9522f0a6a9c49d650c773f089ed84b0c1ee0368b Author: Tomas Mraz Date: Mon Mar 1 16:51:13 2021 +0100 include/internal: Remove TODOs that are irrelevant for 3.0 The sha3 and sm3 legacy support requires these headers. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14404) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_ctx.c | 2 +- crypto/ec/ecx_meth.c | 20 +++++++++++++++----- crypto/evp/digest.c | 16 ++++++++-------- crypto/evp/evp_enc.c | 24 ++++++++++++------------ crypto/evp/evp_lib.c | 2 +- crypto/evp/m_sigver.c | 11 ----------- crypto/evp/pmeth_lib.c | 22 ++++++++++++---------- crypto/param_build_set.c | 1 - crypto/ppccap.c | 4 ---- include/crypto/evp.h | 6 ++---- include/crypto/modes.h | 2 +- include/internal/sha3.h | 2 +- include/internal/sm3.h | 2 +- 13 files changed, 54 insertions(+), 60 deletions(-) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 360b708221..63783dda0e 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -124,7 +124,7 @@ static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx) ctxdbg(trc_out, str, ctx); \ } OSSL_TRACE_END(BN_CTX) #else -/* TODO(3.0): Consider if we want to do this in FIPS mode */ +/* We do not want tracing in FIPS module */ # define CTXDBG(str, ctx) do {} while(0) #endif /* FIPS_MODULE */ diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 269e270ea6..fac1ba7270 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -14,12 +14,13 @@ #include "internal/deprecated.h" #include -#include "internal/cryptlib.h" #include #include #include #include -#include "openssl/param_build.h" +#include +#include "internal/cryptlib.h" +#include "internal/provider.h" #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/ecx.h" @@ -334,15 +335,24 @@ static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, size_t len) { - /* TODO(3.0): We should pass a libctx here */ + OSSL_LIB_CTX *libctx = NULL; + + if (pkey->keymgmt != NULL) + libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt)); + return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len, - KEY_OP_PRIVATE, NULL, NULL); + KEY_OP_PRIVATE, libctx, NULL); } static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) { + OSSL_LIB_CTX *libctx = NULL; + + if (pkey->keymgmt != NULL) + libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt)); + return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len, - KEY_OP_PUBLIC, NULL, NULL); + KEY_OP_PUBLIC, libctx, NULL); } static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 858a9926cf..069eb192c1 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -32,7 +32,7 @@ void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force) EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); } - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ /* * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because @@ -177,7 +177,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) type = ctx->digest; } - /* TODO(3.0): Legacy work around code below. Remove this */ + /* Code below to be removed when legacy support is dropped. */ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so @@ -225,7 +225,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->md_data = NULL; } - /* TODO(3.0): Start of non-legacy code below */ + /* Start of non-legacy code below */ if (type->prov == NULL) { #ifdef FIPS_MODULE @@ -274,7 +274,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return ctx->digest->dinit(ctx->provctx); - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) @@ -381,7 +381,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) } return ctx->digest->dupdate(ctx->provctx, data, count); - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: return ctx->update(ctx, data, count); } @@ -430,7 +430,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) return ret; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); @@ -542,7 +542,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) return 1; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a digest context using an ENGINE */ @@ -787,7 +787,7 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) goto conclude; -/* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: if (ctx->digest->md_ctrl == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 851c6d5d9a..40e9f0b6c3 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -43,7 +43,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) return 1; - /* TODO(3.0): Remove legacy code below */ + /* Remove legacy code below when legacy support is removed. */ legacy: if (ctx->cipher != NULL) { @@ -105,7 +105,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } - /* TODO(3.0): Legacy work around code below. Remove this */ + /* Code below to be removed when legacy support is dropped. */ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* @@ -148,7 +148,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, } - /* TODO(3.0): Start of non-legacy code below */ + /* Start of non-legacy code below */ /* Ensure a context left lying around from last time is cleared */ if (cipher != NULL && ctx->cipher != NULL) { @@ -237,7 +237,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, iv == NULL ? 0 : EVP_CIPHER_CTX_iv_length(ctx)); - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: if (cipher != NULL) { @@ -597,7 +597,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return ret; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); @@ -657,7 +657,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return ret; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { @@ -744,7 +744,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return ret; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: b = ctx->cipher->block_size; @@ -879,7 +879,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return ret; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: *outl = 0; @@ -953,7 +953,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) return ok > 0 ? 1 : 0; } - /* TODO(3.0) legacy code follows */ + /* Code below to be removed when legacy support is dropped. */ /* * Note there have never been any built-in ciphers that define this flag @@ -1021,7 +1021,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) case EVP_CTRL_INIT: /* - * TODO(3.0) EVP_CTRL_INIT is purely legacy, no provider counterpart + * EVP_CTRL_INIT is purely legacy, no provider counterpart. * As a matter of fact, this should be dead code, but some caller * might still do a direct control call with this command, so... * Legacy methods return 1 except for exceptional circumstances, so @@ -1172,7 +1172,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); goto end; -/* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: if (ctx->cipher->ctrl == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); @@ -1329,7 +1329,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; - /* TODO(3.0): Remove legacy code below */ + /* Code below to be removed when legacy support is dropped. */ legacy: #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index fc2c65b578..dd3173ddd5 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -477,7 +477,7 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) if (rv == EVP_CTRL_RET_UNSUPPORTED) goto legacy; return rv != 0 ? (int)v : -1; - /* TODO (3.0) Remove legacy support */ + /* Code below to be removed when legacy support is dropped. */ legacy: if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 795b785983..7650512d2a 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -90,17 +90,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx, &tmp_keymgmt, locpctx->propquery); if (provkey == NULL) { - /* - * If we couldn't find a keymgmt at all try legacy. - * TODO(3.0): Once all legacy algorithms (SM2, HMAC etc) have provider - * based implementations this fallback shouldn't be necessary. Either - * we have an ENGINE based implementation (in which case we should have - * already fallen back in the test above here), or we don't have the - * provider based implementation loaded (in which case this is an - * application config error) - */ - if (locpctx->keymgmt == NULL) - goto legacy; ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 2cc30f1af4..b08d0d2e3c 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -197,10 +197,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, } #ifndef FIPS_MODULE - /* - * TODO(3.0) This legacy code section should be removed when we stop - * supporting engines - */ + /* Code below to be removed when legacy support is dropped. */ /* BEGIN legacy */ if (id == -1) { if (pkey != NULL) @@ -879,6 +876,7 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return EVP_PKEY_CTX_get_params(ctx, params); } +/* TODO(3.0): Deprecate in favour of get_signature_md_name */ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) { OSSL_PARAM sig_md_params[2], *p = sig_md_params; @@ -892,7 +890,6 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) return -2; } - /* TODO(3.0): Remove this eventually when no more legacy */ if (ctx->op.sig.sigprovctx == NULL) return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); @@ -914,6 +911,10 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) return 1; } +/* + * TODO(3.0): Deprecate functions calling this in favour of + * functions setting md name. + */ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, int fallback, const char *param, int op, int ctrl) @@ -927,7 +928,6 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, return -2; } - /* TODO(3.0): Remove this eventually when no more legacy */ if (fallback) return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); @@ -975,9 +975,10 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, return -2; } - /* TODO(3.0): Remove this eventually when no more legacy */ + /* Code below to be removed when legacy support is dropped. */ if (fallback) return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); + /* end of legacy support */ if (datalen < 0) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); @@ -1063,11 +1064,11 @@ int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) return -2; } - /* TODO(3.0): Remove this eventually when no more legacy */ + /* Code below to be removed when legacy support is dropped. */ if (ctx->op.kex.exchprovctx == NULL) return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MODE, mode, NULL); - + /* end of legacy support */ if (mode < 0) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); @@ -1111,9 +1112,10 @@ static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param, return -2; } - /* TODO(3.0): Remove this eventually when no more legacy */ + /* Code below to be removed when legacy support is dropped. */ if (ctx->op.kex.exchprovctx == NULL) return EVP_PKEY_CTX_ctrl_uint64(ctx, -1, op, ctrl, val); + /* end of legacy support */ *p++ = OSSL_PARAM_construct_uint64(param, &val); *p = OSSL_PARAM_construct_end(); diff --git a/crypto/param_build_set.c b/crypto/param_build_set.c index 1ea8097e88..7f62630053 100644 --- a/crypto/param_build_set.c +++ b/crypto/param_build_set.c @@ -75,7 +75,6 @@ int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, if (p != NULL) { if (sz > p->data_size) return 0; - /* TODO(3.0) Change to use OSSL_PARAM_set_BN_pad */ p->data_size = sz; return OSSL_PARAM_set_BN(p, bn); } diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 0a5976c8a4..9ed1d80db5 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -83,10 +83,6 @@ void sha512_block_data_order(void *ctx, const void *inp, size_t len) sha512_block_ppc(ctx, inp, len); } -/* - * TODO(3.0): Temporarily disabled some assembler that hasn't been brought into - * the FIPS module yet. - */ #ifndef FIPS_MODULE # ifndef OPENSSL_NO_CHACHA void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp, diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 9115f47c1f..41487d2af2 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -235,7 +235,6 @@ struct evp_md_st { int type; /* Legacy structure members */ - /* TODO(3.0): Remove these */ int pkey_type; int md_size; unsigned long flags; @@ -250,7 +249,7 @@ struct evp_md_st { int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); /* New structure members */ - /* TODO(3.0): Remove above comment when legacy has gone */ + /* Above comment to be removed when legacy has gone */ int name_id; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; @@ -280,7 +279,6 @@ struct evp_cipher_st { int iv_len; /* Legacy structure members */ - /* TODO(3.0): Remove these */ /* Various flags */ unsigned long flags; /* init key */ @@ -303,7 +301,7 @@ struct evp_cipher_st { void *app_data; /* New structure members */ - /* TODO(3.0): Remove above comment when legacy has gone */ + /* Above comment to be removed when legacy has gone */ int name_id; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; diff --git a/include/crypto/modes.h b/include/crypto/modes.h index f5397fca68..119314d172 100644 --- a/include/crypto/modes.h +++ b/include/crypto/modes.h @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ +/* This header can move into provider when legacy support is removed */ #include #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) diff --git a/include/internal/sha3.h b/include/internal/sha3.h index 9bb6cf65f1..80ad86e58e 100644 --- a/include/internal/sha3.h +++ b/include/internal/sha3.h @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ +/* This header can move into provider when legacy support is removed */ #ifndef OSSL_INTERNAL_SHA3_H # define OSSL_INTERNAL_SHA3_H # pragma once diff --git a/include/internal/sm3.h b/include/internal/sm3.h index f64eb8ad1a..fe84f1905e 100644 --- a/include/internal/sm3.h +++ b/include/internal/sm3.h @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ +/* This header can move into provider when legacy support is removed */ #ifndef OSSL_INTERNAL_SM3_H # define OSSL_INTERNAL_SM3_H # pragma once From levitte at openssl.org Thu Mar 4 15:11:19 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 04 Mar 2021 15:11:19 +0000 Subject: [openssl] master update Message-ID: <1614870679.007705.2571.nullmailer@dev.openssl.org> The branch master has been updated via c2ec2bb7c146d1e48568f27d11dca02c06c36338 (commit) via d60a8e0a2345205242e21aae35815645708580c4 (commit) via 2f17e978a0ec5becda8a61dcf3e7840740ccdfd3 (commit) from 8c631cfaa1f812ed990053c1b0c73f3a3f369aca (commit) - Log ----------------------------------------------------------------- commit c2ec2bb7c146d1e48568f27d11dca02c06c36338 Author: Richard Levitte Date: Mon Mar 1 13:27:24 2021 +0100 Make provider provider_init thread safe, and flag checking/setting too provider_init() makes changes in the provider structure, and needs a bit of protection to ensure that doesn't happen concurrently with race conditions. This also demands a bit of protection of the flags, since they are bits and presumably occupy the same byte in memory. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14354) commit d60a8e0a2345205242e21aae35815645708580c4 Author: Richard Levitte Date: Mon Mar 1 13:27:15 2021 +0100 Make ossl_provider_disable_fallback_loading() thread safe Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14354) commit 2f17e978a0ec5becda8a61dcf3e7840740ccdfd3 Author: Richard Levitte Date: Mon Mar 1 16:31:34 2021 +0100 test/threadstest.c: Add a test to load providers concurrently If we don't synchronize properly in the core provider code, and build with a thread sanitizer, this should cause a crash. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14354) ----------------------------------------------------------------------- Summary of changes: crypto/provider_core.c | 48 +++++++++++++++++++++++++++++++++++++----------- test/threadstest.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 11 deletions(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index d210026e25..1326f83f7e 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -48,6 +48,9 @@ struct ossl_provider_st { unsigned int flag_fallback:1; /* Can be used as fallback */ unsigned int flag_activated_as_fallback:1; + /* Getting and setting the flags require synchronization */ + CRYPTO_RWLOCK *flag_lock; + /* OpenSSL library side data */ CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */ @@ -201,7 +204,9 @@ int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx) struct provider_store_st *store; if ((store = get_provider_store(libctx)) != NULL) { + CRYPTO_THREAD_write_lock(store->lock); store->use_fallbacks = 0; + CRYPTO_THREAD_unlock(store->lock); return 1; } return 0; @@ -255,6 +260,7 @@ static OSSL_PROVIDER *provider_new(const char *name, #endif || !ossl_provider_up_ref(prov) /* +1 One reference to be returned */ || (prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL + || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL || (prov->name = OPENSSL_strdup(name)) == NULL) { ossl_provider_free(prov); ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); @@ -375,6 +381,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov) OPENSSL_free(prov->path); sk_INFOPAIR_pop_free(prov->parameters, free_infopair); CRYPTO_THREAD_lock_free(prov->opbits_lock); + CRYPTO_THREAD_lock_free(prov->flag_lock); #ifndef HAVE_ATOMICS CRYPTO_THREAD_lock_free(prov->refcnt_lock); CRYPTO_THREAD_lock_free(prov->activatecnt_lock); @@ -470,9 +477,19 @@ static int provider_init(OSSL_PROVIDER *prov) OSSL_FUNC_provider_get_reason_strings_fn *p_get_reason_strings = NULL; # endif #endif + int ok = 0; - if (prov->flag_initialized) - return 1; + /* + * The flag lock is used to lock init, not only because the flag is + * checked here and set at the end, but also because this function + * modifies a number of things in the provider structure that this + * function needs to perform under lock anyway. + */ + CRYPTO_THREAD_write_lock(prov->flag_lock); + if (prov->flag_initialized) { + ok = 1; + goto end; + } /* * If the init function isn't set, it indicates that this provider is @@ -480,7 +497,7 @@ static int provider_init(OSSL_PROVIDER *prov) */ if (prov->init_function == NULL) { #ifdef FIPS_MODULE - return 0; + goto end; #else if (prov->module == NULL) { char *allocated_path = NULL; @@ -491,13 +508,14 @@ static int provider_init(OSSL_PROVIDER *prov) if ((prov->module = DSO_new()) == NULL) { /* DSO_new() generates an error already */ - return 0; + goto end; } if ((store = get_provider_store(prov->libctx)) == NULL || !CRYPTO_THREAD_read_lock(store->lock)) - return 0; + goto end; load_dir = store->default_path; + CRYPTO_THREAD_unlock(store->lock); if (load_dir == NULL) { load_dir = ossl_safe_getenv("OPENSSL_MODULES"); @@ -514,7 +532,6 @@ static int provider_init(OSSL_PROVIDER *prov) DSO_convert_filename(prov->module, prov->name); if (module_path != NULL) merged_path = DSO_merge(prov->module, module_path, load_dir); - CRYPTO_THREAD_unlock(store->lock); if (merged_path == NULL || (DSO_load(prov->module, merged_path, NULL, 0)) == NULL) { @@ -542,7 +559,7 @@ static int provider_init(OSSL_PROVIDER *prov) DSO_free(prov->module); prov->module = NULL; #endif - return 0; + goto end; } prov->provctx = tmp_provctx; @@ -603,7 +620,7 @@ static int provider_init(OSSL_PROVIDER *prov) cnt = 0; while (reasonstrings[cnt].id != 0) { if (ERR_GET_LIB(reasonstrings[cnt].id) != 0) - return 0; + goto end; cnt++; } cnt++; /* One for the terminating item */ @@ -612,7 +629,7 @@ static int provider_init(OSSL_PROVIDER *prov) prov->error_strings = OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1)); if (prov->error_strings == NULL) - return 0; + goto end; /* * Set the "library" name. @@ -635,7 +652,11 @@ static int provider_init(OSSL_PROVIDER *prov) /* With this flag set, this provider has become fully "loaded". */ prov->flag_initialized = 1; - return 1; + ok = 1; + + end: + CRYPTO_THREAD_unlock(prov->flag_lock); + return ok; } static int provider_deactivate(OSSL_PROVIDER *prov) @@ -648,8 +669,11 @@ static int provider_deactivate(OSSL_PROVIDER *prov) if (CRYPTO_DOWN_REF(&prov->activatecnt, &ref, prov->activatecnt_lock) <= 0) return 0; - if (ref < 1) + if (ref < 1) { + CRYPTO_THREAD_write_lock(prov->flag_lock); prov->flag_activated = 0; + CRYPTO_THREAD_unlock(prov->flag_lock); + } /* We don't deinit here, that's done in ossl_provider_free() */ return 1; @@ -663,7 +687,9 @@ static int provider_activate(OSSL_PROVIDER *prov) return 0; if (provider_init(prov)) { + CRYPTO_THREAD_write_lock(prov->flag_lock); prov->flag_activated = 1; + CRYPTO_THREAD_unlock(prov->flag_lock); return 1; } diff --git a/test/threadstest.c b/test/threadstest.c index 9c8e2181d0..26807e294c 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -473,6 +473,34 @@ static int test_multi(int idx) return testresult; } +/* + * This test attempts to load several providers at the same time, and if + * run with a thread sanitizer, should crash if the core provider code + * doesn't synchronize well enough. + */ +#define MULTI_LOAD_THREADS 3 +static void test_multi_load_worker(void) +{ + OSSL_PROVIDER *prov; + + TEST_ptr(prov = OSSL_PROVIDER_load(NULL, "default")); + TEST_true(OSSL_PROVIDER_unload(prov)); +} + +static int test_multi_load(void) +{ + thread_t threads[MULTI_LOAD_THREADS]; + int i; + + for (i = 0; i < MULTI_LOAD_THREADS; i++) + TEST_true(run_thread(&threads[i], test_multi_load_worker)); + + for (i = 0; i < MULTI_LOAD_THREADS; i++) + TEST_true(wait_for_thread(threads[i])); + + return 1; +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -518,6 +546,7 @@ int setup_tests(void) ADD_TEST(test_once); ADD_TEST(test_thread_local); ADD_TEST(test_atomic); + ADD_TEST(test_multi_load); ADD_ALL_TESTS(test_multi, 4); return 1; } From levitte at openssl.org Thu Mar 4 18:26:20 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 04 Mar 2021 18:26:20 +0000 Subject: [openssl] master update Message-ID: <1614882380.010396.3257.nullmailer@dev.openssl.org> The branch master has been updated via c3a85d3d170a0bffd7b009edb544f0a4a182a3b7 (commit) from c2ec2bb7c146d1e48568f27d11dca02c06c36338 (commit) - Log ----------------------------------------------------------------- commit c3a85d3d170a0bffd7b009edb544f0a4a182a3b7 Author: Richard Levitte Date: Wed Mar 3 17:33:08 2021 +0100 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod Fixes #14414 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14415) ----------------------------------------------------------------------- Summary of changes: doc/man3/OSSL_STORE_INFO.pod | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 8c811ec1f3..070b325a2d 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -166,7 +166,11 @@ Key parameters. =item OSSL_STORE_INFO_PKEY -A private/public key of some sort. +A keypair or just a private key (possibly with key parameters). + +=item OSSL_STORE_INFO_PUBKEY + +A public key (possibly with key parameters). =item OSSL_STORE_INFO_CERT From nic.tuv at gmail.com Thu Mar 4 19:04:41 2021 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Thu, 04 Mar 2021 19:04:41 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1614884681.047602.30870.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 01b9e18fb20ae158a056223fc62772887040d85f (commit) via 732682aeb6cfddcf0a1844df52a254b104983276 (commit) from a88ea7dfdfba2c34bd575076f12f06d80dd2c0c2 (commit) - Log ----------------------------------------------------------------- commit 01b9e18fb20ae158a056223fc62772887040d85f Author: Richard Levitte Date: Tue Mar 2 13:42:39 2021 +0200 [1.1.1] Fix `make update` for out-of-tree builds Fixes #11940 Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/14388) commit 732682aeb6cfddcf0a1844df52a254b104983276 Author: Nicola Tuveri Date: Tue Mar 2 10:45:24 2021 +0200 [github-ci] Add a out-of-tree_build job This adds a new job to trigger the bug reported in Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14388) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 21 +++++++++++++++++++++ Configurations/unix-Makefile.tmpl | 4 ++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aca73be1a0..5822e36ccb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,6 +70,27 @@ jobs: - name: make test run: make test + out-of-tree_build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + - name: setup build dir + run: | + set -eux + mkdir -p ${myblddir:=../_build/nest/a/little/more} + echo "mysrcdir=$(realpath .)" | tee -a $GITHUB_ENV + echo "myblddir=$(realpath $myblddir)" | tee -a $GITHUB_ENV + - name: config + run: set -eux ; cd ${{ env.myblddir }} && ${{ env.mysrcdir }}/config --strict-warnings && perl configdata.pm --dump + - name: make build_generated + run: set -eux; cd ${{ env.myblddir }} && make -s build_generated + - name: make update + run: set -eux; cd ${{ env.myblddir }} && make update + - name: make + run: set -eux; cd ${{ env.myblddir }} && make -s -j4 + - name: make test (minimal subset) + run: set -eux; cd ${{ env.myblddir }} && make test TESTS='0[0-9]' + no-deprecated: runs-on: ubuntu-latest steps: diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 3a24d55135..41648c9526 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -917,8 +917,8 @@ errors: done ) ordinals: - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update ) - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update ) + $(PERL) $(SRCDIR)/util/mkdef.pl crypto update + $(PERL) $(SRCDIR)/util/mkdef.pl ssl update test_ordinals: ( cd test; \ From openssl at openssl.org Fri Mar 5 01:28:23 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Mar 2021 01:28:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1614907703.896766.427568.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): # Failed test 'popo NONE' # at ../openssl/test/recipes/80-test_cmp_http.t line 145. # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2327:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:694:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2044:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2094:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 5 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335. # Looks like you failed 3 tests of 5.80-test_cmp_http.t ................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/5 subtests # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a shared build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 80-test_cmp_http.t (Wstat: 768 Tests: 5 Failed: 3) Failed tests: 2-3, 5 Non-zero exit status: 3 Files=233, Tests=2738, 765 wallclock secs ( 8.77 usr 1.21 sys + 688.88 cusr 70.46 csys = 769.32 CPU) Result: FAIL make[1]: *** [Makefile:2490: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2487: tests] Error 2 From openssl at openssl.org Fri Mar 5 07:42:15 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Mar 2021 07:42:15 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic Message-ID: <1614930135.838516.1150885.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a shared build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 Files=233, Tests=2738, 827 wallclock secs ( 9.77 usr 1.30 sys + 750.04 cusr 75.72 csys = 836.83 CPU) Result: FAIL make[1]: *** [Makefile:2473: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-pic' make: *** [Makefile:2470: tests] Error 2 From tomas at openssl.org Fri Mar 5 13:28:53 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 05 Mar 2021 13:28:53 +0000 Subject: [openssl] master update Message-ID: <1614950933.120807.14107.nullmailer@dev.openssl.org> The branch master has been updated via a7a041c2301fcb7fc2080ddd22a6076060bbaa69 (commit) via 1ddea35bd418b89c2f8403b41c054ad2f454382b (commit) via ec69d5c9a8b7c0edfbde56b65023ea5088547370 (commit) via b414c8118d954617d0408f9907ad1bfe162ce6e9 (commit) via 996d2693e26d98456a2ec4fb1a5dd432ff026225 (commit) from c3a85d3d170a0bffd7b009edb544f0a4a182a3b7 (commit) - Log ----------------------------------------------------------------- commit a7a041c2301fcb7fc2080ddd22a6076060bbaa69 Author: Tomas Mraz Date: Thu Mar 4 13:37:34 2021 +0100 CI external tests: separate each external test into its own phase Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14416) commit 1ddea35bd418b89c2f8403b41c054ad2f454382b Author: Tomas Mraz Date: Thu Mar 4 12:35:16 2021 +0100 CI external test: for now run only the krb5 and gost_engine tests The boringssl (https://github.com/openssl/openssl/issues/14424) and pyca-cryptography (https://github.com/openssl/openssl/issues/14425) tests are currently broken. Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14416) commit ec69d5c9a8b7c0edfbde56b65023ea5088547370 Author: Tomas Mraz Date: Thu Mar 4 12:33:33 2021 +0100 gost_engine test: further cleanups and fixes Allow absolute paths for $SRCTOP and $BLDTOP. Do not build the gost_engine in tree. Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14416) commit b414c8118d954617d0408f9907ad1bfe162ce6e9 Author: Tomas Mraz Date: Wed Mar 3 18:46:34 2021 +0100 gost_engine test: Run also perl and tcl tests Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14416) commit 996d2693e26d98456a2ec4fb1a5dd432ff026225 Author: Tomas Mraz Date: Wed Mar 3 18:26:22 2021 +0100 CI: add job with external tests Update gost-engine submodule. Update pyca-cryptography submodule. Fix condition for skipping krb5 test. Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14416) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 27 ++++++++++++++ gost-engine | 2 +- pyca-cryptography | 2 +- test/ossl_shim/include/openssl/base.h | 3 ++ .../gost_engine.sh | 42 +++++++++++++--------- test/recipes/95-test_external_krb5.t | 2 +- 6 files changed, 59 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67ec2541b3..fbe61efdbc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -166,3 +166,30 @@ jobs: - name: make install run: make install working-directory: ./build + + external-tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + with: + submodules: recursive + - name: package installs + run: | + sudo apt-get update + sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcl-dev tcl-thread tcsh python3-virtualenv virtualenv + - name: install cpanm and Test2::V0 for gost_engine testing + uses: perl-actions/install-with-cpanm at v1 + with: + install: Test2::V0 + - name: config + run: ./config --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: test external gost-engine + run: make test TESTS="test_external_gost_engine" + - name: test external krb5 + run: make test TESTS="test_external_krb5" +# - name: test external boringssl +# run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl" +# - name: test external pyca +# run: make test TESTS="test_external_pyca" diff --git a/gost-engine b/gost-engine index b008f2a0ff..28a0a19354 160000 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit b008f2a0ffa1797943c3d08c3b3eee31229a56d3 +Subproject commit 28a0a193549a9b778a14fade0219b9daa0e7c5db diff --git a/pyca-cryptography b/pyca-cryptography index 09403100de..e09cd90f77 160000 --- a/pyca-cryptography +++ b/pyca-cryptography @@ -1 +1 @@ -Subproject commit 09403100de2f6f1cdd0d484dcb8e620f1c335c8f +Subproject commit e09cd90f77a31832bdde1d3652c115be282cced9 diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h index 92e3648e1c..84918289c0 100644 --- a/test/ossl_shim/include/openssl/base.h +++ b/test/ossl_shim/include/openssl/base.h @@ -10,6 +10,9 @@ #ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H #define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H +/* Needed for DH functions */ +#include "internal/deprecated.h" + /* Needed for BORINGSSL_MAKE_DELETER */ # include # include diff --git a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh index 498825bad7..44810b5936 100755 --- a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh +++ b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh @@ -12,14 +12,26 @@ # set -e -O_EXE=`pwd`/$BLDTOP/apps -O_BINC=`pwd`/$BLDTOP/include -O_SINC=`pwd`/$SRCTOP/include -O_LIB=`pwd`/$BLDTOP +PWD="$(pwd)" -export PATH=$O_EXE:$PATH -export LD_LIBRARY_PATH=$O_LIB:$LD_LIBRARY_PATH -export OPENSSL_ROOT_DIR=$O_LIB +SRCTOP="$(cd $SRCTOP; pwd)" +BLDTOP="$(cd $BLDTOP; pwd)" + +if [ "$SRCTOP" != "$BLDTOP" ] ; then + echo "Out of tree builds not supported with gost_engine test!" + exit 1 +fi + +O_EXE="$BLDTOP/apps" +O_BINC="$BLDTOP/include" +O_SINC="$SRCTOP/include" +O_LIB="$BLDTOP" + +unset OPENSSL_CONF + +export PATH="$O_EXE:$PATH" +export LD_LIBRARY_PATH="$O_LIB:$LD_LIBRARY_PATH" +export OPENSSL_ROOT_DIR="$O_LIB" # Check/Set openssl version OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '` @@ -33,13 +45,11 @@ echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR" echo " OpenSSL version: $OPENSSL_VERSION" echo "------------------------------------------------------------------" -cd $SRCTOP/gost-engine -rm -rf build -mkdir -p build -cd build -cmake .. +cmake $SRCTOP/gost-engine -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" make -CTEST_OUTPUT_ON_FAILURE=1 HARNESS_OSSL_PREFIX='' OPENSSL_ENGINES=$OPENSSL_ROOT_DIR/gost-engine/build/bin make test - -exit 0 - +export CTEST_OUTPUT_ON_FAILURE=1 +export HARNESS_OSSL_PREFIX='' +export OPENSSL_ENGINES="$PWD/bin" +export OPENSSL_APP="$O_EXE/openssl" +make test +make tcl_tests diff --git a/test/recipes/95-test_external_krb5.t b/test/recipes/95-test_external_krb5.t index ad262da2d9..9d6824cb6f 100644 --- a/test/recipes/95-test_external_krb5.t +++ b/test/recipes/95-test_external_krb5.t @@ -17,7 +17,7 @@ setup("test_external_krb5"); plan skip_all => "No external tests in this configuration" if disabled("external-tests"); plan skip_all => "krb5 not available" - if ! -f srctop_file("krb5", "data.txt"); + if ! -f srctop_file("krb5", "src", "configure.in"); plan tests => 1; From no-reply at appveyor.com Fri Mar 5 13:43:57 2021 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Mar 2021 13:43:57 +0000 Subject: Build failed: openssl master.40421 Message-ID: <20210305134357.1.A226C29B162D1F25@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Mar 6 07:47:33 2021 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 06 Mar 2021 07:47:33 +0000 Subject: Build failed: openssl master.40459 Message-ID: <20210306074733.1.EE2C00017DE99006@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Sat Mar 6 09:14:43 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sat, 06 Mar 2021 09:14:43 +0000 Subject: [openssl] master update Message-ID: <1615022083.311300.6120.nullmailer@dev.openssl.org> The branch master has been updated via 29ce1066bc54838ecb835244b03d763b55d7fadb (commit) from a7a041c2301fcb7fc2080ddd22a6076060bbaa69 (commit) - Log ----------------------------------------------------------------- commit 29ce1066bc54838ecb835244b03d763b55d7fadb Author: Paul Nelson Date: Wed Feb 10 16:49:19 2021 -0600 Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14150) ----------------------------------------------------------------------- Summary of changes: demos/README.txt | 26 +++++-- demos/digest/BIO_f_md.c | 122 +++++++++++++++++++++++++++++ demos/digest/EVP_MD_demo.c | 183 ++++++++++++++++++++++++++++++++++++++++++++ demos/digest/EVP_MD_stdin.c | 134 ++++++++++++++++++++++++++++++++ demos/digest/Makefile | 22 ++++++ 5 files changed, 481 insertions(+), 6 deletions(-) create mode 100755 demos/digest/BIO_f_md.c create mode 100644 demos/digest/EVP_MD_demo.c create mode 100755 demos/digest/EVP_MD_stdin.c create mode 100644 demos/digest/Makefile diff --git a/demos/README.txt b/demos/README.txt index d2155ef973..cfb2b3c82d 100644 --- a/demos/README.txt +++ b/demos/README.txt @@ -1,9 +1,23 @@ -NOTE: Don't expect any of these programs to work with current -OpenSSL releases, or even with later SSLeay releases. +OpenSSL Demonstration Applications -Original README: -============================================================================= +This folder contains source code that demonstrates the proper use of the OpenSSL +library API. -Some demo programs sent to me by various people +bio: Demonstration of a simple TLS client and server. -eric +certs: Demonstration of creating certs, using OCSP + +ciphers: + +cms: + +digest: +EVP_MD_demo.c Compute a digest from multiple buffers +EVP_MD_stdin.c Compute a digest with data read from stdin +EVP_f_md.c Compute a digest using BIO and EVP_f_md + +smime: + +pkcs12: +pkread.c Print out a description of a PKCS12 file. +pkwrite.c Add a password to an existing PKCS12 file. diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c new file mode 100755 index 0000000000..ce1dfcc34a --- /dev/null +++ b/demos/digest/BIO_f_md.c @@ -0,0 +1,122 @@ +/*- + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate + * a digest of static buffers + * You can find SHA3 test vectors from NIST here: + * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip + * For example, contains these lines: + Len = 80 + Msg = 1ca984dcc913344370cf + MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816 + * use xxd convert the hex message string to binary input for BIO_f_md: + * echo "1ca984dcc913344370cf" | xxd -r -p | ./BIO_f_md + * and then verify the output matches MD above. + */ + +#include +#include +#include +#include +#include + +/*- + * This demonstration will show how to digest data using + * a BIO configured with a message digest + * A message digest name may be passed as an argument. + * The default digest is SHA3-512 + */ + +int main(int argc, char * argv[]) +{ + int result = 1; + OSSL_LIB_CTX *library_context = NULL; + BIO *input = NULL; + BIO *bio_digest = NULL; + EVP_MD *md = NULL; + unsigned char buffer[512]; + size_t readct, writect; + size_t digest_size; + char *digest_value=NULL; + int j; + + input = BIO_new_fd( fileno(stdin), 1 ); + if (input == NULL) { + fprintf(stderr, "BIO_new_fd() for stdin returned NULL\n"); + goto cleanup; + } + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + + /* + * Fetch a message digest by name + * The algorithm name is case insensitive. + * See providers(7) for details about algorithm fetching + */ + md = EVP_MD_fetch( library_context, "SHA3-512", NULL ); + if (md == NULL) { + fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n"); + goto cleanup; + } + digest_size = EVP_MD_size(md); + digest_value = OPENSSL_malloc(digest_size); + if (digest_value == NULL) { + fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size); + goto cleanup; + } + /* Make a bio that uses the digest */ + bio_digest = BIO_new(BIO_f_md()); + if (bio_digest == NULL) { + fprintf(stderr, "BIO_new(BIO_f_md()) returned NULL\n"); + goto cleanup; + } + /* set our bio_digest BIO to digest data */ + if (BIO_set_md(bio_digest,md) != 1) { + fprintf(stderr, "BIO_set_md failed.\n"); + goto cleanup; + } + /*- + * We will use BIO chaining so that as we read, the digest gets updated + * See the man page for BIO_push + */ + BIO *reading = BIO_push( bio_digest, input ); + + while( BIO_read(reading, buffer, sizeof(buffer)) > 0 ) + ; + + /*- + * BIO_gets must be used to calculate the final + * digest value and then copy it to digest_value. + */ + if (BIO_gets(bio_digest, digest_value, digest_size) != digest_size) { + fprintf(stderr, "BIO_gets(bio_digest) failed\n"); + goto cleanup; + } + for (j=0; j +#include +#include +#include + +/*- + * This demonstration will show how to digest data using + * the soliloqy from Hamlet scene 1 act 3 + * The soliloqy is split into two parts to demonstrate using EVP_DigestUpdate + * more than once. + */ + +const char * hamlet_1 = + "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The ?lings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" + "Devoutly to be wished. To die to sleep,\n" + "To sleepe, perchance to dreame, Aye, there's the rub,\n" + "For in that sleep of death what dreams may come\n" + "When we haue shuffled off this mortal coil\n" + "Must give us pause. There's the respect\n" + "That makes calamity of so long life:\n" + "For who would bear the Ships and Scorns of time,\n" + "The oppressor's wrong, the proud man's Contumely,\n" + "The pangs of dispised love, the Law's delay,\n" +; +const char * hamlet_2 = + "The insolence of Office, and the spurns\n" + "That patient merit of the'unworthy takes,\n" + "When he himself might his Quietas make\n" + "With a bare bodkin? Who would fardels bear,\n" + "To grunt and sweat under a weary life,\n" + "But that the dread of something after death,\n" + "The undiscovered country, from whose bourn\n" + "No traveller returns, puzzles the will,\n" + "And makes us rather bear those ills we have,\n" + "Then fly to others we know not of?\n" + "Thus conscience does make cowards of us all,\n" + "And thus the native hue of Resolution\n" + "Is sickled o'er with the pale cast of Thought,\n" + "And enterprises of great pith and moment,\n" + "With this regard their currents turn awry,\n" + "And lose the name of Action. Soft you now,\n" + "The fair Ophelia? Nymph in thy Orisons\n" + "Be all my sins remember'd.\n" +; + +/* The known value of the SHA3-512 digest of the above soliloqy */ +const unsigned char known_answer[] = { + 0xbb, 0x69, 0xf8, 0x09, 0x9c, 0x2e, 0x00, 0x3d, + 0xa4, 0x29, 0x5f, 0x59, 0x4b, 0x89, 0xe4, 0xd9, + 0xdb, 0xa2, 0xe5, 0xaf, 0xa5, 0x87, 0x73, 0x9d, + 0x83, 0x72, 0xcf, 0xea, 0x84, 0x66, 0xc1, 0xf9, + 0xc9, 0x78, 0xef, 0xba, 0x3d, 0xe9, 0xc1, 0xff, + 0xa3, 0x75, 0xc7, 0x58, 0x74, 0x8e, 0x9c, 0x1d, + 0x14, 0xd9, 0xdd, 0xd1, 0xfd, 0x24, 0x30, 0xd6, + 0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe, +}; + +int demonstrate_digest(void) +{ + OSSL_LIB_CTX *library_context; + int result = 0; + const char *option_properties = NULL; + EVP_MD *message_digest = NULL; + EVP_MD_CTX *digest_context = NULL; + unsigned int digest_length; + unsigned char *digest_value = NULL; + int j; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + + /* + * Fetch a message digest by name + * The algorithm name is case insensitive. + * See providers(7) for details about algorithm fetching + */ + message_digest = EVP_MD_fetch(library_context, + "SHA3-512", option_properties); + if (message_digest == NULL) { + fprintf(stderr, "EVP_MD_fetch could not find SHA3-512."); + goto cleanup; + } + /* Determine the length of the fetched digest type */ + digest_length = EVP_MD_size(message_digest); + if (digest_length <= 0) { + fprintf(stderr, "EVP_MD_size returned invalid size.\n"); + goto cleanup; + } + + digest_value = OPENSSL_malloc(digest_length); + if (digest_value == NULL) { + fprintf(stderr, "No memory.\n"); + goto cleanup; + } + /* + * Make a message digest context to hold temporary state + * during digest creation + */ + digest_context = EVP_MD_CTX_new(); + if (digest_context == NULL) { + fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + goto cleanup; + } + /* + * Initialize the message digest context to use the fetched + * digest provider + */ + if (EVP_DigestInit(digest_context, message_digest) != 1) { + fprintf(stderr, "EVP_DigestInit failed.\n"); + goto cleanup; + } + /* Digest parts one and two of the soliloqy */ + if (EVP_DigestUpdate(digest_context, hamlet_1, strlen(hamlet_1)) != 1) { + fprintf(stderr, "EVP_DigestUpdate(hamlet_1) failed.\n"); + goto cleanup; + } + if (EVP_DigestUpdate(digest_context, hamlet_2, strlen(hamlet_2)) != 1) { + fprintf(stderr, "EVP_DigestUpdate(hamlet_2) failed.\n"); + goto cleanup; + } + if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) { + fprintf(stderr, "EVP_DigestFinal() failed.\n"); + goto cleanup; + } + for (j=0; j +#include +#include +#include + +/*- + * This demonstration will show how to digest data using + * a BIO created to read from stdin + */ + +int demonstrate_digest(BIO *input) +{ + OSSL_LIB_CTX *library_context = NULL; + int result = 0; + const char * option_properties = NULL; + EVP_MD *message_digest = NULL; + EVP_MD_CTX *digest_context = NULL; + unsigned int digest_length; + unsigned char *digest_value = NULL; + unsigned char buffer[512]; + int ii; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + + /* + * Fetch a message digest by name + * The algorithm name is case insensitive. + * See providers(7) for details about algorithm fetching + */ + message_digest = EVP_MD_fetch(library_context, + "SHA3-512", option_properties); + if (message_digest == NULL) { + fprintf(stderr, "EVP_MD_fetch could not find SHA3-512."); + ERR_print_errors_fp(stderr); + OSSL_LIB_CTX_free(library_context); + return 0; + } + /* Determine the length of the fetched digest type */ + digest_length = EVP_MD_size(message_digest); + if (digest_length <= 0) { + fprintf(stderr, "EVP_MD_size returned invalid size.\n"); + goto cleanup; + } + + digest_value = OPENSSL_malloc(digest_length); + if (digest_value == NULL) { + fprintf(stderr, "No memory.\n"); + goto cleanup; + } + /* + * Make a message digest context to hold temporary state + * during digest creation + */ + digest_context = EVP_MD_CTX_new(); + if (digest_context == NULL) { + fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + ERR_print_errors_fp(stderr); + goto cleanup; + } + /* + * Initialize the message digest context to use the fetched + * digest provider + */ + if (EVP_DigestInit(digest_context, message_digest) != 1) { + fprintf(stderr, "EVP_DigestInit failed.\n"); + ERR_print_errors_fp(stderr); + goto cleanup; + } + while ((ii = BIO_read(input, buffer, sizeof(buffer))) > 0) { + if (EVP_DigestUpdate(digest_context, buffer, ii) != 1) { + fprintf(stderr, "EVP_DigestUpdate() failed.\n"); + goto cleanup; + } + } + if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) { + fprintf(stderr, "EVP_DigestFinal() failed.\n"); + goto cleanup; + } + result = 1; + for (ii=0; ii The branch master has been updated via 9b9d24f0331f7175137bc60023e7a165ee886551 (commit) via f477cdfadd9604eef162a98f5f69c7ca61da5a26 (commit) from 29ce1066bc54838ecb835244b03d763b55d7fadb (commit) - Log ----------------------------------------------------------------- commit 9b9d24f0331f7175137bc60023e7a165ee886551 Author: Dr. David von Oheimb Date: Mon Mar 1 08:56:46 2021 +0100 OCSP_resp_find_status.pod: Complete the RETURN VALUES section Supersedes #11877. Also make order in NAME section consistent. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14347) commit f477cdfadd9604eef162a98f5f69c7ca61da5a26 Author: Dr. David von Oheimb Date: Mon Mar 1 08:54:52 2021 +0100 crypto/ocsp/ocsp_cl.c: coding style improvements Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14347) ----------------------------------------------------------------------- Summary of changes: crypto/ocsp/ocsp_cl.c | 46 ++++++++++++++------------- doc/man3/OCSP_resp_find_status.pod | 65 +++++++++++++++++++++++--------------- 2 files changed, 63 insertions(+), 48 deletions(-) diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 40d26fb871..421b6ac341 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -38,21 +38,18 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) one->reqCert = cid; if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) { one->reqCert = NULL; /* do not free on error */ - goto err; + OCSP_ONEREQ_free(one); + return NULL; } return one; - err: - OCSP_ONEREQ_free(one); - return NULL; } /* Set requestorName from an X509_NAME structure */ int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) { - GENERAL_NAME *gen; + GENERAL_NAME *gen = GENERAL_NAME_new(); - gen = GENERAL_NAME_new(); if (gen == NULL) return 0; if (!X509_NAME_set(&gen->d.directoryName, nm)) { @@ -70,6 +67,7 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) { OCSP_SIGNATURE *sig; + if (req->optionalSignature == NULL) req->optionalSignature = OCSP_SIGNATURE_new(); sig = req->optionalSignature; @@ -100,7 +98,7 @@ int OCSP_request_sign(OCSP_REQUEST *req, if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) goto err; - if (key) { + if (key != NULL) { if (!X509_check_private_key(signer, key)) { ERR_raise(ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); @@ -110,7 +108,7 @@ int OCSP_request_sign(OCSP_REQUEST *req, goto err; } - if (!(flags & OCSP_NOCERTS)) { + if ((flags & OCSP_NOCERTS) == 0) { if (!OCSP_request_add1_cert(req, signer)) goto err; for (i = 0; i < sk_X509_num(certs); i++) { @@ -141,9 +139,9 @@ int OCSP_response_status(OCSP_RESPONSE *resp) OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) { - OCSP_RESPBYTES *rb; - rb = resp->responseBytes; - if (!rb) { + OCSP_RESPBYTES *rb = resp->responseBytes; + + if (rb == NULL) { ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_RESPONSE_DATA); return NULL; } @@ -176,7 +174,7 @@ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) int OCSP_resp_count(OCSP_BASICRESP *bs) { - if (!bs) + if (bs == NULL) return -1; return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses); } @@ -185,12 +183,12 @@ int OCSP_resp_count(OCSP_BASICRESP *bs) OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) { - if (!bs) + if (bs == NULL) return NULL; return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx); } -const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs) +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs) { return bs->tbsResponseData.producedAt; } @@ -245,7 +243,8 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) int i; STACK_OF(OCSP_SINGLERESP) *sresp; OCSP_SINGLERESP *single; - if (!bs) + + if (bs == NULL) return -1; if (last < 0) last = 0; @@ -273,12 +272,14 @@ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, { int ret; OCSP_CERTSTATUS *cst; - if (!single) + + if (single == NULL) return -1; cst = single->certStatus; ret = cst->type; if (ret == V_OCSP_CERTSTATUS_REVOKED) { OCSP_REVOKEDINFO *rev = cst->value.revoked; + if (revtime) *revtime = rev->revocationTime; if (reason) { @@ -288,9 +289,9 @@ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, *reason = -1; } } - if (thisupd) + if (thisupd != NULL) *thisupd = single->thisUpdate; - if (nextupd) + if (nextupd != NULL) *nextupd = single->nextUpdate; return ret; } @@ -306,15 +307,15 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd) { - int i; + int i = OCSP_resp_find(bs, id, -1); OCSP_SINGLERESP *single; - i = OCSP_resp_find(bs, id, -1); + /* Maybe check for multiple responses and give an error? */ if (i < 0) return 0; single = OCSP_resp_get0(bs, i); i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); - if (status) + if (status != NULL) *status = i; return 1; } @@ -333,6 +334,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, { int ret = 1; time_t t_now, t_tmp; + time(&t_now); /* Check thisUpdate is valid and not more than nsec in the future */ if (!ASN1_GENERALIZEDTIME_check(thisupd)) { @@ -358,7 +360,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, } } - if (!nextupd) + if (nextupd == NULL) return ret; /* Check nextUpdate is valid and not more than nsec in the past */ diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index bc3c2127bc..3ded33f425 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -2,17 +2,13 @@ =head1 NAME -OCSP_resp_get0_certs, -OCSP_resp_get0_signer, -OCSP_resp_get0_id, -OCSP_resp_get1_id, -OCSP_resp_get0_produced_at, -OCSP_resp_get0_signature, -OCSP_resp_get0_tbs_sigalg, -OCSP_resp_get0_respdata, -OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, -OCSP_single_get0_status, OCSP_check_validity, -OCSP_basic_verify +OCSP_resp_find_status, OCSP_resp_count, +OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, +OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, +OCSP_resp_get0_certs, OCSP_resp_get0_signer, +OCSP_resp_get0_id, OCSP_resp_get1_id, +OCSP_check_validity, OCSP_basic_verify - OCSP response utility functions =head1 SYNOPSIS @@ -75,9 +71,8 @@ B or B. OCSP_resp_count() returns the number of B structures in I. -OCSP_resp_get0() returns the B structure in I -corresponding to index I. Where I runs from 0 to -OCSP_resp_count(bs) - 1. +OCSP_resp_get0() returns the B structure in I corresponding +to index I, where I runs from 0 to OCSP_resp_count(bs) - 1. OCSP_resp_find() searches I for I and returns the index of the first matching entry after I or starting from the beginning if I is -1. @@ -105,10 +100,11 @@ signed the response are known via some out-of-band mechanism. OCSP_resp_get0_id() gets the responder id of I. If the responder ID is a name then <*pname> is set to the name and I<*pid> is set to NULL. If the responder ID is by key ID then I<*pid> is set to the key ID and I<*pname> -is set to NULL. OCSP_resp_get1_id() leaves ownership of I<*pid> and I<*pname> -with the caller, who is responsible for freeing them. Both functions return 1 -in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, -no freeing of the results is necessary. +is set to NULL. + +OCSP_resp_get1_id() is the same as OCSP_resp_get0_id() +but leaves ownership of I<*pid> and I<*pname> with the caller, +who is responsible for freeing them unless the function returns 0. OCSP_check_validity() checks the validity of its I and I arguments, which will be typically obtained from OCSP_resp_find_status() or @@ -148,23 +144,40 @@ trust for OCSP signing in the root CA certificate. OCSP_resp_find_status() returns 1 if I is found in I and 0 otherwise. -OCSP_resp_count() returns the total number of B fields in -I. +OCSP_resp_count() returns the total number of B fields in I +or -1 on error. OCSP_resp_get0() returns a pointer to an B structure or -NULL if I is out of range. +NULL on error, such as I being out of range. -OCSP_resp_find() returns the index of I in I (which may be 0) or -1 if -I was not found. +OCSP_resp_find() returns the index of I in I (which may be 0) +or -1 on error, such as when I was not found. OCSP_single_get0_status() returns the status of I or -1 if an error occurred. +OCSP_resp_get0_produced_at() returns the B field from I. + +OCSP_resp_get0_signature() returns the signature from I. + +OCSP_resp_get0_tbs_sigalg() returns the B field from I. + +OCSP_resp_get0_respdata() returns the B field from I. + +OCSP_resp_get0_certs() returns any certificates included in I. + OCSP_resp_get0_signer() returns 1 if the signing certificate was located, -or 0 on error. +or 0 if not found or on error. + +OCSP_resp_get0_id() and OCSP_resp_get1_id() return 1 on success, 0 on failure. + +OCSP_check_validity() returns 1 if I and I are valid time +values and the current time + I is not before I and, +if I >= 0, the current time - I is not past I. +Otherwise it returns 0 to indicate an error. -OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such -as malloc failure. +OCSP_basic_verify() returns 1 on success, 0 on verification not successful, +or -1 on a fatal error such as malloc failure. =head1 NOTES From dev at ddvo.net Sat Mar 6 12:10:34 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 06 Mar 2021 12:10:34 +0000 Subject: [openssl] master update Message-ID: <1615032634.131564.23447.nullmailer@dev.openssl.org> The branch master has been updated via 0dca5ede0d7a98bc9061f4a50846732e50ffda0f (commit) from 9b9d24f0331f7175137bc60023e7a165ee886551 (commit) - Log ----------------------------------------------------------------- commit 0dca5ede0d7a98bc9061f4a50846732e50ffda0f Author: Dr. David von Oheimb Date: Mon Feb 8 19:13:26 2021 +0100 Make more use of X509_add_certs(); minor related code & comments cleanup This is a follow-up on #12615. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14436) ----------------------------------------------------------------------- Summary of changes: crypto/ocsp/ocsp_cl.c | 38 ++++++++------------------------------ crypto/ocsp/ocsp_srv.c | 13 ++----------- crypto/x509/x509_cmp.c | 7 +++---- 3 files changed, 13 insertions(+), 45 deletions(-) diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 421b6ac341..2d544b444e 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -27,7 +27,6 @@ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer: * useful if we want to add extensions. */ - OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) { OCSP_ONEREQ *one = NULL; @@ -45,7 +44,6 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) } /* Set requestorName from an X509_NAME structure */ - int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) { GENERAL_NAME *gen = GENERAL_NAME_new(); @@ -63,19 +61,15 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) } /* Add a certificate to an OCSP request */ - int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) { - OCSP_SIGNATURE *sig; - - if (req->optionalSignature == NULL) - req->optionalSignature = OCSP_SIGNATURE_new(); - sig = req->optionalSignature; - if (sig == NULL) + if (req->optionalSignature == NULL + && (req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) return 0; if (cert == NULL) return 1; - return ossl_x509_add_cert_new(&sig->certs, cert, X509_ADD_FLAG_UP_REF); + return ossl_x509_add_cert_new(&req->optionalSignature->certs, cert, + X509_ADD_FLAG_UP_REF); } /* @@ -83,16 +77,12 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) * optional signers certificate and include one or more optional certificates * in the request. Behaves like PKCS7_sign(). */ - int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags) { - int i; - X509 *x; - if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) goto err; @@ -109,13 +99,10 @@ int OCSP_request_sign(OCSP_REQUEST *req, } if ((flags & OCSP_NOCERTS) == 0) { - if (!OCSP_request_add1_cert(req, signer)) + if (!OCSP_request_add1_cert(req, signer) + || !X509_add_certs(req->optionalSignature->certs, certs, + X509_ADD_FLAG_UP_REF)) goto err; - for (i = 0; i < sk_X509_num(certs); i++) { - x = sk_X509_value(certs, i); - if (!OCSP_request_add1_cert(req, x)) - goto err; - } } return 1; @@ -126,7 +113,6 @@ int OCSP_request_sign(OCSP_REQUEST *req, } /* Get response status */ - int OCSP_response_status(OCSP_RESPONSE *resp) { return ASN1_ENUMERATED_get(resp->responseStatus); @@ -136,7 +122,6 @@ int OCSP_response_status(OCSP_RESPONSE *resp) * Extract basic response from OCSP_RESPONSE or NULL if no basic response * present. */ - OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) { OCSP_RESPBYTES *rb = resp->responseBytes; @@ -168,9 +153,7 @@ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) return &bs->tbsResponseData; } -/* - * Return number of OCSP_SINGLERESP responses present in a basic response. - */ +/* Return number of OCSP_SINGLERESP responses present in a basic response */ int OCSP_resp_count(OCSP_BASICRESP *bs) { @@ -180,7 +163,6 @@ int OCSP_resp_count(OCSP_BASICRESP *bs) } /* Extract an OCSP_SINGLERESP response with a given index */ - OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) { if (bs == NULL) @@ -237,7 +219,6 @@ int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, } /* Look single response matching a given certificate ID */ - int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) { int i; @@ -264,7 +245,6 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) * revtime and reason values are only set if the certificate status is * revoked. Returns numerical value of status. */ - int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, @@ -300,7 +280,6 @@ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, * This function combines the previous ones: look up a certificate ID and if * found extract status information. Return 0 is successful. */ - int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, int *reason, ASN1_GENERALIZEDTIME **revtime, @@ -328,7 +307,6 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, * accepting very old responses without a nextUpdate field an optional maxage * parameter specifies the maximum age the thisUpdate field can be. */ - int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) { diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 4a864f2d79..2bd8b40d65 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -20,7 +20,6 @@ * Utility functions related to sending OCSP responses and extracting * relevant information from the request. */ - int OCSP_request_onereq_count(OCSP_REQUEST *req) { return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList); @@ -155,7 +154,6 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, } /* Add a certificate to an OCSP request */ - int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) { return ossl_x509_add_cert_new(&resp->certs, cert, X509_ADD_FLAG_UP_REF); @@ -166,12 +164,10 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) * set the responderID to the subject name in the signer's certificate, and * include one or more optional certificates in the response. */ - int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, STACK_OF(X509) *certs, unsigned long flags) { - int i; OCSP_RESPID *rid; EVP_PKEY *pkey; @@ -187,13 +183,9 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, } if (!(flags & OCSP_NOCERTS)) { - if (!OCSP_basic_add1_cert(brsp, signer)) + if (!OCSP_basic_add1_cert(brsp, signer) + || !X509_add_certs(brsp->certs, certs, X509_ADD_FLAG_UP_REF)) goto err; - for (i = 0; i < sk_X509_num(certs); i++) { - X509 *tmpcert = sk_X509_value(certs, i); - if (!OCSP_basic_add1_cert(brsp, tmpcert)) - goto err; - } } rid = &brsp->tbsResponseData.responderId; @@ -212,7 +204,6 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, * Right now, I think that not doing double hashing is the right thing. * -- Richard Levitte */ - if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0)) goto err; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index c29fe3cc5f..a149bf49dc 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -177,8 +177,7 @@ int X509_cmp(const X509 *a, const X509 *b) int ossl_x509_add_cert_new(STACK_OF(X509) **p_sk, X509 *cert, int flags) { - if (*p_sk == NULL - && (*p_sk = sk_X509_new_null()) == NULL) { + if (*p_sk == NULL && (*p_sk = sk_X509_new_null()) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return 0; } @@ -216,7 +215,7 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags) } int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags) -/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */ +/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */ { if (sk == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); @@ -227,7 +226,7 @@ int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags) int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs, int flags) -/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */ +/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */ { int n = sk_X509_num(certs /* may be NULL */); int i; From no-reply at appveyor.com Sat Mar 6 13:39:16 2021 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 06 Mar 2021 13:39:16 +0000 Subject: Build failed: openssl master.40466 Message-ID: <20210306133916.1.5D014BF1F0481DF0@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Sat Mar 6 15:19:07 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 06 Mar 2021 15:19:07 +0000 Subject: [openssl] master update Message-ID: <1615043947.517859.2610.nullmailer@dev.openssl.org> The branch master has been updated via 2de5d3b87a7980efdb1c1e8350760b60d3d53e1e (commit) via 676d879cb2650dfb509d8eda256d5b8203acec0f (commit) via 73e6e3e03eaabd7b28b6a727383006c6ee1caaf7 (commit) from 0dca5ede0d7a98bc9061f4a50846732e50ffda0f (commit) - Log ----------------------------------------------------------------- commit 2de5d3b87a7980efdb1c1e8350760b60d3d53e1e Author: Dr. David von Oheimb Date: Mon Mar 1 12:43:05 2021 +0100 HTTP: Fix BIO_mem_d2i() on NULL mem input This fixes also failure behavior of OSSL_HTTP_REQ_CTX_sendreq_d2i(), OCSP_sendreq_nbio(), etc. Fixes #14322 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14356) commit 676d879cb2650dfb509d8eda256d5b8203acec0f Author: Dr. David von Oheimb Date: Mon Mar 1 11:47:18 2021 +0100 http_local.h: Remove unused declaration of HTTP_sendreq_bio() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14356) commit 73e6e3e03eaabd7b28b6a727383006c6ee1caaf7 Author: Dr. David von Oheimb Date: Mon Mar 1 14:06:32 2021 +0100 Simplify OCSP_sendreq_bio() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14356) ----------------------------------------------------------------------- Summary of changes: crypto/http/http_client.c | 19 ++++++++++--------- crypto/http/http_local.h | 8 -------- crypto/ocsp/ocsp_http.c | 5 ++--- 3 files changed, 12 insertions(+), 20 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 259bad366b..2f59cb421a 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -736,9 +736,12 @@ static ASN1_VALUE *BIO_mem_d2i(BIO *mem, const ASN1_ITEM *it) { const unsigned char *p; long len = BIO_get_mem_data(mem, &p); - ASN1_VALUE *resp = ASN1_item_d2i(NULL, &p, len, it); + ASN1_VALUE *resp; - if (resp == NULL) + if (mem == NULL) + return NULL; + + if ((resp = ASN1_item_d2i(NULL, &p, len, it)) == NULL) ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR); return resp; } @@ -1056,11 +1059,10 @@ ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - if ((mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn, - arg, headers, maxline, max_resp_len, timeout, - expected_ct, 1 /* expect_asn1 */)) - != NULL) - resp = BIO_mem_d2i(mem, rsp_it); + mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn, + arg, headers, maxline, max_resp_len, timeout, + expected_ct, 1 /* expect_asn1 */); + resp = BIO_mem_d2i(mem /* may be NULL */, rsp_it); BIO_free(mem); return resp; } @@ -1096,8 +1098,7 @@ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, max_resp_len, timeout, expected_ct, 1 /* expect_asn1 */, NULL); BIO_free(req_mem); - if (res_mem != NULL) - resp = BIO_mem_d2i(res_mem, rsp_it); + resp = BIO_mem_d2i(res_mem /* may be NULL */, rsp_it); BIO_free(res_mem); return resp; } diff --git a/crypto/http/http_local.h b/crypto/http/http_local.h index e6b0735102..3f52e0772f 100644 --- a/crypto/http/http_local.h +++ b/crypto/http/http_local.h @@ -23,14 +23,6 @@ OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy, int timeout, const char *expected_content_type, int expect_asn1); -ASN1_VALUE *HTTP_sendreq_bio(BIO *bio, OSSL_HTTP_bio_cb_t bio_update_fn, - void *arg, const char *server, const char *port, - const char *path, int use_ssl, int use_proxy, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, - int maxline, unsigned long max_resp_len, - int timeout, const ASN1_ITEM *rsp_it); int http_use_proxy(const char *no_proxy, const char *server); const char *http_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl); diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c index 4867929424..907720aac1 100644 --- a/crypto/ocsp/ocsp_http.c +++ b/crypto/ocsp/ocsp_http.c @@ -50,17 +50,16 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) { OCSP_RESPONSE *resp = NULL; OSSL_HTTP_REQ_CTX *ctx; - int rv; ctx = OCSP_sendreq_new(b, path, req, -1 /* default max resp line length */); if (ctx == NULL) return NULL; - rv = OCSP_sendreq_nbio(&resp, ctx); + OCSP_sendreq_nbio(&resp, ctx); /* this indirectly calls ERR_clear_error(): */ OSSL_HTTP_REQ_CTX_free(ctx); - return rv == 1 ? resp : NULL; + return resp; } #endif /* !defined(OPENSSL_NO_OCSP) */ From no-reply at appveyor.com Sat Mar 6 16:31:42 2021 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 06 Mar 2021 16:31:42 +0000 Subject: Build completed: openssl master.40467 Message-ID: <20210306163142.1.0570CB28CB39F044@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Sat Mar 6 20:46:59 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 06 Mar 2021 20:46:59 +0000 Subject: [openssl] master update Message-ID: <1615063619.108335.26326.nullmailer@dev.openssl.org> The branch master has been updated via 9293046fb447b1fd0ef1753017d9db4c3c333860 (commit) from 2de5d3b87a7980efdb1c1e8350760b60d3d53e1e (commit) - Log ----------------------------------------------------------------- commit 9293046fb447b1fd0ef1753017d9db4c3c333860 Author: Dr. David von Oheimb Date: Wed Jan 6 15:01:46 2021 +0100 apps/x509.c: Rename -signkey to -key for consistency with the req app Also because this better reflects that usually also the public portion is used. Retaining the old -signkey as an alias for backward compatibility. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14007) ----------------------------------------------------------------------- Summary of changes: apps/x509.c | 51 +++++++++++++++++++++++--------------------- doc/man1/openssl-x509.pod.in | 28 +++++++++++++++--------- 2 files changed, 45 insertions(+), 34 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index 1108ff7ad4..163c1c8a67 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -42,7 +42,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM, OPT_CAKEYFORM, OPT_VFYOPT, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE, - OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, + OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_KEY, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ, OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL, @@ -72,8 +72,10 @@ const OPTIONS x509_options[] = { {"inform", OPT_INFORM, 'f', "CSR input file format (DER or PEM) - default PEM"}, {"vfyopt", OPT_VFYOPT, 's', "CSR verification parameter in n:v form"}, + {"key", OPT_KEY, 's', + "Key to be used in certificate or cert request"}, {"signkey", OPT_SIGNKEY, 's', - "Key used to self-sign certificate or cert request"}, + "Same as -key"}, {"keyform", OPT_KEYFORM, 'E', "Key input format (ENGINE, other values ignored)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, @@ -149,7 +151,7 @@ const OPTIONS x509_options[] = { OPT_SECTION("Micro-CA"), {"CA", OPT_CA, '<', - "Use the given CA certificate, conflicts with -signkey"}, + "Use the given CA certificate, conflicts with -key"}, {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"}, {"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"}, {"CAkeyform", OPT_CAKEYFORM, 'E', @@ -244,7 +246,7 @@ int x509_main(int argc, char **argv) CONF *extconf = NULL; int ext_copy = EXT_COPY_UNSET; X509V3_CTX ext_ctx; - EVP_PKEY *signkey = NULL, *CAkey = NULL, *pubkey = NULL; + EVP_PKEY *privkey = NULL, *CAkey = NULL, *pubkey = NULL; EVP_PKEY *pkey; int newcert = 0; char *subj = NULL, *digestname = NULL; @@ -261,7 +263,7 @@ int x509_main(int argc, char **argv) char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; char *ext_names = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL; - char *infile = NULL, *outfile = NULL, *signkeyfile = NULL, *CAfile = NULL; + char *infile = NULL, *outfile = NULL, *privkeyfile = NULL, *CAfile = NULL; char *prog; int days = UNSET_DAYS; /* not explicitly set */ int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0; @@ -374,8 +376,9 @@ int x509_main(int argc, char **argv) case OPT_EXTENSIONS: extsect = opt_arg(); break; + case OPT_KEY: case OPT_SIGNKEY: - signkeyfile = opt_arg(); + privkeyfile = opt_arg(); break; case OPT_CA: CAfile = opt_arg(); @@ -605,9 +608,9 @@ int x509_main(int argc, char **argv) "The -req option cannot be used with -new\n"); goto end; } - if (signkeyfile != NULL) { - signkey = load_key(signkeyfile, keyformat, 0, passin, e, "private key"); - if (signkey == NULL) + if (privkeyfile != NULL) { + privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key"); + if (privkey == NULL) goto end; } if (pubkeyfile != NULL) { @@ -622,9 +625,9 @@ int x509_main(int argc, char **argv) "The -new option requires a subject to be set using -subj\n"); goto end; } - if (signkeyfile == NULL && pubkeyfile == NULL) { + if (privkeyfile == NULL && pubkeyfile == NULL) { BIO_printf(bio_err, - "The -new option without -signkey requires using -force_pubkey\n"); + "The -new option without -key requires using -force_pubkey\n"); goto end; } } @@ -635,8 +638,8 @@ int x509_main(int argc, char **argv) if (CAkeyfile == NULL) CAkeyfile = CAfile; if (CAfile != NULL) { - if (signkeyfile != NULL) { - BIO_printf(bio_err, "Cannot use both -signkey and -CA option\n"); + if (privkeyfile != NULL) { + BIO_printf(bio_err, "Cannot use both -key and -CA option\n"); goto end; } } else if (CAkeyfile != NULL) { @@ -697,9 +700,9 @@ int x509_main(int argc, char **argv) BIO_printf(bio_err, "Warning: ignoring -preserve_dates option with -req or -new\n"); preserve_dates = 0; - if (signkeyfile == NULL && CAkeyfile == NULL) { + if (privkeyfile == NULL && CAkeyfile == NULL) { BIO_printf(bio_err, - "We need a private key to sign with, use -signkey or -CAkey or -CA with private key\n"); + "We need a private key to sign with, use -key or -CAkey or -CA with private key\n"); goto end; } if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) @@ -727,9 +730,9 @@ int x509_main(int argc, char **argv) && !X509_set_subject_name(x, fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req))) goto end; - if ((pubkey != NULL || signkey != NULL || req != NULL) + if ((pubkey != NULL || privkey != NULL || req != NULL) && !X509_set_pubkey(x, pubkey != NULL ? pubkey : - signkey != NULL ? signkey : + privkey != NULL ? privkey : X509_REQ_get0_pubkey(req))) goto end; @@ -787,7 +790,7 @@ int x509_main(int argc, char **argv) if (sno != NULL && !X509_set_serialNumber(x, sno)) goto end; - if (reqfile || newcert || signkey != NULL || CAfile != NULL) { + if (reqfile || newcert || privkey != NULL || CAfile != NULL) { if (!preserve_dates && !set_cert_times(x, NULL, NULL, days)) goto end; if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert))) @@ -813,15 +816,15 @@ int x509_main(int argc, char **argv) } if (x509toreq) { /* also works in conjunction with -req */ - if (signkey == NULL) { - BIO_printf(bio_err, "Must specify request key using -signkey\n"); + if (privkey == NULL) { + BIO_printf(bio_err, "Must specify request key using -key\n"); goto end; } if (clrext && ext_copy != EXT_COPY_NONE) { BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n"); goto end; } - if ((rq = x509_to_req(x, signkey, digest, sigopts, + if ((rq = x509_to_req(x, privkey, digest, sigopts, ext_copy, ext_names)) == NULL) goto end; if (!noout) { @@ -838,8 +841,8 @@ int x509_main(int argc, char **argv) } } noout = 1; - } else if (signkey != NULL) { - if (!do_X509_sign(x, signkey, digest, sigopts, &ext_ctx)) + } else if (privkey != NULL) { + if (!do_X509_sign(x, privkey, digest, sigopts, &ext_ctx)) goto end; } else if (CAfile != NULL) { if (!reqfile && !newcert) { /* certificate should be self-signed */ @@ -1030,7 +1033,7 @@ int x509_main(int argc, char **argv) X509_REQ_free(req); X509_free(x); X509_free(xca); - EVP_PKEY_free(signkey); + EVP_PKEY_free(privkey); EVP_PKEY_free(CAkey); EVP_PKEY_free(pubkey); sk_OPENSSL_STRING_free(sigopts); diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 77c5e64ee0..7f42d45cf7 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -17,8 +17,9 @@ B B [B<-copy_extensions> I] [B<-inform> B|B] [B<-vfyopt> I:I] -[B<-signkey> I|I] +[B<-key> I|I] [B<-keyform> B|B|B|B] +[B<-signkey> I|I] [B<-out> I] [B<-outform> B|B] [B<-nocert>] @@ -118,13 +119,13 @@ Generate a certificate from scratch, not using an input certificate or certificate request. So the B<-in> option must not be used in this case. Instead, the B<-subj> option needs to be given. The public key to include can be given with the B<-force_pubkey> option -and defaults to the key given with the B<-signkey> option, +and defaults to the key given with the B<-key> option, which implies self-signature. =item B<-x509toreq> Output a PKCS#10 certificate request (rather than a certificate). -The B<-signkey> option must be used to provide the private key for self-signing; +The B<-key> option must be used to provide the private key for self-signing; the corresponding public key is placed in the subjectPKInfo field. X.509 extensions included in a certificate input are not copied by default. @@ -161,7 +162,7 @@ See L for details. Pass options to the signature algorithm during verify operations. Names and values of these options are algorithm-specific. -=item B<-signkey> I|I +=item B<-key> I|I This option causes the new certificate or certificate request to be self-signed using the supplied private key. @@ -174,6 +175,10 @@ Unless the B<-preserve_dates> option is supplied, it sets the validity start date to the current time and the end date to a value determined by the B<-days> option. +=item B<-signkey> I|I + +This option is an alias of B<-key>. + =item B<-keyform> B|B|B|B The key input format; the default is B. @@ -348,7 +353,7 @@ Check that the certificate matches the specified IP address. =item B<-set_serial> I Specifies the serial number to use. This option can be used with either -the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA> option +the B<-key> or B<-CA> options. If used in conjunction with the B<-CA> option the serial number file (as specified by the B<-CAserial> option) is not used. The serial number can be decimal or hex (if preceded by C<0x>). @@ -392,7 +397,7 @@ or certificate request. =item B<-force_pubkey> I When a certificate is created set its public key to the key in I -instead of the key contained in the input or given with the B<-signkey> option. +instead of the key contained in the input or given with the B<-key> option. This option is useful for creating self-issued certificates that are not self-signed, for instance when the key cannot be used for signing, such as DH. @@ -438,7 +443,7 @@ for testing. The digest to use. This affects any signing or printing option that uses a message -digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. +digest, such as the B<-fingerprint>, B<-key> and B<-CA> options. Any digest supported by the L command can be used. If not specified then SHA1 is used with B<-fingerprint> or the default digest for the signing algorithm is used, typically SHA256. @@ -456,7 +461,7 @@ When present, this behaves like a "micro CA" as follows: The subject name of the "CA" certificate is placed as issuer name in the new certificate, which is then signed using the "CA" key given as detailed below. -This option cannot be used in conjunction with the B<-signkey> option. +This option cannot be used in conjunction with the B<-key> option. This option is normally combined with the B<-req> option referencing a CSR. Without the B<-req> option the input must be a self-signed certificate unless the B<-new> option is given, which generates a certificate from scratch. @@ -700,13 +705,13 @@ Convert a certificate from PEM to DER format: Convert a certificate to a certificate request: - openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem + openssl x509 -x509toreq -in cert.pem -out req.pem -key key.pem Convert a certificate request into a self-signed certificate using extensions for a CA: openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ - -signkey key.pem -out cacert.pem + -key key.pem -out cacert.pem Sign a certificate request using the CA certificate above and add user certificate extensions: @@ -871,6 +876,9 @@ of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical version of the DN using SHA1. This means that any directories using the old form must have their links rebuilt using L or similar. +The B<-signkey> option has been renamed to B<-key> in OpenSSL 3.0, +keeping the old name as an alias. + All B<-keyform> and B<-CAkeyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. From beldmit at gmail.com Sat Mar 6 20:53:18 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sat, 06 Mar 2021 20:53:18 +0000 Subject: [openssl] master update Message-ID: <1615063998.228569.15797.nullmailer@dev.openssl.org> The branch master has been updated via a2c911c2d069b5c6f9e2a8f20764de83a82b1c99 (commit) from 9293046fb447b1fd0ef1753017d9db4c3c333860 (commit) - Log ----------------------------------------------------------------- commit a2c911c2d069b5c6f9e2a8f20764de83a82b1c99 Author: Dmitry Belyavskiy Date: Fri Mar 5 18:50:37 2021 +0100 Restore GOST macros compatibility with 1.1.1 Fixes #14440 Before IANA assigned the official codes for the GOST signature algorithms in TLS, the values from the Reserved for Private Use range were in use in Russia. The old values were renamed. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14448) ----------------------------------------------------------------------- Summary of changes: include/openssl/tls1.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index f8e3e9ca0d..10332997de 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1121,6 +1121,11 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS_CT_GOST12_LEGACY_SIGN 238 # define TLS_CT_GOST12_LEGACY_512_SIGN 239 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TLS_CT_GOST12_SIGN TLS_CT_GOST12_LEGACY_SIGN +# define TLS_CT_GOST12_512_SIGN TLS_CT_GOST12_LEGACY_512_SIGN +# endif + /* * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) From scan-admin at coverity.com Sun Mar 7 07:51:05 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 07 Mar 2021 07:51:05 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <604485e95f759_12d312af220c84f509028b@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DrQNy_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEl1WXU1Py3PEQ-2BBnpenpaUingxddAbNv9P7LWcS-2FzMeIEcLm6X1llk3j6mrqr4rRdUsGzFKYS7OeEK6Y3oNHqni9Tzo72u4Ri5P0oJ1z2THxEPOcbBwistdUjsrxaXeyd6JIYTh-2BoBZD2-2Bj2a-2FglNUg79mlo4VsT8fi9RcEHRdMggzbPLrqq2XNsMoiSUidRI-3D Build ID: 373644 Analysis Summary: New defects found: 6 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3Dm4tj_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEl1WXU1Py3PEQ-2BBnpenpaUingxddAbNv9P7LWcS-2FzMePyuaw-2BakGcBXYcExdn0ivnWkNhGKNUhH0u2pcO9iba-2Blc5Lvd3X8OhskYXWD3Xh58xgGxV1PtV5oE-2BnJnEZfIUDq4XZNSDCUAVKUQJrnpB5-2FyXmGix99bGEf6OuRvCR2l87zC5P39c-2BlTTgQX4lRFA-3D From scan-admin at coverity.com Sun Mar 7 07:52:01 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 07 Mar 2021 07:52:01 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <604486216d106_12ed72af220c84f509022f@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DwmH5_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGq6o8SDrC5BxrcgFa9v8yMae-2B4FqVf-2FiUL80YMxC4W1a62vSPU-2FfYSPgZFX9CFxW38-2FSPkHlX0KLzUh12s9mwr91AgP06G8CIOyNPS-2FF7mdn6HJ3mDXLcd4JKaEOPEz8P7iW1g-2BT92EOS78UDGM4Nrg2wFI69KXxA5O2o7g-2F1pKaw6tj9mriD4PtpdfPXBajg-3D Build ID: 373645 Analysis Summary: New defects found: 0 Defects eliminated: 0 From openssl at openssl.org Mon Mar 8 00:01:19 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 00:01:19 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1615161679.917735.329496.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): #4 0x7fcb39622266 in provider_new /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:264:26 #5 0x7fcb39624df4 in provider_store_new /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:165:16 #6 0x7fcb39607f75 in ossl_lib_ctx_generic_new /home/openssl/run-checker/enable-asan/../openssl/crypto/context.c:232:17 #7 0x7fcb39611009 in ossl_crypto_alloc_ex_data_intern /home/openssl/run-checker/enable-asan/../openssl/crypto/ex_data.c:429:5 #8 0x7fcb39607646 in ossl_lib_ctx_get_data /home/openssl/run-checker/enable-asan/../openssl/crypto/context.c:322:9 #9 0x7fcb39621128 in get_provider_store /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:195:13 #10 0x7fcb396234c3 in ossl_provider_forall_loaded /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:817:39 #11 0x7fcb3960843e in ossl_algorithm_do_all /home/openssl/run-checker/enable-asan/../openssl/crypto/core_algorithm.c:110:9 #12 0x7fcb396092f1 in ossl_method_construct /home/openssl/run-checker/enable-asan/../openssl/crypto/core_fetch.c:124:9 #13 0x7fcb395d5705 in inner_evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:303:23 #14 0x7fcb395d4e2e in evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:349:12 #15 0x7fcb395ee322 in EVP_MAC_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/mac_meth.c:155:12 #16 0x7fcb3949c310 in verify_integrity /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:178:11 #17 0x7fcb3949b941 in SELF_TEST_post /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:285:17 #18 0x7fcb394996a1 in OSSL_provider_init /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:630:10 #19 0x59ceec in provider_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:554:13 #20 0x59a0a6 in provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:689:9 #21 0x599d7e in ossl_provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:705:9 #22 0xace16c in provider_conf_load /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:133:14 #23 0xacddc5 in provider_conf_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:168:14 #24 0x7ac641 in module_init /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:374:15 #25 0x7aad68 in module_run /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:238:11 #26 0x7aab74 in CONF_modules_load /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:137:15 #27 0x7aaee0 in CONF_modules_load_file_ex /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:180:11 #28 0x7ab0e3 in CONF_modules_load_file /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:202:12 #29 0x7acd2f in openssl_config_int /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_sap.c:63:11 Indirect leak of 1 byte(s) in 1 object(s) allocated from: #0 0x49578d in malloc (/home/openssl/run-checker/enable-asan/test/threadstest+0x49578d) #1 0x58ba0b in CRYPTO_malloc /home/openssl/run-checker/enable-asan/../openssl/crypto/mem.c:184:12 #2 0x58bad6 in CRYPTO_realloc /home/openssl/run-checker/enable-asan/../openssl/crypto/mem.c:207:16 #3 0x7fcb3949a8be in CRYPTO_realloc /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:770:12 #4 0x7fcb396245af in ossl_provider_set_operation_bit /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:978:30 #5 0x7fcb39609edb in ossl_method_construct_postcondition /home/openssl/run-checker/enable-asan/../openssl/crypto/core_fetch.c:60:12 #6 0x7fcb39608cc4 in algorithm_do_this /home/openssl/run-checker/enable-asan/../openssl/crypto/core_algorithm.c:75:18 #7 0x7fcb39623b39 in provider_forall_loaded /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:750:25 #8 0x7fcb3962352a in ossl_provider_forall_loaded /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:834:15 #9 0x7fcb3960843e in ossl_algorithm_do_all /home/openssl/run-checker/enable-asan/../openssl/crypto/core_algorithm.c:110:9 #10 0x7fcb396092f1 in ossl_method_construct /home/openssl/run-checker/enable-asan/../openssl/crypto/core_fetch.c:124:9 #11 0x7fcb395d5705 in inner_evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:303:23 #12 0x7fcb395d4e2e in evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:349:12 #13 0x7fcb395ee322 in EVP_MAC_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/mac_meth.c:155:12 #14 0x7fcb3949c310 in verify_integrity /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:178:11 #15 0x7fcb3949b941 in SELF_TEST_post /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:285:17 #16 0x7fcb394996a1 in OSSL_provider_init /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:630:10 #17 0x59ceec in provider_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:554:13 #18 0x59a0a6 in provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:689:9 #19 0x599d7e in ossl_provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:705:9 #20 0xace16c in provider_conf_load /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:133:14 #21 0xacddc5 in provider_conf_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:168:14 #22 0x7ac641 in module_init /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:374:15 #23 0x7aad68 in module_run /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:238:11 #24 0x7aab74 in CONF_modules_load /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:137:15 #25 0x7aaee0 in CONF_modules_load_file_ex /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:180:11 #26 0x7ab0e3 in CONF_modules_load_file /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:202:12 #27 0x7acd2f in openssl_config_int /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_sap.c:63:11 #28 0x58a2f0 in ossl_init_config /home/openssl/run-checker/enable-asan/../openssl/crypto/init.c:238:15 #29 0x589eb8 in ossl_init_config_ossl_ /home/openssl/run-checker/enable-asan/../openssl/crypto/init.c:236:1 SUMMARY: AddressSanitizer: 6158 byte(s) leaked in 35 allocation(s). ../../util/wrap.pl ../../test/threadstest -fips ../../../openssl/test/recipes/90-test_threads_data => 1 not ok 1 - running test_threads # ------------------------------------------------------------------------------ # Failed test 'running test_threads' # at ../openssl/test/recipes/90-test_threads.t line 31. # Looks like you failed 1 test of 1.90-test_threads.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 90-test_threads.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=2858, 1699 wallclock secs (12.60 usr 1.62 sys + 1489.25 cusr 199.57 csys = 1703.04 CPU) Result: FAIL make[1]: *** [Makefile:2624: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' make: *** [Makefile:2621: tests] Error 2 From no-reply at appveyor.com Mon Mar 8 00:58:58 2021 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Mar 2021 00:58:58 +0000 Subject: Build failed: openssl master.40492 Message-ID: <20210308005858.1.DCE1C08789DDAC1A@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Mar 8 01:10:31 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 01:10:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm Message-ID: <1615165831.734363.366391.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): INSTALL PASSED make depend && make _tests make[1]: Entering directory '/home/openssl/run-checker/no-asm' make[1]: Leaving directory '/home/openssl/run-checker/no-asm' make[1]: Entering directory '/home/openssl/run-checker/no-asm' ( SRCTOP=../openssl \ BLDTOP=. \ PERL="/usr/bin/perl" \ FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \ EXE_EXT= \ /usr/bin/perl ../openssl/test/run_tests.pl ) 01-test_abort.t .................... ok 01-test_fipsmodule_cnf.t ........... ok 01-test_sanity.t ................... ok 01-test_symbol_presence.t .......... ok 01-test_test.t ..................... ok 02-test_errstr.t ................... ok 02-test_internal_context.t ......... ok 02-test_internal_ctype.t ........... ok 02-test_internal_keymgmt.t ......... ok 02-test_internal_provider.t ........ ok 02-test_lhash.t .................... ok 02-test_ordinals.t ................. ok 02-test_sparse_array.t ............. ok 02-test_stack.t .................... ok 03-test_exdata.t ................... ok 03-test_fipsinstall.t .............. ok 03-test_internal_asn1.t ............ ok 03-test_internal_asn1_dsa.t ........ ok 03-test_internal_bn.t .............. ok 03-test_internal_chacha.t .......... ok 03-test_internal_curve448.t ........ ok 03-test_internal_ec.t .............. ok 03-test_internal_ffc.t ............. ok 03-test_internal_mdc2.t ............ ok 03-test_internal_modes.t ........... ok 03-test_internal_namemap.t ......... ok 03-test_internal_poly1305.t ........ ok 03-test_internal_rsa_sp800_56b.t ... ok 03-test_internal_siphash.t ......... ok 03-test_internal_sm2.t ............. ok 03-test_internal_sm4.t ............. ok 03-test_internal_ssl_cert_table.t .. ok 03-test_internal_x509.t ............ ok 03-test_params_api.t ............... ok 03-test_property.t ................. ok 03-test_ui.t ....................... ok 04-test_asn1_decode.t .............. ok 04-test_asn1_encode.t .............. ok 04-test_asn1_string_table.t ........ ok 04-test_bio_callback.t ............. ok 04-test_bioprint.t ................. ok 04-test_conf.t ..................... ok 04-test_encoder_decoder.t .......... ok 04-test_encoder_decoder_legacy.t ... ok 04-test_err.t ...................... ok 04-test_hexstring.t ................ ok 04-test_param_build.t .............. ok 04-test_params.t ................... ok 04-test_params_conversion.t ........ ok 04-test_pem.t ...................... ok 04-test_pem_read_depr.t ............ ok 04-test_provider.t ................. ok 04-test_provider_fallback.t ........ ok 05-test_bf.t ....................... ok 05-test_cast.t ..................... ok 05-test_cmac.t ..................... ok 05-test_des.t ...................... ok 05-test_hmac.t ..................... ok 05-test_idea.t ..................... ok 05-test_rand.t ..................... ok 05-test_rc2.t ...................... ok 05-test_rc4.t ...................... ok 05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build 06-test-rdrand.t ................... ok 06-test_algorithmid.t .............. ok 10-test_bn.t ....................... ok 10-test_exp.t ...................... ok 15-test_dh.t ....................... ok 15-test_dsa.t ...................... ok 15-test_dsaparam.t ................. ok 15-test_ec.t ....................... ok 15-test_ecdsa.t .................... ok 15-test_ecparam.t .................. ok 15-test_gendh.t .................... ok 15-test_gendsa.t ................... ok 15-test_genec.t .................... ok 15-test_genrsa.t ................... ok 15-test_mp_rsa.t ................... ok 15-test_out_option.t ............... ok 15-test_rsa.t ...................... ok 15-test_rsaoaep.t .................. ok 15-test_rsapss.t ................... ok 20-test_app.t ...................... ok 20-test_cli_fips.t ................. ok 20-test_dgst.t ..................... ok 20-test_dhparam.t .................. ok 20-test_dhparam_check.t ............ ok make[1]: *** [Makefile:3280: _tests] Terminated make: *** [Makefile:3277: tests] Terminated From openssl at openssl.org Mon Mar 8 01:36:52 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 01:36:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoalginit Message-ID: <1615167412.920856.426846.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoalginit Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_seed.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_seed.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_seed.o ../openssl/providers/implementations/ciphers/cipher_seed.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o ../openssl/providers/implementations/ciphers/cipher_seed_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o ../openssl/providers/implementations/ciphers/cipher_tdes_common.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-md4_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-md4_prov.o -c -o providers/implementations/digests/liblegacy-lib-md4_prov.o ../openssl/providers/implementations/digests/md4_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-mdc2_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-mdc2_prov.o -c -o providers/implementations/digests/liblegacy-lib-mdc2_prov.o ../openssl/providers/implementations/digests/mdc2_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-ripemd_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-ripemd_prov.o -c -o providers/implementations/digests/liblegacy-lib-ripemd_prov.o ../openssl/providers/implementations/digests/ripemd_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-wp_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-wp_prov.o -c -o providers/implementations/digests/liblegacy-lib-wp_prov.o ../openssl/providers/implementations/digests/wp_prov.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-fipsprov.d.tmp -MT providers/fips/fips-dso-fipsprov.o -c -o providers/fips/fips-dso-fipsprov.o ../openssl/providers/fips/fipsprov.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-self_test.d.tmp -MT providers/fips/fips-dso-self_test.o -c -o providers/fips/fips-dso-self_test.o ../openssl/providers/fips/self_test.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-self_test_kats.d.tmp -MT providers/fips/fips-dso-self_test_kats.o -c -o providers/fips/fips-dso-self_test_kats.o ../openssl/providers/fips/self_test_kats.c /usr/bin/perl ../openssl/util/mkdef.pl --ordinals ../openssl/util/providers.num --name providers/fips --OS linux > providers/fips.ld clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/legacy-dso-legacyprov.d.tmp -MT providers/legacy-dso-legacyprov.o -c -o providers/legacy-dso-legacyprov.o ../openssl/providers/legacyprov.c /usr/bin/perl ../openssl/util/mkdef.pl --ordinals ../openssl/util/providers.num --name providers/legacy --OS linux > providers/legacy.ld /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPADLOCK_ASM -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o engines/libcrypto-lib-e_padlock-x86_64.o engines/e_padlock-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encode_key2any.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o -c -o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o ../openssl/providers/implementations/encode_decode/encode_key2any.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-ecdsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-ecdsa.o -c -o providers/implementations/signature/libimplementations-lib-ecdsa.o ../openssl/providers/implementations/signature/ecdsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-eddsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-eddsa.o -c -o providers/implementations/signature/libimplementations-lib-eddsa.o ../openssl/providers/implementations/signature/eddsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-sm2sig.d.tmp -MT providers/implementations/signature/libimplementations-lib-sm2sig.o -c -o providers/implementations/signature/libimplementations-lib-sm2sig.o ../openssl/providers/implementations/signature/sm2sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_key.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_key.o -c -o providers/common/der/libnonfips-lib-der_dsa_key.o ../openssl/providers/common/der/der_dsa_key.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_sig.o -c -o providers/common/der/libnonfips-lib-der_dsa_sig.o ../openssl/providers/common/der/der_dsa_sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_gen.o -c -o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/der_ec_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_key.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_key.o -c -o providers/common/der/libnonfips-lib-der_ec_key.o ../openssl/providers/common/der/der_ec_key.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_sig.o -c -o providers/common/der/libnonfips-lib-der_ec_sig.o ../openssl/providers/common/der/der_ec_sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ecx_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_ecx_gen.o -c -o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/der_ecx_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_rsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_rsa_gen.o -c -o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/der_rsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_sm2_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_sm2_gen.o -c -o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/der_sm2_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_wrap_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_wrap_gen.o -c -o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/der/der_wrap_gen.c rm -f libssl.a ar qc libssl.a crypto/libssl-lib-packet.o ssl/libssl-lib-bio_ssl.o ssl/libssl-lib-d1_lib.o ssl/libssl-lib-d1_msg.o ssl/libssl-lib-d1_srtp.o ssl/libssl-lib-methods.o ssl/libssl-lib-pqueue.o ssl/libssl-lib-s3_cbc.o ssl/libssl-lib-s3_enc.o ssl/libssl-lib-s3_lib.o ssl/libssl-lib-s3_msg.o ssl/libssl-lib-ssl_asn1.o ssl/libssl-lib-ssl_cert.o ssl/libssl-lib-ssl_ciph.o ssl/libssl-lib-ssl_conf.o ssl/libssl-lib-ssl_err.o ssl/libssl-lib-ssl_err_legacy.o ssl/libssl-lib-ssl_init.o ssl/libssl-lib-ssl_lib.o ssl/libssl-lib-ssl_mcnf.o ssl/libssl-lib-ssl_rsa.o ssl/libssl-lib-ssl_rsa_legacy.o ssl/libssl-lib-ssl_sess.o ssl/libssl-lib-ssl_stat.o ssl/libssl-lib-ssl_txt.o ssl/libssl-lib-ssl_utst.o ssl/libssl-lib-t1_enc.o ssl/libssl-lib-t1_lib.o ssl/libssl-lib-t1_trce.o ssl/libssl-lib-tls13_enc.o ssl/libssl-lib-tls_depr.o ssl/libssl-lib-tls_srp.o ssl/record/libssl-lib-dtls1_bitmap.o ssl/record/libssl-lib-rec_layer_d1.o ssl/record/libssl-lib-rec_layer_s3.o ssl/record/libssl-lib-ssl3_buffer.o ssl/record/libssl-lib-ssl3_record.o ssl/record/libssl-lib-ssl3_record_tls13.o ssl/record/libssl-lib-tls_pad.o ssl/statem/libssl-lib-extensions.o ssl/statem/libssl-lib-extensions_clnt.o ssl/statem/libssl-lib-extensions_cust.o ssl/statem/libssl-lib-extensions_srvr.o ssl/statem/libssl-lib-statem.o ssl/statem/libssl-lib-statem_clnt.o ssl/statem/libssl-lib-statem_dtls.o ssl/statem/libssl-lib-statem_lib.o ssl/statem/libssl-lib-statem_srvr.o rm -f providers/libfips.a ar qc providers/libfips.a crypto/aes/libfips-lib-aes-x86_64.o crypto/aes/libfips-lib-aes_ecb.o crypto/aes/libfips-lib-aes_misc.o crypto/aes/libfips-lib-aesni-mb-x86_64.o crypto/aes/libfips-lib-aesni-sha1-x86_64.o crypto/aes/libfips-lib-aesni-sha256-x86_64.o crypto/aes/libfips-lib-aesni-x86_64.o crypto/aes/libfips-lib-bsaes-x86_64.o crypto/aes/libfips-lib-vpaes-x86_64.o crypto/bn/asm/libfips-lib-x86_64-gcc.o crypto/bn/libfips-lib-bn_add.o crypto/bn/libfips-lib-bn_blind.o crypto/bn/libfips-lib-bn_const.o crypto/bn/libfips-lib-bn_conv.o crypto/bn/libfips-lib-bn_ctx.o crypto/bn/libfips-lib-bn_dh.o crypto/bn/libfips-lib-bn_div.o crypto/bn/libfips-lib-bn_exp.o crypto/bn/libfips-lib-bn_exp2.o crypto/bn/libfips-lib-bn_gcd.o crypto/bn/libfips-lib-bn_gf2m.o crypto/bn/libfips-lib-bn_intern.o crypto/bn/libfips-lib-bn_kron.o crypto/bn/libfips-lib-bn_lib.o crypto/bn/libfips-lib-bn_mod.o crypto/bn/libfips-lib-bn_mont.o crypto/bn/libfips-lib-bn_mpi.o crypto/bn/libfips-lib-bn_mul.o crypto/bn/libfips-lib-bn_nist.o crypto/bn/libfips-lib-bn_prime.o crypto/bn/libfips-lib-bn_rand.o crypto/bn/libfips-lib-bn_recp.o crypto/bn/libfips-lib-bn_rsa_fips186_4.o crypto/bn/libfips-lib-bn_shift.o crypto/bn/libfips-lib-bn_sqr.o crypto/bn/libfips-lib-bn_sqrt.o crypto/bn/libfips-lib-bn_word.o crypto/bn/libfips-lib-rsaz-avx2.o crypto/bn/libfips-lib-rsaz-x86_64.o crypto/bn/libfips-lib-rsaz_exp.o crypto/bn/libfips-lib-x86_64-gf2m.o crypto/bn/libfips-lib-x86_64-mont.o crypto/bn/libfips-lib-x86_64-mont5.o crypto/buffer/libfips-lib-buffer.o crypto/cmac/libfips-lib-cmac.o crypto/des/libfips-lib-des_enc.o crypto/des/libfips-lib-ecb3_enc.o crypto/des/libfips-lib-fcrypt_b.o crypto/des/libfips-lib-set_key.o crypto/dh/libfips-lib-dh_backend.o crypto/dh/libfips-lib-dh_check.o crypto/dh/libfips-lib-dh_gen.o crypto/dh/libfips-lib-dh_group_params.o crypto/dh/libfips-lib-dh_kdf.o crypto/dh/libfips-lib-dh_key.o crypto/dh/libfips-lib-dh_lib.o crypto/dsa/libfips-lib-dsa_backend.o crypto/dsa/libfips-lib-dsa_check.o crypto/dsa/libfips-lib-dsa_gen.o crypto/dsa/libfips-lib-dsa_key.o crypto/dsa/libfips-lib-dsa_lib.o crypto/dsa/libfips-lib-dsa_ossl.o crypto/dsa/libfips-lib-dsa_sign.o crypto/dsa/libfips-lib-dsa_vrf.o crypto/ec/curve448/arch_32/libfips-lib-f_impl.o crypto/ec/curve448/libfips-lib-curve448.o crypto/ec/curve448/libfips-lib-curve448_tables.o crypto/ec/curve448/libfips-lib-eddsa.o crypto/ec/curve448/libfips-lib-f_generic.o crypto/ec/curve448/libfips-lib-scalar.o crypto/ec/libfips-lib-curve25519.o crypto/ec/libfips-lib-ec2_oct.o crypto/ec/libfips-lib-ec2_smpl.o crypto/ec/libfips-lib-ec_asn1.o crypto/ec/libfips-lib-ec_backend.o crypto/ec/libfips-lib-ec_check.o crypto/ec/libfips-lib-ec_curve.o crypto/ec/libfips-lib-ec_cvt.o crypto/ec/libfips-lib-ec_deprecated.o crypto/ec/libfips-lib-ec_key.o crypto/ec/libfips-lib-ec_kmeth.o crypto/ec/libfips-lib-ec_lib.o crypto/ec/libfips-lib-ec_mult.o crypto/ec/libfips-lib-ec_oct.o crypto/ec/libfips-lib-ec_print.o crypto/ec/libfips-lib-ecdh_kdf.o crypto/ec/libfips-lib-ecdh_ossl.o crypto/ec/libfips-lib-ecdsa_ossl.o crypto/ec/libfips-lib-ecdsa_sign.o crypto/ec/libfips-lib-ecdsa_vrf.o crypto/ec/libfips-lib-ecp_mont.o crypto/ec/libfips-lib-ecp_nist.o crypto/ec/libfips-lib-ecp_nistz256-x86_64.o crypto/ec/libfips-lib-ecp_nistz256.o crypto/ec/libfips-lib-ecp_oct.o crypto/ec/libfips-lib-ecp_smpl.o crypto/ec/libfips-lib-ecx_backend.o crypto/ec/libfips-lib-ecx_key.o crypto/ec/libfips-lib-x25519-x86_64.o crypto/evp/libfips-lib-asymcipher.o crypto/evp/libfips-lib-cmeth_lib.o crypto/evp/libfips-lib-dh_support.o crypto/evp/libfips-lib-digest.o crypto/evp/libfips-lib-ec_support.o crypto/evp/libfips-lib-evp_enc.o crypto/evp/libfips-lib-evp_fetch.o crypto/evp/libfips-lib-evp_lib.o crypto/evp/libfips-lib-evp_rand.o crypto/evp/libfips-lib-evp_utils.o crypto/evp/libfips-lib-exchange.o crypto/evp/libfips-lib-kdf_lib.o crypto/evp/libfips-lib-kdf_meth.o crypto/evp/libfips-lib-kem.o crypto/evp/libfips-lib-keymgmt_lib.o crypto/evp/libfips-lib-keymgmt_meth.o crypto/evp/libfips-lib-m_sigver.o crypto/evp/libfips-lib-mac_lib.o crypto/evp/libfips-lib-mac_meth.o crypto/evp/libfips-lib-p_lib.o crypto/evp/libfips-lib-pmeth_check.o crypto/evp/libfips-lib-pmeth_gn.o crypto/evp/libfips-lib-pmeth_lib.o crypto/evp/libfips-lib-signature.o crypto/ffc/libfips-lib-ffc_backend.o crypto/ffc/libfips-lib-ffc_dh.o crypto/ffc/libfips-lib-ffc_key_generate.o crypto/ffc/libfips-lib-ffc_key_validate.o crypto/ffc/libfips-lib-ffc_params.o crypto/ffc/libfips-lib-ffc_params_generate.o crypto/ffc/libfips-lib-ffc_params_validate.o crypto/hmac/libfips-lib-hmac.o crypto/lhash/libfips-lib-lhash.o crypto/libfips-lib-asn1_dsa.o crypto/libfips-lib-bsearch.o crypto/libfips-lib-context.o crypto/libfips-lib-core_algorithm.o crypto/libfips-lib-core_fetch.o crypto/libfips-lib-core_namemap.o crypto/libfips-lib-cryptlib.o crypto/libfips-lib-ctype.o crypto/libfips-lib-der_writer.o crypto/libfips-lib-ex_data.o crypto/libfips-lib-initthread.o crypto/libfips-lib-o_str.o crypto/libfips-lib-packet.o crypto/libfips-lib-param_build.o crypto/libfips-lib-param_build_set.o crypto/libfips-lib-params.o crypto/libfips-lib-params_from_text.o crypto/libfips-lib-passphrase.o crypto/libfips-lib-provider_core.o crypto/libfips-lib-provider_predefined.o crypto/libfips-lib-self_test_core.o crypto/libfips-lib-sparse_array.o crypto/libfips-lib-threads_lib.o crypto/libfips-lib-threads_none.o crypto/libfips-lib-threads_pthread.o crypto/libfips-lib-threads_win.o crypto/libfips-lib-x86_64cpuid.o crypto/modes/libfips-lib-aesni-gcm-x86_64.o crypto/modes/libfips-lib-cbc128.o crypto/modes/libfips-lib-ccm128.o crypto/modes/libfips-lib-cfb128.o crypto/modes/libfips-lib-ctr128.o crypto/modes/libfips-lib-gcm128.o crypto/modes/libfips-lib-ghash-x86_64.o crypto/modes/libfips-lib-ofb128.o crypto/modes/libfips-lib-wrap128.o crypto/modes/libfips-lib-xts128.o crypto/property/libfips-lib-defn_cache.o crypto/property/libfips-lib-property.o crypto/property/libfips-lib-property_parse.o crypto/property/libfips-lib-property_string.o crypto/rand/libfips-lib-rand_lib.o crypto/rand/libfips-lib-rand_meth.o crypto/rsa/libfips-lib-rsa_acvp_test_params.o crypto/rsa/libfips-lib-rsa_backend.o crypto/rsa/libfips-lib-rsa_chk.o crypto/rsa/libfips-lib-rsa_crpt.o crypto/rsa/libfips-lib-rsa_gen.o crypto/rsa/libfips-lib-rsa_lib.o crypto/rsa/libfips-lib-rsa_mp_names.o crypto/rsa/libfips-lib-rsa_none.o crypto/rsa/libfips-lib-rsa_oaep.o crypto/rsa/libfips-lib-rsa_ossl.o crypto/rsa/libfips-lib-rsa_pk1.o crypto/rsa/libfips-lib-rsa_pss.o crypto/rsa/libfips-lib-rsa_schemes.o crypto/rsa/libfips-lib-rsa_sign.o crypto/rsa/libfips-lib-rsa_sp800_56b_check.o crypto/rsa/libfips-lib-rsa_sp800_56b_gen.o crypto/rsa/libfips-lib-rsa_x931.o crypto/sha/libfips-lib-keccak1600-x86_64.o crypto/sha/libfips-lib-sha1-mb-x86_64.o crypto/sha/libfips-lib-sha1-x86_64.o crypto/sha/libfips-lib-sha1dgst.o crypto/sha/libfips-lib-sha256-mb-x86_64.o crypto/sha/libfips-lib-sha256-x86_64.o crypto/sha/libfips-lib-sha256.o crypto/sha/libfips-lib-sha3.o crypto/sha/libfips-lib-sha512-x86_64.o crypto/sha/libfips-lib-sha512.o crypto/stack/libfips-lib-stack.o providers/common/der/libfips-lib-der_digests_gen.o providers/common/der/libfips-lib-der_dsa_gen.o providers/common/der/libfips-lib-der_dsa_key.o providers/common/der/libfips-lib-der_dsa_sig.o providers/common/der/libfips-lib-der_ec_gen.o providers/common/der/libfips-lib-der_ec_key.o providers/common/der/libfips-lib-der_ec_sig.o providers/common/der/libfips-lib-der_ecx_gen.o providers/common/der/libfips-lib-der_ecx_key.o providers/common/der/libfips-lib-der_rsa_gen.o providers/common/der/libfips-lib-der_rsa_key.o providers/common/der/libfips-lib-der_rsa_sig.o providers/common/der/libfips-lib-der_sm2_gen.o providers/common/der/libfips-lib-der_sm2_key.o providers/common/der/libfips-lib-der_sm2_sig.o providers/common/der/libfips-lib-der_wrap_gen.o providers/common/libfips-lib-bio_prov.o providers/common/libfips-lib-capabilities.o providers/common/libfips-lib-digest_to_nid.o providers/common/libfips-lib-provider_seeding.o providers/common/libfips-lib-provider_util.o providers/common/libfips-lib-securitycheck.o providers/common/libfips-lib-securitycheck_fips.o providers/implementations/ciphers/libfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libfips-lib-rsa_kmgmt.o providers/implementations/rands/libfips-lib-crngt.o providers/implementations/rands/libfips-lib-drbg.o providers/implementations/rands/libfips-lib-drbg_ctr.o providers/implementations/rands/libfips-lib-drbg_hash.o providers/implementations/rands/libfips-lib-drbg_hmac.o providers/implementations/rands/libfips-lib-test_rng.o providers/implementations/signature/libfips-lib-mac_legacy.o providers/implementations/signature/libfips-lib-rsa.o ranlib libssl.a || echo Never mind. rm -f providers/libimplementations.a ar qc providers/libimplementations.a crypto/md5/libimplementations-lib-md5-x86_64.o crypto/md5/libimplementations-lib-md5_dgst.o crypto/md5/libimplementations-lib-md5_one.o crypto/md5/libimplementations-lib-md5_sha1.o providers/implementations/asymciphers/libimplementations-lib-rsa_enc.o providers/implementations/asymciphers/libimplementations-lib-sm2_enc.o providers/implementations/ciphers/libimplementations-lib-cipher_aes.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha1_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha256_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_wrp.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_null.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_common.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o providers/implementations/digests/libimplementations-lib-blake2_prov.o providers/implementations/digests/libimplementations-lib-blake2b_prov.o providers/implementations/digests/libimplementations-lib-blake2s_prov.o providers/implementations/digests/libimplementations-lib-md5_prov.o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o providers/implementations/digests/libimplementations-lib-sha2_prov.o providers/implementations/digests/libimplementations-lib-sha3_prov.o providers/implementations/digests/libimplementations-lib-sm3_prov.o providers/implementations/encode_decode/libimplementations-lib-decode_der2key.o providers/implementations/encode_decode/libimplementations-lib-decode_ms2key.o providers/implementations/encode_decode/libimplementations-lib-decode_pem2der.o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o providers/implementations/encode_decode/libimplementations-lib-encode_key2blob.o providers/implementations/encode_decode/libimplementations-lib-encode_key2ms.o providers/implementations/encode_decode/libimplementations-lib-encode_key2text.o providers/implementations/encode_decode/libimplementations-lib-endecoder_common.o providers/implementations/exchange/libimplementations-lib-dh_exch.o providers/implementations/exchange/libimplementations-lib-ecdh_exch.o providers/implementations/exchange/libimplementations-lib-ecx_exch.o providers/implementations/exchange/libimplementations-lib-kdf_exch.o providers/implementations/kdfs/libimplementations-lib-hkdf.o providers/implementations/kdfs/libimplementations-lib-kbkdf.o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o providers/implementations/kdfs/libimplementations-lib-pkcs12kdf.o providers/implementations/kdfs/libimplementations-lib-scrypt.o providers/implementations/kdfs/libimplementations-lib-sshkdf.o providers/implementations/kdfs/libimplementations-lib-sskdf.o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o providers/implementations/kdfs/libimplementations-lib-x942kdf.o providers/implementations/kem/libimplementations-lib-rsa_kem.o providers/implementations/keymgmt/libimplementations-lib-ecx_kmgmt.o providers/implementations/keymgmt/libimplementations-lib-kdf_legacy_kmgmt.o providers/implementations/macs/libimplementations-lib-blake2b_mac.o providers/implementations/macs/libimplementations-lib-blake2s_mac.o providers/implementations/macs/libimplementations-lib-cmac_prov.o providers/implementations/macs/libimplementations-lib-gmac_prov.o providers/implementations/macs/libimplementations-lib-hmac_prov.o providers/implementations/macs/libimplementations-lib-kmac_prov.o providers/implementations/macs/libimplementations-lib-poly1305_prov.o providers/implementations/macs/libimplementations-lib-siphash_prov.o providers/implementations/signature/libimplementations-lib-dsa.o providers/implementations/signature/libimplementations-lib-ecdsa.o providers/implementations/signature/libimplementations-lib-eddsa.o providers/implementations/signature/libimplementations-lib-sm2sig.o providers/implementations/storemgmt/libimplementations-lib-file_store.o providers/implementations/storemgmt/libimplementations-lib-file_store_der2obj.o ssl/libimplementations-lib-s3_cbc.o rm -f providers/liblegacy.a ar qc providers/liblegacy.a crypto/bn/asm/liblegacy-lib-x86_64-gcc.o crypto/bn/liblegacy-lib-rsaz-avx2.o crypto/bn/liblegacy-lib-rsaz-x86_64.o crypto/bn/liblegacy-lib-rsaz_exp.o crypto/bn/liblegacy-lib-x86_64-gf2m.o crypto/bn/liblegacy-lib-x86_64-mont.o crypto/bn/liblegacy-lib-x86_64-mont5.o crypto/des/liblegacy-lib-des_enc.o crypto/des/liblegacy-lib-fcrypt_b.o crypto/liblegacy-lib-asn1_dsa.o crypto/liblegacy-lib-bsearch.o crypto/liblegacy-lib-context.o crypto/liblegacy-lib-cryptlib.o crypto/liblegacy-lib-ctype.o crypto/liblegacy-lib-der_writer.o crypto/liblegacy-lib-ex_data.o crypto/liblegacy-lib-initthread.o crypto/liblegacy-lib-o_str.o crypto/liblegacy-lib-packet.o crypto/liblegacy-lib-param_build.o crypto/liblegacy-lib-param_build_set.o crypto/liblegacy-lib-params.o crypto/liblegacy-lib-params_from_text.o crypto/liblegacy-lib-passphrase.o crypto/liblegacy-lib-sparse_array.o crypto/liblegacy-lib-threads_lib.o crypto/liblegacy-lib-threads_none.o crypto/liblegacy-lib-threads_pthread.o crypto/liblegacy-lib-threads_win.o crypto/liblegacy-lib-x86_64cpuid.o crypto/md5/liblegacy-lib-md5-x86_64.o crypto/md5/liblegacy-lib-md5_dgst.o crypto/md5/liblegacy-lib-md5_one.o crypto/md5/liblegacy-lib-md5_sha1.o crypto/property/liblegacy-lib-defn_cache.o crypto/property/liblegacy-lib-property.o crypto/property/liblegacy-lib-property_parse.o crypto/property/liblegacy-lib-property_string.o providers/implementations/ciphers/liblegacy-lib-cipher_blowfish.o providers/implementations/ciphers/liblegacy-lib-cipher_blowfish_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_cast5.o providers/implementations/ciphers/liblegacy-lib-cipher_cast5_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_des.o providers/implementations/ciphers/liblegacy-lib-cipher_des_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_desx.o providers/implementations/ciphers/liblegacy-lib-cipher_desx_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_idea.o providers/implementations/ciphers/liblegacy-lib-cipher_idea_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc2.o providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_seed.o providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o providers/implementations/digests/liblegacy-lib-md4_prov.o providers/implementations/digests/liblegacy-lib-mdc2_prov.o providers/implementations/digests/liblegacy-lib-ripemd_prov.o providers/implementations/digests/liblegacy-lib-wp_prov.o ranlib providers/libimplementations.a || echo Never mind. ranlib providers/libfips.a || echo Never mind. ranlib providers/liblegacy.a || echo Never mind. rm -f libcrypto.a rm -f providers/libnonfips.a ar qc libcrypto.a crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/libcrypto-lib-aes_cfb.o crypto/aes/libcrypto-lib-aes_ecb.o crypto/aes/libcrypto-lib-aes_ige.o crypto/aes/libcrypto-lib-aes_misc.o crypto/aes/libcrypto-lib-aes_ofb.o crypto/aes/libcrypto-lib-aes_wrap.o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aria/libcrypto-lib-aria.o crypto/asn1/libcrypto-lib-a_bitstr.o crypto/asn1/libcrypto-lib-a_d2i_fp.o crypto/asn1/libcrypto-lib-a_digest.o crypto/asn1/libcrypto-lib-a_dup.o crypto/asn1/libcrypto-lib-a_gentm.o crypto/asn1/libcrypto-lib-a_i2d_fp.o crypto/asn1/libcrypto-lib-a_int.o crypto/asn1/libcrypto-lib-a_mbstr.o crypto/asn1/libcrypto-lib-a_object.o crypto/asn1/libcrypto-lib-a_octet.o crypto/asn1/libcrypto-lib-a_print.o crypto/asn1/libcrypto-lib-a_sign.o crypto/asn1/libcrypto-lib-a_strex.o crypto/asn1/libcrypto-lib-a_strnid.o crypto/asn1/libcrypto-lib-a_time.o crypto/asn1/libcrypto-lib-a_type.o crypto/asn1/libcrypto-lib-a_utctm.o crypto/asn1/libcrypto-lib-a_utf8.o crypto/asn1/libcrypto-lib-a_verify.o crypto/asn1/libcrypto-lib-ameth_lib.o crypto/asn1/libcrypto-lib-asn1_err.o crypto/asn1/libcrypto-lib-asn1_gen.o crypto/asn1/libcrypto-lib-asn1_item_list.o crypto/asn1/libcrypto-lib-asn1_lib.o crypto/asn1/libcrypto-lib-asn1_par.o crypto/asn1/libcrypto-lib-asn_mime.o crypto/asn1/libcrypto-lib-asn_moid.o crypto/asn1/libcrypto-lib-asn_mstbl.o crypto/asn1/libcrypto-lib-asn_pack.o crypto/asn1/libcrypto-lib-bio_asn1.o crypto/asn1/libcrypto-lib-bio_ndef.o crypto/asn1/libcrypto-lib-d2i_param.o crypto/asn1/libcrypto-lib-d2i_pr.o crypto/asn1/libcrypto-lib-d2i_pu.o crypto/asn1/libcrypto-lib-evp_asn1.o crypto/asn1/libcrypto-lib-f_int.o crypto/asn1/libcrypto-lib-f_string.o crypto/asn1/libcrypto-lib-i2d_evp.o crypto/asn1/libcrypto-lib-n_pkey.o crypto/asn1/libcrypto-lib-nsseq.o crypto/asn1/libcrypto-lib-p5_pbe.o crypto/asn1/libcrypto-lib-p5_pbev2.o crypto/asn1/libcrypto-lib-p5_scrypt.o crypto/asn1/libcrypto-lib-p8_pkey.o crypto/asn1/libcrypto-lib-t_bitst.o crypto/asn1/libcrypto-lib-t_pkey.o crypto/asn1/libcrypto-lib-t_spki.o crypto/asn1/libcrypto-lib-tasn_dec.o crypto/asn1/libcrypto-lib-tasn_enc.o crypto/asn1/libcrypto-lib-tasn_fre.o crypto/asn1/libcrypto-lib-tasn_new.o crypto/asn1/libcrypto-lib-tasn_prn.o crypto/asn1/libcrypto-lib-tasn_scn.o crypto/asn1/libcrypto-lib-tasn_typ.o crypto/asn1/libcrypto-lib-tasn_utl.o crypto/asn1/libcrypto-lib-x_algor.o crypto/asn1/libcrypto-lib-x_bignum.o crypto/asn1/libcrypto-lib-x_info.o crypto/asn1/libcrypto-lib-x_int64.o crypto/asn1/libcrypto-lib-x_long.o crypto/asn1/libcrypto-lib-x_pkey.o crypto/asn1/libcrypto-lib-x_sig.o crypto/asn1/libcrypto-lib-x_spki.o crypto/asn1/libcrypto-lib-x_val.o crypto/async/arch/libcrypto-lib-async_null.o crypto/async/arch/libcrypto-lib-async_posix.o crypto/async/arch/libcrypto-lib-async_win.o crypto/async/libcrypto-lib-async.o crypto/async/libcrypto-lib-async_err.o crypto/async/libcrypto-lib-async_wait.o crypto/bf/libcrypto-lib-bf_cfb64.o crypto/bf/libcrypto-lib-bf_ecb.o crypto/bf/libcrypto-lib-bf_enc.o crypto/bf/libcrypto-lib-bf_ofb64.o crypto/bf/libcrypto-lib-bf_skey.o crypto/bio/libcrypto-lib-b_addr.o crypto/bio/libcrypto-lib-b_dump.o crypto/bio/libcrypto-lib-b_print.o crypto/bio/libcrypto-lib-b_sock.o crypto/bio/libcrypto-lib-b_sock2.o crypto/bio/libcrypto-lib-bf_buff.o crypto/bio/libcrypto-lib-bf_lbuf.o crypto/bio/libcrypto-lib-bf_nbio.o crypto/bio/libcrypto-lib-bf_null.o crypto/bio/libcrypto-lib-bf_prefix.o crypto/bio/libcrypto-lib-bio_cb.o crypto/bio/libcrypto-lib-bio_err.o crypto/bio/libcrypto-lib-bio_lib.o crypto/bio/libcrypto-lib-bio_meth.o crypto/bio/libcrypto-lib-bss_acpt.o crypto/bio/libcrypto-lib-bss_bio.o crypto/bio/libcrypto-lib-bss_conn.o crypto/bio/libcrypto-lib-bss_dgram.o crypto/bio/libcrypto-lib-bss_fd.o crypto/bio/libcrypto-lib-bss_file.o crypto/bio/libcrypto-lib-bss_log.o crypto/bio/libcrypto-lib-bss_mem.o crypto/bio/libcrypto-lib-bss_null.o crypto/bio/libcrypto-lib-bss_sock.o crypto/bn/asm/libcrypto-lib-x86_64-gcc.o crypto/bn/libcrypto-lib-bn_add.o crypto/bn/libcrypto-lib-bn_blind.o crypto/bn/libcrypto-lib-bn_const.o crypto/bn/libcrypto-lib-bn_conv.o crypto/bn/libcrypto-lib-bn_ctx.o crypto/bn/libcrypto-lib-bn_depr.o crypto/bn/libcrypto-lib-bn_dh.o crypto/bn/libcrypto-lib-bn_div.o crypto/bn/libcrypto-lib-bn_err.o crypto/bn/libcrypto-lib-bn_exp.o crypto/bn/libcrypto-lib-bn_exp2.o crypto/bn/libcrypto-lib-bn_gcd.o crypto/bn/libcrypto-lib-bn_gf2m.o crypto/bn/libcrypto-lib-bn_intern.o crypto/bn/libcrypto-lib-bn_kron.o crypto/bn/libcrypto-lib-bn_lib.o crypto/bn/libcrypto-lib-bn_mod.o crypto/bn/libcrypto-lib-bn_mont.o crypto/bn/libcrypto-lib-bn_mpi.o crypto/bn/libcrypto-lib-bn_mul.o crypto/bn/libcrypto-lib-bn_nist.o crypto/bn/libcrypto-lib-bn_prime.o crypto/bn/libcrypto-lib-bn_print.o crypto/bn/libcrypto-lib-bn_rand.o crypto/bn/libcrypto-lib-bn_recp.o crypto/bn/libcrypto-lib-bn_rsa_fips186_4.o crypto/bn/libcrypto-lib-bn_shift.o crypto/bn/libcrypto-lib-bn_sqr.o crypto/bn/libcrypto-lib-bn_sqrt.o crypto/bn/libcrypto-lib-bn_srp.o crypto/bn/libcrypto-lib-bn_word.o crypto/bn/libcrypto-lib-bn_x931p.o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/libcrypto-lib-rsaz_exp.o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/buffer/libcrypto-lib-buf_err.o crypto/buffer/libcrypto-lib-buffer.o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/libcrypto-lib-cmll_cfb.o crypto/camellia/libcrypto-lib-cmll_ctr.o crypto/camellia/libcrypto-lib-cmll_ecb.o crypto/camellia/libcrypto-lib-cmll_misc.o crypto/camellia/libcrypto-lib-cmll_ofb.o crypto/cast/libcrypto-lib-c_cfb64.o crypto/cast/libcrypto-lib-c_ecb.o crypto/cast/libcrypto-lib-c_enc.o crypto/cast/libcrypto-lib-c_ofb64.o crypto/cast/libcrypto-lib-c_skey.o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/cmac/libcrypto-lib-cmac.o crypto/cmp/libcrypto-lib-cmp_asn.o crypto/cmp/libcrypto-lib-cmp_client.o crypto/cmp/libcrypto-lib-cmp_ctx.o crypto/cmp/libcrypto-lib-cmp_err.o crypto/cmp/libcrypto-lib-cmp_hdr.o crypto/cmp/libcrypto-lib-cmp_http.o crypto/cmp/libcrypto-lib-cmp_msg.o crypto/cmp/libcrypto-lib-cmp_protect.o crypto/cmp/libcrypto-lib-cmp_server.o crypto/cmp/libcrypto-lib-cmp_status.o crypto/cmp/libcrypto-lib-cmp_util.o crypto/cmp/libcrypto-lib-cmp_vfy.o crypto/cms/libcrypto-lib-cms_asn1.o crypto/cms/libcrypto-lib-cms_att.o crypto/cms/libcrypto-lib-cms_cd.o crypto/cms/libcrypto-lib-cms_dd.o crypto/cms/libcrypto-lib-cms_dh.o crypto/cms/libcrypto-lib-cms_ec.o crypto/cms/libcrypto-lib-cms_enc.o crypto/cms/libcrypto-lib-cms_env.o crypto/cms/libcrypto-lib-cms_err.o crypto/cms/libcrypto-lib-cms_ess.o crypto/cms/libcrypto-lib-cms_io.o crypto/cms/libcrypto-lib-cms_kari.o crypto/cms/libcrypto-lib-cms_lib.o crypto/cms/libcrypto-lib-cms_pwri.o crypto/cms/libcrypto-lib-cms_rsa.o crypto/cms/libcrypto-lib-cms_sd.o crypto/cms/libcrypto-lib-cms_smime.o crypto/comp/libcrypto-lib-c_zlib.o crypto/comp/libcrypto-lib-comp_err.o crypto/comp/libcrypto-lib-comp_lib.o crypto/conf/libcrypto-lib-conf_api.o crypto/conf/libcrypto-lib-conf_def.o crypto/conf/libcrypto-lib-conf_err.o crypto/conf/libcrypto-lib-conf_lib.o crypto/conf/libcrypto-lib-conf_mall.o crypto/conf/libcrypto-lib-conf_mod.o crypto/conf/libcrypto-lib-conf_sap.o crypto/conf/libcrypto-lib-conf_ssl.o crypto/crmf/libcrypto-lib-crmf_asn.o crypto/crmf/libcrypto-lib-crmf_err.o crypto/crmf/libcrypto-lib-crmf_lib.o crypto/crmf/libcrypto-lib-crmf_pbm.o crypto/ct/libcrypto-lib-ct_b64.o crypto/ct/libcrypto-lib-ct_err.o crypto/ct/libcrypto-lib-ct_log.o crypto/ct/libcrypto-lib-ct_oct.o crypto/ct/libcrypto-lib-ct_policy.o crypto/ct/libcrypto-lib-ct_prn.o crypto/ct/libcrypto-lib-ct_sct.o crypto/ct/libcrypto-lib-ct_sct_ctx.o crypto/ct/libcrypto-lib-ct_vfy.o crypto/ct/libcrypto-lib-ct_x509v3.o crypto/des/libcrypto-lib-cbc_cksm.o crypto/des/libcrypto-lib-cbc_enc.o crypto/des/libcrypto-lib-cfb64ede.o crypto/des/libcrypto-lib-cfb64enc.o crypto/des/libcrypto-lib-cfb_enc.o crypto/des/libcrypto-lib-des_enc.o crypto/des/libcrypto-lib-ecb3_enc.o crypto/des/libcrypto-lib-ecb_enc.o crypto/des/libcrypto-lib-fcrypt.o crypto/des/libcrypto-lib-fcrypt_b.o crypto/des/libcrypto-lib-ofb64ede.o crypto/des/libcrypto-lib-ofb64enc.o crypto/des/libcrypto-lib-ofb_enc.o crypto/des/libcrypto-lib-pcbc_enc.o crypto/des/libcrypto-lib-qud_cksm.o crypto/des/libcrypto-lib-rand_key.o crypto/des/libcrypto-lib-set_key.o crypto/des/libcrypto-lib-str2key.o crypto/des/libcrypto-lib-xcbc_enc.o crypto/dh/libcrypto-lib-dh_ameth.o crypto/dh/libcrypto-lib-dh_asn1.o crypto/dh/libcrypto-lib-dh_backend.o crypto/dh/libcrypto-lib-dh_check.o crypto/dh/libcrypto-lib-dh_depr.o crypto/dh/libcrypto-lib-dh_err.o crypto/dh/libcrypto-lib-dh_gen.o crypto/dh/libcrypto-lib-dh_group_params.o crypto/dh/libcrypto-lib-dh_kdf.o crypto/dh/libcrypto-lib-dh_key.o crypto/dh/libcrypto-lib-dh_lib.o crypto/dh/libcrypto-lib-dh_meth.o crypto/dh/libcrypto-lib-dh_pmeth.o crypto/dh/libcrypto-lib-dh_prn.o crypto/dh/libcrypto-lib-dh_rfc5114.o crypto/dsa/libcrypto-lib-dsa_ameth.o crypto/dsa/libcrypto-lib-dsa_asn1.o crypto/dsa/libcrypto-lib-dsa_backend.o crypto/dsa/libcrypto-lib-dsa_check.o crypto/dsa/libcrypto-lib-dsa_depr.o crypto/dsa/libcrypto-lib-dsa_err.o crypto/dsa/libcrypto-lib-dsa_gen.o crypto/dsa/libcrypto-lib-dsa_key.o crypto/dsa/libcrypto-lib-dsa_lib.o crypto/dsa/libcrypto-lib-dsa_meth.o crypto/dsa/libcrypto-lib-dsa_ossl.o crypto/dsa/libcrypto-lib-dsa_pmeth.o crypto/dsa/libcrypto-lib-dsa_prn.o crypto/dsa/libcrypto-lib-dsa_sign.o crypto/dsa/libcrypto-lib-dsa_vrf.o crypto/dso/libcrypto-lib-dso_dl.o crypto/dso/libcrypto-lib-dso_dlfcn.o crypto/dso/libcrypto-lib-dso_err.o crypto/dso/libcrypto-lib-dso_lib.o crypto/dso/libcrypto-lib-dso_openssl.o crypto/dso/libcrypto-lib-dso_vms.o crypto/dso/libcrypto-lib-dso_win32.o crypto/ec/curve448/arch_32/libcrypto-lib-f_impl.o crypto/ec/curve448/libcrypto-lib-curve448.o crypto/ec/curve448/libcrypto-lib-curve448_tables.o crypto/ec/curve448/libcrypto-lib-eddsa.o crypto/ec/curve448/libcrypto-lib-f_generic.o crypto/ec/curve448/libcrypto-lib-scalar.o crypto/ec/libcrypto-lib-curve25519.o crypto/ec/libcrypto-lib-ec2_oct.o crypto/ec/libcrypto-lib-ec2_smpl.o crypto/ec/libcrypto-lib-ec_ameth.o crypto/ec/libcrypto-lib-ec_asn1.o crypto/ec/libcrypto-lib-ec_backend.o crypto/ec/libcrypto-lib-ec_check.o crypto/ec/libcrypto-lib-ec_curve.o crypto/ec/libcrypto-lib-ec_cvt.o crypto/ec/libcrypto-lib-ec_deprecated.o crypto/ec/libcrypto-lib-ec_err.o crypto/ec/libcrypto-lib-ec_key.o crypto/ec/libcrypto-lib-ec_kmeth.o crypto/ec/libcrypto-lib-ec_lib.o crypto/ec/libcrypto-lib-ec_mult.o crypto/ec/libcrypto-lib-ec_oct.o crypto/ec/libcrypto-lib-ec_pmeth.o crypto/ec/libcrypto-lib-ec_print.o crypto/ec/libcrypto-lib-ecdh_kdf.o crypto/ec/libcrypto-lib-ecdh_ossl.o crypto/ec/libcrypto-lib-ecdsa_ossl.o crypto/ec/libcrypto-lib-ecdsa_sign.o crypto/ec/libcrypto-lib-ecdsa_vrf.o crypto/ec/libcrypto-lib-eck_prn.o crypto/ec/libcrypto-lib-ecp_mont.o crypto/ec/libcrypto-lib-ecp_nist.o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/libcrypto-lib-ecp_nistz256.o crypto/ec/libcrypto-lib-ecp_oct.o crypto/ec/libcrypto-lib-ecp_smpl.o crypto/ec/libcrypto-lib-ecx_backend.o crypto/ec/libcrypto-lib-ecx_key.o crypto/ec/libcrypto-lib-ecx_meth.o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/encode_decode/libcrypto-lib-decoder_err.o crypto/encode_decode/libcrypto-lib-decoder_lib.o crypto/encode_decode/libcrypto-lib-decoder_meth.o crypto/encode_decode/libcrypto-lib-decoder_pkey.o crypto/encode_decode/libcrypto-lib-encoder_err.o crypto/encode_decode/libcrypto-lib-encoder_lib.o crypto/encode_decode/libcrypto-lib-encoder_meth.o crypto/encode_decode/libcrypto-lib-encoder_pkey.o crypto/engine/libcrypto-lib-eng_all.o crypto/engine/libcrypto-lib-eng_cnf.o crypto/engine/libcrypto-lib-eng_ctrl.o crypto/engine/libcrypto-lib-eng_dyn.o crypto/engine/libcrypto-lib-eng_err.o crypto/engine/libcrypto-lib-eng_fat.o crypto/engine/libcrypto-lib-eng_init.o crypto/engine/libcrypto-lib-eng_lib.o crypto/engine/libcrypto-lib-eng_list.o crypto/engine/libcrypto-lib-eng_openssl.o crypto/engine/libcrypto-lib-eng_pkey.o crypto/engine/libcrypto-lib-eng_rdrand.o crypto/engine/libcrypto-lib-eng_table.o crypto/engine/libcrypto-lib-tb_asnmth.o crypto/engine/libcrypto-lib-tb_cipher.o crypto/engine/libcrypto-lib-tb_dh.o crypto/engine/libcrypto-lib-tb_digest.o crypto/engine/libcrypto-lib-tb_dsa.o crypto/engine/libcrypto-lib-tb_eckey.o crypto/engine/libcrypto-lib-tb_pkmeth.o crypto/engine/libcrypto-lib-tb_rand.o crypto/engine/libcrypto-lib-tb_rsa.o crypto/err/libcrypto-lib-err.o crypto/err/libcrypto-lib-err_all.o crypto/err/libcrypto-lib-err_all_legacy.o crypto/err/libcrypto-lib-err_blocks.o crypto/err/libcrypto-lib-err_prn.o crypto/ess/libcrypto-lib-ess_asn1.o crypto/ess/libcrypto-lib-ess_err.o crypto/ess/libcrypto-lib-ess_lib.o crypto/evp/libcrypto-lib-asymcipher.o crypto/evp/libcrypto-lib-bio_b64.o crypto/evp/libcrypto-lib-bio_enc.o crypto/evp/libcrypto-lib-bio_md.o crypto/evp/libcrypto-lib-bio_ok.o crypto/evp/libcrypto-lib-c_allc.o crypto/evp/libcrypto-lib-c_alld.o crypto/evp/libcrypto-lib-cmeth_lib.o crypto/evp/libcrypto-lib-ctrl_params_translate.o crypto/evp/libcrypto-lib-dh_ctrl.o crypto/evp/libcrypto-lib-dh_support.o crypto/evp/libcrypto-lib-digest.o crypto/evp/libcrypto-lib-dsa_ctrl.o crypto/evp/libcrypto-lib-e_aes.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o crypto/evp/libcrypto-lib-e_aria.o crypto/evp/libcrypto-lib-e_bf.o crypto/evp/libcrypto-lib-e_camellia.o crypto/evp/libcrypto-lib-e_cast.o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o crypto/evp/libcrypto-lib-e_des.o crypto/evp/libcrypto-lib-e_des3.o crypto/evp/libcrypto-lib-e_idea.o crypto/evp/libcrypto-lib-e_null.o crypto/evp/libcrypto-lib-e_old.o crypto/evp/libcrypto-lib-e_rc2.o crypto/evp/libcrypto-lib-e_rc4.o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o crypto/evp/libcrypto-lib-e_rc5.o crypto/evp/libcrypto-lib-e_seed.o crypto/evp/libcrypto-lib-e_sm4.o crypto/evp/libcrypto-lib-e_xcbc_d.o crypto/evp/libcrypto-lib-ec_ctrl.o crypto/evp/libcrypto-lib-ec_support.o crypto/evp/libcrypto-lib-encode.o crypto/evp/libcrypto-lib-evp_cnf.o crypto/evp/libcrypto-lib-evp_enc.o crypto/evp/libcrypto-lib-evp_err.o crypto/evp/libcrypto-lib-evp_fetch.o crypto/evp/libcrypto-lib-evp_key.o crypto/evp/libcrypto-lib-evp_lib.o crypto/evp/libcrypto-lib-evp_pbe.o crypto/evp/libcrypto-lib-evp_pkey.o crypto/evp/libcrypto-lib-evp_rand.o crypto/evp/libcrypto-lib-evp_utils.o crypto/evp/libcrypto-lib-exchange.o crypto/evp/libcrypto-lib-kdf_lib.o crypto/evp/libcrypto-lib-kdf_meth.o crypto/evp/libcrypto-lib-kem.o crypto/evp/libcrypto-lib-keymgmt_lib.o crypto/evp/libcrypto-lib-keymgmt_meth.o crypto/evp/libcrypto-lib-legacy_blake2.o crypto/evp/libcrypto-lib-legacy_md4.o crypto/evp/libcrypto-lib-legacy_md5.o crypto/evp/libcrypto-lib-legacy_md5_sha1.o crypto/evp/libcrypto-lib-legacy_mdc2.o crypto/evp/libcrypto-lib-legacy_ripemd.o crypto/evp/libcrypto-lib-legacy_sha.o crypto/evp/libcrypto-lib-legacy_wp.o crypto/evp/libcrypto-lib-m_null.o crypto/evp/libcrypto-lib-m_sigver.o crypto/evp/libcrypto-lib-mac_lib.o crypto/evp/libcrypto-lib-mac_meth.o crypto/evp/libcrypto-lib-names.o crypto/evp/libcrypto-lib-p5_crpt.o crypto/evp/libcrypto-lib-p5_crpt2.o crypto/evp/libcrypto-lib-p_dec.o crypto/evp/libcrypto-lib-p_enc.o crypto/evp/libcrypto-lib-p_legacy.o crypto/evp/libcrypto-lib-p_lib.o crypto/evp/libcrypto-lib-p_open.o crypto/evp/libcrypto-lib-p_seal.o crypto/evp/libcrypto-lib-p_sign.o crypto/evp/libcrypto-lib-p_verify.o crypto/evp/libcrypto-lib-pbe_scrypt.o crypto/evp/libcrypto-lib-pmeth_check.o crypto/evp/libcrypto-lib-pmeth_gn.o crypto/evp/libcrypto-lib-pmeth_lib.o crypto/evp/libcrypto-lib-signature.o crypto/ffc/libcrypto-lib-ffc_backend.o crypto/ffc/libcrypto-lib-ffc_dh.o crypto/ffc/libcrypto-lib-ffc_key_generate.o crypto/ffc/libcrypto-lib-ffc_key_validate.o crypto/ffc/libcrypto-lib-ffc_params.o crypto/ffc/libcrypto-lib-ffc_params_generate.o crypto/ffc/libcrypto-lib-ffc_params_validate.o crypto/hmac/libcrypto-lib-hmac.o crypto/http/libcrypto-lib-http_client.o crypto/http/libcrypto-lib-http_err.o crypto/http/libcrypto-lib-http_lib.o crypto/idea/libcrypto-lib-i_cbc.o crypto/idea/libcrypto-lib-i_cfb64.o crypto/idea/libcrypto-lib-i_ecb.o crypto/idea/libcrypto-lib-i_ofb64.o crypto/idea/libcrypto-lib-i_skey.o crypto/kdf/libcrypto-lib-kdf_err.o crypto/lhash/libcrypto-lib-lh_stats.o crypto/lhash/libcrypto-lib-lhash.o crypto/libcrypto-lib-asn1_dsa.o crypto/libcrypto-lib-bsearch.o crypto/libcrypto-lib-context.o crypto/libcrypto-lib-core_algorithm.o crypto/libcrypto-lib-core_fetch.o crypto/libcrypto-lib-core_namemap.o crypto/libcrypto-lib-cpt_err.o crypto/libcrypto-lib-cryptlib.o crypto/libcrypto-lib-ctype.o crypto/libcrypto-lib-cversion.o crypto/libcrypto-lib-der_writer.o crypto/libcrypto-lib-ebcdic.o crypto/libcrypto-lib-ex_data.o crypto/libcrypto-lib-getenv.o crypto/libcrypto-lib-info.o crypto/libcrypto-lib-init.o crypto/libcrypto-lib-initthread.o crypto/libcrypto-lib-mem.o crypto/libcrypto-lib-mem_sec.o crypto/libcrypto-lib-o_dir.o crypto/libcrypto-lib-o_fopen.o crypto/libcrypto-lib-o_init.o crypto/libcrypto-lib-o_str.o crypto/libcrypto-lib-o_time.o crypto/libcrypto-lib-packet.o crypto/libcrypto-lib-param_build.o crypto/libcrypto-lib-param_build_set.o crypto/libcrypto-lib-params.o crypto/libcrypto-lib-params_from_text.o crypto/libcrypto-lib-passphrase.o crypto/libcrypto-lib-provider.o crypto/libcrypto-lib-provider_conf.o crypto/libcrypto-lib-provider_core.o crypto/libcrypto-lib-provider_predefined.o crypto/libcrypto-lib-punycode.o crypto/libcrypto-lib-self_test_core.o crypto/libcrypto-lib-sparse_array.o crypto/libcrypto-lib-threads_lib.o crypto/libcrypto-lib-threads_none.o crypto/libcrypto-lib-threads_pthread.o crypto/libcrypto-lib-threads_win.o crypto/libcrypto-lib-trace.o crypto/libcrypto-lib-uid.o crypto/libcrypto-lib-x86_64cpuid.o crypto/md4/libcrypto-lib-md4_dgst.o crypto/md4/libcrypto-lib-md4_one.o ar qc providers/libnonfips.a providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/libnonfips-lib-der_dsa_key.o providers/common/der/libnonfips-lib-der_dsa_sig.o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/libnonfips-lib-der_ec_key.o providers/common/der/libnonfips-lib-der_ec_sig.o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/libnonfips-lib-der_ecx_key.o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/libnonfips-lib-der_rsa_key.o providers/common/der/libnonfips-lib-der_rsa_sig.o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/libnonfips-lib-der_sm2_key.o providers/common/der/libnonfips-lib-der_sm2_sig.o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/libnonfips-lib-bio_prov.o providers/common/libnonfips-lib-capabilities.o providers/common/libnonfips-lib-digest_to_nid.o providers/common/libnonfips-lib-provider_seeding.o providers/common/libnonfips-lib-provider_util.o providers/common/libnonfips-lib-securitycheck.o providers/common/libnonfips-lib-securitycheck_default.o providers/implementations/ciphers/libnonfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libnonfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libnonfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-rsa_kmgmt.o providers/implementations/rands/libnonfips-lib-crngt.o providers/implementations/rands/libnonfips-lib-drbg.o providers/implementations/rands/libnonfips-lib-drbg_ctr.o providers/implementations/rands/libnonfips-lib-drbg_hash.o providers/implementations/rands/libnonfips-lib-drbg_hmac.o providers/implementations/rands/libnonfips-lib-seed_src.o providers/implementations/rands/libnonfips-lib-test_rng.o providers/implementations/rands/seeding/libnonfips-lib-rand_cpu_x86.o providers/implementations/rands/seeding/libnonfips-lib-rand_tsc.o providers/implementations/rands/seeding/libnonfips-lib-rand_unix.o providers/implementations/rands/seeding/libnonfips-lib-rand_win.o providers/implementations/signature/libnonfips-lib-mac_legacy.o providers/implementations/signature/libnonfips-lib-rsa.o providers/libnonfips-lib-prov_running.o ranlib providers/libnonfips.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/fips.so -Wl,--version-script=providers/fips.ld \ providers/fips/fips-dso-fipsprov.o \ providers/fips/fips-dso-self_test.o \ providers/fips/fips-dso-self_test_kats.o \ providers/libimplementations.a providers/libcommon.a providers/libfips.a -ldl -pthread ar qc libcrypto.a crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/libcrypto-lib-md5_dgst.o crypto/md5/libcrypto-lib-md5_one.o crypto/md5/libcrypto-lib-md5_sha1.o crypto/mdc2/libcrypto-lib-mdc2_one.o crypto/mdc2/libcrypto-lib-mdc2dgst.o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/libcrypto-lib-cbc128.o crypto/modes/libcrypto-lib-ccm128.o crypto/modes/libcrypto-lib-cfb128.o crypto/modes/libcrypto-lib-ctr128.o crypto/modes/libcrypto-lib-cts128.o crypto/modes/libcrypto-lib-gcm128.o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/libcrypto-lib-ocb128.o crypto/modes/libcrypto-lib-ofb128.o crypto/modes/libcrypto-lib-siv128.o crypto/modes/libcrypto-lib-wrap128.o crypto/modes/libcrypto-lib-xts128.o crypto/objects/libcrypto-lib-o_names.o crypto/objects/libcrypto-lib-obj_dat.o crypto/objects/libcrypto-lib-obj_err.o crypto/objects/libcrypto-lib-obj_lib.o crypto/objects/libcrypto-lib-obj_xref.o crypto/ocsp/libcrypto-lib-ocsp_asn.o crypto/ocsp/libcrypto-lib-ocsp_cl.o crypto/ocsp/libcrypto-lib-ocsp_err.o crypto/ocsp/libcrypto-lib-ocsp_ext.o crypto/ocsp/libcrypto-lib-ocsp_http.o crypto/ocsp/libcrypto-lib-ocsp_lib.o crypto/ocsp/libcrypto-lib-ocsp_prn.o crypto/ocsp/libcrypto-lib-ocsp_srv.o crypto/ocsp/libcrypto-lib-ocsp_vfy.o crypto/ocsp/libcrypto-lib-v3_ocsp.o crypto/pem/libcrypto-lib-pem_all.o crypto/pem/libcrypto-lib-pem_err.o crypto/pem/libcrypto-lib-pem_info.o crypto/pem/libcrypto-lib-pem_lib.o crypto/pem/libcrypto-lib-pem_oth.o crypto/pem/libcrypto-lib-pem_pk8.o crypto/pem/libcrypto-lib-pem_pkey.o crypto/pem/libcrypto-lib-pem_sign.o crypto/pem/libcrypto-lib-pem_x509.o crypto/pem/libcrypto-lib-pem_xaux.o crypto/pem/libcrypto-lib-pvkfmt.o crypto/pkcs12/libcrypto-lib-p12_add.o crypto/pkcs12/libcrypto-lib-p12_asn.o crypto/pkcs12/libcrypto-lib-p12_attr.o crypto/pkcs12/libcrypto-lib-p12_crpt.o crypto/pkcs12/libcrypto-lib-p12_crt.o crypto/pkcs12/libcrypto-lib-p12_decr.o crypto/pkcs12/libcrypto-lib-p12_init.o crypto/pkcs12/libcrypto-lib-p12_key.o crypto/pkcs12/libcrypto-lib-p12_kiss.o crypto/pkcs12/libcrypto-lib-p12_mutl.o crypto/pkcs12/libcrypto-lib-p12_npas.o crypto/pkcs12/libcrypto-lib-p12_p8d.o crypto/pkcs12/libcrypto-lib-p12_p8e.o crypto/pkcs12/libcrypto-lib-p12_sbag.o crypto/pkcs12/libcrypto-lib-p12_utl.o crypto/pkcs12/libcrypto-lib-pk12err.o crypto/pkcs7/libcrypto-lib-bio_pk7.o crypto/pkcs7/libcrypto-lib-pk7_asn1.o crypto/pkcs7/libcrypto-lib-pk7_attr.o crypto/pkcs7/libcrypto-lib-pk7_doit.o crypto/pkcs7/libcrypto-lib-pk7_lib.o crypto/pkcs7/libcrypto-lib-pk7_mime.o crypto/pkcs7/libcrypto-lib-pk7_smime.o crypto/pkcs7/libcrypto-lib-pkcs7err.o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/libcrypto-lib-poly1305.o crypto/property/libcrypto-lib-defn_cache.o crypto/property/libcrypto-lib-property.o crypto/property/libcrypto-lib-property_err.o crypto/property/libcrypto-lib-property_parse.o crypto/property/libcrypto-lib-property_string.o crypto/rand/libcrypto-lib-prov_seed.o crypto/rand/libcrypto-lib-rand_deprecated.o crypto/rand/libcrypto-lib-rand_err.o crypto/rand/libcrypto-lib-rand_lib.o crypto/rand/libcrypto-lib-rand_meth.o crypto/rand/libcrypto-lib-rand_pool.o crypto/rand/libcrypto-lib-randfile.o crypto/rc2/libcrypto-lib-rc2_cbc.o crypto/rc2/libcrypto-lib-rc2_ecb.o crypto/rc2/libcrypto-lib-rc2_skey.o crypto/rc2/libcrypto-lib-rc2cfb64.o crypto/rc2/libcrypto-lib-rc2ofb64.o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/ripemd/libcrypto-lib-rmd_dgst.o crypto/ripemd/libcrypto-lib-rmd_one.o crypto/rsa/libcrypto-lib-rsa_ameth.o crypto/rsa/libcrypto-lib-rsa_asn1.o crypto/rsa/libcrypto-lib-rsa_backend.o crypto/rsa/libcrypto-lib-rsa_chk.o crypto/rsa/libcrypto-lib-rsa_crpt.o crypto/rsa/libcrypto-lib-rsa_depr.o crypto/rsa/libcrypto-lib-rsa_err.o crypto/rsa/libcrypto-lib-rsa_gen.o crypto/rsa/libcrypto-lib-rsa_lib.o crypto/rsa/libcrypto-lib-rsa_meth.o crypto/rsa/libcrypto-lib-rsa_mp.o crypto/rsa/libcrypto-lib-rsa_mp_names.o crypto/rsa/libcrypto-lib-rsa_none.o crypto/rsa/libcrypto-lib-rsa_oaep.o crypto/rsa/libcrypto-lib-rsa_ossl.o crypto/rsa/libcrypto-lib-rsa_pk1.o crypto/rsa/libcrypto-lib-rsa_pmeth.o crypto/rsa/libcrypto-lib-rsa_prn.o crypto/rsa/libcrypto-lib-rsa_pss.o crypto/rsa/libcrypto-lib-rsa_saos.o crypto/rsa/libcrypto-lib-rsa_schemes.o crypto/rsa/libcrypto-lib-rsa_sign.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_check.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_gen.o crypto/rsa/libcrypto-lib-rsa_x931.o crypto/rsa/libcrypto-lib-rsa_x931g.o crypto/seed/libcrypto-lib-seed.o crypto/seed/libcrypto-lib-seed_cbc.o crypto/seed/libcrypto-lib-seed_cfb.o crypto/seed/libcrypto-lib-seed_ecb.o crypto/seed/libcrypto-lib-seed_ofb.o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/libcrypto-lib-sha1_one.o crypto/sha/libcrypto-lib-sha1dgst.o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/libcrypto-lib-sha256.o crypto/sha/libcrypto-lib-sha3.o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/libcrypto-lib-sha512.o crypto/siphash/libcrypto-lib-siphash.o crypto/sm2/libcrypto-lib-sm2_crypt.o crypto/sm2/libcrypto-lib-sm2_err.o crypto/sm2/libcrypto-lib-sm2_key.o crypto/sm2/libcrypto-lib-sm2_sign.o crypto/sm3/libcrypto-lib-legacy_sm3.o crypto/sm3/libcrypto-lib-sm3.o crypto/sm4/libcrypto-lib-sm4.o crypto/srp/libcrypto-lib-srp_lib.o crypto/srp/libcrypto-lib-srp_vfy.o crypto/stack/libcrypto-lib-stack.o crypto/store/libcrypto-lib-store_err.o crypto/store/libcrypto-lib-store_init.o crypto/store/libcrypto-lib-store_lib.o crypto/store/libcrypto-lib-store_meth.o crypto/store/libcrypto-lib-store_register.o crypto/store/libcrypto-lib-store_result.o crypto/store/libcrypto-lib-store_strings.o crypto/ts/libcrypto-lib-ts_asn1.o crypto/ts/libcrypto-lib-ts_conf.o crypto/ts/libcrypto-lib-ts_err.o crypto/ts/libcrypto-lib-ts_lib.o crypto/ts/libcrypto-lib-ts_req_print.o crypto/ts/libcrypto-lib-ts_req_utils.o crypto/ts/libcrypto-lib-ts_rsp_print.o crypto/ts/libcrypto-lib-ts_rsp_sign.o crypto/ts/libcrypto-lib-ts_rsp_utils.o crypto/ts/libcrypto-lib-ts_rsp_verify.o crypto/ts/libcrypto-lib-ts_verify_ctx.o crypto/txt_db/libcrypto-lib-txt_db.o crypto/ui/libcrypto-lib-ui_err.o crypto/ui/libcrypto-lib-ui_lib.o crypto/ui/libcrypto-lib-ui_null.o crypto/ui/libcrypto-lib-ui_openssl.o crypto/ui/libcrypto-lib-ui_util.o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/libcrypto-lib-wp_dgst.o crypto/x509/libcrypto-lib-by_dir.o crypto/x509/libcrypto-lib-by_file.o crypto/x509/libcrypto-lib-by_store.o crypto/x509/libcrypto-lib-pcy_cache.o crypto/x509/libcrypto-lib-pcy_data.o crypto/x509/libcrypto-lib-pcy_lib.o crypto/x509/libcrypto-lib-pcy_map.o crypto/x509/libcrypto-lib-pcy_node.o crypto/x509/libcrypto-lib-pcy_tree.o crypto/x509/libcrypto-lib-t_crl.o crypto/x509/libcrypto-lib-t_req.o crypto/x509/libcrypto-lib-t_x509.o crypto/x509/libcrypto-lib-v3_addr.o crypto/x509/libcrypto-lib-v3_admis.o crypto/x509/libcrypto-lib-v3_akeya.o crypto/x509/libcrypto-lib-v3_akid.o crypto/x509/libcrypto-lib-v3_asid.o crypto/x509/libcrypto-lib-v3_bcons.o crypto/x509/libcrypto-lib-v3_bitst.o crypto/x509/libcrypto-lib-v3_conf.o crypto/x509/libcrypto-lib-v3_cpols.o crypto/x509/libcrypto-lib-v3_crld.o crypto/x509/libcrypto-lib-v3_enum.o crypto/x509/libcrypto-lib-v3_extku.o crypto/x509/libcrypto-lib-v3_genn.o crypto/x509/libcrypto-lib-v3_ia5.o crypto/x509/libcrypto-lib-v3_info.o crypto/x509/libcrypto-lib-v3_int.o crypto/x509/libcrypto-lib-v3_ist.o crypto/x509/libcrypto-lib-v3_lib.o crypto/x509/libcrypto-lib-v3_ncons.o crypto/x509/libcrypto-lib-v3_pci.o crypto/x509/libcrypto-lib-v3_pcia.o crypto/x509/libcrypto-lib-v3_pcons.o crypto/x509/libcrypto-lib-v3_pku.o crypto/x509/libcrypto-lib-v3_pmaps.o crypto/x509/libcrypto-lib-v3_prn.o crypto/x509/libcrypto-lib-v3_purp.o crypto/x509/libcrypto-lib-v3_san.o crypto/x509/libcrypto-lib-v3_skid.o crypto/x509/libcrypto-lib-v3_sxnet.o crypto/x509/libcrypto-lib-v3_tlsf.o crypto/x509/libcrypto-lib-v3_utf8.o crypto/x509/libcrypto-lib-v3_utl.o crypto/x509/libcrypto-lib-v3err.o crypto/x509/libcrypto-lib-x509_att.o crypto/x509/libcrypto-lib-x509_cmp.o crypto/x509/libcrypto-lib-x509_d2.o crypto/x509/libcrypto-lib-x509_def.o crypto/x509/libcrypto-lib-x509_err.o crypto/x509/libcrypto-lib-x509_ext.o crypto/x509/libcrypto-lib-x509_lu.o crypto/x509/libcrypto-lib-x509_meth.o crypto/x509/libcrypto-lib-x509_obj.o crypto/x509/libcrypto-lib-x509_r2x.o crypto/x509/libcrypto-lib-x509_req.o crypto/x509/libcrypto-lib-x509_set.o crypto/x509/libcrypto-lib-x509_trs.o crypto/x509/libcrypto-lib-x509_txt.o crypto/x509/libcrypto-lib-x509_v3.o crypto/x509/libcrypto-lib-x509_vfy.o crypto/x509/libcrypto-lib-x509_vpm.o crypto/x509/libcrypto-lib-x509cset.o crypto/x509/libcrypto-lib-x509name.o crypto/x509/libcrypto-lib-x509rset.o crypto/x509/libcrypto-lib-x509spki.o crypto/x509/libcrypto-lib-x509type.o crypto/x509/libcrypto-lib-x_all.o crypto/x509/libcrypto-lib-x_attrib.o crypto/x509/libcrypto-lib-x_crl.o crypto/x509/libcrypto-lib-x_exten.o crypto/x509/libcrypto-lib-x_name.o crypto/x509/libcrypto-lib-x_pubkey.o crypto/x509/libcrypto-lib-x_req.o crypto/x509/libcrypto-lib-x_x509.o crypto/x509/libcrypto-lib-x_x509a.o engines/libcrypto-lib-e_afalg.o engines/libcrypto-lib-e_capi.o engines/libcrypto-lib-e_padlock-x86_64.o engines/libcrypto-lib-e_padlock.o providers/libcrypto-lib-baseprov.o providers/libcrypto-lib-defltprov.o providers/libcrypto-lib-nullprov.o providers/libcrypto-lib-prov_running.o crypto/md5/libimplementations-lib-md5-x86_64.o crypto/md5/libimplementations-lib-md5_dgst.o crypto/md5/libimplementations-lib-md5_one.o crypto/md5/libimplementations-lib-md5_sha1.o providers/implementations/asymciphers/libimplementations-lib-rsa_enc.o providers/implementations/asymciphers/libimplementations-lib-sm2_enc.o providers/implementations/ciphers/libimplementations-lib-cipher_aes.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha1_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha256_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_wrp.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_null.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_common.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o providers/implementations/digests/libimplementations-lib-blake2_prov.o providers/implementations/digests/libimplementations-lib-blake2b_prov.o providers/implementations/digests/libimplementations-lib-blake2s_prov.o providers/implementations/digests/libimplementations-lib-md5_prov.o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o providers/implementations/digests/libimplementations-lib-sha2_prov.o providers/implementations/digests/libimplementations-lib-sha3_prov.o providers/implementations/digests/libimplementations-lib-sm3_prov.o providers/implementations/encode_decode/libimplementations-lib-decode_der2key.o providers/implementations/encode_decode/libimplementations-lib-decode_ms2key.o providers/implementations/encode_decode/libimplementations-lib-decode_pem2der.o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o providers/implementations/encode_decode/libimplementations-lib-encode_key2blob.o providers/implementations/encode_decode/libimplementations-lib-encode_key2ms.o providers/implementations/encode_decode/libimplementations-lib-encode_key2text.o providers/implementations/encode_decode/libimplementations-lib-endecoder_common.o providers/implementations/exchange/libimplementations-lib-dh_exch.o providers/implementations/exchange/libimplementations-lib-ecdh_exch.o providers/implementations/exchange/libimplementations-lib-ecx_exch.o providers/implementations/exchange/libimplementations-lib-kdf_exch.o providers/implementations/kdfs/libimplementations-lib-hkdf.o providers/implementations/kdfs/libimplementations-lib-kbkdf.o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o providers/implementations/kdfs/libimplementations-lib-pkcs12kdf.o providers/implementations/kdfs/libimplementations-lib-scrypt.o providers/implementations/kdfs/libimplementations-lib-sshkdf.o providers/implementations/kdfs/libimplementations-lib-sskdf.o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o providers/implementations/kdfs/libimplementations-lib-x942kdf.o providers/implementations/kem/libimplementations-lib-rsa_kem.o providers/implementations/keymgmt/libimplementations-lib-ecx_kmgmt.o providers/implementations/keymgmt/libimplementations-lib-kdf_legacy_kmgmt.o providers/implementations/macs/libimplementations-lib-blake2b_mac.o providers/implementations/macs/libimplementations-lib-blake2s_mac.o providers/implementations/macs/libimplementations-lib-cmac_prov.o providers/implementations/macs/libimplementations-lib-gmac_prov.o providers/implementations/macs/libimplementations-lib-hmac_prov.o providers/implementations/macs/libimplementations-lib-kmac_prov.o providers/implementations/macs/libimplementations-lib-poly1305_prov.o providers/implementations/macs/libimplementations-lib-siphash_prov.o providers/implementations/signature/libimplementations-lib-dsa.o providers/implementations/signature/libimplementations-lib-ecdsa.o providers/implementations/signature/libimplementations-lib-eddsa.o providers/implementations/signature/libimplementations-lib-sm2sig.o providers/implementations/storemgmt/libimplementations-lib-file_store.o providers/implementations/storemgmt/libimplementations-lib-file_store_der2obj.o ssl/libimplementations-lib-s3_cbc.o providers/common/libcommon-lib-provider_ctx.o providers/common/libcommon-lib-provider_err.o providers/implementations/ciphers/libcommon-lib-ciphercommon.o providers/implementations/ciphers/libcommon-lib-ciphercommon_block.o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm.o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm_hw.o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm.o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm_hw.o providers/implementations/ciphers/libcommon-lib-ciphercommon_hw.o providers/implementations/digests/libcommon-lib-digestcommon.o ssl/record/libcommon-lib-tls_pad.o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/libnonfips-lib-der_dsa_key.o providers/common/der/libnonfips-lib-der_dsa_sig.o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/libnonfips-lib-der_ec_key.o providers/common/der/libnonfips-lib-der_ec_sig.o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/libnonfips-lib-der_ecx_key.o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/libnonfips-lib-der_rsa_key.o providers/common/der/libnonfips-lib-der_rsa_sig.o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/libnonfips-lib-der_sm2_key.o providers/common/der/libnonfips-lib-der_sm2_sig.o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/libnonfips-lib-bio_prov.o providers/common/libnonfips-lib-capabilities.o providers/common/libnonfips-lib-digest_to_nid.o providers/common/libnonfips-lib-provider_seeding.o providers/common/libnonfips-lib-provider_util.o providers/common/libnonfips-lib-securitycheck.o providers/common/libnonfips-lib-securitycheck_default.o providers/implementations/ciphers/libnonfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libnonfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libnonfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-rsa_kmgmt.o providers/implementations/rands/libnonfips-lib-crngt.o providers/implementations/rands/libnonfips-lib-drbg.o providers/implementations/rands/libnonfips-lib-drbg_ctr.o providers/implementations/rands/libnonfips-lib-drbg_hash.o providers/implementations/rands/libnonfips-lib-drbg_hmac.o providers/implementations/rands/libnonfips-lib-seed_src.o providers/implementations/rands/libnonfips-lib-test_rng.o providers/implementations/rands/seeding/libnonfips-lib-rand_cpu_x86.o providers/implementations/rands/seeding/libnonfips-lib-rand_tsc.o providers/implementations/rands/seeding/libnonfips-lib-rand_unix.o providers/implementations/rands/seeding/libnonfips-lib-rand_win.o providers/implementations/signature/libnonfips-lib-mac_legacy.o providers/implementations/signature/libnonfips-lib-rsa.o providers/libnonfips-lib-prov_running.o ranlib libcrypto.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread make[1]: Leaving directory '/home/openssl/run-checker/no-autoalginit' $ make test make: *** No rule to make target 'apps/openssl', needed by 'providers/fipsmodule.cnf'. Stop. From openssl at openssl.org Mon Mar 8 02:01:53 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 02:01:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1615168913.113541.478813.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=3145, 911 wallclock secs (14.39 usr 1.42 sys + 821.79 cusr 85.22 csys = 922.82 CPU) Result: FAIL make[1]: *** [Makefile:3275: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' make: *** [Makefile:3272: tests] Error 2 From openssl at openssl.org Mon Mar 8 08:01:49 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 08:01:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1615190509.041308.1213665.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 89 Failed: 2) Failed tests: 13, 39 Non-zero exit status: 2 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=3147, 958 wallclock secs (14.64 usr 1.65 sys + 856.07 cusr 84.07 csys = 956.43 CPU) Result: FAIL make[1]: *** [Makefile:3218: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' make: *** [Makefile:3215: tests] Error 2 From openssl at openssl.org Mon Mar 8 09:40:41 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 09:40:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso Message-ID: <1615196441.956690.1415222.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a dso build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a dso build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 Files=233, Tests=2743, 791 wallclock secs (10.16 usr 1.40 sys + 701.04 cusr 73.05 csys = 785.65 CPU) Result: FAIL make[1]: *** [Makefile:3129: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dso' make: *** [Makefile:3126: tests] Error 2 From openssl at openssl.org Mon Mar 8 10:50:03 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Mar 2021 10:50:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1615200603.985512.1544332.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp_extra.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=2671, 817 wallclock secs (13.19 usr 1.25 sys + 741.62 cusr 71.46 csys = 827.52 CPU) Result: FAIL make[1]: *** [Makefile:3281: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' make: *** [Makefile:3278: tests] Error 2 From no-reply at appveyor.com Mon Mar 8 13:31:06 2021 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Mar 2021 13:31:06 +0000 Subject: Build failed: openssl master.40502 Message-ID: <20210308133106.1.42F8F9A48225ABED@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Mar 8 15:25:17 2021 From: matt at openssl.org (Matt Caswell) Date: Mon, 08 Mar 2021 15:25:17 +0000 Subject: [openssl] master update Message-ID: <1615217117.016251.31214.nullmailer@dev.openssl.org> The branch master has been updated via 7bc0fdd3fd4535e06c35b92d71afab9a6de94cc5 (commit) via cc57dc962516410f6269023c8a93913617414b5e (commit) via 8e53d94d9971bb29a303dd2295f2f169b1c9a35e (commit) via b574c6a9ac96825b4f19c5e835273bf176174af8 (commit) via ec961f866ac048a2d3dfd6adcfa95042114bef52 (commit) via e8afd78af69d2229a5c36f542b13a54927709901 (commit) from a2c911c2d069b5c6f9e2a8f20764de83a82b1c99 (commit) - Log ----------------------------------------------------------------- commit 7bc0fdd3fd4535e06c35b92d71afab9a6de94cc5 Author: Matt Caswell Date: Tue Mar 2 15:52:00 2021 +0000 Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that these values should be considered as immutable. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14319) commit cc57dc962516410f6269023c8a93913617414b5e Author: Matt Caswell Date: Thu Feb 25 17:00:38 2021 +0000 Document the change in behaviour of the the low level key getters/setters Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14319) commit 8e53d94d9971bb29a303dd2295f2f169b1c9a35e Author: Matt Caswell Date: Thu Feb 25 16:27:46 2021 +0000 Ensure the various legacy key EVP_PKEY getters/setters are deprecated Most of these were already deprecated but a few have been missed. This commit corrects that. Fixes #14303 Fixes #14317 Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14319) commit b574c6a9ac96825b4f19c5e835273bf176174af8 Author: Matt Caswell Date: Wed Feb 24 16:38:28 2021 +0000 Cache legacy keys instead of downgrading them If someone calls an EVP_PKEY_get0*() function then we create a legacy key and cache it in the EVP_PKEY - but it doesn't become an "origin" and it doesn't ever get updated. This will be documented as a restriction of the EVP_PKEY_get0*() function with provided keys. Fixes #14020 Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14319) commit ec961f866ac048a2d3dfd6adcfa95042114bef52 Author: Matt Caswell Date: Wed Feb 24 15:04:41 2021 +0000 Avoid a null pointer deref on a malloc failure Make sure we were sucessful in creating an EVP_PKEY Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14319) commit e8afd78af69d2229a5c36f542b13a54927709901 Author: Matt Caswell Date: Fri Jan 29 17:25:33 2021 +0000 Add a multi thread test for downgrading keys Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14319) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 57 +++++- crypto/dh/dh_ameth.c | 5 +- crypto/ec/ec_ameth.c | 5 +- crypto/evp/ctrl_params_translate.c | 8 +- crypto/evp/p_dec.c | 3 +- crypto/evp/p_enc.c | 4 +- crypto/evp/p_legacy.c | 32 +-- crypto/evp/p_lib.c | 235 ++++++++++------------ crypto/evp/pmeth_gn.c | 13 +- crypto/evp/pmeth_lib.c | 3 +- crypto/pem/pvkfmt.c | 16 +- doc/internal/man3/evp_pkey_export_to_provider.pod | 26 +-- doc/internal/man7/EVP_PKEY.pod | 40 ++-- doc/man3/EVP_PKEY_set1_RSA.pod | 134 ++++++++---- doc/man7/evp.pod | 4 +- include/crypto/evp.h | 45 +++-- include/openssl/evp.h | 47 +++-- test/endecoder_legacy_test.c | 12 +- test/sslapitest.c | 14 +- test/threadstest.c | 39 +++- util/libcrypto.num | 20 +- 21 files changed, 459 insertions(+), 303 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 33a335e689..c8f8e503ee 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -22,6 +22,47 @@ OpenSSL 3.0 ----------- ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + + * The deprecated functions EVP_PKEY_get0(), EVP_PKEY_get0_RSA(), + EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_DH(), + EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash() as + well as the similarly named "get1" functions behave slightly differently in + OpenSSL 3.0. Previously they returned a pointer to the low-level key used + internally by libcrypto. From OpenSSL 3.0 this key may now be held in a + provider. Calling these functions will only return a handle on the internal + key where the EVP_PKEY was constructed using this key in the first place, for + example using a function or macro such as EVP_PKEY_assign_RSA(), + EVP_PKEY_set1_RSA(), etc. Where the EVP_PKEY holds a provider managed key, + then these functions now return a cached copy of the key. Changes to + the internal provider key that take place after the first time the cached key + is accessed will not be reflected back in the cached copy. Similarly any + changes made to the cached copy by application code will not be reflected + back in the internal provider key. + + For the above reasons the keys returned from these functions should typically + be treated as read-only. To emphasise this the value returned from + EVP_PKEY_get0(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), + EVP_PKEY_get0_EC_KEY() and EVP_PKEY_get0_DH() has been made const. This may + break some existing code. Applications broken by this change should be + modified. The preferred solution is to refactor the code to avoid the use of + these deprecated functions. Failing this the code should be modified to use a + const pointer instead. The EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), + EVP_PKEY_get1_EC_KEY() and EVP_PKEY_get1_DH() functions continue to return a + non-const pointer to enable them to be "freed". However they should also be + treated as read-only. + + *Matt Caswell* + + * A number of functions handling low level keys or engines were deprecated + including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(), + EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and + EVP_PKEY_get0_siphash(). Applications using engines should instead use + providers. Applications getting or setting low level keys in an EVP_PKEY + should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively + use EVP_PKEY_fromdata() or EVP_PKEY_get_params(). + + *Matt Caswell* + * Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions. They are not needed and require returning octet ptr parameters from providers that @@ -35,6 +76,7 @@ OpenSSL 3.0 be used instead via EVP_RAND(3). *Paul Dale* + * The SRP APIs have been deprecated. The old APIs do not work via providers, and there is no EVP interface to them. Unfortunately there is no replacement for these APIs at this time. @@ -492,12 +534,6 @@ OpenSSL 3.0 *Kurt Roeckx* - * EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and - EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side - internal keys, if they correspond to one of those built in types. - - *Richard Levitte* - * Added EVP_PKEY_set_type_by_keymgmt(), to initialise an EVP_PKEY to contain a provider side internal key. @@ -667,7 +703,7 @@ OpenSSL 3.0 `EVP_PKEY_set1_DH()` are also deprecated. Applications should instead either read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs. - Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`. + Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`. *Paul Dale and Matt Caswell* @@ -695,6 +731,13 @@ OpenSSL 3.0 time. Instead applications should use L, L and L. + Finaly functions that assign or obtain DSA objects from an EVP_PKEY such as + `EVP_PKEY_assign_DSA()`, `EVP_PKEY_get0_DSA()`, `EVP_PKEY_get1_DSA()`, and + `EVP_PKEY_set1_DSA()` are also deprecated. + Applications should instead either read or write an + EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs, + or load an EVP_PKEY directly from DSA data using `EVP_PKEY_fromdata()`. + *Paul Dale* * Reworked the treatment of EC EVP_PKEYs with the SM2 curve to diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 338f308934..18f4c9955e 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -433,7 +433,10 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); + /* We should only be here if we have a legacy key */ + if (!ossl_assert(evp_pkey_is_legacy(pkey))) + return 0; + return ossl_dh_buf2key(evp_pkey_get0_DH_int(pkey), arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); default: diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 89241b97c1..694fcb3789 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -482,7 +482,10 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return 1; case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL); + /* We should only be here if we have a legacy key */ + if (!ossl_assert(evp_pkey_is_legacy(pkey))) + return 0; + return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index ae3340395d..966278171c 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1481,7 +1481,7 @@ static int get_payload_group_name(enum state state, #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: { - DH *dh = EVP_PKEY_get0_DH(pkey); + const DH *dh = EVP_PKEY_get0_DH(pkey); int uid = DH_get_nid(dh); if (uid != NID_undef) { @@ -1531,7 +1531,7 @@ static int get_payload_private_key(enum state state, #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: { - DH *dh = EVP_PKEY_get0_DH(pkey); + const DH *dh = EVP_PKEY_get0_DH(pkey); ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh); } @@ -1540,7 +1540,7 @@ static int get_payload_private_key(enum state state, #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec); } @@ -1590,7 +1590,7 @@ static int get_payload_public_key(enum state state, #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: if (ctx->params->data_type == OSSL_PARAM_OCTET_STRING) { - EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey)); const EC_GROUP *ecg = EC_KEY_get0_group(eckey); const EC_POINT *point = EC_KEY_get0_public_key(eckey); diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index 6ac344e394..2e90705656 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -16,6 +16,7 @@ #include #include #include +#include "crypto/evp.h" int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) @@ -28,7 +29,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, } ret = - RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), + RSA_private_decrypt(ekl, ek, key, evp_pkey_get0_RSA_int(priv), RSA_PKCS1_PADDING); err: return ret; diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index bdc490d884..5881153dbb 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -16,6 +16,7 @@ #include #include #include +#include "crypto/evp.h" int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) @@ -26,8 +27,9 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA); goto err; } + ret = - RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk), + RSA_public_encrypt(key_len, key, ek, evp_pkey_get0_RSA_int(pubk), RSA_PKCS1_PADDING); err: return ret; diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c index 5d8468f949..af93288dcb 100644 --- a/crypto/evp/p_legacy.c +++ b/crypto/evp/p_legacy.c @@ -31,22 +31,23 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) return ret; } -RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) +RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey) { - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } - return pkey->pkey.rsa; + return evp_pkey_get_legacy((EVP_PKEY *)pkey); +} + +const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_RSA_int(pkey); } RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) { - RSA *ret = EVP_PKEY_get0_RSA(pkey); + RSA *ret = evp_pkey_get0_RSA_int(pkey); if (ret != NULL) RSA_up_ref(ret); @@ -63,22 +64,23 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) return ret; } -EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) +EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey) { - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { - EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY); return NULL; } - return pkey->pkey.ec; + return evp_pkey_get_legacy((EVP_PKEY *)pkey); +} + +const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_EC_KEY_int(pkey); } EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) { - EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); + EC_KEY *ret = evp_pkey_get0_EC_KEY_int(pkey); if (ret != NULL) EC_KEY_up_ref(ret); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 63f3f4cbc7..21fbc2ea4c 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -13,6 +13,7 @@ */ #include "internal/deprecated.h" +#include #include #include "internal/cryptlib.h" #include "internal/refcount.h" @@ -660,7 +661,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len, NULL); } -#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) { if (!evp_pkey_is_legacy(pkey)) { @@ -689,7 +690,7 @@ int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) pkey->type = type; return 1; } -#endif +# endif # ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) @@ -715,18 +716,20 @@ ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) return pkey->engine; } # endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { int alias = type; -#ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_EC if ((key != NULL) && (EVP_PKEY_type(type) == EVP_PKEY_EC)) { const EC_GROUP *group = EC_KEY_get0_group(key); if (group != NULL && EC_GROUP_get_curve_name(group) == NID_sm2) alias = EVP_PKEY_SM2; } -#endif +# endif if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) return 0; @@ -735,21 +738,19 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) pkey->pkey.ptr = key; return (key != NULL); } +# endif -void *EVP_PKEY_get0(const EVP_PKEY *pkey) +const void *EVP_PKEY_get0(const EVP_PKEY *pkey) { if (pkey == NULL) return NULL; - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } - return pkey->pkey.ptr; + + return evp_pkey_get_legacy((EVP_PKEY *)pkey); } const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) { - ASN1_OCTET_STRING *os = NULL; + const ASN1_OCTET_STRING *os = NULL; if (pkey->type != EVP_PKEY_HMAC) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY); return NULL; @@ -762,7 +763,7 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) # ifndef OPENSSL_NO_POLY1305 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) { - ASN1_OCTET_STRING *os = NULL; + const ASN1_OCTET_STRING *os = NULL; if (pkey->type != EVP_PKEY_POLY1305) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY); return NULL; @@ -776,7 +777,7 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) # ifndef OPENSSL_NO_SIPHASH const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) { - ASN1_OCTET_STRING *os = NULL; + const ASN1_OCTET_STRING *os = NULL; if (pkey->type != EVP_PKEY_SIPHASH) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY); @@ -789,17 +790,18 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) # endif # ifndef OPENSSL_NO_DSA -DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) +static DSA *evp_pkey_get0_DSA_int(const EVP_PKEY *pkey) { - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } if (pkey->type != EVP_PKEY_DSA) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DSA_KEY); return NULL; } - return pkey->pkey.dsa; + return evp_pkey_get_legacy((EVP_PKEY *)pkey); +} + +const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_DSA_int(pkey); } int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) @@ -811,7 +813,8 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) } DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) { - DSA *ret = EVP_PKEY_get0_DSA(pkey); + DSA *ret = evp_pkey_get0_DSA_int(pkey); + if (ret != NULL) DSA_up_ref(ret); return ret; @@ -821,22 +824,18 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) #ifndef FIPS_MODULE # ifndef OPENSSL_NO_EC -static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) +static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } if (EVP_PKEY_base_id(pkey) != type) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY); return NULL; } - return pkey->pkey.ecx; + return evp_pkey_get_legacy((EVP_PKEY *)pkey); } static ECX_KEY *evp_pkey_get1_ECX_KEY(EVP_PKEY *pkey, int type) { - ECX_KEY *ret = evp_pkey_get0_ECX_KEY(pkey, type); + ECX_KEY *ret = (ECX_KEY *)evp_pkey_get0_ECX_KEY(pkey, type); if (ret != NULL) ossl_ecx_key_up_ref(ret); return ret; @@ -866,22 +865,24 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) return ret; } -DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) +DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey) { - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DH_KEY); return NULL; } - return pkey->pkey.dh; + return evp_pkey_get_legacy((EVP_PKEY *)pkey); +} + +const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_DH_int(pkey); } DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) { - DH *ret = EVP_PKEY_get0_DH(pkey); + DH *ret = evp_pkey_get0_DH_int(pkey); + if (ret != NULL) DH_up_ref(ret); return ret; @@ -1310,36 +1311,6 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub) /*- All methods below can also be used in FIPS_MODULE */ -/* - * This reset function must be used very carefully, as it literally throws - * away everything in an EVP_PKEY without freeing them, and may cause leaks - * of memory, what have you. - * The only reason we have this is to have the same code for EVP_PKEY_new() - * and evp_pkey_downgrade(). - */ -static int evp_pkey_reset_unlocked(EVP_PKEY *pk) -{ - if (pk == NULL) - return 0; - - if (pk->lock != NULL) { - const size_t offset = (unsigned char *)&pk->lock - (unsigned char *)pk; - - memset(pk, 0, offset); - memset((unsigned char *)pk + offset + sizeof(pk->lock), - 0, - sizeof(*pk) - offset - sizeof(pk->lock)); - } - /* EVP_PKEY_new uses zalloc so no need to call memset if pk->lock is NULL */ - - pk->type = EVP_PKEY_NONE; - pk->save_type = EVP_PKEY_NONE; - pk->references = 1; - pk->save_parameters = 1; - - return 1; -} - EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -1349,8 +1320,10 @@ EVP_PKEY *EVP_PKEY_new(void) return NULL; } - if (!evp_pkey_reset_unlocked(ret)) - goto err; + ret->type = EVP_PKEY_NONE; + ret->save_type = EVP_PKEY_NONE; + ret->references = 1; + ret->save_parameters = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { @@ -1559,12 +1532,32 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey) #ifndef FIPS_MODULE void evp_pkey_free_legacy(EVP_PKEY *x) { - if (x->ameth != NULL) { - if (x->ameth->pkey_free != NULL) - x->ameth->pkey_free(x); + const EVP_PKEY_ASN1_METHOD *ameth = x->ameth; + ENGINE *tmpe = NULL; + + if (ameth == NULL && x->legacy_cache_pkey.ptr != NULL) + ameth = EVP_PKEY_asn1_find(&tmpe, x->type); + + if (ameth != NULL) { + if (x->legacy_cache_pkey.ptr != NULL) { + /* + * We should never have both a legacy origin key, and a key in the + * legacy cache. + */ + assert(x->pkey.ptr == NULL); + /* + * For the purposes of freeing we make the legacy cache look like + * a legacy origin key. + */ + x->pkey = x->legacy_cache_pkey; + x->legacy_cache_pkey.ptr = NULL; + } + if (ameth->pkey_free != NULL) + ameth->pkey_free(x); x->pkey.ptr = NULL; } # ifndef OPENSSL_NO_ENGINE + ENGINE_finish(tmpe); ENGINE_finish(x->engine); x->engine = NULL; ENGINE_finish(x->pmeth_engine); @@ -1824,10 +1817,15 @@ int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src) keytype = OBJ_nid2sn(type); /* Make sure we have a clean slate to copy into */ - if (*dest == NULL) + if (*dest == NULL) { *dest = EVP_PKEY_new(); - else + if (*dest == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { evp_pkey_free_it(*dest); + } if (EVP_PKEY_set_type(*dest, type)) { /* If the key is typed but empty, we're done */ @@ -1872,78 +1870,57 @@ int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src) return 0; } -int evp_pkey_downgrade(EVP_PKEY *pk) +void *evp_pkey_get_legacy(EVP_PKEY *pk) { - EVP_PKEY tmp_copy; /* Stack allocated! */ - int rv = 0; + EVP_PKEY *tmp_copy = NULL; + void *ret = NULL; if (!ossl_assert(pk != NULL)) - return 0; + return NULL; /* - * Throughout this whole function, we must ensure that we lock / unlock - * the exact same lock. Note that we do pass it around a bit. + * If this isn't an assigned provider side key, we just use any existing + * origin legacy key. */ - if (!CRYPTO_THREAD_write_lock(pk->lock)) - return 0; + if (!evp_pkey_is_assigned(pk)) + return NULL; + if (!evp_pkey_is_provided(pk)) + return pk->pkey.ptr; - /* If this isn't an assigned provider side key, we're done */ - if (!evp_pkey_is_assigned(pk) || !evp_pkey_is_provided(pk)) { - rv = 1; - goto end; - } + if (!CRYPTO_THREAD_read_lock(pk->lock)) + return NULL; - /* - * To be able to downgrade, we steal the contents of |pk|, then reset - * it, and finally try to make it a downgraded copy. If any of that - * fails, we restore the copied contents into |pk|. - */ - tmp_copy = *pk; /* |tmp_copy| now owns THE lock */ + ret = pk->legacy_cache_pkey.ptr; - if (evp_pkey_reset_unlocked(pk) - && evp_pkey_copy_downgraded(&pk, &tmp_copy)) { + if (!CRYPTO_THREAD_unlock(pk->lock)) + return NULL; - /* Restore the common attributes, then empty |tmp_copy| */ - pk->references = tmp_copy.references; - pk->attributes = tmp_copy.attributes; - pk->save_parameters = tmp_copy.save_parameters; - pk->ex_data = tmp_copy.ex_data; + if (ret != NULL) + return ret; - /* Ensure that stuff we've copied won't be freed */ - tmp_copy.lock = NULL; - tmp_copy.attributes = NULL; - memset(&tmp_copy.ex_data, 0, sizeof(tmp_copy.ex_data)); + if (!evp_pkey_copy_downgraded(&tmp_copy, pk)) + return NULL; - /* - * Save the provider side data in the operation cache, so they'll - * find it again. |pk| is new, so it's safe to assume slot zero - * is free. - * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's - * reference count, so we need to decrement it, or there will be a - * leak. - */ - evp_keymgmt_util_cache_keydata(pk, tmp_copy.keymgmt, - tmp_copy.keydata); - EVP_KEYMGMT_free(tmp_copy.keymgmt); + if (!CRYPTO_THREAD_write_lock(pk->lock)) + goto err; - /* - * Clear keymgmt and keydata from |tmp_copy|, or they'll get - * inadvertently freed. - */ - tmp_copy.keymgmt = NULL; - tmp_copy.keydata = NULL; + /* Check again in case some other thread has updated it in the meantime */ + ret = pk->legacy_cache_pkey.ptr; + if (ret == NULL) { + /* Steal the legacy key reference from the temporary copy */ + ret = pk->legacy_cache_pkey.ptr = tmp_copy->pkey.ptr; + tmp_copy->pkey.ptr = NULL; + } - evp_pkey_free_it(&tmp_copy); - rv = 1; - } else { - /* Restore the original key */ - *pk = tmp_copy; + if (!CRYPTO_THREAD_unlock(pk->lock)) { + ret = NULL; + goto err; } - end: - if (!CRYPTO_THREAD_unlock(pk->lock)) - return 0; - return rv; + err: + EVP_PKEY_free(tmp_copy); + + return ret; } #endif /* FIPS_MODULE */ @@ -2201,7 +2178,7 @@ int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey) || pkey->keydata == NULL) { #ifndef OPENSSL_NO_EC /* Might work through the legacy route */ - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); if (ec == NULL) return 0; @@ -2241,7 +2218,7 @@ int EVP_PKEY_get_field_type(const EVP_PKEY *pkey) || pkey->keydata == NULL) { #ifndef OPENSSL_NO_EC /* Might work through the legacy route */ - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); const EC_GROUP *grp; if (ec == NULL) diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 1e4078cfa7..1953e0f958 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -197,7 +197,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) #endif /* - * Because we still have legacy keys, and evp_pkey_downgrade() + * Because we still have legacy keys * TODO remove this #legacy internal keys are gone */ (*ppkey)->type = ctx->legacy_keytype; @@ -208,8 +208,17 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) #ifdef FIPS_MODULE goto not_supported; #else - if (ctx->pkey && !evp_pkey_downgrade(ctx->pkey)) + /* + * If we get here then we're using legacy paramgen/keygen. In that case + * the pkey in ctx (if there is one) had better not be provided (because the + * legacy methods may not know how to handle it). However we can only get + * here if ctx->op.keymgmt.genctx == NULL, but that should never be the case + * if ctx->pkey is provided because we don't allow this when we initialise + * the ctx. + */ + if (ctx->pkey != NULL && !ossl_assert(!evp_pkey_is_provided(ctx->pkey))) goto not_accessible; + switch (ctx->operation) { case EVP_PKEY_OP_PARAMGEN: ret = ctx->pmeth->paramgen(ctx, *ppkey); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index b08d0d2e3c..96d103544d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -266,8 +266,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, /* * Chase down the legacy NID, as that might be needed for diverse * purposes, such as ensure that EVP_PKEY_type() can return sensible - * values, or that there's a better chance to "downgrade" a key when - * needed. We go through all keymgmt names, because the keytype + * values. We go through all keymgmt names, because the keytype * that's passed to this function doesn't necessarily translate * directly. * TODO: Remove this when #legacy keys are gone. diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index de673be005..8006c64b3a 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -450,12 +450,12 @@ static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) *out += len; } -static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); -static void write_rsa(unsigned char **out, RSA *rsa, int ispub); +static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *magic); +static void write_rsa(unsigned char **out, const RSA *rsa, int ispub); #ifndef OPENSSL_NO_DSA -static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); -static void write_dsa(unsigned char **out, DSA *dsa, int ispub); +static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *magic); +static void write_dsa(unsigned char **out, const DSA *dsa, int ispub); #endif static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub) @@ -542,7 +542,7 @@ static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int ispub) return -1; } -static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) +static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *pmagic) { int nbyte, hnbyte, bitlen; const BIGNUM *e; @@ -582,7 +582,7 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) return 0; } -static void write_rsa(unsigned char **out, RSA *rsa, int ispub) +static void write_rsa(unsigned char **out, const RSA *rsa, int ispub) { int nbyte, hnbyte; const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1; @@ -605,7 +605,7 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub) } #ifndef OPENSSL_NO_DSA -static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) +static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *pmagic) { int bitlen; const BIGNUM *p = NULL, *q = NULL, *g = NULL; @@ -633,7 +633,7 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) return 0; } -static void write_dsa(unsigned char **out, DSA *dsa, int ispub) +static void write_dsa(unsigned char **out, const DSA *dsa, int ispub) { int nbyte; const BIGNUM *p = NULL, *q = NULL, *g = NULL; diff --git a/doc/internal/man3/evp_pkey_export_to_provider.pod b/doc/internal/man3/evp_pkey_export_to_provider.pod index 6cea8a9aab..833ff44d53 100644 --- a/doc/internal/man3/evp_pkey_export_to_provider.pod +++ b/doc/internal/man3/evp_pkey_export_to_provider.pod @@ -2,7 +2,7 @@ =head1 NAME -evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_downgrade +evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_get_legacy - internal EVP_PKEY support functions for providers =head1 SYNOPSIS @@ -14,7 +14,7 @@ evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_downgrade EVP_KEYMGMT **keymgmt, const char *propquery); int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); - int evp_pkey_downgrade(EVP_PKEY *pk); + void *evp_pkey_get_legacy(EVP_PKEY *pk); =head1 DESCRIPTION @@ -37,11 +37,14 @@ For example, L uses this to try its best to get "traditional" PEM output even if the input B has a provider-native internal key. -evp_pkey_downgrade() converts an B with a provider side "origin" key -to one with a legacy "origin", if there's a corresponding legacy implementation. -This clears the operation cache, except for the provider side "origin" key. -This function is used in spots where provider side keys aren't yet supported, -in an attempt to keep operating with available implementations. +evp_pkey_get_legacy() obtains and returns a legacy key structure. If the +EVP_PKEY already contains a legacy key then it is simply returned. If it is a +provider based key, then a new legacy key is constructed based on the provider +key. The legacy key is cached inside the EVP_PKEY and its value returned from +this function. Subsequent calls to evp_pkey_get_legacy() will return the cached +key. Subsequent changes to the provider key are not reflected back in the +legacy key. Similarly changes to the legacy key are not reflected back in the +provider key. =head1 RETURN VALUES @@ -49,14 +52,13 @@ evp_pkey_export_to_provider() returns the provider key data if there was any allocated. It also either sets I<*keymgmt> to the B associated with the returned key data, or NULL on error. -evp_pkey_downgrade() returns 1 on success or 0 on error. +evp_pkey_get_legacy() returns the legacy key or NULL on error. =head1 NOTES -Some functions calling evp_pkey_export_to_provider() or evp_pkey_downgrade() -may have received a const key, and may therefore have to cast the key to -non-const form to call this function. Since B is always dynamically -allocated, this is OK. +Some functions calling evp_pkey_export_to_provider() may have received a const +key, and may therefore have to cast the key to non-const form to call this +function. Since B is always dynamically allocated, this is OK. =head1 SEE ALSO diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod index 022f3f0e4e..cc738b9c28 100644 --- a/doc/internal/man7/EVP_PKEY.pod +++ b/doc/internal/man7/EVP_PKEY.pod @@ -65,7 +65,10 @@ The B internal keys are mutable. This is especially visible with internal legacy keys, since they can be extracted with functions like L and then -modified at will with functions like L. +modified at will with functions like L. Note that if the +internal key is a provider key then the return value from functions such as +L is a cached copy of the key. Changes to the cached +copy are not reflected back in the provider key. Internal provider native keys are also possible to be modified, if the associated L implementation allows it. This is done @@ -178,27 +181,20 @@ OSSL_FUNC_keymgmt_import() function. =back -=head2 Upgrading and downgrading a key - -An B with a legacy origin will I be upgraded to -become an B with a provider native origin. Instead, we have -the operation cache as described above, that takes care of the needs -of the diverse operation the application may want to perform. - -An B with a provider native origin, I be downgraded to -be I into an B with a legacy origin. Because -an B can't have two origins, it means that it stops having a -provider native origin. The previous provider native key data is -moved to the operation cache. Downgrading is performed with the -internal function L. - -I, and possibly surprising, -and should therefore be done I, but is needed -to be able to support functions like L. -The general recommendation is to use L -whenever possible, which it should be if the need for a legacy origin -is only internal, or better yet, to remove the need for downgrade at -all. +=head2 Changing a key origin + +It is never possible to change the origin of a key. An B with a legacy +origin will I be upgraded to become an B with a provider +native origin. Instead, we have the operation cache as described above, that +takes care of the needs of the diverse operation the application may want to +perform. + +Similarly an B with a provider native origin, will I be +I into an B with a legacy origin. Instead we may have a +cached copy of the provider key in legacy form. Once the cached copy is created +it is never updated. Changes made to the provider key are not reflected back in +the cached legacy copy. Similarly changes made to the cached legacy copy are not +reflected back in the provider key. =head1 SEE ALSO diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index d4ab126e0a..64760b2923 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -15,6 +15,16 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions #include + int EVP_PKEY_id(const EVP_PKEY *pkey); + int EVP_PKEY_base_id(const EVP_PKEY *pkey); + int EVP_PKEY_type(int type); + +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); @@ -28,10 +38,10 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); - RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); - DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); - DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); - EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); + const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); + const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); + const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); + const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); @@ -40,40 +50,11 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); - int EVP_PKEY_id(const EVP_PKEY *pkey); - int EVP_PKEY_base_id(const EVP_PKEY *pkey); - int EVP_PKEY_type(int type); - ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); -Deprecated since OpenSSL 3.0, can be hidden entirely by defining -B with a suitable version value, see -L: - - int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); - =head1 DESCRIPTION -EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and -EVP_PKEY_set1_EC_KEY() set the key referenced by I to I. - -EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and -EVP_PKEY_get1_EC_KEY() return the referenced key in I or NULL if the -key is not of the correct type. The returned key must be freed after use. - -EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), -EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and -EVP_PKEY_get0_EC_KEY() return the referenced key in I or NULL if the -key is not of the correct type but the reference count of the returned key -is B incremented and so must not be freed after use. - -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), -EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and -EVP_PKEY_assign_SIPHASH() set the referenced key to I however these use -the supplied I internally and so I will be freed when the parent -I is freed. - EVP_PKEY_base_id() returns the type of I. For example an RSA key will return B. @@ -87,15 +68,71 @@ often seen in practice. EVP_PKEY_type() returns the underlying type of the NID I. For example EVP_PKEY_type(EVP_PKEY_RSA2) will return B. -EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I. +EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and +EVP_PKEY_set1_EC_KEY() set the key referenced by I to I. These +functions are deprecated. Applications should instead use +L. + +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and +EVP_PKEY_assign_SIPHASH() set the referenced key to I however these use +the supplied I internally and so I will be freed when the parent +I is freed. These macros are deprecated. Applications should instead read +an EVP_PKEY directly using the OSSL_DECODER APIs (see +L), or construct an EVP_PKEY from data using +L. + +EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and +EVP_PKEY_get1_EC_KEY() return the referenced key in I or NULL if the +key is not of the correct type. The returned key must be freed after use. +These functions are deprecated. Applications should instead use the EVP_PKEY +directly where possible. If access to the low level key parameters is required +then applications should use L and other similar +functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see +L). + +EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), +EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and +EVP_PKEY_get0_EC_KEY() return the referenced key in I or NULL if the +key is not of the correct type. The reference count of the returned key is +B incremented and so the key must not be freed after use. These functions +are deprecated. Applications should instead use the EVP_PKEY directly where +possible. If access to the low level key parameters is required then +applications should use L and other similar functions. +To write an EVP_PKEY out use the OSSL_ENCODER APIs (see +L). + +Note that if an EVP_PKEY was not constructed using one of the deprecated +functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() +or EVP_PKEY_set1_EC_KEY(), or via the similarly named B macros +described above then the internal key will be managed by a provider (see +L). In that case the key returned by EVP_PKEY_get1_RSA(), +EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH(), EVP_PKEY_get1_EC_KEY(), +EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), +EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() or +EVP_PKEY_get0_EC_KEY() will be a cached copy of the provider's key. Subsequent +updates to the provider's key will not be reflected back in the cached copy, and +updates made by an application to the returned key will not be reflected back in +the provider's key. Subsequent calls to EVP_PKEY_get1_RSA(), +EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() will always +return the cached copy returned by the first call. + +EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I. This +function is deprecated. Applications should use providers instead of engines +(see L for details). EVP_PKEY_set1_engine() sets the ENGINE handling I to I. It must be called after the key algorithm and components are set up. If I does not include an B for I an -error occurs. +error occurs. This function is deprecated. Applications should use providers +instead of engines (see L for details). -EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a -different set of algorithms than the default. +EVP_PKEY_set_alias_type() allows modifying an EVP_PKEY to use a +different set of algorithms than the default. This function is deprecated and +was previously needed as a workaround to recognise SM2 keys. From OpenSSL 3.0, +this key type is internally recognised so the workaround is no longer needed. +Functionality is still retained as it is, but will only work with EVP_PKEYs +with a legacy internal key. =head1 WARNINGS @@ -106,6 +143,17 @@ EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type(), EVP_PKEY_set_alias_type() For EVP_PKEY key type checking purposes, L is more generic. +The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), +EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const" +return type in OpenSSL 3.0. As described above the keys returned may be cached +copies of the key held in a provider. Due to this, and unlike in earlier +versions of OpenSSL, they should be considered read-only copies of the key. +Updates to these keys will not be reflected back in the provider side key. The +EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and +EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const" return type +in order that applications can "free" the return value. However applications +should still consider them as read-only copies. + =head1 NOTES In accordance with the OpenSSL naming convention the key obtained @@ -170,7 +218,17 @@ L, L =head1 HISTORY -EVP_PKEY_set_alias_type() was deprecated in OpenSSL 3.0. +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were +deprecated in OpenSSL 3.0. + +The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, +EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod index d8f5a2c1d3..c97abba3dd 100644 --- a/doc/man7/evp.pod +++ b/doc/man7/evp.pod @@ -29,7 +29,7 @@ The BI functions provide a high-level interface to asymmetric algorithms. To create a new EVP_PKEY see L. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions -described on the L page, or +described on the L page, or new keys can be generated using L. EVP_PKEYs can be compared using L, or printed using L. @@ -90,7 +90,7 @@ L, L, L, L, -L, +L, L, L, L, diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 41487d2af2..70cc6fff1c 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -608,6 +608,21 @@ DEFINE_STACK_OF(OP_CACHE_ELEM) #define evp_pkey_is_provided(pk) \ ((pk)->keymgmt != NULL) +union legacy_pkey_st { + void *ptr; + struct rsa_st *rsa; /* RSA */ +# ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +# endif +# ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +# endif +# ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ + ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +# endif +}; + struct evp_pkey_st { /* == Legacy attributes == */ int type; @@ -621,24 +636,15 @@ struct evp_pkey_st { const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *engine; ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ - union { - void *ptr; - struct rsa_st *rsa; /* RSA */ -# ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -# endif -# ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -# endif -# ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ - ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ -# endif - } pkey; + + /* Union to store the reference to an origin legacy key */ + union legacy_pkey_st pkey; + + /* Union to store the reference to a non-origin legacy key */ + union legacy_pkey_st legacy_cache_pkey; # endif /* == Common attributes == */ - /* If these are modified, so must evp_pkey_downgrade() */ CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ @@ -719,7 +725,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, const char *propquery); #ifndef FIPS_MODULE int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); -int evp_pkey_downgrade(EVP_PKEY *pk); +void *evp_pkey_get_legacy(EVP_PKEY *pk); void evp_pkey_free_legacy(EVP_PKEY *x); #endif @@ -884,4 +890,11 @@ int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); /* This must ONLY be called for legacy EVP_PKEYs */ int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); +/* Same as the public get0 functions but are not const */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); +EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); +RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); +# endif + #endif /* OSSL_CRYPTO_EVP_H */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 96a82827fc..ec8503e7d8 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1240,55 +1240,62 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt); # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); -# endif -# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +OSSL_DEPRECATEDIN_3_0 ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); -# endif +# endif +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); -void *EVP_PKEY_get0(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +const void *EVP_PKEY_get0(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); -# ifndef OPENSSL_NO_POLY1305 +# ifndef OPENSSL_NO_POLY1305 +OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); -# endif -# ifndef OPENSSL_NO_SIPHASH +# endif +# ifndef OPENSSL_NO_SIPHASH +OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); -# endif +# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 struct rsa_st; OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); OSSL_DEPRECATEDIN_3_0 -struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); -# endif -# ifndef OPENSSL_NO_DSA + +# ifndef OPENSSL_NO_DSA struct dsa_st; +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); -struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +const struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + # ifndef OPENSSL_NO_DH struct dh_st; OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); -OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 const struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); # endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 + # ifndef OPENSSL_NO_EC struct ec_key_st; OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); OSSL_DEPRECATEDIN_3_0 -struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +const struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); # endif -# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ EVP_PKEY *EVP_PKEY_new(void); int EVP_PKEY_up_ref(EVP_PKEY *pkey); diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c index cdf86530ce..c72d15bdaa 100644 --- a/test/endecoder_legacy_test.c +++ b/test/endecoder_legacy_test.c @@ -58,11 +58,11 @@ #include "testutil.h" -typedef int PEM_write_bio_of_void_protected(BIO *out, void *obj, +typedef int PEM_write_bio_of_void_protected(BIO *out, const void *obj, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -typedef int PEM_write_bio_of_void_unprotected(BIO *out, void *obj); +typedef int PEM_write_bio_of_void_unprotected(BIO *out, const void *obj); typedef void *PEM_read_bio_of_void(BIO *out, void **obj, pem_password_cb *cb, void *u); typedef int EVP_PKEY_print_fn(BIO *out, const EVP_PKEY *pkey, @@ -294,7 +294,7 @@ static int test_membio_str_eq(BIO *bio_provided, BIO *bio_legacy) } static int test_protected_PEM(const char *keytype, int evp_type, - void *legacy_key, + const void *legacy_key, PEM_write_bio_of_void_protected *pem_write_bio, PEM_read_bio_of_void *pem_read_bio, EVP_PKEY_eq_fn *evp_pkey_eq, @@ -362,7 +362,7 @@ static int test_protected_PEM(const char *keytype, int evp_type, } static int test_unprotected_PEM(const char *keytype, int evp_type, - void *legacy_key, + const void *legacy_key, PEM_write_bio_of_void_unprotected *pem_write_bio, PEM_read_bio_of_void *pem_read_bio, EVP_PKEY_eq_fn *evp_pkey_eq, @@ -429,7 +429,7 @@ static int test_unprotected_PEM(const char *keytype, int evp_type, } static int test_DER(const char *keytype, int evp_type, - void *legacy_key, i2d_of_void *i2d, d2i_of_void *d2i, + const void *legacy_key, i2d_of_void *i2d, d2i_of_void *d2i, EVP_PKEY_eq_fn *evp_pkey_eq, EVP_PKEY_print_fn *evp_pkey_print, EVP_PKEY *provided_pkey, int selection, @@ -506,7 +506,7 @@ static int test_key(int idx) int ok = 0; size_t i; EVP_PKEY *pkey = NULL, *downgraded_pkey = NULL; - void *legacy_obj = NULL; + const void *legacy_obj = NULL; /* Get the test data */ if (!TEST_ptr(test_stanza = &test_stanzas[idx]) diff --git a/test/sslapitest.c b/test/sslapitest.c index 06d8e80200..b469d80a17 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8313,7 +8313,14 @@ static DH *tmp_dh_callback(SSL *s, int is_export, int keylen) if (!TEST_ptr(dhpkey)) return NULL; - ret = EVP_PKEY_get0_DH(dhpkey); + /* + * libssl does not free the returned DH, so we free it now knowing that even + * after we free dhpkey, there will still be a reference to the owning + * EVP_PKEY in tmp_dh_params, and so the DH object will live for the length + * of time we need it for. + */ + ret = EVP_PKEY_get1_DH(dhpkey); + DH_free(ret); EVP_PKEY_free(dhpkey); @@ -8361,7 +8368,7 @@ static int test_set_tmp_dh(int idx) } # ifndef OPENSSL_NO_DEPRECATED_3_0 if (idx == 7 || idx == 8) { - dh = EVP_PKEY_get0_DH(dhpkey); + dh = EVP_PKEY_get1_DH(dhpkey); if (!TEST_ptr(dh)) goto end; } @@ -8431,6 +8438,9 @@ static int test_set_tmp_dh(int idx) testresult = 1; end: +# ifndef OPENSSL_NO_DEPRECATED_3_0 + DH_free(dh); +# endif SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); diff --git a/test/threadstest.c b/test/threadstest.c index 26807e294c..1967ec6dad 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* test_multi below tests the thread safety of a deprecated function */ +#define OPENSSL_SUPPRESS_DEPRECATED + #if defined(_WIN32) # include #endif @@ -401,23 +404,46 @@ static void thread_shared_evp_pkey(void) multi_success = 0; } +static void thread_downgrade_shared_evp_pkey(void) +{ +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* + * This test is only relevant for deprecated functions that perform + * downgrading + */ + if (EVP_PKEY_get0(shared_evp_pkey) == NULL) + multi_success = 0; +#else + /* Shouldn't ever get here */ + multi_success = 0; +#endif +} + + /* * Do work in multiple worker threads at the same time. * Test 0: General worker, using the default provider * Test 1: General worker, using the fips provider * Test 2: Simple fetch worker - * Test 3: Worker using a shared EVP_PKEY + * Test 3: Worker downgrading a shared EVP_PKEY + * Test 4: Worker using a shared EVP_PKEY */ static int test_multi(int idx) { thread_t thread1, thread2; int testresult = 0; OSSL_PROVIDER *prov = NULL, *prov2 = NULL; - void (*worker)(void); + void (*worker)(void) = NULL; + void (*worker2)(void) = NULL; if (idx == 1 && !do_fips) return TEST_skip("FIPS not supported"); +#ifdef OPENSSL_NO_DEPRECATED_3_0 + if (idx == 3) + return TEST_skip("Skipping tests for deprected functions"); +#endif + multi_success = 1; multi_libctx = OSSL_LIB_CTX_new(); if (!TEST_ptr(multi_libctx)) @@ -435,6 +461,9 @@ static int test_multi(int idx) worker = thread_multi_simple_fetch; break; case 3: + worker2 = thread_downgrade_shared_evp_pkey; + /* fall through */ + case 4: /* * If available we have both the default and fips providers for this * test @@ -450,9 +479,11 @@ static int test_multi(int idx) TEST_error("Invalid test index"); goto err; } + if (worker2 == NULL) + worker2 = worker; if (!TEST_true(run_thread(&thread1, worker)) - || !TEST_true(run_thread(&thread2, worker))) + || !TEST_true(run_thread(&thread2, worker2))) goto err; worker(); @@ -547,7 +578,7 @@ int setup_tests(void) ADD_TEST(test_thread_local); ADD_TEST(test_atomic); ADD_TEST(test_multi_load); - ADD_ALL_TESTS(test_multi, 4); + ADD_ALL_TESTS(test_multi, 5); return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 88b5648a74..309676f39b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1818,7 +1818,7 @@ PEM_write_PKCS8 1860 3_0_0 EXIST::FUNCTION:STDIO PKCS7_digest_from_attributes 1861 3_0_0 EXIST::FUNCTION: EC_GROUP_set_curve_GFp 1862 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_PURPOSE_get0 1863 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set1_DSA 1864 3_0_0 EXIST::FUNCTION:DSA +EVP_PKEY_set1_DSA 1864 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA X509_NAME_it 1865 3_0_0 EXIST::FUNCTION: OBJ_add_object 1866 3_0_0 EXIST::FUNCTION: DSA_generate_key 1867 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA @@ -1938,7 +1938,7 @@ OBJ_NAME_do_all 1983 3_0_0 EXIST::FUNCTION: d2i_TS_MSG_IMPRINT_fp 1984 3_0_0 EXIST::FUNCTION:STDIO,TS X509_CRL_verify 1985 3_0_0 EXIST::FUNCTION: X509_get0_uids 1986 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_DSA 1987 3_0_0 EXIST::FUNCTION:DSA +EVP_PKEY_get0_DSA 1987 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA d2i_CMS_ContentInfo 1988 3_0_0 EXIST::FUNCTION:CMS EVP_CIPHER_meth_get_do_cipher 1989 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_DSA_PUBKEY 1990 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA @@ -2093,7 +2093,7 @@ BN_GF2m_mod_sqr 2138 3_0_0 EXIST::FUNCTION:EC2M ASN1_PRINTABLE_new 2139 3_0_0 EXIST::FUNCTION: OBJ_NAME_new_index 2140 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_add_alias 2141 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get1_DSA 2142 3_0_0 EXIST::FUNCTION:DSA +EVP_PKEY_get1_DSA 2142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA SEED_cbc_encrypt 2143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED EVP_rc2_40_cbc 2144 3_0_0 EXIST::FUNCTION:RC2 ECDSA_SIG_new 2145 3_0_0 EXIST::FUNCTION:EC @@ -2603,7 +2603,7 @@ TS_MSG_IMPRINT_print_bio 2658 3_0_0 EXIST::FUNCTION:TS CONF_module_set_usr_data 2659 3_0_0 EXIST::FUNCTION: EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BIO_ctrl_get_write_guarantee 2661 3_0_0 EXIST::FUNCTION: -EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION: +EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_aes_128_ofb 2663 3_0_0 EXIST::FUNCTION: CMS_data 2664 3_0_0 EXIST::FUNCTION:CMS X509_load_cert_file 2665 3_0_0 EXIST::FUNCTION: @@ -2809,7 +2809,7 @@ i2d_OCSP_CERTID 2870 3_0_0 EXIST::FUNCTION:OCSP BN_CTX_start 2871 3_0_0 EXIST::FUNCTION: BN_print 2872 3_0_0 EXIST::FUNCTION: EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION: OPENSSL_cleanse 2877 3_0_0 EXIST::FUNCTION: @@ -4002,7 +4002,7 @@ PEM_write_bio_PrivateKey_traditional 4091 3_0_0 EXIST::FUNCTION: X509_get_pathlen 4092 3_0_0 EXIST::FUNCTION: ECDSA_SIG_set0 4093 3_0_0 EXIST::FUNCTION:EC DSA_SIG_set0 4094 3_0_0 EXIST::FUNCTION:DSA -EVP_PKEY_get0_hmac 4095 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get0_hmac 4095 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 HMAC_CTX_get_md 4096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 NAME_CONSTRAINTS_check_CN 4097 3_0_0 EXIST::FUNCTION: OCSP_resp_get0_id 4098 3_0_0 EXIST::FUNCTION:OCSP @@ -4089,9 +4089,9 @@ UI_method_set_ex_data 4178 3_0_0 EXIST::FUNCTION: UI_method_get_ex_data 4179 3_0_0 EXIST::FUNCTION: UI_UTIL_wrap_read_pem_callback 4180 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_time 4181 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_poly1305 4182 3_0_0 EXIST::FUNCTION:POLY1305 +EVP_PKEY_get0_poly1305 4182 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,POLY1305 DH_check_params 4183 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH -EVP_PKEY_get0_siphash 4184 3_0_0 EXIST::FUNCTION:SIPHASH +EVP_PKEY_get0_siphash 4184 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SIPHASH EVP_aria_256_ofb 4185 3_0_0 EXIST::FUNCTION:ARIA EVP_aria_256_cfb128 4186 3_0_0 EXIST::FUNCTION:ARIA EVP_aria_128_cfb1 4187 3_0_0 EXIST::FUNCTION:ARIA @@ -4234,7 +4234,7 @@ EVP_PKEY_meth_set_check 4341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EVP_PKEY_meth_get_check 4342 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OPENSSL_sk_reserve 4344 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:ENGINE +EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH CRYPTO_get_alloc_counts 4350 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG @@ -4572,7 +4572,7 @@ OSSL_PARAM_get_octet_ptr ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_set_octet_ptr ? 3_0_0 EXIST::FUNCTION: X509_set0_distinguishing_id ? 3_0_0 EXIST::FUNCTION: X509_get0_distinguishing_id ? 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_engine ? 3_0_0 EXIST::FUNCTION:ENGINE +EVP_PKEY_get0_engine ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_MD_up_ref ? 3_0_0 EXIST::FUNCTION: EVP_MD_fetch ? 3_0_0 EXIST::FUNCTION: EVP_set_default_properties ? 3_0_0 EXIST::FUNCTION: From matt at openssl.org Mon Mar 8 15:44:36 2021 From: matt at openssl.org (Matt Caswell) Date: Mon, 08 Mar 2021 15:44:36 +0000 Subject: [openssl] master update Message-ID: <1615218276.748450.24577.nullmailer@dev.openssl.org> The branch master has been updated via 9afc6c54314f94c0dcb4168d01554497bfaeae4f (commit) from 7bc0fdd3fd4535e06c35b92d71afab9a6de94cc5 (commit) - Log ----------------------------------------------------------------- commit 9afc6c54314f94c0dcb4168d01554497bfaeae4f Author: Matt Caswell Date: Thu Mar 4 16:33:26 2021 +0000 Fix the check for suitable groups and TLSv1.3 If we have TLSv1.3 enabled then we must have at least one TLSv1.3 capable group available. This check was not always working Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/14430) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_clnt.c | 8 ++- test/ssl-tests/20-cert-select.cnf | 102 ++++++++++++++++++++++------------- test/ssl-tests/20-cert-select.cnf.in | 22 +++++++- 3 files changed, 92 insertions(+), 40 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b216e29f26..cac713fff0 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -234,7 +234,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { - if (added == 0 || (tls13added == 0 && max_version == TLS1_3_VERSION)) + if (added == 0) SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, "No groups enabled for max supported SSL/TLS version"); else @@ -242,6 +242,12 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } + if (tls13added == 0 && max_version == TLS1_3_VERSION) { + SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, + "No groups enabled for max supported SSL/TLS version"); + return EXT_RETURN_FAIL; + } + return EXT_RETURN_SENT; } diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 267690ee35..79dcd4c8f4 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 56 +num_tests = 57 test-0 = 0-ECDSA CipherString Selection test-1 = 1-ECDSA CipherString Selection @@ -54,10 +54,11 @@ test-48 = 48-TLS 1.3 Ed25519 CipherString and Groups Selection test-49 = 49-TLS 1.3 Ed448 CipherString and Groups Selection test-50 = 50-TLS 1.3 Ed25519 Client Auth test-51 = 51-TLS 1.3 Ed448 Client Auth -test-52 = 52-TLS 1.3 ECDSA with brainpool -test-53 = 53-TLS 1.2 DSA Certificate Test -test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms -test-55 = 55-TLS 1.3 DSA Certificate Test +test-52 = 52-TLS 1.3 ECDSA with brainpool but no suitable groups +test-53 = 53-TLS 1.3 ECDSA with brainpool +test-54 = 54-TLS 1.2 DSA Certificate Test +test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-56 = 56-TLS 1.3 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -783,6 +784,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem [22-ECDSA with brainpool-client] CipherString = aECDSA Groups = brainpoolP256r1 +MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1705,19 +1707,45 @@ ExpectedResult = Success # =========================================================== -[52-TLS 1.3 ECDSA with brainpool] -ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl +[52-TLS 1.3 ECDSA with brainpool but no suitable groups] +ssl_conf = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl + +[52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl] +server = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-server +client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client + +[52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedResult = ClientFail + + +# =========================================================== + +[53-TLS 1.3 ECDSA with brainpool] +ssl_conf = 53-TLS 1.3 ECDSA with brainpool-ssl -[52-TLS 1.3 ECDSA with brainpool-ssl] -server = 52-TLS 1.3 ECDSA with brainpool-server -client = 52-TLS 1.3 ECDSA with brainpool-client +[53-TLS 1.3 ECDSA with brainpool-ssl] +server = 53-TLS 1.3 ECDSA with brainpool-server +client = 53-TLS 1.3 ECDSA with brainpool-client -[52-TLS 1.3 ECDSA with brainpool-server] +[53-TLS 1.3 ECDSA with brainpool-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -[52-TLS 1.3 ECDSA with brainpool-client] +[53-TLS 1.3 ECDSA with brainpool-client] CipherString = DEFAULT MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 @@ -1725,20 +1753,20 @@ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-52] +[test-53] ExpectedResult = ServerFail # =========================================================== -[53-TLS 1.2 DSA Certificate Test] -ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl +[54-TLS 1.2 DSA Certificate Test] +ssl_conf = 54-TLS 1.2 DSA Certificate Test-ssl -[53-TLS 1.2 DSA Certificate Test-ssl] -server = 53-TLS 1.2 DSA Certificate Test-server -client = 53-TLS 1.2 DSA Certificate Test-client +[54-TLS 1.2 DSA Certificate Test-ssl] +server = 54-TLS 1.2 DSA Certificate Test-server +client = 54-TLS 1.2 DSA Certificate Test-client -[53-TLS 1.2 DSA Certificate Test-server] +[54-TLS 1.2 DSA Certificate Test-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ALL DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem @@ -1748,26 +1776,26 @@ MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[53-TLS 1.2 DSA Certificate Test-client] +[54-TLS 1.2 DSA Certificate Test-client] CipherString = ALL SignatureAlgorithms = DSA+SHA256:DSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-53] +[test-54] ExpectedResult = Success # =========================================================== -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] -ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl +[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] +ssl_conf = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] -server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server -client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client +[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] +server = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server +client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] +[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 @@ -1775,25 +1803,25 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] +[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-54] +[test-55] ExpectedResult = ServerFail # =========================================================== -[55-TLS 1.3 DSA Certificate Test] -ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl +[56-TLS 1.3 DSA Certificate Test] +ssl_conf = 56-TLS 1.3 DSA Certificate Test-ssl -[55-TLS 1.3 DSA Certificate Test-ssl] -server = 55-TLS 1.3 DSA Certificate Test-server -client = 55-TLS 1.3 DSA Certificate Test-client +[56-TLS 1.3 DSA Certificate Test-ssl] +server = 56-TLS 1.3 DSA Certificate Test-server +client = 56-TLS 1.3 DSA Certificate Test-client -[55-TLS 1.3 DSA Certificate Test-server] +[56-TLS 1.3 DSA Certificate Test-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ALL DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem @@ -1802,13 +1830,13 @@ MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[55-TLS 1.3 DSA Certificate Test-client] +[56-TLS 1.3 DSA Certificate Test-client] CipherString = ALL SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-55] +[test-56] ExpectedResult = ServerFail diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index 1aa3b0aeec..30cde592c6 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -433,8 +433,7 @@ my @tests_non_fips = ( "Groups" => "brainpoolP256r1", }, client => { - #We don't restrict this to TLSv1.2, although use of brainpool - #should force this anyway so that this should succeed + "MaxProtocol" => "TLSv1.2", "CipherString" => "aECDSA", "RequestCAFile" => test_pem("root-cert.pem"), "Groups" => "brainpoolP256r1", @@ -894,6 +893,25 @@ my @tests_tls_1_3_non_fips = ( "ExpectedResult" => "Success" }, }, + { + name => "TLS 1.3 ECDSA with brainpool but no suitable groups", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + }, + test => { + #We only configured brainpoolP256r1 on the client side, but TLSv1.3 + #is enabled and this group is not allowed in TLSv1.3. Therefore this + #should fail + "ExpectedResult" => "ClientFail" + }, + }, { name => "TLS 1.3 ECDSA with brainpool", server => { From no-reply at appveyor.com Mon Mar 8 16:34:32 2021 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Mar 2021 16:34:32 +0000 Subject: Build completed: openssl master.40503 Message-ID: <20210308163432.1.DC404A68472FFB2D@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Mar 9 00:27:01 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 09 Mar 2021 00:27:01 +0000 Subject: [openssl] master update Message-ID: <1615249621.769002.17021.nullmailer@dev.openssl.org> The branch master has been updated via 31e2e6e0b1f0f9ab88b9625f841e268766b598d0 (commit) from 9afc6c54314f94c0dcb4168d01554497bfaeae4f (commit) - Log ----------------------------------------------------------------- commit 31e2e6e0b1f0f9ab88b9625f841e268766b598d0 Author: Armin Fuerst Date: Mon Mar 8 21:14:50 2021 +0100 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14471) ----------------------------------------------------------------------- Summary of changes: test/sm2_internal_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index 6b80611dd2..72a7baaeff 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -381,7 +381,7 @@ int setup_tests(void) void cleanup_tests(void) { -#ifdef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 fake_rand_finish(fake_rand); #endif } From pauli at openssl.org Tue Mar 9 01:12:47 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 09 Mar 2021 01:12:47 +0000 Subject: [openssl] master update Message-ID: <1615252367.748929.24932.nullmailer@dev.openssl.org> The branch master has been updated via 889ad4ef8181093d5c088d5518c7b353ddb48455 (commit) via 5e9a8678c5e1442e618ae0abc7b314880ec3ba4e (commit) via 913f9d5e52f0541c2fb9c3b60d3fc785f35eacae (commit) from 31e2e6e0b1f0f9ab88b9625f841e268766b598d0 (commit) - Log ----------------------------------------------------------------- commit 889ad4ef8181093d5c088d5518c7b353ddb48455 Author: Tomas Mraz Date: Fri Mar 5 18:19:12 2021 +0100 apps/pkcs12: Allow continuing on absent mac Just print a warning in that case. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14445) commit 5e9a8678c5e1442e618ae0abc7b314880ec3ba4e Author: Tomas Mraz Date: Fri Mar 5 18:08:05 2021 +0100 apps/pkcs12: Detect missing PKCS12KDF support on import Report error message with hint to use -nomacver if MAC verification is not required. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14445) commit 913f9d5e52f0541c2fb9c3b60d3fc785f35eacae Author: Tomas Mraz Date: Fri Mar 5 17:22:35 2021 +0100 apps/pkcs12: Properly detect MAC setup failure The MAC requires PKCS12KDF support which is not present in FIPS provider as it is not an approved KDF algorithm. Suggest using -nomac if MAC is not required. Fixes #14057 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14445) ----------------------------------------------------------------------- Summary of changes: apps/pkcs12.c | 25 ++++++++++++++++++++++++- doc/man1/openssl-pkcs12.pod.in | 6 ++++-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 241122b76a..bd87fd4920 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -19,6 +19,7 @@ #include #include #include +#include #define NOKEYS 0x1 #define NOCERTS 0x2 @@ -655,7 +656,11 @@ int pkcs12_main(int argc, char **argv) } if (maciter != -1) - PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); + if (!PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd)) { + BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); + BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n"); + goto export_end; + } assert(private); @@ -729,6 +734,15 @@ int pkcs12_main(int argc, char **argv) tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); } if (macver) { + EVP_KDF *pkcs12kdf; + + pkcs12kdf = EVP_KDF_fetch(NULL, "PKCS12KDF", NULL); + if (pkcs12kdf == NULL) { + BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); + BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); + goto end; + } + EVP_KDF_free(pkcs12kdf); /* If we enter empty password try no password first */ if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { /* If mac and crypto pass the same set it to NULL too */ @@ -742,6 +756,14 @@ int pkcs12_main(int argc, char **argv) */ unsigned char *utmp; int utmplen; + unsigned long err = ERR_peek_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 + && ERR_GET_REASON(err) == PKCS12_R_MAC_ABSENT) { + BIO_printf(bio_err, "Warning: MAC is absent!\n"); + goto dump; + } + utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen); if (utmp == NULL) goto end; @@ -759,6 +781,7 @@ int pkcs12_main(int argc, char **argv) } } + dump: assert(private); if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) { BIO_printf(bio_err, "Error outputting keys and certificates\n"); diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index 65c10d1adb..b367be2b7f 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -333,7 +333,7 @@ then both, the private key and the certificates are encrypted using triple DES. =item B<-macalg> I -Specify the MAC digest algorithm. If not included them SHA1 will be used. +Specify the MAC digest algorithm. If not included SHA1 will be used. =item B<-iter> I @@ -362,7 +362,9 @@ to be needed to use MAC iterations counts but they are now used by default. =item B<-nomac> -Don't attempt to provide the MAC integrity. +Do not attempt to provide the MAC integrity. This can be useful with the FIPS +provider as the PKCS12 MAC requires PKCS12KDF which is not an approved FIPS +algorithm and cannot be supported by the FIPS provider. =back From openssl at openssl.org Tue Mar 9 01:29:40 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Mar 2021 01:29:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1615253380.138452.3239488.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): # Failed test 'popo NONE' # at ../openssl/test/recipes/80-test_cmp_http.t line 145. # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2327:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:694:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2044:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2094:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 5 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335. # Looks like you failed 3 tests of 5.80-test_cmp_http.t ................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/5 subtests # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a shared build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 80-test_cmp_http.t (Wstat: 768 Tests: 5 Failed: 3) Failed tests: 2-3, 5 Non-zero exit status: 3 Files=233, Tests=2738, 712 wallclock secs ( 8.62 usr 1.04 sys + 648.95 cusr 56.91 csys = 715.52 CPU) Result: FAIL make[1]: *** [Makefile:2489: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2486: tests] Error 2 From shane.lontis at oracle.com Tue Mar 9 06:31:24 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 09 Mar 2021 06:31:24 +0000 Subject: [openssl] master update Message-ID: <1615271484.574847.7102.nullmailer@dev.openssl.org> The branch master has been updated via 3e6a0d57389d7e5e45b06753692873e40dd125e9 (commit) from 889ad4ef8181093d5c088d5518c7b353ddb48455 (commit) - Log ----------------------------------------------------------------- commit 3e6a0d57389d7e5e45b06753692873e40dd125e9 Author: Shane Lontis Date: Thu Mar 4 13:54:40 2021 +1000 Reword repeated words. A trivial PR to remove some commonly repeated words. It looks like this is not the first PR to do this. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14420) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strex.c | 2 +- crypto/cryptlib.c | 2 +- crypto/ct/ct_sct.c | 2 +- crypto/evp/ctrl_params_translate.c | 2 +- crypto/whrlpool/wp_block.c | 2 +- crypto/x509/by_store.c | 2 +- crypto/x509/pcy_tree.c | 2 +- doc/man7/provider-kem.pod | 2 +- ssl/ssl_lib.c | 2 +- test/evp_test.c | 2 +- util/perl/OpenSSL/Ordinals.pm | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 67d53b748b..11c6296bba 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -32,7 +32,7 @@ ASN1_STRFLGS_ESC_MSB) /* - * Three IO functions for sending data to memory, a BIO and and a FILE + * Three IO functions for sending data to memory, a BIO and a FILE * pointer. */ static int send_bio_chars(void *arg, const void *buf, int len) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 7779ad05fe..fdefafc1fe 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -432,7 +432,7 @@ void OPENSSL_die(const char *message, const char *file, int line) #if !defined(OPENSSL_CPUID_OBJ) /* - * The volatile is used to to ensure that the compiler generates code that reads + * The volatile is used to ensure that the compiler generates code that reads * all values from the array and doesn't try to optimize this away. The standard * doesn't actually require this behavior if the original data pointed to is * not volatile, but compilers do this in practice anyway. diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c index ab22ecafad..41fbfaba75 100644 --- a/crypto/ct/ct_sct.c +++ b/crypto/ct/ct_sct.c @@ -343,7 +343,7 @@ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) * XXX: Potential for optimization. This repeats some idempotent heavy * lifting on the certificate for each candidate SCT, and appears to not * use any information in the SCT itself, only the certificate is - * processed. So it may make more sense to to do this just once, perhaps + * processed. So it may make more sense to do this just once, perhaps * associated with the shared (by all SCTs) policy eval ctx. * * XXX: Failure here is global (SCT independent) and represents either an diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 966278171c..32af4eedd3 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -202,7 +202,7 @@ struct translation_ctx_st { */ /* - * Copy of the ctrl-style void* argument, if the the fixup_args function + * Copy of the ctrl-style void* argument, if the fixup_args function * needs to manipulate |p2| but wants to remember original. */ void *orig_p2; diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index e5aa1a03ce..ac6cd95a74 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -165,7 +165,7 @@ typedef u64 u64_aX; */ /* * Note that every Cn macro expands as two loads: one byte load and - * one quadword load. One can argue that that many single-byte loads + * one quadword load. One can argue that many single-byte loads * is too excessive, as one could load a quadword and "milk" it for * eight 8-bit values instead. Well, yes, but in order to do so *and* * avoid excessive loads you have to accommodate a handful of 64-bit diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index 29d9700ab1..9dd687f757 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -188,7 +188,7 @@ static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, * * To be noted is that X509_OBJECT_set1_* increment the refcount, * but so does X509_STORE_CTX_get_by_subject upon return of this - * function, so we must ensure the the refcount is decremented + * function, so we must ensure the refcount is decremented * before we return, or we will get a refcount leak. We cannot do * this with X509_OBJECT_free(), though, as that will free a bit * too much. diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c index 12cfb627fe..367de35857 100644 --- a/crypto/x509/pcy_tree.c +++ b/crypto/x509/pcy_tree.c @@ -479,7 +479,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, curr = tree->levels; for (i = 1; i < tree->nlevel; i++) { /* - * If no anyPolicy node on this this level it can't appear on lower + * If no anyPolicy node on this level it can't appear on lower * levels so end search. */ if ((anyptr = curr->anyPolicy) == NULL) diff --git a/doc/man7/provider-kem.pod b/doc/man7/provider-kem.pod index d4467dbd79..4a094bd2c9 100644 --- a/doc/man7/provider-kem.pod +++ b/doc/man7/provider-kem.pod @@ -128,7 +128,7 @@ OSSL_FUNC_kem_encapsulate() performs the actual encapsulation itself. A previously initialised asymmetric kem context is passed in the I parameter. Unless I is NULL, the data to be encapsulated is internally generated, -and returned into the the buffer pointed to by the I parameter and the +and returned into the buffer pointed to by the I parameter and the encapsulated data should also be written to the location pointed to by the I parameter. The length of the encapsulated data should be written to I<*outlen> and the length of the generated secret should be written to diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1fded640a1..348b507622 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1595,7 +1595,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { int i; - /* Do we need to to SSL locking? */ + /* Do we need to do SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) { return 0; } diff --git a/test/evp_test.c b/test/evp_test.c index 8c88f0937c..d781ecadce 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -3594,7 +3594,7 @@ int setup_tests(void) /* * Load the provider via configuration into the created library context. * Load the 'null' provider into the default library context to ensure that - * the the tests do not fallback to using the default provider. + * the tests do not fallback to using the default provider. */ if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL)) return 0; diff --git a/util/perl/OpenSSL/Ordinals.pm b/util/perl/OpenSSL/Ordinals.pm index 66bf30dd50..7e4c008dc2 100644 --- a/util/perl/OpenSSL/Ordinals.pm +++ b/util/perl/OpenSSL/Ordinals.pm @@ -863,7 +863,7 @@ handled by the caller. The caller may change this to an actual number. =item B<< $item->version >> (read-only) The version number for this item. Please note that these version numbers -have underscore (C<_>) as a separator the the version parts. +have underscore (C<_>) as a separator for the version parts. =item B<< $item->exists >> (read-only) From openssl at openssl.org Tue Mar 9 07:45:11 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Mar 2021 07:45:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic Message-ID: <1615275911.899128.3961992.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a shared build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 Files=233, Tests=2738, 909 wallclock secs (10.13 usr 1.15 sys + 837.16 cusr 66.68 csys = 915.12 CPU) Result: FAIL make[1]: *** [Makefile:2475: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-pic' make: *** [Makefile:2472: tests] Error 2 From dev at ddvo.net Tue Mar 9 10:03:15 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 09 Mar 2021 10:03:15 +0000 Subject: [openssl] master update Message-ID: <1615284195.268174.11436.nullmailer@dev.openssl.org> The branch master has been updated via 4c52ee1dbfa1913a14968f395cc9900ed9beee5e (commit) via b6a06b13a4ea97cdc831926339a23ca48970b19d (commit) from 3e6a0d57389d7e5e45b06753692873e40dd125e9 (commit) - Log ----------------------------------------------------------------- commit 4c52ee1dbfa1913a14968f395cc9900ed9beee5e Author: Dr. David von Oheimb Date: Mon Mar 8 08:04:54 2021 +0100 cmp_hdr.c: Fix minor Coverity issue CID 1473605 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14460) commit b6a06b13a4ea97cdc831926339a23ca48970b19d Author: Dr. David von Oheimb Date: Mon Mar 8 07:58:04 2021 +0100 http_test.c: Fix minor Coverity issue CID 1473608 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14460) ----------------------------------------------------------------------- Summary of changes: crypto/cmp/cmp_hdr.c | 3 --- test/http_test.c | 3 ++- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 58b07dd8b2..a1770c1204 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -283,9 +283,6 @@ int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) OPENSSL_free(tid); } - if (ctx->transactionID == NULL - && !set_random(&ctx->transactionID, ctx, OSSL_CMP_TRANSACTIONID_LENGTH)) - return 0; return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID, ctx->transactionID); } diff --git a/test/http_test.c b/test/http_test.c index ef0a1d4bf0..e59ef63833 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -142,7 +142,8 @@ static int test_http_url_ok(const char *url, int exp_ssl, const char *exp_host, int exp_num, num, ssl; int res; - TEST_int_eq(sscanf(exp_port, "%d", &exp_num), 1); + if (!TEST_int_eq(sscanf(exp_port, "%d", &exp_num), 1)) + return 0; res = TEST_true(OSSL_HTTP_parse_url(url, &ssl, &user, &host, &port, &num, &path, &query, &frag)) && TEST_str_eq(host, exp_host) From pauli at openssl.org Tue Mar 9 12:09:14 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 09 Mar 2021 12:09:14 +0000 Subject: [openssl] master update Message-ID: <1615291754.255719.11670.nullmailer@dev.openssl.org> The branch master has been updated via e5499a3cac1e823c3e0697e8667e952317b70cc8 (commit) from 4c52ee1dbfa1913a14968f395cc9900ed9beee5e (commit) - Log ----------------------------------------------------------------- commit e5499a3cac1e823c3e0697e8667e952317b70cc8 Author: Alistair Francis Date: Thu Mar 4 12:10:11 2021 -0500 Fixup support for io_pgetevents_time64 syscall This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc "Add support for io_pgetevents_time64 syscall" that didn't correctly work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V. For a full discussion of the issue see: https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Signed-off-by: Alistair Francis Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14432) ----------------------------------------------------------------------- Summary of changes: engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 9480d7c24b..4e9d67db2d 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -124,27 +124,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb) return syscall(__NR_io_submit, ctx, n, iocb); } +/* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */ +struct __timespec32 +{ + __kernel_long_t tv_sec; + __kernel_long_t tv_nsec; +}; + static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, struct io_event *events, struct timespec *timeout) { +#if defined(__NR_io_pgetevents_time64) + /* Check if we are a 32-bit architecture with a 64-bit time_t */ + if (sizeof(*timeout) != sizeof(struct __timespec32)) { + int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events, + timeout, NULL); + if (ret == 0 || errno != ENOSYS) + return ret; + } +#endif + #if defined(__NR_io_getevents) - return syscall(__NR_io_getevents, ctx, min, max, events, timeout); -#elif defined(__NR_io_pgetevents_time64) - /* Let's only support the 64 suffix syscalls for 64-bit time_t. - * This simplifies the code for us as we don't need to use a 64-bit - * version of timespec with a 32-bit time_t and handle converting - * between 64-bit and 32-bit times and check for overflows. - */ - if (sizeof(timeout->tv_sec) == 8) - return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL); + if (sizeof(*timeout) == sizeof(struct __timespec32)) + /* + * time_t matches our architecture length, we can just use + * __NR_io_getevents + */ + return syscall(__NR_io_getevents, ctx, min, max, events, timeout); else { - errno = ENOSYS; - return -1; + /* + * We don't have __NR_io_pgetevents_time64, but we are using a + * 64-bit time_t on a 32-bit architecture. If we can fit the + * timeout value in a 32-bit time_t, then let's do that + * and then use the __NR_io_getevents syscall. + */ + if (timeout && timeout->tv_sec == (long)timeout->tv_sec) { + struct __timespec32 ts32; + + ts32.tv_sec = (__kernel_long_t) timeout->tv_sec; + ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec; + + return syscall(__NR_io_getevents, ctx, min, max, events, ts32); + } else { + return syscall(__NR_io_getevents, ctx, min, max, events, NULL); + } } -#else -# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64." #endif + + errno = ENOSYS; + return -1; } static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, From pauli at openssl.org Tue Mar 9 12:12:41 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 09 Mar 2021 12:12:41 +0000 Subject: [openssl] master update Message-ID: <1615291961.340265.13477.nullmailer@dev.openssl.org> The branch master has been updated via c99248ea812ddc8df9194ffa2b2c8a31117bcb26 (commit) from e5499a3cac1e823c3e0697e8667e952317b70cc8 (commit) - Log ----------------------------------------------------------------- commit c99248ea812ddc8df9194ffa2b2c8a31117bcb26 Author: Arthur Gautier Date: Sat Mar 6 23:08:08 2021 +0000 EVP_KDF-KB man page: Fix typo in the example code CLA: trivial Signed-off-by: Arthur Gautier Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14455) ----------------------------------------------------------------------- Summary of changes: doc/man7/EVP_KDF-KB.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod index b8d7b15902..5da2787c0e 100644 --- a/doc/man7/EVP_KDF-KB.pod +++ b/doc/man7/EVP_KDF-KB.pod @@ -102,7 +102,7 @@ Label "label", and Context "context". *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "HMAC", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - "secret", strlen("secret")) + "secret", strlen("secret")); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "label", strlen("label")); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, From no-reply at appveyor.com Tue Mar 9 12:28:13 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 09 Mar 2021 12:28:13 +0000 Subject: Build failed: openssl master.40519 Message-ID: <20210309122813.1.3FA3DE971DFF4316@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Mar 9 14:36:14 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Mar 2021 14:36:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1615300574.044441.556292.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): 70-test_sslrecords.t ............... skipped: test_sslrecords needs the sock feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the sock feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the sock feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the sock feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the sock feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the sock feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the sock feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the sock feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the sock feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the sock feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the sock feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the sock feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the sock feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the sock feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the sock feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok Label not found for "last SKIP" at /usr/share/perl/5.30/Test/More.pm line 1372. # Looks like your test exited with 1 just after 5.80-test_cmp_http.t ................. Dubious, test returned 1 (wstat 256, 0x100) All 5 subtests passed (less 5 skipped subtests: 0 okay) # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_cmp_http.t (Wstat: 256 Tests: 5 Failed: 0) Non-zero exit status: 1 Files=233, Tests=3089, 1013 wallclock secs (10.83 usr 1.29 sys + 947.53 cusr 72.33 csys = 1031.98 CPU) Result: FAIL make[1]: *** [Makefile:3277: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make: *** [Makefile:3274: tests] Error 2 From beldmit at gmail.com Tue Mar 9 15:27:07 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 09 Mar 2021 15:27:07 +0000 Subject: [openssl] master update Message-ID: <1615303627.112161.16277.nullmailer@dev.openssl.org> The branch master has been updated via 896dcda18bf9347deb507f1d3c1f7e17638dd745 (commit) from c99248ea812ddc8df9194ffa2b2c8a31117bcb26 (commit) - Log ----------------------------------------------------------------- commit 896dcda18bf9347deb507f1d3c1f7e17638dd745 Author: Dmitry Belyavskiy Date: Mon Mar 8 21:36:10 2021 +0100 Non-const accessor to legacy keys Fixes #14466. Reverting the changes of the EVP_PKEY_get0 function. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14468) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 8 ++++++-- crypto/evp/p_lib.c | 34 +++++++++++++++++++++++----------- doc/man3/EVP_PKEY_set1_RSA.pod | 9 ++++++--- include/openssl/evp.h | 2 +- test/threadstest.c | 2 +- util/missingcrypto.txt | 1 - 6 files changed, 37 insertions(+), 19 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c8f8e503ee..def93b8ff5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -22,8 +22,12 @@ OpenSSL 3.0 ----------- ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * The deprecated function EVP_PKEY_get0() now returns NULL being called for a + provided key. - * The deprecated functions EVP_PKEY_get0(), EVP_PKEY_get0_RSA(), + *Dmitry Belyavskiy* + + * The deprecated functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_DH(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash() as well as the similarly named "get1" functions behave slightly differently in @@ -41,7 +45,7 @@ OpenSSL 3.0 For the above reasons the keys returned from these functions should typically be treated as read-only. To emphasise this the value returned from - EVP_PKEY_get0(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), + EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY() and EVP_PKEY_get0_DH() has been made const. This may break some existing code. Applications broken by this change should be modified. The preferred solution is to refactor the code to avoid the use of diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 21fbc2ea4c..30ba8d6428 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -740,12 +740,15 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) } # endif -const void *EVP_PKEY_get0(const EVP_PKEY *pkey) +void *EVP_PKEY_get0(const EVP_PKEY *pkey) { if (pkey == NULL) return NULL; - return evp_pkey_get_legacy((EVP_PKEY *)pkey); + if (!evp_pkey_is_provided(pkey)) + return pkey->pkey.ptr; + + return NULL; } const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) @@ -755,9 +758,12 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY); return NULL; } - os = EVP_PKEY_get0(pkey); - *len = os->length; - return os->data; + os = evp_pkey_get_legacy((EVP_PKEY *)pkey); + if (os != NULL) { + *len = os->length; + return os->data; + } + return NULL; } # ifndef OPENSSL_NO_POLY1305 @@ -768,9 +774,12 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY); return NULL; } - os = EVP_PKEY_get0(pkey); - *len = os->length; - return os->data; + os = evp_pkey_get_legacy((EVP_PKEY *)pkey); + if (os != NULL) { + *len = os->length; + return os->data; + } + return NULL; } # endif @@ -783,9 +792,12 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY); return NULL; } - os = EVP_PKEY_get0(pkey); - *len = os->length; - return os->data; + os = evp_pkey_get_legacy((EVP_PKEY *)pkey); + if (os != NULL) { + *len = os->length; + return os->data; + } + return NULL; } # endif diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 64760b2923..68e13d3480 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -8,8 +8,9 @@ EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, -EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, -EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions +EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, +EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - +EVP_PKEY assignment functions =head1 SYNOPSIS @@ -42,6 +43,7 @@ L: const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); + void *EVP_PKEY_get0(const EVP_PKEY *pkey); int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); @@ -100,7 +102,8 @@ are deprecated. Applications should instead use the EVP_PKEY directly where possible. If access to the low level key parameters is required then applications should use L and other similar functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see -L). +L). EVP_PKEY_get0() returns a pointer to the +legacy key or NULL if the key is not legacy. Note that if an EVP_PKEY was not constructed using one of the deprecated functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ec8503e7d8..9bd8d85a3e 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1249,7 +1249,7 @@ ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); OSSL_DEPRECATEDIN_3_0 -const void *EVP_PKEY_get0(const EVP_PKEY *pkey); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); # ifndef OPENSSL_NO_POLY1305 diff --git a/test/threadstest.c b/test/threadstest.c index 1967ec6dad..5b64246881 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -411,7 +411,7 @@ static void thread_downgrade_shared_evp_pkey(void) * This test is only relevant for deprecated functions that perform * downgrading */ - if (EVP_PKEY_get0(shared_evp_pkey) == NULL) + if (EVP_PKEY_get0_RSA(shared_evp_pkey) == NULL) multi_success = 0; #else /* Shouldn't ever get here */ diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 60d2572bb2..d062ff03c0 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -675,7 +675,6 @@ EVP_PKEY_assign(3) EVP_PKEY_decrypt_old(3) EVP_PKEY_delete_attr(3) EVP_PKEY_encrypt_old(3) -EVP_PKEY_get0(3) EVP_PKEY_get_attr(3) EVP_PKEY_get_attr_by_NID(3) EVP_PKEY_get_attr_by_OBJ(3) From openssl at openssl.org Tue Mar 9 16:58:19 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Mar 2021 16:58:19 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-stdio Message-ID: <1615309099.411918.815922.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-stdio Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-dsa_ctrl.d.tmp -MT crypto/evp/libcrypto-lib-dsa_ctrl.o -c -o crypto/evp/libcrypto-lib-dsa_ctrl.o ../openssl/crypto/evp/dsa_ctrl.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_aes.d.tmp -MT crypto/evp/libcrypto-lib-e_aes.o -c -o crypto/evp/libcrypto-lib-e_aes.o ../openssl/crypto/evp/e_aes.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha1.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha256.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_aria.d.tmp -MT crypto/evp/libcrypto-lib-e_aria.o -c -o crypto/evp/libcrypto-lib-e_aria.o ../openssl/crypto/evp/e_aria.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_bf.d.tmp -MT crypto/evp/libcrypto-lib-e_bf.o -c -o crypto/evp/libcrypto-lib-e_bf.o ../openssl/crypto/evp/e_bf.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_camellia.d.tmp -MT crypto/evp/libcrypto-lib-e_camellia.o -c -o crypto/evp/libcrypto-lib-e_camellia.o ../openssl/crypto/evp/e_camellia.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_cast.d.tmp -MT crypto/evp/libcrypto-lib-e_cast.o -c -o crypto/evp/libcrypto-lib-e_cast.o ../openssl/crypto/evp/e_cast.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_chacha20_poly1305.d.tmp -MT crypto/evp/libcrypto-lib-e_chacha20_poly1305.o -c -o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o ../openssl/crypto/evp/e_chacha20_poly1305.c clang -Icrypto -I../openssl/crypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_des.d.tmp -MT crypto/evp/libcrypto-lib-e_des.o -c -o crypto/evp/libcrypto-lib-e_des.o ../openssl/crypto/evp/e_des.c clang -Icrypto -I../openssl/crypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_des3.d.tmp -MT crypto/evp/libcrypto-lib-e_des3.o -c -o crypto/evp/libcrypto-lib-e_des3.o ../openssl/crypto/evp/e_des3.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_idea.d.tmp -MT crypto/evp/libcrypto-lib-e_idea.o -c -o crypto/evp/libcrypto-lib-e_idea.o ../openssl/crypto/evp/e_idea.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_null.d.tmp -MT crypto/evp/libcrypto-lib-e_null.o -c -o crypto/evp/libcrypto-lib-e_null.o ../openssl/crypto/evp/e_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_old.d.tmp -MT crypto/evp/libcrypto-lib-e_old.o -c -o crypto/evp/libcrypto-lib-e_old.o ../openssl/crypto/evp/e_old.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_rc2.d.tmp -MT crypto/evp/libcrypto-lib-e_rc2.o -c -o crypto/evp/libcrypto-lib-e_rc2.o ../openssl/crypto/evp/e_rc2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_rc4.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4.o -c -o crypto/evp/libcrypto-lib-e_rc4.o ../openssl/crypto/evp/e_rc4.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_rc4_hmac_md5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o -c -o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o ../openssl/crypto/evp/e_rc4_hmac_md5.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_rc5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc5.o -c -o crypto/evp/libcrypto-lib-e_rc5.o ../openssl/crypto/evp/e_rc5.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_seed.d.tmp -MT crypto/evp/libcrypto-lib-e_seed.o -c -o crypto/evp/libcrypto-lib-e_seed.o ../openssl/crypto/evp/e_seed.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_sm4.d.tmp -MT crypto/evp/libcrypto-lib-e_sm4.o -c -o crypto/evp/libcrypto-lib-e_sm4.o ../openssl/crypto/evp/e_sm4.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-e_xcbc_d.d.tmp -MT crypto/evp/libcrypto-lib-e_xcbc_d.o -c -o crypto/evp/libcrypto-lib-e_xcbc_d.o ../openssl/crypto/evp/e_xcbc_d.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-ec_ctrl.d.tmp -MT crypto/evp/libcrypto-lib-ec_ctrl.o -c -o crypto/evp/libcrypto-lib-ec_ctrl.o ../openssl/crypto/evp/ec_ctrl.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-ec_support.d.tmp -MT crypto/evp/libcrypto-lib-ec_support.o -c -o crypto/evp/libcrypto-lib-ec_support.o ../openssl/crypto/evp/ec_support.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-encode.d.tmp -MT crypto/evp/libcrypto-lib-encode.o -c -o crypto/evp/libcrypto-lib-encode.o ../openssl/crypto/evp/encode.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_cnf.d.tmp -MT crypto/evp/libcrypto-lib-evp_cnf.o -c -o crypto/evp/libcrypto-lib-evp_cnf.o ../openssl/crypto/evp/evp_cnf.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_enc.d.tmp -MT crypto/evp/libcrypto-lib-evp_enc.o -c -o crypto/evp/libcrypto-lib-evp_enc.o ../openssl/crypto/evp/evp_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_err.d.tmp -MT crypto/evp/libcrypto-lib-evp_err.o -c -o crypto/evp/libcrypto-lib-evp_err.o ../openssl/crypto/evp/evp_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_fetch.d.tmp -MT crypto/evp/libcrypto-lib-evp_fetch.o -c -o crypto/evp/libcrypto-lib-evp_fetch.o ../openssl/crypto/evp/evp_fetch.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_key.d.tmp -MT crypto/evp/libcrypto-lib-evp_key.o -c -o crypto/evp/libcrypto-lib-evp_key.o ../openssl/crypto/evp/evp_key.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_lib.d.tmp -MT crypto/evp/libcrypto-lib-evp_lib.o -c -o crypto/evp/libcrypto-lib-evp_lib.o ../openssl/crypto/evp/evp_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_pbe.d.tmp -MT crypto/evp/libcrypto-lib-evp_pbe.o -c -o crypto/evp/libcrypto-lib-evp_pbe.o ../openssl/crypto/evp/evp_pbe.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_pkey.d.tmp -MT crypto/evp/libcrypto-lib-evp_pkey.o -c -o crypto/evp/libcrypto-lib-evp_pkey.o ../openssl/crypto/evp/evp_pkey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_rand.d.tmp -MT crypto/evp/libcrypto-lib-evp_rand.o -c -o crypto/evp/libcrypto-lib-evp_rand.o ../openssl/crypto/evp/evp_rand.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-evp_utils.d.tmp -MT crypto/evp/libcrypto-lib-evp_utils.o -c -o crypto/evp/libcrypto-lib-evp_utils.o ../openssl/crypto/evp/evp_utils.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-exchange.d.tmp -MT crypto/evp/libcrypto-lib-exchange.o -c -o crypto/evp/libcrypto-lib-exchange.o ../openssl/crypto/evp/exchange.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-kdf_lib.d.tmp -MT crypto/evp/libcrypto-lib-kdf_lib.o -c -o crypto/evp/libcrypto-lib-kdf_lib.o ../openssl/crypto/evp/kdf_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-kdf_meth.d.tmp -MT crypto/evp/libcrypto-lib-kdf_meth.o -c -o crypto/evp/libcrypto-lib-kdf_meth.o ../openssl/crypto/evp/kdf_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-kem.d.tmp -MT crypto/evp/libcrypto-lib-kem.o -c -o crypto/evp/libcrypto-lib-kem.o ../openssl/crypto/evp/kem.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-keymgmt_lib.d.tmp -MT crypto/evp/libcrypto-lib-keymgmt_lib.o -c -o crypto/evp/libcrypto-lib-keymgmt_lib.o ../openssl/crypto/evp/keymgmt_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-keymgmt_meth.d.tmp -MT crypto/evp/libcrypto-lib-keymgmt_meth.o -c -o crypto/evp/libcrypto-lib-keymgmt_meth.o ../openssl/crypto/evp/keymgmt_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_blake2.d.tmp -MT crypto/evp/libcrypto-lib-legacy_blake2.o -c -o crypto/evp/libcrypto-lib-legacy_blake2.o ../openssl/crypto/evp/legacy_blake2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_md4.d.tmp -MT crypto/evp/libcrypto-lib-legacy_md4.o -c -o crypto/evp/libcrypto-lib-legacy_md4.o ../openssl/crypto/evp/legacy_md4.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_md5.d.tmp -MT crypto/evp/libcrypto-lib-legacy_md5.o -c -o crypto/evp/libcrypto-lib-legacy_md5.o ../openssl/crypto/evp/legacy_md5.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_md5_sha1.d.tmp -MT crypto/evp/libcrypto-lib-legacy_md5_sha1.o -c -o crypto/evp/libcrypto-lib-legacy_md5_sha1.o ../openssl/crypto/evp/legacy_md5_sha1.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_mdc2.d.tmp -MT crypto/evp/libcrypto-lib-legacy_mdc2.o -c -o crypto/evp/libcrypto-lib-legacy_mdc2.o ../openssl/crypto/evp/legacy_mdc2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_ripemd.d.tmp -MT crypto/evp/libcrypto-lib-legacy_ripemd.o -c -o crypto/evp/libcrypto-lib-legacy_ripemd.o ../openssl/crypto/evp/legacy_ripemd.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_sha.d.tmp -MT crypto/evp/libcrypto-lib-legacy_sha.o -c -o crypto/evp/libcrypto-lib-legacy_sha.o ../openssl/crypto/evp/legacy_sha.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-legacy_wp.d.tmp -MT crypto/evp/libcrypto-lib-legacy_wp.o -c -o crypto/evp/libcrypto-lib-legacy_wp.o ../openssl/crypto/evp/legacy_wp.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-m_null.d.tmp -MT crypto/evp/libcrypto-lib-m_null.o -c -o crypto/evp/libcrypto-lib-m_null.o ../openssl/crypto/evp/m_null.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-m_sigver.d.tmp -MT crypto/evp/libcrypto-lib-m_sigver.o -c -o crypto/evp/libcrypto-lib-m_sigver.o ../openssl/crypto/evp/m_sigver.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-mac_lib.d.tmp -MT crypto/evp/libcrypto-lib-mac_lib.o -c -o crypto/evp/libcrypto-lib-mac_lib.o ../openssl/crypto/evp/mac_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-mac_meth.d.tmp -MT crypto/evp/libcrypto-lib-mac_meth.o -c -o crypto/evp/libcrypto-lib-mac_meth.o ../openssl/crypto/evp/mac_meth.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-names.d.tmp -MT crypto/evp/libcrypto-lib-names.o -c -o crypto/evp/libcrypto-lib-names.o ../openssl/crypto/evp/names.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p5_crpt.d.tmp -MT crypto/evp/libcrypto-lib-p5_crpt.o -c -o crypto/evp/libcrypto-lib-p5_crpt.o ../openssl/crypto/evp/p5_crpt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p5_crpt2.d.tmp -MT crypto/evp/libcrypto-lib-p5_crpt2.o -c -o crypto/evp/libcrypto-lib-p5_crpt2.o ../openssl/crypto/evp/p5_crpt2.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_dec.d.tmp -MT crypto/evp/libcrypto-lib-p_dec.o -c -o crypto/evp/libcrypto-lib-p_dec.o ../openssl/crypto/evp/p_dec.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_enc.d.tmp -MT crypto/evp/libcrypto-lib-p_enc.o -c -o crypto/evp/libcrypto-lib-p_enc.o ../openssl/crypto/evp/p_enc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_legacy.d.tmp -MT crypto/evp/libcrypto-lib-p_legacy.o -c -o crypto/evp/libcrypto-lib-p_legacy.o ../openssl/crypto/evp/p_legacy.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_lib.d.tmp -MT crypto/evp/libcrypto-lib-p_lib.o -c -o crypto/evp/libcrypto-lib-p_lib.o ../openssl/crypto/evp/p_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_open.d.tmp -MT crypto/evp/libcrypto-lib-p_open.o -c -o crypto/evp/libcrypto-lib-p_open.o ../openssl/crypto/evp/p_open.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_seal.d.tmp -MT crypto/evp/libcrypto-lib-p_seal.o -c -o crypto/evp/libcrypto-lib-p_seal.o ../openssl/crypto/evp/p_seal.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_sign.d.tmp -MT crypto/evp/libcrypto-lib-p_sign.o -c -o crypto/evp/libcrypto-lib-p_sign.o ../openssl/crypto/evp/p_sign.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-p_verify.d.tmp -MT crypto/evp/libcrypto-lib-p_verify.o -c -o crypto/evp/libcrypto-lib-p_verify.o ../openssl/crypto/evp/p_verify.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-pbe_scrypt.d.tmp -MT crypto/evp/libcrypto-lib-pbe_scrypt.o -c -o crypto/evp/libcrypto-lib-pbe_scrypt.o ../openssl/crypto/evp/pbe_scrypt.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-pmeth_check.d.tmp -MT crypto/evp/libcrypto-lib-pmeth_check.o -c -o crypto/evp/libcrypto-lib-pmeth_check.o ../openssl/crypto/evp/pmeth_check.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-pmeth_gn.d.tmp -MT crypto/evp/libcrypto-lib-pmeth_gn.o -c -o crypto/evp/libcrypto-lib-pmeth_gn.o ../openssl/crypto/evp/pmeth_gn.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-pmeth_lib.d.tmp -MT crypto/evp/libcrypto-lib-pmeth_lib.o -c -o crypto/evp/libcrypto-lib-pmeth_lib.o ../openssl/crypto/evp/pmeth_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/evp/libcrypto-lib-signature.d.tmp -MT crypto/evp/libcrypto-lib-signature.o -c -o crypto/evp/libcrypto-lib-signature.o ../openssl/crypto/evp/signature.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_backend.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_backend.o -c -o crypto/ffc/libcrypto-lib-ffc_backend.o ../openssl/crypto/ffc/ffc_backend.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_dh.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_dh.o -c -o crypto/ffc/libcrypto-lib-ffc_dh.o ../openssl/crypto/ffc/ffc_dh.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_key_generate.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_key_generate.o -c -o crypto/ffc/libcrypto-lib-ffc_key_generate.o ../openssl/crypto/ffc/ffc_key_generate.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_key_validate.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_key_validate.o -c -o crypto/ffc/libcrypto-lib-ffc_key_validate.o ../openssl/crypto/ffc/ffc_key_validate.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_params.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_params.o -c -o crypto/ffc/libcrypto-lib-ffc_params.o ../openssl/crypto/ffc/ffc_params.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_params_generate.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_params_generate.o -c -o crypto/ffc/libcrypto-lib-ffc_params_generate.o ../openssl/crypto/ffc/ffc_params_generate.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/ffc/libcrypto-lib-ffc_params_validate.d.tmp -MT crypto/ffc/libcrypto-lib-ffc_params_validate.o -c -o crypto/ffc/libcrypto-lib-ffc_params_validate.o ../openssl/crypto/ffc/ffc_params_validate.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/hmac/libcrypto-lib-hmac.d.tmp -MT crypto/hmac/libcrypto-lib-hmac.o -c -o crypto/hmac/libcrypto-lib-hmac.o ../openssl/crypto/hmac/hmac.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/http/libcrypto-lib-http_client.d.tmp -MT crypto/http/libcrypto-lib-http_client.o -c -o crypto/http/libcrypto-lib-http_client.o ../openssl/crypto/http/http_client.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/http/libcrypto-lib-http_err.d.tmp -MT crypto/http/libcrypto-lib-http_err.o -c -o crypto/http/libcrypto-lib-http_err.o ../openssl/crypto/http/http_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/http/libcrypto-lib-http_lib.d.tmp -MT crypto/http/libcrypto-lib-http_lib.o -c -o crypto/http/libcrypto-lib-http_lib.o ../openssl/crypto/http/http_lib.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/idea/libcrypto-lib-i_cbc.d.tmp -MT crypto/idea/libcrypto-lib-i_cbc.o -c -o crypto/idea/libcrypto-lib-i_cbc.o ../openssl/crypto/idea/i_cbc.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/idea/libcrypto-lib-i_cfb64.d.tmp -MT crypto/idea/libcrypto-lib-i_cfb64.o -c -o crypto/idea/libcrypto-lib-i_cfb64.o ../openssl/crypto/idea/i_cfb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/idea/libcrypto-lib-i_ecb.d.tmp -MT crypto/idea/libcrypto-lib-i_ecb.o -c -o crypto/idea/libcrypto-lib-i_ecb.o ../openssl/crypto/idea/i_ecb.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/idea/libcrypto-lib-i_ofb64.d.tmp -MT crypto/idea/libcrypto-lib-i_ofb64.o -c -o crypto/idea/libcrypto-lib-i_ofb64.o ../openssl/crypto/idea/i_ofb64.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/idea/libcrypto-lib-i_skey.d.tmp -MT crypto/idea/libcrypto-lib-i_skey.o -c -o crypto/idea/libcrypto-lib-i_skey.o ../openssl/crypto/idea/i_skey.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/kdf/libcrypto-lib-kdf_err.d.tmp -MT crypto/kdf/libcrypto-lib-kdf_err.o -c -o crypto/kdf/libcrypto-lib-kdf_err.o ../openssl/crypto/kdf/kdf_err.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/lhash/libcrypto-lib-lh_stats.d.tmp -MT crypto/lhash/libcrypto-lib-lh_stats.o -c -o crypto/lhash/libcrypto-lib-lh_stats.o ../openssl/crypto/lhash/lh_stats.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/lhash/libcrypto-lib-lhash.d.tmp -MT crypto/lhash/libcrypto-lib-lhash.o -c -o crypto/lhash/libcrypto-lib-lhash.o ../openssl/crypto/lhash/lhash.c ../openssl/crypto/http/http_lib.c:114:10: error: implicitly declaring library function 'sscanf' with type 'int (const char *restrict, const char *restrict, ...)' [-Werror,-Wimplicit-function-declaration] if (!sscanf(port, "%u", &portnum) || portnum > 65535) { ^ ../openssl/crypto/http/http_lib.c:114:10: note: include the header or explicitly provide a declaration for 'sscanf' ../openssl/crypto/http/http_lib.c:167:9: error: implicitly declaring library function 'snprintf' with type 'int (char *, unsigned long, const char *, ...)' [-Werror,-Wimplicit-function-declaration] snprintf(*ppath, buflen, "/%s", path); ^ ../openssl/crypto/http/http_lib.c:167:9: note: include the header or explicitly provide a declaration for 'snprintf' 2 errors generated. make[1]: *** [Makefile:15580: crypto/http/libcrypto-lib-http_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-stdio' make: *** [Makefile:2854: build_sw] Error 2 From no-reply at appveyor.com Tue Mar 9 23:51:20 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 09 Mar 2021 23:51:20 +0000 Subject: Build failed: openssl master.40543 Message-ID: <20210309235120.1.C73EA2FF1BDE0A39@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Mar 10 00:15:16 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Mar 2021 00:15:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1615335316.229793.1664494.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 70-test_sslextension.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 2 Non-zero exit status: 1 Parse errors: Bad plan. You planned 8 tests but ran 7. Files=233, Tests=3195, 811 wallclock secs (12.03 usr 1.24 sys + 734.71 cusr 77.76 csys = 825.74 CPU) Result: FAIL make[1]: *** [Makefile:3287: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' make: *** [Makefile:3284: tests] Error 2 From openssl at openssl.org Wed Mar 10 01:08:15 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Mar 2021 01:08:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1615338495.059868.1772170.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): # false # OPENSSL_TEST_RAND_ORDER=1615337835 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1615337835 not ok 56 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/ZMnAgsYWxX default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80D14A7DD07F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80D14A7DD07F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:999 # false # OPENSSL_TEST_RAND_ORDER=1615337848 not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80D14A7DD07F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80D14A7DD07F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1480 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1558 # false # OPENSSL_TEST_RAND_ORDER=1615337848 not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 80D14A7DD07F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 80D14A7DD07F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6629 # false # OPENSSL_TEST_RAND_ORDER=1615337848 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1615337848 not ok 56 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/ZMnAgsYWxX fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 2 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 38. # Looks like you failed 2 tests of 2.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/2 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 768 Tests: 30 Failed: 3) Failed tests: 7, 16, 18 Non-zero exit status: 3 90-test_sslapi.t (Wstat: 512 Tests: 2 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 Files=233, Tests=3281, 1008 wallclock secs (14.40 usr 1.29 sys + 919.10 cusr 88.60 csys = 1023.39 CPU) Result: FAIL make[1]: *** [Makefile:3272: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' make: *** [Makefile:3269: tests] Error 2 From openssl at openssl.org Wed Mar 10 02:53:28 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Mar 2021 02:53:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1615344808.647644.1981509.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): (less 4 skipped subtests: 2 okay) 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 70-test_sslextension.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 2 Non-zero exit status: 1 Parse errors: Bad plan. You planned 8 tests but ran 7. Files=233, Tests=3195, 874 wallclock secs (11.73 usr 1.30 sys + 799.72 cusr 76.21 csys = 888.96 CPU) Result: FAIL make[1]: *** [Makefile:3288: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' make: *** [Makefile:3285: tests] Error 2 From openssl at openssl.org Wed Mar 10 03:42:52 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Mar 2021 03:42:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1615347772.621389.2087827.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): # false # OPENSSL_TEST_RAND_ORDER=1615347168 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1615347168 not ok 56 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/9Gaj0UKL2G default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8011AEF2F37F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 8011AEF2F37F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:999 # false # OPENSSL_TEST_RAND_ORDER=1615347181 not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8011AEF2F37F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 8011AEF2F37F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1480 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1558 # false # OPENSSL_TEST_RAND_ORDER=1615347181 not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 8011AEF2F37F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 8011AEF2F37F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6629 # false # OPENSSL_TEST_RAND_ORDER=1615347181 not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1615347181 not ok 56 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/9Gaj0UKL2G fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 2 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 38. # Looks like you failed 2 tests of 2.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/2 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 768 Tests: 30 Failed: 3) Failed tests: 7, 16, 18 Non-zero exit status: 3 90-test_sslapi.t (Wstat: 512 Tests: 2 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 Files=233, Tests=3281, 951 wallclock secs (14.39 usr 1.47 sys + 864.71 cusr 87.14 csys = 967.71 CPU) Result: FAIL make[1]: *** [Makefile:3281: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' make: *** [Makefile:3278: tests] Error 2 From openssl at openssl.org Wed Mar 10 04:29:55 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Mar 2021 04:29:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1615350595.323873.2192404.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: a2c911c2d0 Restore GOST macros compatibility with 1.1.1 9293046fb4 apps/x509.c: Rename -signkey to -key for consistency with the req app 2de5d3b87a HTTP: Fix BIO_mem_d2i() on NULL mem input 676d879cb2 http_local.h: Remove unused declaration of HTTP_sendreq_bio() 73e6e3e03e Simplify OCSP_sendreq_bio() 0dca5ede0d Make more use of X509_add_certs(); minor related code & comments cleanup 9b9d24f033 OCSP_resp_find_status.pod: Complete the RETURN VALUES section f477cdfadd crypto/ocsp/ocsp_cl.c: coding style improvements 29ce1066bc Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo a7a041c230 CI external tests: separate each external test into its own phase 1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests ec69d5c9a8 gost_engine test: further cleanups and fixes b414c8118d gost_engine test: Run also perl and tcl tests 996d2693e2 CI: add job with external tests c3a85d3d17 DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod c2ec2bb7c1 Make provider provider_init thread safe, and flag checking/setting too d60a8e0a23 Make ossl_provider_disable_fallback_loading() thread safe 2f17e978a0 test/threadstest.c: Add a test to load providers concurrently 8c631cfaa1 ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt 2ad5bbe320 bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module 20cca4db9c ecx_set_priv_key: Remove TODO 3.0 related to setting libctx 22cd04143b do_sigver_init: Remove fallback for missing provider implementations. 0be6cf0c7e Remove some of the TODO 3.0 in crypto/evp related to legacy support. bffe3ae7b8 crypto/param_build_set.c: Remove irrelevant TODO 3.0 f40fa7b9ad crypto/ppccap.c: Remove useless TODO 3.0 946bdd12a0 include/crypto: Remove TODOs that are irrelevant for 3.0 9522f0a6a9 include/internal: Remove TODOs that are irrelevant for 3.0 2c8a740a9f test/x509: Test for issuer being overwritten when printing. 39a61e69b8 OSSL_STORE: restore diagnostics on decrypt error; provide password hints e3a2ba7547 crypto: rename error flags in internal structures 33ac7b324b Add a new test recipe to verify the generated test fipsmodule.cnf c9b0214ede Fix the perl code to get FIPSMODULENAME e25b4db754 TEST: Remove the build of fipsmodule.cnf from test recipes e9d74dbd36 APPS: Modify 'fipsinstall' to output all notifications on stderr 05869bba7f Make 'tests' depend on a generated 'providers/fipsmodule.cnf' 79f47ef507 build.info: Make it possible to use compiled programs as generators 3f399e3787 build.info: Add the possibility to add dependencies on raw targets 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations cb54d1b9d7 doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. f21afe6360 ossl_rsa_sp800_56b_check_public: Be more lenient with small keys 87994aa847 rand: remove FIPS mode conditional code. fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context 4e4ae84056 Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 81f9af3460 Remove todos in decode_der2key.c and decode_ms2key.c 77b03f0e8f Improve error reporting in key exchange provider implementations f5c629a00a Remove unused MAX_TLS_MAC_SIZE define fffb67343e Remove todos in providers/implementations/include/prov 8d05a65256 Resolve TODOs in signature implementations. f378755d62 statem_lib.c: Remove TODOs that are unnecessary 5e2f580d4a test_ssl_new: X448, X25519, and EdDSA are supported with fips 21b7dfa8ad evp_extra_test2: Remove TODO 3.0 b3c155b83c evp_extra_test: Remove TODO comment as setting the curve is mandatory d36a5dd05e Fix a copy&paste error in evp_extra_test d7d8e2c894 Fix compiling error on arm 025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template e1f946630f test: use the new set public and private together call 740582cfaf test: add utility function to set the fake random callback on both the public and private instances fccdb61aee test: update ECDSA and SM2 internal tests in line with the fake_random change 5a11de50a4 test: update test_random to create real contexts instead of sharing one 0647162f6a make update bed963d58d Fix build of /dev/crypto engine with no-dynamic-engine option b0aae91324 Remove RSA SSLv23 padding mode d546e8e267 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() 7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Build log ended with (last 100 lines): # ------------------------------------------------------------------------------ # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1615349959 not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1615349959 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'result->client_protocol == test_ctx->expected_protocol' failed @ ../openssl/test/ssl_test.c:114 # [771] compared to [772] # INFO: @ ../openssl/test/ssl_test.c:117 # Protocol mismatch: expected TLSv1.3, got TLSv1.2. # # OPENSSL_TEST_RAND_ORDER=1615349959 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1615349959 not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 14-curves.cnf.fips fips ../../../openssl/test/fips-and-base.cnf => 1 not ok 9 - running ssl_test 14-curves.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 14-curves.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 166. # Looks like you failed 3 tests of 9. not ok 14 - Test configuration 14-curves.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 30.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/30 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 30 Failed: 1) Failed test: 14 Non-zero exit status: 1 Files=233, Tests=3204, 853 wallclock secs (12.30 usr 1.36 sys + 773.13 cusr 75.10 csys = 861.89 CPU) Result: FAIL make[1]: *** [Makefile:3277: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' make: *** [Makefile:3274: tests] Error 2 From matt at openssl.org Wed Mar 10 16:03:49 2021 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Mar 2021 16:03:49 +0000 Subject: [openssl] master update Message-ID: <1615392229.143507.26417.nullmailer@dev.openssl.org> The branch master has been updated via 18fdebf1743bc89bf82a205468c56c274e7baf3b (commit) via 0966aee5ed1e543a3f598713d28194c5c1fd40da (commit) via f74f416b915afaa94d2bb7b2a942491450fe5b7b (commit) via c7d4d032a19029e6664662a1fded7e2b0675e5a4 (commit) from 896dcda18bf9347deb507f1d3c1f7e17638dd745 (commit) - Log ----------------------------------------------------------------- commit 18fdebf1743bc89bf82a205468c56c274e7baf3b Author: Matt Caswell Date: Mon Mar 8 17:15:55 2021 +0000 Mention the change of licence in NEWS.md Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14465) commit 0966aee5ed1e543a3f598713d28194c5c1fd40da Author: Matt Caswell Date: Mon Mar 8 16:23:14 2021 +0000 Expand the CHANGES entry for SHA1 and libssl As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at security level 1 we also document that TLS 1.2 connection will fail if the ClientHello does not have a signature algorithms extension. Fixes #14447 Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14465) commit f74f416b915afaa94d2bb7b2a942491450fe5b7b Author: Matt Caswell Date: Mon Mar 8 16:18:26 2021 +0000 Add a CHANGES for OSSL_STORE_INFO_get_type() The function OSSL_STORE_INFO_get_type() may now return a new object type. Applications may have to be amended accordingly. Fixes #14446 Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14465) commit c7d4d032a19029e6664662a1fded7e2b0675e5a4 Author: Matt Caswell Date: Mon Mar 8 16:06:17 2021 +0000 Add a missing CHANGES.md entry for the legacy provider Numerous ciphers and digests have been moved to the legacy provider. There should be a CHANGES.md entry pointing this out. Fixes #14441 Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14465) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 43 +++++++++++++++++++++++++++++++++++++++++-- NEWS.md | 5 +++++ doc/man3/OSSL_STORE_INFO.pod | 2 ++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index def93b8ff5..0eaeba02af 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -22,6 +22,40 @@ OpenSSL 3.0 ----------- ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + + * OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1 + this function would return one of the values OSSL_STORE_INFO_NAME, + OSSL_STORE_INFO_PKEY, OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_CERT or + OSSL_STORE_INFO_CRL. Decoded public keys would previously have been reported + as type OSSL_STORE_INFO_PKEY in 1.1.1. In 3.0 decoded public keys are now + reported as having the new type OSSL_STORE_INFO_PUBKEY. Applications + using this function should be amended to handle the changed return value. + + *Richard Levitte* + + * The implementation of the EVP ciphers CAST5-ECB, CAST5-CBC, CAST5-OFB, + CAST5-CFB, BF-ECB, BF-CBC, BF-OFB, BF-CFB, IDEA-ECB, IDEC-CBC, IDEA-OFB, + IDEA-CFB, SEED-ECB, SEED-CBC, SEED-OFB, SEED-CFB, RC2-ECB, RC2-CBC, + RC2-40-CBC, RC2-64-CBC, RC2-OFB, RC2-CFB, RC4, RC4-40, RC4-HMAC-MD5, RC5-ECB, + RC5-CBC, RC5-OFB, RC5-CFB, DESX-CBC, DES-ECB, DES-CBC, DES-OFB, DES-CFB, + DES-CFB1 and DES-CFB8 have been moved to the legacy provider. Applications + using the EVP APIs to access these ciphers should instead use more modern + ciphers. If that is not possible then these applications should ensure that + the legacy provider has been loaded. This can be achieved either + programmatically or via configuration. See the provider(7) man page for + further details. + + *Matt Caswell* + + * The implementation of the EVP digests MD2, MD4, MDC2, WHIRLPOOL and + RIPEMD-160 have been moved to the legacy provider. Applications using the + EVP APIs to access these digests should instead use more modern digests. If + that is not possible then these applications should ensure that the legacy + provider has been loaded. This can be achieved either programmatically or via + configuration. See the provider(7) man page for further details. + + *Matt Caswell* + * The deprecated function EVP_PKEY_get0() now returns NULL being called for a provided key. @@ -534,7 +568,12 @@ OpenSSL 3.0 reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer working at the default security level of 1 and instead requires security level 0. The security level can be changed either using the cipher string - with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`. + with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`. This also means + that where the signature algorithms extension is missing from a ClientHello + then the handshake will fail in TLS 1.2 at security level 1. This is because, + although this extension is optional, failing to provide one means that + OpenSSL will fallback to a default set of signature algorithms. This default + set requires the availability of SHA1. *Kurt Roeckx* @@ -1444,7 +1483,7 @@ OpenSSL 3.0 *Richard Levitte* - * Change the license to the Apache License v2.0. + * Changed the license to the Apache License v2.0. *Richard Levitte* diff --git a/NEWS.md b/NEWS.md index 342e6569f3..a9e796dd7b 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,11 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Changed the license to the Apache License v2.0. + * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, + RC4, RC5, and DES to the legacy provider. + * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy + provider. * Deprecated the `OCSP_REQ_CTX` type and functions. * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. * Deprecated the `RSA` and `RSA_METHOD` types and functions. diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 070b325a2d..47882b002d 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -217,6 +217,8 @@ L, L, L The OSSL_STORE API was added in OpenSSL 1.1.1. +The OSSL_STORE_INFO_PUBKEY object type was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. From tomas at openssl.org Wed Mar 10 16:13:10 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 10 Mar 2021 16:13:10 +0000 Subject: [openssl] master update Message-ID: <1615392790.482344.15964.nullmailer@dev.openssl.org> The branch master has been updated via c8511e89804749e82d1212fba1dc06c86a266ee4 (commit) via 762970bd686c4aa8ea7169e7f76d5a4ce665da93 (commit) from 18fdebf1743bc89bf82a205468c56c274e7baf3b (commit) - Log ----------------------------------------------------------------- commit c8511e89804749e82d1212fba1dc06c86a266ee4 Author: Tomas Mraz Date: Tue Mar 9 14:59:20 2021 +0100 Fix formatting error of HISTORY section in some manual pages. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/14450) commit 762970bd686c4aa8ea7169e7f76d5a4ce665da93 Author: Tomas Mraz Date: Fri Mar 5 22:11:49 2021 +0100 Change default algorithms in PKCS12_create() and PKCS12_set_mac() Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the default values when calling the API. Fixes #14034 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/14450) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 10 ++++++++ apps/pkcs12.c | 20 +++++++++------- crypto/pkcs12/p12_crt.c | 14 ++++------- crypto/pkcs12/p12_mutl.c | 7 ++++-- doc/man3/CMS_EncryptedData_encrypt.pod | 2 +- doc/man3/CMS_EnvelopedData_create.pod | 2 +- doc/man3/CMS_data_create.pod | 2 +- doc/man3/CMS_digest_create.pod | 2 +- doc/man3/EVP_VerifyInit.pod | 2 +- doc/man3/PKCS12_create.pod | 43 ++++++++++++++++++---------------- 10 files changed, 59 insertions(+), 45 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0eaeba02af..b5b9583287 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -127,6 +127,16 @@ OpenSSL 3.0 *Paul Dale* + * The default algorithms for pkcs12 creation with the PKCS12_create() function + were changed to more modern PBKDF2 and AES based algorithms. The default + MAC iteration count was changed to PKCS12_DEFAULT_ITER to make it equal + with the password-based encryption iteration count. The default digest + algorithm for the MAC computation was changed to SHA-256. The pkcs12 + application now supports -legacy option that restores the previous + default algorithms to support interoperability with legacy systems. + + *Tom?? Mr?z and Sahana Prasad* + * The openssl speed command does not use low-level API calls anymore. This implies some of the performance numbers might not be fully comparable with the previous releases due to higher overhead. This applies diff --git a/apps/pkcs12.c b/apps/pkcs12.c index bd87fd4920..e3f22c30ed 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -28,7 +28,6 @@ #define CACERTS 0x10 #define PASSWD_BUF_SIZE 2048 -#define PKCS12_DEFAULT_PBE NID_aes_256_cbc #define WARN_EXPORT(opt) \ BIO_printf(bio_err, "Warning: -%s option ignored with -export\n", opt); @@ -151,9 +150,10 @@ int pkcs12_main(int argc, char **argv) char *name = NULL, *csp_name = NULL; char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; int export_pkcs12 = 0, options = 0, chain = 0, twopass = 0, keytype = 0, use_legacy = 0; - int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; - int cert_pbe = PKCS12_DEFAULT_PBE; - int key_pbe = PKCS12_DEFAULT_PBE; + /* use library defaults for the iter, maciter, cert, and key PBE */ + int iter = 0, maciter = 0; + int cert_pbe = NID_undef; + int key_pbe = NID_undef; int ret = 1, macver = 1, add_lmk = 0, private = 0; int noprompt = 0; char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; @@ -397,13 +397,13 @@ int pkcs12_main(int argc, char **argv) WARN_NO_EXPORT("keyex"); if (keytype == KEY_SIG) WARN_NO_EXPORT("keysig"); - if (key_pbe != PKCS12_DEFAULT_PBE) + if (key_pbe != NID_undef) WARN_NO_EXPORT("keypbe"); - if (cert_pbe != PKCS12_DEFAULT_PBE && cert_pbe != -1) + if (cert_pbe != NID_undef && cert_pbe != -1) WARN_NO_EXPORT("certpbe and -descert"); if (macalg != NULL) WARN_NO_EXPORT("macalg"); - if (iter != PKCS12_DEFAULT_ITER) + if (iter != 0) WARN_NO_EXPORT("iter and -noiter"); if (maciter == 1) WARN_NO_EXPORT("nomaciter"); @@ -419,7 +419,7 @@ int pkcs12_main(int argc, char **argv) if (!app_provider_load(app_get0_libctx(), "default")) goto end; } - if (cert_pbe == PKCS12_DEFAULT_PBE) { + if (cert_pbe == NID_undef) { /* Adapt default algorithm */ #ifndef OPENSSL_NO_RC2 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; @@ -428,10 +428,12 @@ int pkcs12_main(int argc, char **argv) #endif } - if (key_pbe == PKCS12_DEFAULT_PBE) + if (key_pbe == NID_undef) key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (enc == default_enc) enc = EVP_des_ede3_cbc(); + if (macalg == NULL) + macalg = "sha1"; } diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 9bc53f789b..985b458cda 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -41,18 +41,14 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * unsigned int keyidlen = 0; /* Set defaults */ - if (!nid_cert) -#ifdef OPENSSL_NO_RC2 - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -#else - nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; -#endif - if (!nid_key) - nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + if (nid_cert == NID_undef) + nid_cert = NID_aes_256_cbc; + if (nid_key == NID_undef) + nid_key = NID_aes_256_cbc; if (!iter) iter = PKCS12_DEFAULT_ITER; if (!mac_iter) - mac_iter = 1; + mac_iter = PKCS12_DEFAULT_ITER; if (pkey == NULL && cert == NULL && ca == NULL) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_ARGUMENT); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 4873d43e24..20984055df 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -186,8 +186,11 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned int maclen; ASN1_OCTET_STRING *macoct; - if (!md_type) - md_type = EVP_sha1(); + if (md_type == NULL) + /* No need to do a fetch as the md_type is used only to get a NID */ + md_type = EVP_sha256(); + if (!iter) + iter = PKCS12_DEFAULT_ITER; if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR); return 0; diff --git a/doc/man3/CMS_EncryptedData_encrypt.pod b/doc/man3/CMS_EncryptedData_encrypt.pod index b3a2c75720..1e7d3a49ba 100644 --- a/doc/man3/CMS_EncryptedData_encrypt.pod +++ b/doc/man3/CMS_EncryptedData_encrypt.pod @@ -53,7 +53,7 @@ allocated structure. L, L, L -head1 HISTORY +=head1 HISTORY The CMS_EncryptedData_encrypt_ex() method was added in OpenSSL 3.0. diff --git a/doc/man3/CMS_EnvelopedData_create.pod b/doc/man3/CMS_EnvelopedData_create.pod index 8044583256..d88046236b 100644 --- a/doc/man3/CMS_EnvelopedData_create.pod +++ b/doc/man3/CMS_EnvelopedData_create.pod @@ -64,7 +64,7 @@ allocated structure. L, L, L, L -head1 HISTORY +=head1 HISTORY The CMS_EnvelopedData_create_ex() method was added in OpenSSL 3.0. diff --git a/doc/man3/CMS_data_create.pod b/doc/man3/CMS_data_create.pod index 15c718d808..54ec71bb40 100644 --- a/doc/man3/CMS_data_create.pod +++ b/doc/man3/CMS_data_create.pod @@ -38,7 +38,7 @@ Otherwise they return a pointer to the newly allocated structure. L, L -head1 HISTORY +=head1 HISTORY The CMS_data_create_ex() method was added in OpenSSL 3.0. diff --git a/doc/man3/CMS_digest_create.pod b/doc/man3/CMS_digest_create.pod index 41992499ea..c61cc15f32 100644 --- a/doc/man3/CMS_digest_create.pod +++ b/doc/man3/CMS_digest_create.pod @@ -42,7 +42,7 @@ Otherwise they return a pointer to the newly allocated structure. L, L> -head1 HISTORY +=head1 HISTORY The CMS_digest_create_ex() method was added in OpenSSL 3.0. diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index 6cba8c6a5e..288cc18857 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -91,7 +91,7 @@ L, L, L, L, L, L, L, L -head1 HISTORY +=head1 HISTORY The function EVP_VerifyFinal_ex() was added in OpenSSL 3.0. diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 58e1437bc2..994ff9f9e3 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -16,31 +16,28 @@ PKCS12_create - create a PKCS#12 structure PKCS12_create() creates a PKCS#12 structure. -B is the passphrase to use. B is the B to use for -the supplied certificate and key. B is the private key to include in -the structure and B its corresponding certificates. B, if not B +I is the passphrase to use. I is the B to use for +the supplied certificate and key. I is the private key to include in +the structure and I its corresponding certificates. I, if not NULL is an optional set of certificates to also include in the structure. -B and B are the encryption algorithms that should be used +I and I are the encryption algorithms that should be used for the key and certificate respectively. The modes -GCM, CCM, XTS, and OCB are unsupported. B is the encryption algorithm -iteration count to use and B is the MAC iteration count to use. -B is the type of key. +GCM, CCM, XTS, and OCB are unsupported. I is the encryption algorithm +iteration count to use and I is the MAC iteration count to use. +I is the type of key. =head1 NOTES -The parameters B, B, B, B and B +The parameters I, I, I, I and I can all be set to zero and sensible defaults will be used. -These defaults are: 40 bit RC2 encryption for certificates, triple DES -encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER -(currently 2048) and a MAC iteration count of 1. +These defaults are: AES password based encryption (PBES2 with PBKDF2 and +AES-256-CBC) for private keys and certificates, the PBKDF2 and MAC key +derivation iteration count of B (currently 2048), and +MAC algorithm HMAC with SHA2-256. -The default MAC iteration count is 1 in order to retain compatibility with -old software which did not interpret MAC iteration counts. If such compatibility -is not required then B should be set to PKCS12_DEFAULT_ITER. - -B adds a flag to the store private key. This is a non standard extension +I adds a flag to the store private key. This is a non standard extension that is only currently interpreted by MSIE. If set to zero the flag is omitted, if set to B the key can be used for signing only, if set to B it can be used for signing and encryption. This option was useful for old @@ -48,18 +45,18 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. -If a certificate contains an B or B then this will be +If a certificate contains an I or I then this will be used for the corresponding B or B in the PKCS12 structure. -Either B, B or both can be B to indicate that no key or +Either I, I or both can be NULL to indicate that no key or certificate is required. In previous versions both had to be present or a fatal error is returned. -B or B can be set to -1 indicating that no encryption +I or I can be set to -1 indicating that no encryption should be used. -B can be set to -1 and the MAC will then be omitted entirely. +I can be set to -1 and the MAC will then be omitted entirely. PKCS12_create() makes assumptions regarding the encoding of the given pass phrase. @@ -74,6 +71,12 @@ PKCS12_create() returns a valid B structure or NULL if an error occurred L, L +=head1 HISTORY + +The defaults for encryption algorithms, MAC algorithm, and the MAC key +derivation iteration count were changed in OpenSSL 3.0 to more modern +standards. + =head1 COPYRIGHT Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. From shane.lontis at oracle.com Wed Mar 10 22:12:59 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 10 Mar 2021 22:12:59 +0000 Subject: [openssl] master update Message-ID: <1615414379.266601.23734.nullmailer@dev.openssl.org> The branch master has been updated via 7a45d51ce3268d16409405b9d54d7b4bb77a7fc3 (commit) via a30823c80f8c1f4ac22fb358cab65ce4e81a5046 (commit) from c8511e89804749e82d1212fba1dc06c86a266ee4 (commit) - Log ----------------------------------------------------------------- commit 7a45d51ce3268d16409405b9d54d7b4bb77a7fc3 Author: Shane Lontis Date: Tue Mar 9 17:27:55 2021 +1000 Use BIO_f_readbuffer() in the decoder to support stdin. Fixes #13185 Fixes #13352 Removed the existing code in file_store that was trying to figure out the input type. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14407) commit a30823c80f8c1f4ac22fb358cab65ce4e81a5046 Author: Shane Lontis Date: Tue Mar 9 17:25:26 2021 +1000 Add new filter BIO BIO_f_readbuffer() This allows BIO_tell() and BIO_seek() to work for BIO's that do not support these methods. The main use case for this is file/fd BIO's that use stdin. This works for stdin taken from input redirection (command < file), and stdin via pipe (cat file | command). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14407) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 + crypto/bio/bf_readbuff.c | 268 +++++++++++++++++++++++ crypto/bio/build.info | 2 +- crypto/encode_decode/decoder_lib.c | 11 + doc/build.info | 6 + doc/man3/BIO_f_readbuffer.pod | 61 ++++++ doc/man7/bio.pod | 3 +- include/openssl/bio.h.in | 1 + providers/implementations/storemgmt/file_store.c | 170 +------------- test/recipes/20-test_dhparam.t | 6 +- util/libcrypto.num | 1 + 11 files changed, 374 insertions(+), 162 deletions(-) create mode 100644 crypto/bio/bf_readbuff.c create mode 100644 doc/man3/BIO_f_readbuffer.pod diff --git a/CHANGES.md b/CHANGES.md index b5b9583287..a547b40829 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,13 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Add filter BIO BIO_f_readbuffer() that allows BIO_tell() and BIO_seek() to + work on read only BIO source/sinks that do not support these functions. + This allows piping or redirection of a file BIO using stdin to be buffered + into memory. This is used internally in OSSL_DECODER_from_bio(). + + *Shane Lontis* + * OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1 this function would return one of the values OSSL_STORE_INFO_NAME, OSSL_STORE_INFO_PKEY, OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_CERT or diff --git a/crypto/bio/bf_readbuff.c b/crypto/bio/bf_readbuff.c new file mode 100644 index 0000000000..673d592ec0 --- /dev/null +++ b/crypto/bio/bf_readbuff.c @@ -0,0 +1,268 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This is a read only BIO filter that can be used to add BIO_tell() and + * BIO_seek() support to source/sink BIO's (such as a file BIO that uses stdin). + * It does this by caching ALL data read from the BIO source/sink into a + * resizable memory buffer. + */ + +#include +#include +#include "bio_local.h" +#include "internal/cryptlib.h" + +#define DEFAULT_BUFFER_SIZE 4096 + +static int readbuffer_write(BIO *h, const char *buf, int num); +static int readbuffer_read(BIO *h, char *buf, int size); +static int readbuffer_puts(BIO *h, const char *str); +static int readbuffer_gets(BIO *h, char *str, int size); +static long readbuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int readbuffer_new(BIO *h); +static int readbuffer_free(BIO *data); +static long readbuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); + +static const BIO_METHOD methods_readbuffer = { + BIO_TYPE_BUFFER, + "readbuffer", + bwrite_conv, + readbuffer_write, + bread_conv, + readbuffer_read, + readbuffer_puts, + readbuffer_gets, + readbuffer_ctrl, + readbuffer_new, + readbuffer_free, + readbuffer_callback_ctrl, +}; + +const BIO_METHOD *BIO_f_readbuffer(void) +{ + return &methods_readbuffer; +} + +static int readbuffer_new(BIO *bi) +{ + BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx == NULL) + return 0; + ctx->ibuf_size = DEFAULT_BUFFER_SIZE; + ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); + if (ctx->ibuf == NULL) { + OPENSSL_free(ctx); + return 0; + } + + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + return 1; +} + +static int readbuffer_free(BIO *a) +{ + BIO_F_BUFFER_CTX *b; + + if (a == NULL) + return 0; + b = (BIO_F_BUFFER_CTX *)a->ptr; + OPENSSL_free(b->ibuf); + OPENSSL_free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return 1; +} + +static int readbuffer_resize(BIO_F_BUFFER_CTX *ctx, int sz) +{ + char *tmp; + + /* Figure out how many blocks are required */ + sz += (ctx->ibuf_off + DEFAULT_BUFFER_SIZE - 1); + sz = DEFAULT_BUFFER_SIZE * (sz / DEFAULT_BUFFER_SIZE); + + /* Resize if the buffer is not big enough */ + if (sz > ctx->ibuf_size) { + tmp = OPENSSL_realloc(ctx->ibuf, sz); + if (tmp == NULL) + return 0; + ctx->ibuf = tmp; + ctx->ibuf_size = sz; + } + return 1; +} + +static int readbuffer_read(BIO *b, char *out, int outl) +{ + int i, num = 0; + BIO_F_BUFFER_CTX *ctx; + + if (out == NULL || outl == 0) + return 0; + ctx = (BIO_F_BUFFER_CTX *)b->ptr; + + if ((ctx == NULL) || (b->next_bio == NULL)) + return 0; + BIO_clear_retry_flags(b); + + for (;;) { + i = ctx->ibuf_len; + /* If there is something in the buffer just read it. */ + if (i != 0) { + if (i > outl) + i = outl; + memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i); + ctx->ibuf_off += i; + ctx->ibuf_len -= i; + num += i; + /* Exit if we have read the bytes required out of the buffer */ + if (outl == i) + return num; + outl -= i; + out += i; + } + + /* Only gets here if the buffer has been consumed */ + if (!readbuffer_resize(ctx, outl)) + return 0; + + /* Do some buffering by reading from the next bio */ + i = BIO_read(b->next_bio, ctx->ibuf + ctx->ibuf_off, outl); + if (i <= 0) { + BIO_copy_next_retry(b); + if (i < 0) + return ((num > 0) ? num : i); + else + return num; /* i == 0 */ + } + ctx->ibuf_len = i; + } +} + +static int readbuffer_write(BIO *b, const char *in, int inl) +{ + return 0; +} +static int readbuffer_puts(BIO *b, const char *str) +{ + return 0; +} + +static long readbuffer_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + BIO_F_BUFFER_CTX *ctx; + long ret = 1, sz; + + ctx = (BIO_F_BUFFER_CTX *)b->ptr; + + switch (cmd) { + case BIO_CTRL_EOF: + if (ctx->ibuf_len > 0) + return 0; + if (b->next_bio == NULL) + return 1; + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + + case BIO_C_FILE_SEEK: + case BIO_CTRL_RESET: + sz = ctx->ibuf_off + ctx->ibuf_len; + /* Assume it can only seek backwards */ + if (num < 0 || num > sz) + return 0; + ctx->ibuf_off = num; + ctx->ibuf_len = sz - num; + break; + + case BIO_C_FILE_TELL: + case BIO_CTRL_INFO: + ret = (long)ctx->ibuf_off; + break; + case BIO_CTRL_PENDING: + ret = (long)ctx->ibuf_len; + if (ret == 0) { + if (b->next_bio == NULL) + return 0; + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + } + break; + case BIO_CTRL_DUP: + case BIO_CTRL_FLUSH: + ret = 1; + break; + default: + ret = 0; + break; + } + return ret; +} + +static long readbuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) +{ + if (b->next_bio == NULL) + return 0; + return BIO_callback_ctrl(b->next_bio, cmd, fp); +} + +static int readbuffer_gets(BIO *b, char *buf, int size) +{ + BIO_F_BUFFER_CTX *ctx; + int num = 0, num_chars, found_newline; + char *p; + + if (size == 0) + return 0; + --size; /* the passed in size includes the terminator - so remove it here */ + ctx = (BIO_F_BUFFER_CTX *)b->ptr; + BIO_clear_retry_flags(b); + + for (;;) { + if (ctx->ibuf_len > 0) { + p = &(ctx->ibuf[ctx->ibuf_off]); + found_newline = 0; + for (num_chars = 0; + (num_chars < ctx->ibuf_len) && (num_chars < size); + num_chars++) { + *(buf++) = p[num_chars]; + if (p[num_chars] == '\n') { + found_newline = 1; + num_chars++; + break; + } + } + num += num_chars; + size -= num_chars; + ctx->ibuf_len -= num_chars; + ctx->ibuf_off += num_chars; + if (found_newline || size == 0) { + *buf = '\0'; + return num; + } + } else { + /* read another line and resize if we have to */ + if (!readbuffer_resize(ctx, size)) + return 0; + + /* Read another line from the next bio using BIO_gets */ + num_chars = BIO_gets(b->next_bio, ctx->ibuf + ctx->ibuf_off, + 1 + size); + if (num_chars <= 0) { + BIO_copy_next_retry(b); + *buf = '\0'; + return num > 0 ? num : num_chars; + } + ctx->ibuf_len = num_chars; + } + } +} diff --git a/crypto/bio/build.info b/crypto/bio/build.info index 8e3f530f88..227071f0ce 100644 --- a/crypto/bio/build.info +++ b/crypto/bio/build.info @@ -15,4 +15,4 @@ SOURCE[../../libcrypto]=\ # Filters SOURCE[../../libcrypto]=\ - bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c + bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c bf_readbuff.c diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 635a656216..f161c7cd5b 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -39,7 +39,14 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in) { struct decoder_process_data_st data; int ok = 0; + BIO *new_bio = NULL; + if (BIO_tell(in) < 0) { + new_bio = BIO_new(BIO_f_readbuffer()); + if (new_bio == NULL) + return 0; + in = BIO_push(new_bio, in); + } memset(&data, 0, sizeof(data)); data.ctx = ctx; data.bio = in; @@ -52,6 +59,10 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in) /* Clear any internally cached passphrase */ (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata); + if (new_bio != NULL) { + BIO_pop(new_bio); + BIO_free(new_bio); + } return ok; } diff --git a/doc/build.info b/doc/build.info index e53b3d1007..0a13f26927 100644 --- a/doc/build.info +++ b/doc/build.info @@ -570,6 +570,10 @@ DEPEND[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod GENERATE[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod DEPEND[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod GENERATE[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod +DEPEND[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod +GENERATE[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod +DEPEND[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod +GENERATE[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod DEPEND[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod GENERATE[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod DEPEND[man/man3/BIO_f_ssl.3]=man3/BIO_f_ssl.pod @@ -2772,6 +2776,7 @@ html/man3/BIO_f_cipher.html \ html/man3/BIO_f_md.html \ html/man3/BIO_f_null.html \ html/man3/BIO_f_prefix.html \ +html/man3/BIO_f_readbuffer.html \ html/man3/BIO_f_ssl.html \ html/man3/BIO_find_type.html \ html/man3/BIO_get_data.html \ @@ -3342,6 +3347,7 @@ man/man3/BIO_f_cipher.3 \ man/man3/BIO_f_md.3 \ man/man3/BIO_f_null.3 \ man/man3/BIO_f_prefix.3 \ +man/man3/BIO_f_readbuffer.3 \ man/man3/BIO_f_ssl.3 \ man/man3/BIO_find_type.3 \ man/man3/BIO_get_data.3 \ diff --git a/doc/man3/BIO_f_readbuffer.pod b/doc/man3/BIO_f_readbuffer.pod new file mode 100644 index 0000000000..35e708f9ad --- /dev/null +++ b/doc/man3/BIO_f_readbuffer.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +BIO_f_readbuffer +- read only buffering BIO that supports BIO_tell() and BIO_seek() + +=head1 SYNOPSIS + + #include + + const BIO_METHOD *BIO_f_readbuffer(void); + +=head1 DESCRIPTION + +BIO_f_readbuffer() returns the read buffering BIO method. + +This BIO filter can be inserted on top of BIO's that do not support BIO_tell() +or BIO_seek() (e.g. A file BIO that uses stdin). + +Data read from a read buffering BIO comes from an internal buffer which is +filled from the next BIO in the chain. + +BIO_gets() is supported for read buffering BIOs. +Writing data to a read buffering BIO is not supported. + +Calling BIO_reset() on a read buffering BIO does not clear any buffered data. + +=head1 NOTES + +Read buffering BIOs implement BIO_read_ex() by using BIO_read_ex() operations +on the next BIO (e.g. a file BIO) in the chain and storing the result in an +internal buffer, from which bytes are given back to the caller as appropriate +for the call. BIO_read_ex() is guaranteed to give the caller the number of bytes +it asks for, unless there's an error or end of communication is reached in the +next BIO. The internal buffer can grow to cache the entire contents of the next +BIO in the chain. BIO_seek() uses the internal buffer, so that it can only seek +into data that is already read. + +=head1 RETURN VALUES + +BIO_f_readbuffer() returns the read buffering BIO method. + +=head1 SEE ALSO + +L, +L, +L, +L, +L. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/bio.pod b/doc/man7/bio.pod index bb23e56961..092bdde184 100644 --- a/doc/man7/bio.pod +++ b/doc/man7/bio.pod @@ -64,6 +64,7 @@ L, L, L, L, L, L, L, +L, L, L, L, L, L, @@ -76,7 +77,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in index 6bb4876022..3b2f7e98f5 100644 --- a/include/openssl/bio.h.in +++ b/include/openssl/bio.h.in @@ -647,6 +647,7 @@ const BIO_METHOD *BIO_s_bio(void); const BIO_METHOD *BIO_s_null(void); const BIO_METHOD *BIO_f_null(void); const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_readbuffer(void); const BIO_METHOD *BIO_f_linebuffer(void); const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index ab4b4055d9..1ea820e2a4 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -8,30 +8,26 @@ */ #include "e_os.h" /* To get strncasecmp() on Windows */ + #include #include -#include +#include /* isdigit */ #include -#include #include #include #include -#include #include #include -#include #include #include -#include /* The OSSL_STORE_INFO type numbers */ #include +#include /* The OSSL_STORE_INFO type numbers */ #include "internal/cryptlib.h" #include "internal/o_dir.h" -#include "crypto/pem.h" /* For PVK and "blob" PEM headers */ #include "crypto/decoder.h" #include "prov/implementations.h" #include "prov/bio.h" -#include "prov/provider_ctx.h" #include "file_store_local.h" DEFINE_STACK_OF(OSSL_STORE_INFO) @@ -74,10 +70,6 @@ struct file_ctx_st { IS_DIR /* Pass directory entry names */ } type; - /* Flag bits */ - unsigned int flag_attached:1; - unsigned int flag_buffered:1; - union { /* Used with |IS_FILE| */ struct { @@ -299,139 +291,18 @@ static void *file_open(void *provctx, const char *uri) return ctx; } -/* - * Attached input streams must be treated very very carefully to avoid - * nasty surprises. - * - * This implementation tries to support input streams that can't be reset, - * such as standard input. However, OSSL_DECODER assumes resettable streams, - * and because the PEM decoder may read quite a bit of the input file to skip - * past any non-PEM text that precedes the PEM block, we may need to detect - * if the input stream is a PEM file early. - * - * If the input stream supports BIO_tell(), we assume that it also supports - * BIO_seek(), making it a resettable stream and therefore safe to fully - * unleash OSSL_DECODER. - * - * If the input stream doesn't support BIO_tell(), we must assume that we - * have a non-resettable stream, and must tread carefully. We do so by - * trying to detect if the input is PEM, MSBLOB or PVK, and if not, we - * assume that it's DER. - * - * To detect if an input stream is PEM, MSBLOB or PVK, we use the buffer BIO - * filter, which allows us a 4KiB resettable read-ahead. We *hope* that 4KiB - * will be enough to find the start of the PEM block. - * - * It should be possible to use this same technique to detect other file - * types as well. - * - * An alternative technique would be to have an endlessly caching BIO filter. - * That would take away the need for all the detection here, and simply leave - * it for OSSL_DECODER to find out on its own while supporting its demand for - * resettable input streams. - * That's a possible future development. - */ - -# define INPUT_TYPE_ANY NULL -# define INPUT_TYPE_DER "DER" -# define INPUT_TYPE_PEM "PEM" -# define INPUT_TYPE_MSBLOB "MSBLOB" -# define INPUT_TYPE_PVK "PVK" - void *file_attach(void *provctx, OSSL_CORE_BIO *cin) { + struct file_ctx_st *ctx; BIO *new_bio = bio_new_from_core_bio(provctx, cin); - BIO *new_bio_tmp = NULL; - BIO *buff = NULL; - char peekbuf[4096] = { 0, }; - int loc; - const char *input_type = NULL; - unsigned int flag_attached = 1; - unsigned int flag_buffered = 0; - struct file_ctx_st *ctx = NULL; if (new_bio == NULL) - return 0; - - /* Try to get the current position */ - loc = BIO_tell(new_bio); - - if ((buff = BIO_new(BIO_f_buffer())) == NULL - || (new_bio_tmp = BIO_push(buff, new_bio)) == NULL) - goto err; - - /* Assumption, if we can't detect PEM */ - input_type = INPUT_TYPE_DER; - flag_buffered = 1; - new_bio = new_bio_tmp; - - if (BIO_buffer_peek(new_bio, peekbuf, sizeof(peekbuf) - 1) > 0) { -#ifndef OPENSSL_NO_DSA - const unsigned char *p = NULL; - unsigned int magic = 0, bitlen = 0; - int isdss = 0, ispub = -1; -# ifndef OPENSSL_NO_RC4 - unsigned int saltlen = 0, keylen = 0; -# endif -#endif - - peekbuf[sizeof(peekbuf) - 1] = '\0'; - if (strstr(peekbuf, "-----BEGIN ") != NULL) - input_type = INPUT_TYPE_PEM; -#ifndef OPENSSL_NO_DSA - else if (p = (unsigned char *)peekbuf, - ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen, - &isdss, &ispub)) - input_type = INPUT_TYPE_MSBLOB; -# ifndef OPENSSL_NO_RC4 - else if (p = (unsigned char *)peekbuf, - ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen)) - input_type = INPUT_TYPE_PVK; -# endif -#endif - } - - /* - * After peeking, we know that the underlying source BIO has moved ahead - * from its earlier position and that if it supports BIO_tell(), that - * should be a number that differs from |loc|. Otherwise, we will get - * the same value, which may one of: - * - * - zero (the source BIO doesn't support BIO_tell() / BIO_seek() / - * BIO_reset()) - * - -1 (the underlying operating system / C library routines do not - * support BIO_tell() / BIO_seek() / BIO_reset()) - * - * If it turns out that the source BIO does support BIO_tell(), we pop - * the buffer BIO filter and mark this input as |INPUT_TYPE_ANY|, which - * fully unleashes OSSL_DECODER to do its thing. - */ - if (BIO_tell(new_bio) != loc) { - /* In this case, anything goes */ - input_type = INPUT_TYPE_ANY; - - /* Restore the source BIO like it was when entering this function */ - new_bio = BIO_pop(buff); - BIO_free(buff); - (void)BIO_seek(new_bio, loc); - - flag_buffered = 0; - } - - if ((ctx = file_open_stream(new_bio, NULL, input_type, provctx)) == NULL) - goto err; - - ctx->flag_attached = flag_attached; - ctx->flag_buffered = flag_buffered; + return NULL; + ctx = file_open_stream(new_bio, NULL, NULL, provctx); + if (ctx == NULL) + BIO_free(new_bio); return ctx; - err: - if (flag_buffered) { - new_bio = BIO_pop(buff); - BIO_free(buff); - } - BIO_free(new_bio); /* Removes the provider BIO filter */ - return NULL; } /*- @@ -854,30 +725,11 @@ static int file_close_dir(struct file_ctx_st *ctx) static int file_close_stream(struct file_ctx_st *ctx) { - if (ctx->flag_buffered) { - /* - * file_attach() pushed a BIO_f_buffer() on top of the regular BIO. - * Drop it. - */ - BIO *buff = ctx->_.file.file; - - /* Detach buff */ - ctx->_.file.file = BIO_pop(ctx->_.file.file); - - BIO_free(buff); - } - /* - * If it was attached, we only free the top, as that's the provider BIO - * filter. Otherwise, it was entirely allocated by this implementation, - * and can safely be completely freed. + * This frees either the provider BIO filter (for file_attach()) OR + * the allocated file BIO (for file_open()). */ - if (ctx->flag_attached) - BIO_free(ctx->_.file.file); - else - BIO_free_all(ctx->_.file.file); - - /* To avoid double free */ + BIO_free(ctx->_.file.file); ctx->_.file.file = NULL; free_file_ctx(ctx); diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t index 9bd947b0ee..78a63508b3 100644 --- a/test/recipes/20-test_dhparam.t +++ b/test/recipes/20-test_dhparam.t @@ -19,7 +19,7 @@ setup("test_dhparam"); plan skip_all => "DH is not supported in this build" if disabled("dh"); -plan tests => 16; +plan tests => 17; sub checkdhparams { my $file = shift; #Filename containing params @@ -171,3 +171,7 @@ SKIP: { checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512); }; } + +ok(run(app(["openssl", "dhparam", "-noout", "-text"], + stdin => data_file("pkcs3-2-1024.pem"))), + "stdinbuffer input test that uses BIO_gets"); diff --git a/util/libcrypto.num b/util/libcrypto.num index 309676f39b..2ca427c63b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5313,3 +5313,4 @@ EVP_RAND_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: EVP_RAND_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: RAND_set_DRBG_type ? 3_0_0 EXIST::FUNCTION: RAND_set_seed_source_type ? 3_0_0 EXIST::FUNCTION: +BIO_f_readbuffer ? 3_0_0 EXIST::FUNCTION: From pauli at openssl.org Wed Mar 10 23:26:46 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 10 Mar 2021 23:26:46 +0000 Subject: [openssl] master update Message-ID: <1615418806.847930.23023.nullmailer@dev.openssl.org> The branch master has been updated via 903a6558471812c8884a8ba279ad96dc29ccd4b0 (commit) via 925b5360f7ae234b5103effd1e0d713575906421 (commit) via 141cc94e44db93cded4ce3f0d97b9b5b928f43f2 (commit) from 7a45d51ce3268d16409405b9d54d7b4bb77a7fc3 (commit) - Log ----------------------------------------------------------------- commit 903a6558471812c8884a8ba279ad96dc29ccd4b0 Author: Pauli Date: Tue Mar 9 10:57:05 2021 +1000 test: convert store test to use relative paths Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14419) commit 925b5360f7ae234b5103effd1e0d713575906421 Author: Pauli Date: Fri Mar 5 11:24:34 2021 +1000 core: add up_ref callback for OSSL_CORE_BIO Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14419) commit 141cc94e44db93cded4ce3f0d97b9b5b928f43f2 Author: Pauli Date: Thu Mar 4 13:53:53 2021 +1000 Add a real type for OSSL_CORE_BIO which is distinct from and not castable to BIO Providers (particularly the FIPS provider) needs access to BIOs from libcrypto. Libcrypto is allowed to change the internal format of the BIO structure and it is still expected to work with providers that were already built. This means that the libcrypto BIO must be distinct from and not castable to the provider side OSSL_CORE_BIO. Unfortunately, this requirement was broken in both directions. This fixes things by forcing the two to be different and any casts break loudly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14419) ----------------------------------------------------------------------- Summary of changes: crypto/bio/build.info | 2 +- crypto/bio/core_bio.c | 124 +++++++++++++++++++++ crypto/encode_decode/decoder_lib.c | 10 +- crypto/encode_decode/encoder_lib.c | 8 +- crypto/provider_core.c | 20 ++-- crypto/store/store_lib.c | 7 +- doc/man7/provider-base.pod | 28 ++--- include/internal/bio.h | 16 +++ include/openssl/core_dispatch.h | 14 ++- providers/common/bio_prov.c | 24 +++- providers/common/include/prov/bio.h | 1 + .../implementations/storemgmt/file_store_der2obj.c | 6 +- test/ossl_store_test.c | 62 +++++++---- test/recipes/66-test_ossl_store.t | 5 +- 14 files changed, 267 insertions(+), 60 deletions(-) create mode 100644 crypto/bio/core_bio.c diff --git a/crypto/bio/build.info b/crypto/bio/build.info index 227071f0ce..2bee64fc62 100644 --- a/crypto/bio/build.info +++ b/crypto/bio/build.info @@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\ bio_lib.c bio_cb.c bio_err.c \ b_print.c b_dump.c b_addr.c \ b_sock.c b_sock2.c \ - bio_meth.c + bio_meth.c core_bio.c # Source / sink implementations SOURCE[../../libcrypto]=\ diff --git a/crypto/bio/core_bio.c b/crypto/bio/core_bio.c new file mode 100644 index 0000000000..328302ea34 --- /dev/null +++ b/crypto/bio/core_bio.c @@ -0,0 +1,124 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "bio_local.h" + +/*- + * Core BIO structure + * This is distinct from a BIO to prevent casting between the two which could + * lead to versioning problems. + */ +struct ossl_core_bio_st { + CRYPTO_REF_COUNT ref_cnt; + CRYPTO_RWLOCK *ref_lock; + BIO *bio; +}; + +static OSSL_CORE_BIO *core_bio_new(void) +{ + OSSL_CORE_BIO *cb = OPENSSL_malloc(sizeof(*cb)); + + if (cb == NULL || (cb->ref_lock = CRYPTO_THREAD_lock_new()) == NULL) { + OPENSSL_free(cb); + return NULL; + } + cb->ref_cnt = 1; + return cb; +} + +int ossl_core_bio_up_ref(OSSL_CORE_BIO *cb) +{ + int ref = 0; + + return CRYPTO_UP_REF(&cb->ref_cnt, &ref, cb->ref_lock); +} + +int ossl_core_bio_free(OSSL_CORE_BIO *cb) +{ + int ref = 0, res = 1; + + if (cb != NULL) { + CRYPTO_DOWN_REF(&cb->ref_cnt, &ref, cb->ref_lock); + if (ref <= 0) { + res = BIO_free(cb->bio); + CRYPTO_THREAD_lock_free(cb->ref_lock); + OPENSSL_free(cb); + } + } + return res; +} + +OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio) +{ + OSSL_CORE_BIO *cb = core_bio_new(); + + if (cb == NULL || !BIO_up_ref(bio)) { + ossl_core_bio_free(cb); + return NULL; + } + cb->bio = bio; + return cb; +} + +static OSSL_CORE_BIO *core_bio_new_from_new_bio(BIO *bio) +{ + OSSL_CORE_BIO *cb = NULL; + + if (bio == NULL) + return NULL; + if ((cb = core_bio_new()) == NULL) { + BIO_free(bio); + return NULL; + } + cb->bio = bio; + return cb; +} + +OSSL_CORE_BIO *ossl_core_bio_new_file(const char *filename, const char *mode) +{ + return core_bio_new_from_new_bio(BIO_new_file(filename, mode)); +} + +OSSL_CORE_BIO *ossl_core_bio_new_mem_buf(const void *buf, int len) +{ + return core_bio_new_from_new_bio(BIO_new_mem_buf(buf, len)); +} + +int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, + size_t *readbytes) +{ + return BIO_read_ex(cb->bio, data, dlen, readbytes); +} + +int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, + size_t *written) +{ + return BIO_write_ex(cb->bio, data, dlen, written); +} + +int ossl_core_bio_gets(OSSL_CORE_BIO *cb, char *buf, int size) +{ + return BIO_gets(cb->bio, buf, size); +} + +int ossl_core_bio_puts(OSSL_CORE_BIO *cb, const char *buf) +{ + return BIO_puts(cb->bio, buf); +} + +long ossl_core_bio_ctrl(OSSL_CORE_BIO *cb, int cmd, long larg, void *parg) +{ + return BIO_ctrl(cb->bio, cmd, larg, parg); +} + +int ossl_core_bio_vprintf(OSSL_CORE_BIO *cb, const char *format, va_list args) +{ + return BIO_vprintf(cb->bio, format, args); +} diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index f161c7cd5b..9c01dc894b 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -17,6 +17,7 @@ #include #include #include "internal/passphrase.h" +#include "internal/bio.h" #include "crypto/decoder.h" #include "encoder_local.h" #include "e_os.h" @@ -520,6 +521,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) OSSL_DECODER_CTX *ctx = data->ctx; OSSL_DECODER_INSTANCE *decoder_inst = NULL; OSSL_DECODER *decoder = NULL; + OSSL_CORE_BIO *cbio = NULL; BIO *bio = data->bio; long loc; size_t i; @@ -633,6 +635,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) goto end; } + if ((cbio = ossl_core_bio_new_from_bio(bio)) == NULL) { + ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); + goto end; + } + for (i = data->current_decoder_inst_index; i-- > 0;) { OSSL_DECODER_INSTANCE *new_decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); @@ -740,7 +747,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) } OSSL_TRACE_END(DECODER); new_data.current_decoder_inst_index = i; - ok = new_decoder->decode(new_decoderctx, (OSSL_CORE_BIO *)bio, + ok = new_decoder->decode(new_decoderctx, cbio, new_data.ctx->selection, decoder_process, &new_data, ossl_pw_passphrase_callback_dec, @@ -776,6 +783,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) } end: + ossl_core_bio_free(cbio); BIO_free(new_data.bio); return ok; } diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index d15fb27fde..b25529e073 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -15,6 +15,7 @@ #include #include #include +#include "internal/bio.h" #include "encoder_local.h" struct encoder_process_data_st { @@ -604,6 +605,7 @@ static int encoder_process(struct encoder_process_data_st *data) /* Calling the encoder implementation */ if (ok) { + OSSL_CORE_BIO *cbio = NULL; BIO *current_out = NULL; /* @@ -616,9 +618,10 @@ static int encoder_process(struct encoder_process_data_st *data) == NULL) ok = 0; /* Assume BIO_new() recorded an error */ + if (ok) + ok = (cbio = ossl_core_bio_new_from_bio(current_out)) != NULL; if (ok) { - ok = current_encoder->encode(current_encoder_ctx, - (OSSL_CORE_BIO *)current_out, + ok = current_encoder->encode(current_encoder_ctx, cbio, original_data, current_abstract, data->ctx->selection, ossl_pw_passphrase_callback_enc, @@ -631,6 +634,7 @@ static int encoder_process(struct encoder_process_data_st *data) } OSSL_TRACE_END(ENCODER); } + ossl_core_bio_free(cbio); data->prev_encoder_inst = current_encoder_inst; } } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 1326f83f7e..9536cb65d1 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -20,6 +20,7 @@ #include "internal/thread_once.h" #include "internal/provider.h" #include "internal/refcount.h" +#include "internal/bio.h" #include "provider_local.h" #ifndef FIPS_MODULE # include @@ -1191,15 +1192,16 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, (void (*)(void))core_clear_last_error_mark }, { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, - { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file }, - { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf }, - { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex }, - { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))BIO_write_ex }, - { OSSL_FUNC_BIO_GETS, (void (*)(void))BIO_gets }, - { OSSL_FUNC_BIO_PUTS, (void (*)(void))BIO_puts }, - { OSSL_FUNC_BIO_CTRL, (void (*)(void))BIO_ctrl }, - { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free }, - { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf }, + { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, + { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, + { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex }, + { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))ossl_core_bio_write_ex }, + { OSSL_FUNC_BIO_GETS, (void (*)(void))ossl_core_bio_gets }, + { OSSL_FUNC_BIO_PUTS, (void (*)(void))ossl_core_bio_puts }, + { OSSL_FUNC_BIO_CTRL, (void (*)(void))ossl_core_bio_ctrl }, + { OSSL_FUNC_BIO_UP_REF, (void (*)(void))ossl_core_bio_up_ref }, + { OSSL_FUNC_BIO_FREE, (void (*)(void))ossl_core_bio_free }, + { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))ossl_core_bio_vprintf }, { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback }, { OSSL_FUNC_GET_ENTROPY, (void (*)(void))ossl_rand_get_entropy }, diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 5d0b3e7397..1aaf9f89a4 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -26,6 +26,7 @@ #include "internal/thread_once.h" #include "internal/cryptlib.h" #include "internal/provider.h" +#include "internal/bio.h" #include "crypto/store.h" #include "store_local.h" @@ -941,9 +942,10 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, const OSSL_PROVIDER *provider = OSSL_STORE_LOADER_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); + OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp); - if ((loader_ctx = - fetched_loader->p_attach(provctx, (OSSL_CORE_BIO *)bp)) == NULL) { + if (cbio == NULL + || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) { OSSL_STORE_LOADER_free(fetched_loader); fetched_loader = NULL; } else if (propq != NULL) { @@ -961,6 +963,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, } } loader = fetched_loader; + ossl_core_bio_free(cbio); } if (loader_ctx == NULL) { diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 3b4416dac0..29f5468c9f 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -56,28 +56,29 @@ provider-base int CRYPTO_secure_allocated(const void *ptr); void OPENSSL_cleanse(void *ptr, size_t len); - OSSL_CORE_BIO * BIO_new_file(const char *filename, const char *mode) - OSSL_CORE_BIO * BIO_new_membuf(const void *buf, int len) + OSSL_CORE_BIO *BIO_new_file(const char *filename, const char *mode); + OSSL_CORE_BIO *BIO_new_membuf(const void *buf, int len); int BIO_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, - size_t *bytes_read)) + size_t *bytes_read); int BIO_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, - size_t *written) - int BIO_free(OSSL_CORE_BIO *bio)) - int BIO_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list args) - int BIO_vsnprintf(char *buf, size_t n, const char *fmt, va_list args) + size_t *written); + int BIO_up_ref(OSSL_CORE_BIO *bio); + int BIO_free(OSSL_CORE_BIO *bio); + int BIO_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list args); + int BIO_vsnprintf(char *buf, size_t n, const char *fmt, va_list args); - void self_test_cb(OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg) + void self_test_cb(OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg); size_t get_entropy(const OSSL_CORE_HANDLE *handle, unsigned char **pout, int entropy, - size_t min_len, size_t max_len) + size_t min_len, size_t max_len); void cleanup_entropy(const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len); size_t get_nonce(const OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, - const void *salt, size_t salt_len) + const void *salt, size_t salt_len); void cleanup_nonce(const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len); /* Functions offered by the provider to libcrypto */ void provider_teardown(void *provctx); @@ -140,6 +141,7 @@ provider): BIO_new_file OSSL_FUNC_BIO_NEW_FILE BIO_new_mem_buf OSSL_FUNC_BIO_NEW_MEMBUF BIO_read_ex OSSL_FUNC_BIO_READ_EX + BIO_up_ref OSSL_FUNC_BIO_UP_REF BIO_free OSSL_FUNC_BIO_FREE BIO_vprintf OSSL_FUNC_BIO_VPRINTF OPENSSL_cleanse OSSL_FUNC_OPENSSL_CLEANSE @@ -225,7 +227,7 @@ CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(), CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(), CRYPTO_secure_zalloc(), CRYPTO_secure_free(), CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), -BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_free(), +BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_up_ref(), BIO_free(), BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf() correspond exactly to the public functions with the same name. As a matter of fact, the pointers in the B array are diff --git a/include/internal/bio.h b/include/internal/bio.h index e057298318..b905845a1a 100644 --- a/include/internal/bio.h +++ b/include/internal/bio.h @@ -11,6 +11,7 @@ # define OSSL_INTERNAL_BIO_H # pragma once +# include # include struct bio_method_st { @@ -70,4 +71,19 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); # define BIO_clear_ktls_ctrl_msg(b) \ BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) +/* Functions to allow the core to offer the CORE_BIO type to providers */ +OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio); +OSSL_CORE_BIO *ossl_core_bio_new_file(const char *filename, const char *mode); +OSSL_CORE_BIO *ossl_core_bio_new_mem_buf(const void *buf, int len); +int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, + size_t *readbytes); +int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, + size_t *written); +int ossl_core_bio_gets(OSSL_CORE_BIO *cb, char *buf, int size); +int ossl_core_bio_puts(OSSL_CORE_BIO *cb, const char *buf); +long ossl_core_bio_ctrl(OSSL_CORE_BIO *cb, int cmd, long larg, void *parg); +int ossl_core_bio_up_ref(OSSL_CORE_BIO *cb); +int ossl_core_bio_free(OSSL_CORE_BIO *cb); +int ossl_core_bio_vprintf(OSSL_CORE_BIO *cb, const char *format, va_list args); + #endif diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 76fd0ada6c..eb71bc5469 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -135,12 +135,13 @@ OSSL_CORE_MAKE_FUNC(void, #define OSSL_FUNC_BIO_NEW_MEMBUF 41 #define OSSL_FUNC_BIO_READ_EX 42 #define OSSL_FUNC_BIO_WRITE_EX 43 -#define OSSL_FUNC_BIO_FREE 44 -#define OSSL_FUNC_BIO_VPRINTF 45 -#define OSSL_FUNC_BIO_VSNPRINTF 46 -#define OSSL_FUNC_BIO_PUTS 47 -#define OSSL_FUNC_BIO_GETS 48 -#define OSSL_FUNC_BIO_CTRL 49 +#define OSSL_FUNC_BIO_UP_REF 44 +#define OSSL_FUNC_BIO_FREE 45 +#define OSSL_FUNC_BIO_VPRINTF 46 +#define OSSL_FUNC_BIO_VSNPRINTF 47 +#define OSSL_FUNC_BIO_PUTS 48 +#define OSSL_FUNC_BIO_GETS 49 +#define OSSL_FUNC_BIO_CTRL 50 OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, @@ -152,6 +153,7 @@ OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written)) OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size)) OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str)) +OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio)) OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio)) OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args)) diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index afdeb80d80..47f04c47e2 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -19,6 +19,7 @@ static OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex = NULL; static OSSL_FUNC_BIO_gets_fn *c_bio_gets = NULL; static OSSL_FUNC_BIO_puts_fn *c_bio_puts = NULL; static OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl = NULL; +static OSSL_FUNC_BIO_up_ref_fn *c_bio_up_ref = NULL; static OSSL_FUNC_BIO_free_fn *c_bio_free = NULL; static OSSL_FUNC_BIO_vprintf_fn *c_bio_vprintf = NULL; @@ -54,6 +55,10 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) if (c_bio_ctrl == NULL) c_bio_ctrl = OSSL_FUNC_BIO_ctrl(fns); break; + case OSSL_FUNC_BIO_UP_REF: + if (c_bio_up_ref == NULL) + c_bio_up_ref = OSSL_FUNC_BIO_up_ref(fns); + break; case OSSL_FUNC_BIO_FREE: if (c_bio_free == NULL) c_bio_free = OSSL_FUNC_BIO_free(fns); @@ -119,6 +124,13 @@ int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr) return c_bio_ctrl(bio, cmd, num, ptr); } +int ossl_prov_bio_up_ref(OSSL_CORE_BIO *bio) +{ + if (c_bio_up_ref == NULL) + return 0; + return c_bio_up_ref(bio); +} + int ossl_prov_bio_free(OSSL_CORE_BIO *bio) { if (c_bio_free == NULL) @@ -186,6 +198,7 @@ static int bio_core_new(BIO *bio) static int bio_core_free(BIO *bio) { BIO_set_init(bio, 0); + ossl_prov_bio_free(BIO_get_data(bio)); return 1; } @@ -218,10 +231,13 @@ BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio) if (corebiometh == NULL) return NULL; - outbio = BIO_new(corebiometh); - if (outbio != NULL) - BIO_set_data(outbio, corebio); - + if ((outbio = BIO_new(corebiometh)) == NULL) + return NULL; + if (!ossl_prov_bio_up_ref(corebio)) { + BIO_free(outbio); + return NULL; + } + BIO_set_data(outbio, corebio); return outbio; } diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index 9dd9f44bad..fc8237a249 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -23,6 +23,7 @@ int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size); int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str); int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr); +int ossl_prov_bio_up_ref(OSSL_CORE_BIO *bio); int ossl_prov_bio_free(OSSL_CORE_BIO *bio); int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c index 74a18eb70b..d34e90540d 100644 --- a/providers/implementations/storemgmt/file_store_der2obj.c +++ b/providers/implementations/storemgmt/file_store_der2obj.c @@ -85,10 +85,13 @@ static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, * We're called from file_store.c, so we know that OSSL_CORE_BIO is a * BIO in this case. */ - BIO *in = (BIO *)cin; + BIO *in = bio_new_from_core_bio(provctx, cin); BUF_MEM *mem = NULL; int err, ok; + if (in == NULL) + return 0; + ERR_set_mark(); ok = (asn1_d2i_read_bio(in, &mem) >= 0); /* @@ -117,6 +120,7 @@ static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, OPENSSL_free(mem->data); OPENSSL_free(mem); } + BIO_free(in); return ok; } diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c index 7424aed0dd..773c696fec 100644 --- a/test/ossl_store_test.c +++ b/test/ossl_store_test.c @@ -23,12 +23,16 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, + OPT_INPUTDIR, OPT_INFILE, + OPT_SM2FILE, OPT_DATADIR, OPT_TEST_ENUM } OPTION_CHOICE; +static const char *inputdir = NULL; static const char *infile = NULL; +static const char *sm2file = NULL; static const char *datadir = NULL; static int test_store_open(void) @@ -37,16 +41,19 @@ static int test_store_open(void) OSSL_STORE_CTX *sctx = NULL; OSSL_STORE_SEARCH *search = NULL; UI_METHOD *ui_method = NULL; + char *input = test_mk_file_path(inputdir, infile); - ret = TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing")) + ret = TEST_ptr(input) + && TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing")) && TEST_ptr(ui_method= UI_create_method("DummyUI")) - && TEST_ptr(sctx = OSSL_STORE_open_ex(infile, NULL, NULL, ui_method, + && TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method, NULL, NULL, NULL)) && TEST_false(OSSL_STORE_find(sctx, NULL)) && TEST_true(OSSL_STORE_find(sctx, search)); UI_destroy_method(ui_method); OSSL_STORE_SEARCH_free(search); OSSL_STORE_close(sctx); + OPENSSL_free(input); return ret; } @@ -139,24 +146,27 @@ static int test_store_get_params(int idx) static int test_store_attach_unregistered_scheme(void) { int ret; - OSSL_STORE_CTX *store_ctx; - OSSL_PROVIDER *provider; - OSSL_LIB_CTX *libctx; - BIO *bio; - libctx = OSSL_LIB_CTX_new(); - provider = OSSL_PROVIDER_load(libctx, "default"); - bio = BIO_new_file("test/certs/sm2-root.crt", "r"); - - ret = TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL, - NULL, NULL, NULL, NULL)) && - TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE) && - TEST_int_ne(ERR_GET_REASON(ERR_peek_error()), - OSSL_STORE_R_UNREGISTERED_SCHEME); + OSSL_STORE_CTX *store_ctx = NULL; + OSSL_PROVIDER *provider = NULL; + OSSL_LIB_CTX *libctx = NULL; + BIO *bio = NULL; + char *input = test_mk_file_path(inputdir, sm2file); + + ret = TEST_ptr(input) + && TEST_ptr(libctx = OSSL_LIB_CTX_new()) + && TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default")) + && TEST_ptr(bio = BIO_new_file(input, "r")) + && TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL, + NULL, NULL, NULL, NULL)) + && TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE) + && TEST_int_ne(ERR_GET_REASON(ERR_peek_error()), + OSSL_STORE_R_UNREGISTERED_SCHEME); BIO_free(bio); OSSL_STORE_close(store_ctx); OSSL_PROVIDER_unload(provider); OSSL_LIB_CTX_free(libctx); + OPENSSL_free(input); return ret; } @@ -164,7 +174,9 @@ const OPTIONS *test_get_options(void) { static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, - { "in", OPT_INFILE, '<', }, + { "dir", OPT_INPUTDIR, '/' }, + { "in", OPT_INFILE, '<' }, + { "sm2", OPT_SM2FILE, '<' }, { "data", OPT_DATADIR, 's' }, { NULL } }; @@ -177,9 +189,15 @@ int setup_tests(void) while ((o = opt_next()) != OPT_EOF) { switch (o) { + case OPT_INPUTDIR: + inputdir = opt_arg(); + break; case OPT_INFILE: infile = opt_arg(); break; + case OPT_SM2FILE: + sm2file = opt_arg(); + break; case OPT_DATADIR: datadir = opt_arg(); break; @@ -192,13 +210,19 @@ int setup_tests(void) } if (datadir == NULL) { - TEST_error("No datadir specified"); + TEST_error("No data directory specified"); + return 0; + } + if (inputdir == NULL) { + TEST_error("No input directory specified"); return 0; } - ADD_TEST(test_store_open); + if (infile != NULL) + ADD_TEST(test_store_open); ADD_TEST(test_store_search_by_key_fingerprint_fail); ADD_ALL_TESTS(test_store_get_params, 3); - ADD_TEST(test_store_attach_unregistered_scheme); + if (sm2file != NULL) + ADD_TEST(test_store_attach_unregistered_scheme); return 1; } diff --git a/test/recipes/66-test_ossl_store.t b/test/recipes/66-test_ossl_store.t index 08d66977a5..0385e452b7 100644 --- a/test/recipes/66-test_ossl_store.t +++ b/test/recipes/66-test_ossl_store.t @@ -10,11 +10,12 @@ use strict; use warnings; use OpenSSL::Test::Simple; -use OpenSSL::Test qw/:DEFAULT srctop_file data_dir/; +use OpenSSL::Test qw/:DEFAULT srctop_dir data_dir/; setup("test_ossl_store"); plan tests => 1; -ok(run(test(["ossl_store_test", "-in", srctop_file("test", "testrsa.pem"), +ok(run(test(["ossl_store_test", "-dir", srctop_dir("test"), + "-in", "testrsa.pem", "-sm2", "certs/sm2-root.crt", "-data", data_dir()]))); From openssl at openssl.org Thu Mar 11 00:02:36 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 00:02:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1615420956.674736.2599306.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): #4 0x7fd643d22196 in provider_new /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:264:26 #5 0x7fd643d24d24 in provider_store_new /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:165:16 #6 0x7fd643d07ea5 in ossl_lib_ctx_generic_new /home/openssl/run-checker/enable-asan/../openssl/crypto/context.c:232:17 #7 0x7fd643d10f39 in ossl_crypto_alloc_ex_data_intern /home/openssl/run-checker/enable-asan/../openssl/crypto/ex_data.c:429:5 #8 0x7fd643d07576 in ossl_lib_ctx_get_data /home/openssl/run-checker/enable-asan/../openssl/crypto/context.c:322:9 #9 0x7fd643d21058 in get_provider_store /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:195:13 #10 0x7fd643d233f3 in ossl_provider_forall_loaded /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:817:39 #11 0x7fd643d0836e in ossl_algorithm_do_all /home/openssl/run-checker/enable-asan/../openssl/crypto/core_algorithm.c:110:9 #12 0x7fd643d09221 in ossl_method_construct /home/openssl/run-checker/enable-asan/../openssl/crypto/core_fetch.c:124:9 #13 0x7fd643cd5705 in inner_evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:303:23 #14 0x7fd643cd4e2e in evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:349:12 #15 0x7fd643cee322 in EVP_MAC_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/mac_meth.c:155:12 #16 0x7fd643b9c310 in verify_integrity /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:178:11 #17 0x7fd643b9b941 in SELF_TEST_post /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:285:17 #18 0x7fd643b996a1 in OSSL_provider_init /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:630:10 #19 0x59d17c in provider_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:554:13 #20 0x59a336 in provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:689:9 #21 0x59a00e in ossl_provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:705:9 #22 0xace16c in provider_conf_load /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:133:14 #23 0xacddc5 in provider_conf_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:168:14 #24 0x7ac8c1 in module_init /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:374:15 #25 0x7aafe8 in module_run /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:238:11 #26 0x7aadf4 in CONF_modules_load /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:137:15 #27 0x7ab160 in CONF_modules_load_file_ex /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:180:11 #28 0x7ab363 in CONF_modules_load_file /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:202:12 #29 0x7acfaf in openssl_config_int /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_sap.c:63:11 Indirect leak of 1 byte(s) in 1 object(s) allocated from: #0 0x49578d in malloc (/home/openssl/run-checker/enable-asan/test/threadstest+0x49578d) #1 0x58bc9b in CRYPTO_malloc /home/openssl/run-checker/enable-asan/../openssl/crypto/mem.c:184:12 #2 0x58bd66 in CRYPTO_realloc /home/openssl/run-checker/enable-asan/../openssl/crypto/mem.c:207:16 #3 0x7fd643b9a8be in CRYPTO_realloc /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:770:12 #4 0x7fd643d244df in ossl_provider_set_operation_bit /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:978:30 #5 0x7fd643d09e0b in ossl_method_construct_postcondition /home/openssl/run-checker/enable-asan/../openssl/crypto/core_fetch.c:60:12 #6 0x7fd643d08bf4 in algorithm_do_this /home/openssl/run-checker/enable-asan/../openssl/crypto/core_algorithm.c:75:18 #7 0x7fd643d23a69 in provider_forall_loaded /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:750:25 #8 0x7fd643d2345a in ossl_provider_forall_loaded /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:834:15 #9 0x7fd643d0836e in ossl_algorithm_do_all /home/openssl/run-checker/enable-asan/../openssl/crypto/core_algorithm.c:110:9 #10 0x7fd643d09221 in ossl_method_construct /home/openssl/run-checker/enable-asan/../openssl/crypto/core_fetch.c:124:9 #11 0x7fd643cd5705 in inner_evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:303:23 #12 0x7fd643cd4e2e in evp_generic_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/evp_fetch.c:349:12 #13 0x7fd643cee322 in EVP_MAC_fetch /home/openssl/run-checker/enable-asan/../openssl/crypto/evp/mac_meth.c:155:12 #14 0x7fd643b9c310 in verify_integrity /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:178:11 #15 0x7fd643b9b941 in SELF_TEST_post /home/openssl/run-checker/enable-asan/../openssl/providers/fips/self_test.c:285:17 #16 0x7fd643b996a1 in OSSL_provider_init /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:630:10 #17 0x59d17c in provider_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:554:13 #18 0x59a336 in provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:689:9 #19 0x59a00e in ossl_provider_activate /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_core.c:705:9 #20 0xace16c in provider_conf_load /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:133:14 #21 0xacddc5 in provider_conf_init /home/openssl/run-checker/enable-asan/../openssl/crypto/provider_conf.c:168:14 #22 0x7ac8c1 in module_init /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:374:15 #23 0x7aafe8 in module_run /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:238:11 #24 0x7aadf4 in CONF_modules_load /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:137:15 #25 0x7ab160 in CONF_modules_load_file_ex /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:180:11 #26 0x7ab363 in CONF_modules_load_file /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_mod.c:202:12 #27 0x7acfaf in openssl_config_int /home/openssl/run-checker/enable-asan/../openssl/crypto/conf/conf_sap.c:63:11 #28 0x58a580 in ossl_init_config /home/openssl/run-checker/enable-asan/../openssl/crypto/init.c:238:15 #29 0x58a148 in ossl_init_config_ossl_ /home/openssl/run-checker/enable-asan/../openssl/crypto/init.c:236:1 SUMMARY: AddressSanitizer: 6158 byte(s) leaked in 35 allocation(s). ../../util/wrap.pl ../../test/threadstest -fips ../../../openssl/test/recipes/90-test_threads_data => 1 not ok 1 - running test_threads # ------------------------------------------------------------------------------ # Failed test 'running test_threads' # at ../openssl/test/recipes/90-test_threads.t line 31. # Looks like you failed 1 test of 1.90-test_threads.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 90-test_threads.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=2858, 1751 wallclock secs (12.92 usr 1.62 sys + 1542.29 cusr 199.35 csys = 1756.18 CPU) Result: FAIL make[1]: *** [Makefile:2623: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' make: *** [Makefile:2620: tests] Error 2 From no-reply at appveyor.com Thu Mar 11 00:58:45 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Mar 2021 00:58:45 +0000 Subject: Build failed: openssl master.40567 Message-ID: <20210311005845.1.70D994E62D13F19A@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Mar 11 01:11:54 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 01:11:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm Message-ID: <1615425114.410068.2639083.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 02-test_internal_keymgmt.t ......... ok 02-test_internal_provider.t ........ ok 02-test_lhash.t .................... ok 02-test_ordinals.t ................. ok 02-test_sparse_array.t ............. ok 02-test_stack.t .................... ok 03-test_exdata.t ................... ok 03-test_fipsinstall.t .............. ok 03-test_internal_asn1.t ............ ok 03-test_internal_asn1_dsa.t ........ ok 03-test_internal_bn.t .............. ok 03-test_internal_chacha.t .......... ok 03-test_internal_curve448.t ........ ok 03-test_internal_ec.t .............. ok 03-test_internal_ffc.t ............. ok 03-test_internal_mdc2.t ............ ok 03-test_internal_modes.t ........... ok 03-test_internal_namemap.t ......... ok 03-test_internal_poly1305.t ........ ok 03-test_internal_rsa_sp800_56b.t ... ok 03-test_internal_siphash.t ......... ok 03-test_internal_sm2.t ............. ok 03-test_internal_sm4.t ............. ok 03-test_internal_ssl_cert_table.t .. ok 03-test_internal_x509.t ............ ok 03-test_params_api.t ............... ok 03-test_property.t ................. ok 03-test_ui.t ....................... ok 04-test_asn1_decode.t .............. ok 04-test_asn1_encode.t .............. ok 04-test_asn1_string_table.t ........ ok 04-test_bio_callback.t ............. ok 04-test_bioprint.t ................. ok 04-test_conf.t ..................... ok 04-test_encoder_decoder.t .......... ok 04-test_encoder_decoder_legacy.t ... ok 04-test_err.t ...................... ok 04-test_hexstring.t ................ ok 04-test_param_build.t .............. ok 04-test_params.t ................... ok 04-test_params_conversion.t ........ ok 04-test_pem.t ...................... ok 04-test_pem_read_depr.t ............ ok 04-test_provider.t ................. ok 04-test_provider_fallback.t ........ ok 05-test_bf.t ....................... ok 05-test_cast.t ..................... ok 05-test_cmac.t ..................... ok 05-test_des.t ...................... ok 05-test_hmac.t ..................... ok 05-test_idea.t ..................... ok 05-test_rand.t ..................... ok 05-test_rc2.t ...................... ok 05-test_rc4.t ...................... ok 05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build 06-test-rdrand.t ................... ok 06-test_algorithmid.t .............. ok 10-test_bn.t ....................... ok 10-test_exp.t ...................... ok 15-test_dh.t ....................... ok 15-test_dsa.t ...................... ok 15-test_dsaparam.t ................. ok 15-test_ec.t ....................... ok 15-test_ecdsa.t .................... ok 15-test_ecparam.t .................. ok 15-test_gendh.t .................... ok 15-test_gendsa.t ................... ok 15-test_genec.t .................... ok 15-test_genrsa.t ................... ok 15-test_mp_rsa.t ................... ok 15-test_out_option.t ............... ok 15-test_rsa.t ...................... ok 15-test_rsaoaep.t .................. ok 15-test_rsapss.t ................... ok 20-test_app.t ...................... ok 20-test_cli_fips.t ................. ok 20-test_dgst.t ..................... ok 20-test_dhparam.t .................. ok 20-test_dhparam_check.t ............ ok 20-test_enc.t ...................... ok 20-test_enc_more.t ................. ok 20-test_kdf.t ...................... ok 20-test_mac.t ...................... ok 20-test_passwd.t ................... ok 20-test_pkeyutl.t .................. ok 20-test_rand_config.t .............. ok 25-test_crl.t ...................... ok 25-test_d2i.t ...................... ok 25-test_eai_data.t ................. ok 25-test_pkcs7.t .................... ok 25-test_req.t ...................... ok 25-test_rusext.t ................... ok 25-test_sid.t ...................... ok 25-test_verify.t ................... ok 25-test_verify_store.t ............. ok 25-test_x509.t ..................... ok Terminated make[1]: *** [Makefile:3262: _tests] Error 143 make[1]: Leaving directory '/home/openssl/run-checker/no-asm' make: *** [Makefile:3259: tests] Terminated From openssl at openssl.org Thu Mar 11 01:40:08 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 01:40:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoalginit Message-ID: <1615426808.952442.2699636.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoalginit Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_seed.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_seed.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_seed.o ../openssl/providers/implementations/ciphers/cipher_seed.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o ../openssl/providers/implementations/ciphers/cipher_seed_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o ../openssl/providers/implementations/ciphers/cipher_tdes_common.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-md4_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-md4_prov.o -c -o providers/implementations/digests/liblegacy-lib-md4_prov.o ../openssl/providers/implementations/digests/md4_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-mdc2_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-mdc2_prov.o -c -o providers/implementations/digests/liblegacy-lib-mdc2_prov.o ../openssl/providers/implementations/digests/mdc2_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-ripemd_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-ripemd_prov.o -c -o providers/implementations/digests/liblegacy-lib-ripemd_prov.o ../openssl/providers/implementations/digests/ripemd_prov.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/digests/liblegacy-lib-wp_prov.d.tmp -MT providers/implementations/digests/liblegacy-lib-wp_prov.o -c -o providers/implementations/digests/liblegacy-lib-wp_prov.o ../openssl/providers/implementations/digests/wp_prov.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-fipsprov.d.tmp -MT providers/fips/fips-dso-fipsprov.o -c -o providers/fips/fips-dso-fipsprov.o ../openssl/providers/fips/fipsprov.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-self_test.d.tmp -MT providers/fips/fips-dso-self_test.o -c -o providers/fips/fips-dso-self_test.o ../openssl/providers/fips/self_test.c clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I. -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -I../openssl -DFIPS_MODULE -DOPENSSL_CPUID_OBJ -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/fips/fips-dso-self_test_kats.d.tmp -MT providers/fips/fips-dso-self_test_kats.o -c -o providers/fips/fips-dso-self_test_kats.o ../openssl/providers/fips/self_test_kats.c /usr/bin/perl ../openssl/util/mkdef.pl --ordinals ../openssl/util/providers.num --name providers/fips --OS linux > providers/fips.ld clang -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/legacy-dso-legacyprov.d.tmp -MT providers/legacy-dso-legacyprov.o -c -o providers/legacy-dso-legacyprov.o ../openssl/providers/legacyprov.c /usr/bin/perl ../openssl/util/mkdef.pl --ordinals ../openssl/util/providers.num --name providers/legacy --OS linux > providers/legacy.ld /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/aesni-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPADLOCK_ASM -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/libcrypto-lib-x86_64cpuid.o crypto/x86_64cpuid.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -c -o engines/libcrypto-lib-e_padlock-x86_64.o engines/e_padlock-x86_64.s clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/encode_decode/libimplementations-lib-encode_key2any.d.tmp -MT providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o -c -o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o ../openssl/providers/implementations/encode_decode/encode_key2any.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/kdfs/libimplementations-lib-x942kdf.d.tmp -MT providers/implementations/kdfs/libimplementations-lib-x942kdf.o -c -o providers/implementations/kdfs/libimplementations-lib-x942kdf.o ../openssl/providers/implementations/kdfs/x942kdf.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-dsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-dsa.o -c -o providers/implementations/signature/libimplementations-lib-dsa.o ../openssl/providers/implementations/signature/dsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-ecdsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-ecdsa.o -c -o providers/implementations/signature/libimplementations-lib-ecdsa.o ../openssl/providers/implementations/signature/ecdsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-eddsa.d.tmp -MT providers/implementations/signature/libimplementations-lib-eddsa.o -c -o providers/implementations/signature/libimplementations-lib-eddsa.o ../openssl/providers/implementations/signature/eddsa.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/signature/libimplementations-lib-sm2sig.d.tmp -MT providers/implementations/signature/libimplementations-lib-sm2sig.o -c -o providers/implementations/signature/libimplementations-lib-sm2sig.o ../openssl/providers/implementations/signature/sm2sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_digests_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_digests_gen.o -c -o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/der_digests_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_gen.o -c -o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/der_dsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_key.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_key.o -c -o providers/common/der/libnonfips-lib-der_dsa_key.o ../openssl/providers/common/der/der_dsa_key.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_dsa_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_dsa_sig.o -c -o providers/common/der/libnonfips-lib-der_dsa_sig.o ../openssl/providers/common/der/der_dsa_sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_gen.o -c -o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/der_ec_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_key.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_key.o -c -o providers/common/der/libnonfips-lib-der_ec_key.o ../openssl/providers/common/der/der_ec_key.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ec_sig.d.tmp -MT providers/common/der/libnonfips-lib-der_ec_sig.o -c -o providers/common/der/libnonfips-lib-der_ec_sig.o ../openssl/providers/common/der/der_ec_sig.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_ecx_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_ecx_gen.o -c -o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/der_ecx_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_rsa_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_rsa_gen.o -c -o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/der_rsa_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_sm2_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_sm2_gen.o -c -o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/der_sm2_gen.c clang -Iproviders/common/include/prov -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/common/der/libnonfips-lib-der_wrap_gen.d.tmp -MT providers/common/der/libnonfips-lib-der_wrap_gen.o -c -o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/der/der_wrap_gen.c rm -f libssl.a ar qc libssl.a crypto/libssl-lib-packet.o ssl/libssl-lib-bio_ssl.o ssl/libssl-lib-d1_lib.o ssl/libssl-lib-d1_msg.o ssl/libssl-lib-d1_srtp.o ssl/libssl-lib-methods.o ssl/libssl-lib-pqueue.o ssl/libssl-lib-s3_cbc.o ssl/libssl-lib-s3_enc.o ssl/libssl-lib-s3_lib.o ssl/libssl-lib-s3_msg.o ssl/libssl-lib-ssl_asn1.o ssl/libssl-lib-ssl_cert.o ssl/libssl-lib-ssl_ciph.o ssl/libssl-lib-ssl_conf.o ssl/libssl-lib-ssl_err.o ssl/libssl-lib-ssl_err_legacy.o ssl/libssl-lib-ssl_init.o ssl/libssl-lib-ssl_lib.o ssl/libssl-lib-ssl_mcnf.o ssl/libssl-lib-ssl_rsa.o ssl/libssl-lib-ssl_rsa_legacy.o ssl/libssl-lib-ssl_sess.o ssl/libssl-lib-ssl_stat.o ssl/libssl-lib-ssl_txt.o ssl/libssl-lib-ssl_utst.o ssl/libssl-lib-t1_enc.o ssl/libssl-lib-t1_lib.o ssl/libssl-lib-t1_trce.o ssl/libssl-lib-tls13_enc.o ssl/libssl-lib-tls_depr.o ssl/libssl-lib-tls_srp.o ssl/record/libssl-lib-dtls1_bitmap.o ssl/record/libssl-lib-rec_layer_d1.o ssl/record/libssl-lib-rec_layer_s3.o ssl/record/libssl-lib-ssl3_buffer.o ssl/record/libssl-lib-ssl3_record.o ssl/record/libssl-lib-ssl3_record_tls13.o ssl/record/libssl-lib-tls_pad.o ssl/statem/libssl-lib-extensions.o ssl/statem/libssl-lib-extensions_clnt.o ssl/statem/libssl-lib-extensions_cust.o ssl/statem/libssl-lib-extensions_srvr.o ssl/statem/libssl-lib-statem.o ssl/statem/libssl-lib-statem_clnt.o ssl/statem/libssl-lib-statem_dtls.o ssl/statem/libssl-lib-statem_lib.o ssl/statem/libssl-lib-statem_srvr.o ranlib libssl.a || echo Never mind. rm -f providers/libfips.a ar qc providers/libfips.a crypto/aes/libfips-lib-aes-x86_64.o crypto/aes/libfips-lib-aes_ecb.o crypto/aes/libfips-lib-aes_misc.o crypto/aes/libfips-lib-aesni-mb-x86_64.o crypto/aes/libfips-lib-aesni-sha1-x86_64.o crypto/aes/libfips-lib-aesni-sha256-x86_64.o crypto/aes/libfips-lib-aesni-x86_64.o crypto/aes/libfips-lib-bsaes-x86_64.o crypto/aes/libfips-lib-vpaes-x86_64.o crypto/bn/asm/libfips-lib-x86_64-gcc.o crypto/bn/libfips-lib-bn_add.o crypto/bn/libfips-lib-bn_blind.o crypto/bn/libfips-lib-bn_const.o crypto/bn/libfips-lib-bn_conv.o crypto/bn/libfips-lib-bn_ctx.o crypto/bn/libfips-lib-bn_dh.o crypto/bn/libfips-lib-bn_div.o crypto/bn/libfips-lib-bn_exp.o crypto/bn/libfips-lib-bn_exp2.o crypto/bn/libfips-lib-bn_gcd.o crypto/bn/libfips-lib-bn_gf2m.o crypto/bn/libfips-lib-bn_intern.o crypto/bn/libfips-lib-bn_kron.o crypto/bn/libfips-lib-bn_lib.o crypto/bn/libfips-lib-bn_mod.o crypto/bn/libfips-lib-bn_mont.o crypto/bn/libfips-lib-bn_mpi.o crypto/bn/libfips-lib-bn_mul.o crypto/bn/libfips-lib-bn_nist.o crypto/bn/libfips-lib-bn_prime.o crypto/bn/libfips-lib-bn_rand.o crypto/bn/libfips-lib-bn_recp.o crypto/bn/libfips-lib-bn_rsa_fips186_4.o crypto/bn/libfips-lib-bn_shift.o crypto/bn/libfips-lib-bn_sqr.o crypto/bn/libfips-lib-bn_sqrt.o crypto/bn/libfips-lib-bn_word.o crypto/bn/libfips-lib-rsaz-avx2.o crypto/bn/libfips-lib-rsaz-x86_64.o crypto/bn/libfips-lib-rsaz_exp.o crypto/bn/libfips-lib-x86_64-gf2m.o crypto/bn/libfips-lib-x86_64-mont.o crypto/bn/libfips-lib-x86_64-mont5.o crypto/buffer/libfips-lib-buffer.o crypto/cmac/libfips-lib-cmac.o crypto/des/libfips-lib-des_enc.o crypto/des/libfips-lib-ecb3_enc.o crypto/des/libfips-lib-fcrypt_b.o crypto/des/libfips-lib-set_key.o crypto/dh/libfips-lib-dh_backend.o crypto/dh/libfips-lib-dh_check.o crypto/dh/libfips-lib-dh_gen.o crypto/dh/libfips-lib-dh_group_params.o crypto/dh/libfips-lib-dh_kdf.o crypto/dh/libfips-lib-dh_key.o crypto/dh/libfips-lib-dh_lib.o crypto/dsa/libfips-lib-dsa_backend.o crypto/dsa/libfips-lib-dsa_check.o crypto/dsa/libfips-lib-dsa_gen.o crypto/dsa/libfips-lib-dsa_key.o crypto/dsa/libfips-lib-dsa_lib.o crypto/dsa/libfips-lib-dsa_ossl.o crypto/dsa/libfips-lib-dsa_sign.o crypto/dsa/libfips-lib-dsa_vrf.o crypto/ec/curve448/arch_32/libfips-lib-f_impl.o crypto/ec/curve448/libfips-lib-curve448.o crypto/ec/curve448/libfips-lib-curve448_tables.o crypto/ec/curve448/libfips-lib-eddsa.o crypto/ec/curve448/libfips-lib-f_generic.o crypto/ec/curve448/libfips-lib-scalar.o crypto/ec/libfips-lib-curve25519.o crypto/ec/libfips-lib-ec2_oct.o crypto/ec/libfips-lib-ec2_smpl.o crypto/ec/libfips-lib-ec_asn1.o crypto/ec/libfips-lib-ec_backend.o crypto/ec/libfips-lib-ec_check.o crypto/ec/libfips-lib-ec_curve.o crypto/ec/libfips-lib-ec_cvt.o crypto/ec/libfips-lib-ec_deprecated.o crypto/ec/libfips-lib-ec_key.o crypto/ec/libfips-lib-ec_kmeth.o crypto/ec/libfips-lib-ec_lib.o crypto/ec/libfips-lib-ec_mult.o crypto/ec/libfips-lib-ec_oct.o crypto/ec/libfips-lib-ec_print.o crypto/ec/libfips-lib-ecdh_kdf.o crypto/ec/libfips-lib-ecdh_ossl.o crypto/ec/libfips-lib-ecdsa_ossl.o crypto/ec/libfips-lib-ecdsa_sign.o crypto/ec/libfips-lib-ecdsa_vrf.o crypto/ec/libfips-lib-ecp_mont.o crypto/ec/libfips-lib-ecp_nist.o crypto/ec/libfips-lib-ecp_nistz256-x86_64.o crypto/ec/libfips-lib-ecp_nistz256.o crypto/ec/libfips-lib-ecp_oct.o crypto/ec/libfips-lib-ecp_smpl.o crypto/ec/libfips-lib-ecx_backend.o crypto/ec/libfips-lib-ecx_key.o crypto/ec/libfips-lib-x25519-x86_64.o crypto/evp/libfips-lib-asymcipher.o crypto/evp/libfips-lib-cmeth_lib.o crypto/evp/libfips-lib-dh_support.o crypto/evp/libfips-lib-digest.o crypto/evp/libfips-lib-ec_support.o crypto/evp/libfips-lib-evp_enc.o crypto/evp/libfips-lib-evp_fetch.o crypto/evp/libfips-lib-evp_lib.o crypto/evp/libfips-lib-evp_rand.o crypto/evp/libfips-lib-evp_utils.o crypto/evp/libfips-lib-exchange.o crypto/evp/libfips-lib-kdf_lib.o crypto/evp/libfips-lib-kdf_meth.o crypto/evp/libfips-lib-kem.o crypto/evp/libfips-lib-keymgmt_lib.o crypto/evp/libfips-lib-keymgmt_meth.o crypto/evp/libfips-lib-m_sigver.o crypto/evp/libfips-lib-mac_lib.o crypto/evp/libfips-lib-mac_meth.o crypto/evp/libfips-lib-p_lib.o crypto/evp/libfips-lib-pmeth_check.o crypto/evp/libfips-lib-pmeth_gn.o crypto/evp/libfips-lib-pmeth_lib.o crypto/evp/libfips-lib-signature.o crypto/ffc/libfips-lib-ffc_backend.o crypto/ffc/libfips-lib-ffc_dh.o crypto/ffc/libfips-lib-ffc_key_generate.o crypto/ffc/libfips-lib-ffc_key_validate.o crypto/ffc/libfips-lib-ffc_params.o crypto/ffc/libfips-lib-ffc_params_generate.o crypto/ffc/libfips-lib-ffc_params_validate.o crypto/hmac/libfips-lib-hmac.o crypto/lhash/libfips-lib-lhash.o crypto/libfips-lib-asn1_dsa.o crypto/libfips-lib-bsearch.o crypto/libfips-lib-context.o crypto/libfips-lib-core_algorithm.o crypto/libfips-lib-core_fetch.o crypto/libfips-lib-core_namemap.o crypto/libfips-lib-cryptlib.o crypto/libfips-lib-ctype.o crypto/libfips-lib-der_writer.o crypto/libfips-lib-ex_data.o crypto/libfips-lib-initthread.o crypto/libfips-lib-o_str.o crypto/libfips-lib-packet.o crypto/libfips-lib-param_build.o crypto/libfips-lib-param_build_set.o crypto/libfips-lib-params.o crypto/libfips-lib-params_from_text.o crypto/libfips-lib-passphrase.o crypto/libfips-lib-provider_core.o crypto/libfips-lib-provider_predefined.o crypto/libfips-lib-self_test_core.o crypto/libfips-lib-sparse_array.o crypto/libfips-lib-threads_lib.o crypto/libfips-lib-threads_none.o crypto/libfips-lib-threads_pthread.o crypto/libfips-lib-threads_win.o crypto/libfips-lib-x86_64cpuid.o crypto/modes/libfips-lib-aesni-gcm-x86_64.o crypto/modes/libfips-lib-cbc128.o crypto/modes/libfips-lib-ccm128.o crypto/modes/libfips-lib-cfb128.o crypto/modes/libfips-lib-ctr128.o crypto/modes/libfips-lib-gcm128.o crypto/modes/libfips-lib-ghash-x86_64.o crypto/modes/libfips-lib-ofb128.o crypto/modes/libfips-lib-wrap128.o crypto/modes/libfips-lib-xts128.o crypto/property/libfips-lib-defn_cache.o crypto/property/libfips-lib-property.o crypto/property/libfips-lib-property_parse.o crypto/property/libfips-lib-property_string.o crypto/rand/libfips-lib-rand_lib.o crypto/rand/libfips-lib-rand_meth.o crypto/rsa/libfips-lib-rsa_acvp_test_params.o crypto/rsa/libfips-lib-rsa_backend.o crypto/rsa/libfips-lib-rsa_chk.o crypto/rsa/libfips-lib-rsa_crpt.o crypto/rsa/libfips-lib-rsa_gen.o crypto/rsa/libfips-lib-rsa_lib.o crypto/rsa/libfips-lib-rsa_mp_names.o crypto/rsa/libfips-lib-rsa_none.o crypto/rsa/libfips-lib-rsa_oaep.o crypto/rsa/libfips-lib-rsa_ossl.o crypto/rsa/libfips-lib-rsa_pk1.o crypto/rsa/libfips-lib-rsa_pss.o crypto/rsa/libfips-lib-rsa_schemes.o crypto/rsa/libfips-lib-rsa_sign.o crypto/rsa/libfips-lib-rsa_sp800_56b_check.o crypto/rsa/libfips-lib-rsa_sp800_56b_gen.o crypto/rsa/libfips-lib-rsa_x931.o crypto/sha/libfips-lib-keccak1600-x86_64.o crypto/sha/libfips-lib-sha1-mb-x86_64.o crypto/sha/libfips-lib-sha1-x86_64.o crypto/sha/libfips-lib-sha1dgst.o crypto/sha/libfips-lib-sha256-mb-x86_64.o crypto/sha/libfips-lib-sha256-x86_64.o crypto/sha/libfips-lib-sha256.o crypto/sha/libfips-lib-sha3.o crypto/sha/libfips-lib-sha512-x86_64.o crypto/sha/libfips-lib-sha512.o crypto/stack/libfips-lib-stack.o providers/common/der/libfips-lib-der_digests_gen.o providers/common/der/libfips-lib-der_dsa_gen.o providers/common/der/libfips-lib-der_dsa_key.o providers/common/der/libfips-lib-der_dsa_sig.o providers/common/der/libfips-lib-der_ec_gen.o providers/common/der/libfips-lib-der_ec_key.o providers/common/der/libfips-lib-der_ec_sig.o providers/common/der/libfips-lib-der_ecx_gen.o providers/common/der/libfips-lib-der_ecx_key.o providers/common/der/libfips-lib-der_rsa_gen.o providers/common/der/libfips-lib-der_rsa_key.o providers/common/der/libfips-lib-der_rsa_sig.o providers/common/der/libfips-lib-der_sm2_gen.o providers/common/der/libfips-lib-der_sm2_key.o providers/common/der/libfips-lib-der_sm2_sig.o providers/common/der/libfips-lib-der_wrap_gen.o providers/common/libfips-lib-bio_prov.o providers/common/libfips-lib-capabilities.o providers/common/libfips-lib-digest_to_nid.o providers/common/libfips-lib-provider_seeding.o providers/common/libfips-lib-provider_util.o providers/common/libfips-lib-securitycheck.o providers/common/libfips-lib-securitycheck_fips.o providers/implementations/ciphers/libfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libfips-lib-rsa_kmgmt.o providers/implementations/rands/libfips-lib-crngt.o providers/implementations/rands/libfips-lib-drbg.o providers/implementations/rands/libfips-lib-drbg_ctr.o providers/implementations/rands/libfips-lib-drbg_hash.o providers/implementations/rands/libfips-lib-drbg_hmac.o providers/implementations/rands/libfips-lib-test_rng.o providers/implementations/signature/libfips-lib-mac_legacy.o providers/implementations/signature/libfips-lib-rsa.o rm -f providers/libimplementations.a ar qc providers/libimplementations.a crypto/md5/libimplementations-lib-md5-x86_64.o crypto/md5/libimplementations-lib-md5_dgst.o crypto/md5/libimplementations-lib-md5_one.o crypto/md5/libimplementations-lib-md5_sha1.o providers/implementations/asymciphers/libimplementations-lib-rsa_enc.o providers/implementations/asymciphers/libimplementations-lib-sm2_enc.o providers/implementations/ciphers/libimplementations-lib-cipher_aes.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha1_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha256_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_wrp.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_null.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_common.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o providers/implementations/digests/libimplementations-lib-blake2_prov.o providers/implementations/digests/libimplementations-lib-blake2b_prov.o providers/implementations/digests/libimplementations-lib-blake2s_prov.o providers/implementations/digests/libimplementations-lib-md5_prov.o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o providers/implementations/digests/libimplementations-lib-sha2_prov.o providers/implementations/digests/libimplementations-lib-sha3_prov.o providers/implementations/digests/libimplementations-lib-sm3_prov.o providers/implementations/encode_decode/libimplementations-lib-decode_der2key.o providers/implementations/encode_decode/libimplementations-lib-decode_ms2key.o providers/implementations/encode_decode/libimplementations-lib-decode_pem2der.o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o providers/implementations/encode_decode/libimplementations-lib-encode_key2blob.o providers/implementations/encode_decode/libimplementations-lib-encode_key2ms.o providers/implementations/encode_decode/libimplementations-lib-encode_key2text.o providers/implementations/encode_decode/libimplementations-lib-endecoder_common.o providers/implementations/exchange/libimplementations-lib-dh_exch.o providers/implementations/exchange/libimplementations-lib-ecdh_exch.o providers/implementations/exchange/libimplementations-lib-ecx_exch.o providers/implementations/exchange/libimplementations-lib-kdf_exch.o providers/implementations/kdfs/libimplementations-lib-hkdf.o providers/implementations/kdfs/libimplementations-lib-kbkdf.o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o providers/implementations/kdfs/libimplementations-lib-pkcs12kdf.o providers/implementations/kdfs/libimplementations-lib-scrypt.o providers/implementations/kdfs/libimplementations-lib-sshkdf.o providers/implementations/kdfs/libimplementations-lib-sskdf.o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o providers/implementations/kdfs/libimplementations-lib-x942kdf.o providers/implementations/kem/libimplementations-lib-rsa_kem.o providers/implementations/keymgmt/libimplementations-lib-ecx_kmgmt.o providers/implementations/keymgmt/libimplementations-lib-kdf_legacy_kmgmt.o providers/implementations/macs/libimplementations-lib-blake2b_mac.o providers/implementations/macs/libimplementations-lib-blake2s_mac.o providers/implementations/macs/libimplementations-lib-cmac_prov.o providers/implementations/macs/libimplementations-lib-gmac_prov.o providers/implementations/macs/libimplementations-lib-hmac_prov.o providers/implementations/macs/libimplementations-lib-kmac_prov.o providers/implementations/macs/libimplementations-lib-poly1305_prov.o providers/implementations/macs/libimplementations-lib-siphash_prov.o providers/implementations/signature/libimplementations-lib-dsa.o providers/implementations/signature/libimplementations-lib-ecdsa.o providers/implementations/signature/libimplementations-lib-eddsa.o providers/implementations/signature/libimplementations-lib-sm2sig.o providers/implementations/storemgmt/libimplementations-lib-file_store.o providers/implementations/storemgmt/libimplementations-lib-file_store_der2obj.o ssl/libimplementations-lib-s3_cbc.o rm -f providers/liblegacy.a ar qc providers/liblegacy.a crypto/bn/asm/liblegacy-lib-x86_64-gcc.o crypto/bn/liblegacy-lib-rsaz-avx2.o crypto/bn/liblegacy-lib-rsaz-x86_64.o crypto/bn/liblegacy-lib-rsaz_exp.o crypto/bn/liblegacy-lib-x86_64-gf2m.o crypto/bn/liblegacy-lib-x86_64-mont.o crypto/bn/liblegacy-lib-x86_64-mont5.o crypto/des/liblegacy-lib-des_enc.o crypto/des/liblegacy-lib-fcrypt_b.o crypto/liblegacy-lib-asn1_dsa.o crypto/liblegacy-lib-bsearch.o crypto/liblegacy-lib-context.o crypto/liblegacy-lib-cryptlib.o crypto/liblegacy-lib-ctype.o crypto/liblegacy-lib-der_writer.o crypto/liblegacy-lib-ex_data.o crypto/liblegacy-lib-initthread.o crypto/liblegacy-lib-o_str.o crypto/liblegacy-lib-packet.o crypto/liblegacy-lib-param_build.o crypto/liblegacy-lib-param_build_set.o crypto/liblegacy-lib-params.o crypto/liblegacy-lib-params_from_text.o crypto/liblegacy-lib-passphrase.o crypto/liblegacy-lib-sparse_array.o crypto/liblegacy-lib-threads_lib.o crypto/liblegacy-lib-threads_none.o crypto/liblegacy-lib-threads_pthread.o crypto/liblegacy-lib-threads_win.o crypto/liblegacy-lib-x86_64cpuid.o crypto/md5/liblegacy-lib-md5-x86_64.o crypto/md5/liblegacy-lib-md5_dgst.o crypto/md5/liblegacy-lib-md5_one.o crypto/md5/liblegacy-lib-md5_sha1.o crypto/property/liblegacy-lib-defn_cache.o crypto/property/liblegacy-lib-property.o crypto/property/liblegacy-lib-property_parse.o crypto/property/liblegacy-lib-property_string.o providers/implementations/ciphers/liblegacy-lib-cipher_blowfish.o providers/implementations/ciphers/liblegacy-lib-cipher_blowfish_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_cast5.o providers/implementations/ciphers/liblegacy-lib-cipher_cast5_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_des.o providers/implementations/ciphers/liblegacy-lib-cipher_des_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_desx.o providers/implementations/ciphers/liblegacy-lib-cipher_desx_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_idea.o providers/implementations/ciphers/liblegacy-lib-cipher_idea_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc2.o providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_seed.o providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o providers/implementations/digests/liblegacy-lib-md4_prov.o providers/implementations/digests/liblegacy-lib-mdc2_prov.o providers/implementations/digests/liblegacy-lib-ripemd_prov.o providers/implementations/digests/liblegacy-lib-wp_prov.o ranlib providers/liblegacy.a || echo Never mind. ranlib providers/libimplementations.a || echo Never mind. ranlib providers/libfips.a || echo Never mind. rm -f libcrypto.a rm -f providers/libnonfips.a ar qc libcrypto.a crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/libcrypto-lib-aes_cfb.o crypto/aes/libcrypto-lib-aes_ecb.o crypto/aes/libcrypto-lib-aes_ige.o crypto/aes/libcrypto-lib-aes_misc.o crypto/aes/libcrypto-lib-aes_ofb.o crypto/aes/libcrypto-lib-aes_wrap.o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aria/libcrypto-lib-aria.o crypto/asn1/libcrypto-lib-a_bitstr.o crypto/asn1/libcrypto-lib-a_d2i_fp.o crypto/asn1/libcrypto-lib-a_digest.o crypto/asn1/libcrypto-lib-a_dup.o crypto/asn1/libcrypto-lib-a_gentm.o crypto/asn1/libcrypto-lib-a_i2d_fp.o crypto/asn1/libcrypto-lib-a_int.o crypto/asn1/libcrypto-lib-a_mbstr.o crypto/asn1/libcrypto-lib-a_object.o crypto/asn1/libcrypto-lib-a_octet.o crypto/asn1/libcrypto-lib-a_print.o crypto/asn1/libcrypto-lib-a_sign.o crypto/asn1/libcrypto-lib-a_strex.o crypto/asn1/libcrypto-lib-a_strnid.o crypto/asn1/libcrypto-lib-a_time.o crypto/asn1/libcrypto-lib-a_type.o crypto/asn1/libcrypto-lib-a_utctm.o crypto/asn1/libcrypto-lib-a_utf8.o crypto/asn1/libcrypto-lib-a_verify.o crypto/asn1/libcrypto-lib-ameth_lib.o crypto/asn1/libcrypto-lib-asn1_err.o crypto/asn1/libcrypto-lib-asn1_gen.o crypto/asn1/libcrypto-lib-asn1_item_list.o crypto/asn1/libcrypto-lib-asn1_lib.o crypto/asn1/libcrypto-lib-asn1_par.o crypto/asn1/libcrypto-lib-asn_mime.o crypto/asn1/libcrypto-lib-asn_moid.o crypto/asn1/libcrypto-lib-asn_mstbl.o crypto/asn1/libcrypto-lib-asn_pack.o crypto/asn1/libcrypto-lib-bio_asn1.o crypto/asn1/libcrypto-lib-bio_ndef.o crypto/asn1/libcrypto-lib-d2i_param.o crypto/asn1/libcrypto-lib-d2i_pr.o crypto/asn1/libcrypto-lib-d2i_pu.o crypto/asn1/libcrypto-lib-evp_asn1.o crypto/asn1/libcrypto-lib-f_int.o crypto/asn1/libcrypto-lib-f_string.o crypto/asn1/libcrypto-lib-i2d_evp.o crypto/asn1/libcrypto-lib-n_pkey.o crypto/asn1/libcrypto-lib-nsseq.o crypto/asn1/libcrypto-lib-p5_pbe.o crypto/asn1/libcrypto-lib-p5_pbev2.o crypto/asn1/libcrypto-lib-p5_scrypt.o crypto/asn1/libcrypto-lib-p8_pkey.o crypto/asn1/libcrypto-lib-t_bitst.o crypto/asn1/libcrypto-lib-t_pkey.o crypto/asn1/libcrypto-lib-t_spki.o crypto/asn1/libcrypto-lib-tasn_dec.o crypto/asn1/libcrypto-lib-tasn_enc.o crypto/asn1/libcrypto-lib-tasn_fre.o crypto/asn1/libcrypto-lib-tasn_new.o crypto/asn1/libcrypto-lib-tasn_prn.o crypto/asn1/libcrypto-lib-tasn_scn.o crypto/asn1/libcrypto-lib-tasn_typ.o crypto/asn1/libcrypto-lib-tasn_utl.o crypto/asn1/libcrypto-lib-x_algor.o crypto/asn1/libcrypto-lib-x_bignum.o crypto/asn1/libcrypto-lib-x_info.o crypto/asn1/libcrypto-lib-x_int64.o crypto/asn1/libcrypto-lib-x_long.o crypto/asn1/libcrypto-lib-x_pkey.o crypto/asn1/libcrypto-lib-x_sig.o crypto/asn1/libcrypto-lib-x_spki.o crypto/asn1/libcrypto-lib-x_val.o crypto/async/arch/libcrypto-lib-async_null.o crypto/async/arch/libcrypto-lib-async_posix.o crypto/async/arch/libcrypto-lib-async_win.o crypto/async/libcrypto-lib-async.o crypto/async/libcrypto-lib-async_err.o crypto/async/libcrypto-lib-async_wait.o crypto/bf/libcrypto-lib-bf_cfb64.o crypto/bf/libcrypto-lib-bf_ecb.o crypto/bf/libcrypto-lib-bf_enc.o crypto/bf/libcrypto-lib-bf_ofb64.o crypto/bf/libcrypto-lib-bf_skey.o crypto/bio/libcrypto-lib-b_addr.o crypto/bio/libcrypto-lib-b_dump.o crypto/bio/libcrypto-lib-b_print.o crypto/bio/libcrypto-lib-b_sock.o crypto/bio/libcrypto-lib-b_sock2.o crypto/bio/libcrypto-lib-bf_buff.o crypto/bio/libcrypto-lib-bf_lbuf.o crypto/bio/libcrypto-lib-bf_nbio.o crypto/bio/libcrypto-lib-bf_null.o crypto/bio/libcrypto-lib-bf_prefix.o crypto/bio/libcrypto-lib-bio_cb.o crypto/bio/libcrypto-lib-bio_err.o crypto/bio/libcrypto-lib-bio_lib.o crypto/bio/libcrypto-lib-bio_meth.o crypto/bio/libcrypto-lib-bss_acpt.o crypto/bio/libcrypto-lib-bss_bio.o crypto/bio/libcrypto-lib-bss_conn.o crypto/bio/libcrypto-lib-bss_dgram.o crypto/bio/libcrypto-lib-bss_fd.o crypto/bio/libcrypto-lib-bss_file.o crypto/bio/libcrypto-lib-bss_log.o crypto/bio/libcrypto-lib-bss_mem.o crypto/bio/libcrypto-lib-bss_null.o crypto/bio/libcrypto-lib-bss_sock.o crypto/bn/asm/libcrypto-lib-x86_64-gcc.o crypto/bn/libcrypto-lib-bn_add.o crypto/bn/libcrypto-lib-bn_blind.o crypto/bn/libcrypto-lib-bn_const.o crypto/bn/libcrypto-lib-bn_conv.o crypto/bn/libcrypto-lib-bn_ctx.o crypto/bn/libcrypto-lib-bn_depr.o crypto/bn/libcrypto-lib-bn_dh.o crypto/bn/libcrypto-lib-bn_div.o crypto/bn/libcrypto-lib-bn_err.o crypto/bn/libcrypto-lib-bn_exp.o crypto/bn/libcrypto-lib-bn_exp2.o crypto/bn/libcrypto-lib-bn_gcd.o crypto/bn/libcrypto-lib-bn_gf2m.o crypto/bn/libcrypto-lib-bn_intern.o crypto/bn/libcrypto-lib-bn_kron.o crypto/bn/libcrypto-lib-bn_lib.o crypto/bn/libcrypto-lib-bn_mod.o crypto/bn/libcrypto-lib-bn_mont.o crypto/bn/libcrypto-lib-bn_mpi.o crypto/bn/libcrypto-lib-bn_mul.o crypto/bn/libcrypto-lib-bn_nist.o crypto/bn/libcrypto-lib-bn_prime.o crypto/bn/libcrypto-lib-bn_print.o crypto/bn/libcrypto-lib-bn_rand.o crypto/bn/libcrypto-lib-bn_recp.o crypto/bn/libcrypto-lib-bn_rsa_fips186_4.o crypto/bn/libcrypto-lib-bn_shift.o crypto/bn/libcrypto-lib-bn_sqr.o crypto/bn/libcrypto-lib-bn_sqrt.o crypto/bn/libcrypto-lib-bn_srp.o crypto/bn/libcrypto-lib-bn_word.o crypto/bn/libcrypto-lib-bn_x931p.o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/libcrypto-lib-rsaz_exp.o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/buffer/libcrypto-lib-buf_err.o crypto/buffer/libcrypto-lib-buffer.o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/libcrypto-lib-cmll_cfb.o crypto/camellia/libcrypto-lib-cmll_ctr.o crypto/camellia/libcrypto-lib-cmll_ecb.o crypto/camellia/libcrypto-lib-cmll_misc.o crypto/camellia/libcrypto-lib-cmll_ofb.o crypto/cast/libcrypto-lib-c_cfb64.o crypto/cast/libcrypto-lib-c_ecb.o crypto/cast/libcrypto-lib-c_enc.o crypto/cast/libcrypto-lib-c_ofb64.o crypto/cast/libcrypto-lib-c_skey.o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/cmac/libcrypto-lib-cmac.o crypto/cmp/libcrypto-lib-cmp_asn.o crypto/cmp/libcrypto-lib-cmp_client.o crypto/cmp/libcrypto-lib-cmp_ctx.o crypto/cmp/libcrypto-lib-cmp_err.o crypto/cmp/libcrypto-lib-cmp_hdr.o crypto/cmp/libcrypto-lib-cmp_http.o crypto/cmp/libcrypto-lib-cmp_msg.o crypto/cmp/libcrypto-lib-cmp_protect.o crypto/cmp/libcrypto-lib-cmp_server.o crypto/cmp/libcrypto-lib-cmp_status.o crypto/cmp/libcrypto-lib-cmp_util.o crypto/cmp/libcrypto-lib-cmp_vfy.o crypto/cms/libcrypto-lib-cms_asn1.o crypto/cms/libcrypto-lib-cms_att.o crypto/cms/libcrypto-lib-cms_cd.o crypto/cms/libcrypto-lib-cms_dd.o crypto/cms/libcrypto-lib-cms_dh.o crypto/cms/libcrypto-lib-cms_ec.o crypto/cms/libcrypto-lib-cms_enc.o crypto/cms/libcrypto-lib-cms_env.o crypto/cms/libcrypto-lib-cms_err.o crypto/cms/libcrypto-lib-cms_ess.o crypto/cms/libcrypto-lib-cms_io.o crypto/cms/libcrypto-lib-cms_kari.o crypto/cms/libcrypto-lib-cms_lib.o crypto/cms/libcrypto-lib-cms_pwri.o crypto/cms/libcrypto-lib-cms_rsa.o crypto/cms/libcrypto-lib-cms_sd.o crypto/cms/libcrypto-lib-cms_smime.o crypto/comp/libcrypto-lib-c_zlib.o crypto/comp/libcrypto-lib-comp_err.o crypto/comp/libcrypto-lib-comp_lib.o crypto/conf/libcrypto-lib-conf_api.o crypto/conf/libcrypto-lib-conf_def.o crypto/conf/libcrypto-lib-conf_err.o crypto/conf/libcrypto-lib-conf_lib.o crypto/conf/libcrypto-lib-conf_mall.o crypto/conf/libcrypto-lib-conf_mod.o crypto/conf/libcrypto-lib-conf_sap.o crypto/conf/libcrypto-lib-conf_ssl.o crypto/crmf/libcrypto-lib-crmf_asn.o crypto/crmf/libcrypto-lib-crmf_err.o crypto/crmf/libcrypto-lib-crmf_lib.o crypto/crmf/libcrypto-lib-crmf_pbm.o crypto/ct/libcrypto-lib-ct_b64.o crypto/ct/libcrypto-lib-ct_err.o crypto/ct/libcrypto-lib-ct_log.o crypto/ct/libcrypto-lib-ct_oct.o crypto/ct/libcrypto-lib-ct_policy.o crypto/ct/libcrypto-lib-ct_prn.o crypto/ct/libcrypto-lib-ct_sct.o crypto/ct/libcrypto-lib-ct_sct_ctx.o crypto/ct/libcrypto-lib-ct_vfy.o crypto/ct/libcrypto-lib-ct_x509v3.o crypto/des/libcrypto-lib-cbc_cksm.o crypto/des/libcrypto-lib-cbc_enc.o crypto/des/libcrypto-lib-cfb64ede.o crypto/des/libcrypto-lib-cfb64enc.o crypto/des/libcrypto-lib-cfb_enc.o crypto/des/libcrypto-lib-des_enc.o crypto/des/libcrypto-lib-ecb3_enc.o crypto/des/libcrypto-lib-ecb_enc.o crypto/des/libcrypto-lib-fcrypt.o crypto/des/libcrypto-lib-fcrypt_b.o crypto/des/libcrypto-lib-ofb64ede.o crypto/des/libcrypto-lib-ofb64enc.o crypto/des/libcrypto-lib-ofb_enc.o crypto/des/libcrypto-lib-pcbc_enc.o crypto/des/libcrypto-lib-qud_cksm.o crypto/des/libcrypto-lib-rand_key.o crypto/des/libcrypto-lib-set_key.o crypto/des/libcrypto-lib-str2key.o crypto/des/libcrypto-lib-xcbc_enc.o crypto/dh/libcrypto-lib-dh_ameth.o crypto/dh/libcrypto-lib-dh_asn1.o crypto/dh/libcrypto-lib-dh_backend.o crypto/dh/libcrypto-lib-dh_check.o crypto/dh/libcrypto-lib-dh_depr.o crypto/dh/libcrypto-lib-dh_err.o crypto/dh/libcrypto-lib-dh_gen.o crypto/dh/libcrypto-lib-dh_group_params.o crypto/dh/libcrypto-lib-dh_kdf.o crypto/dh/libcrypto-lib-dh_key.o crypto/dh/libcrypto-lib-dh_lib.o crypto/dh/libcrypto-lib-dh_meth.o crypto/dh/libcrypto-lib-dh_pmeth.o crypto/dh/libcrypto-lib-dh_prn.o crypto/dh/libcrypto-lib-dh_rfc5114.o crypto/dsa/libcrypto-lib-dsa_ameth.o crypto/dsa/libcrypto-lib-dsa_asn1.o crypto/dsa/libcrypto-lib-dsa_backend.o crypto/dsa/libcrypto-lib-dsa_check.o crypto/dsa/libcrypto-lib-dsa_depr.o crypto/dsa/libcrypto-lib-dsa_err.o crypto/dsa/libcrypto-lib-dsa_gen.o crypto/dsa/libcrypto-lib-dsa_key.o crypto/dsa/libcrypto-lib-dsa_lib.o crypto/dsa/libcrypto-lib-dsa_meth.o crypto/dsa/libcrypto-lib-dsa_ossl.o crypto/dsa/libcrypto-lib-dsa_pmeth.o crypto/dsa/libcrypto-lib-dsa_prn.o crypto/dsa/libcrypto-lib-dsa_sign.o crypto/dsa/libcrypto-lib-dsa_vrf.o crypto/dso/libcrypto-lib-dso_dl.o crypto/dso/libcrypto-lib-dso_dlfcn.o crypto/dso/libcrypto-lib-dso_err.o crypto/dso/libcrypto-lib-dso_lib.o crypto/dso/libcrypto-lib-dso_openssl.o crypto/dso/libcrypto-lib-dso_vms.o crypto/dso/libcrypto-lib-dso_win32.o crypto/ec/curve448/arch_32/libcrypto-lib-f_impl.o crypto/ec/curve448/libcrypto-lib-curve448.o crypto/ec/curve448/libcrypto-lib-curve448_tables.o crypto/ec/curve448/libcrypto-lib-eddsa.o crypto/ec/curve448/libcrypto-lib-f_generic.o crypto/ec/curve448/libcrypto-lib-scalar.o crypto/ec/libcrypto-lib-curve25519.o crypto/ec/libcrypto-lib-ec2_oct.o crypto/ec/libcrypto-lib-ec2_smpl.o crypto/ec/libcrypto-lib-ec_ameth.o crypto/ec/libcrypto-lib-ec_asn1.o crypto/ec/libcrypto-lib-ec_backend.o crypto/ec/libcrypto-lib-ec_check.o crypto/ec/libcrypto-lib-ec_curve.o crypto/ec/libcrypto-lib-ec_cvt.o crypto/ec/libcrypto-lib-ec_deprecated.o crypto/ec/libcrypto-lib-ec_err.o crypto/ec/libcrypto-lib-ec_key.o crypto/ec/libcrypto-lib-ec_kmeth.o crypto/ec/libcrypto-lib-ec_lib.o crypto/ec/libcrypto-lib-ec_mult.o crypto/ec/libcrypto-lib-ec_oct.o crypto/ec/libcrypto-lib-ec_pmeth.o crypto/ec/libcrypto-lib-ec_print.o crypto/ec/libcrypto-lib-ecdh_kdf.o crypto/ec/libcrypto-lib-ecdh_ossl.o crypto/ec/libcrypto-lib-ecdsa_ossl.o crypto/ec/libcrypto-lib-ecdsa_sign.o crypto/ec/libcrypto-lib-ecdsa_vrf.o crypto/ec/libcrypto-lib-eck_prn.o crypto/ec/libcrypto-lib-ecp_mont.o crypto/ec/libcrypto-lib-ecp_nist.o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/libcrypto-lib-ecp_nistz256.o crypto/ec/libcrypto-lib-ecp_oct.o crypto/ec/libcrypto-lib-ecp_smpl.o crypto/ec/libcrypto-lib-ecx_backend.o crypto/ec/libcrypto-lib-ecx_key.o crypto/ec/libcrypto-lib-ecx_meth.o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/encode_decode/libcrypto-lib-decoder_err.o crypto/encode_decode/libcrypto-lib-decoder_lib.o crypto/encode_decode/libcrypto-lib-decoder_meth.o crypto/encode_decode/libcrypto-lib-decoder_pkey.o crypto/encode_decode/libcrypto-lib-encoder_err.o crypto/encode_decode/libcrypto-lib-encoder_lib.o crypto/encode_decode/libcrypto-lib-encoder_meth.o crypto/encode_decode/libcrypto-lib-encoder_pkey.o crypto/engine/libcrypto-lib-eng_all.o crypto/engine/libcrypto-lib-eng_cnf.o crypto/engine/libcrypto-lib-eng_ctrl.o crypto/engine/libcrypto-lib-eng_dyn.o crypto/engine/libcrypto-lib-eng_err.o crypto/engine/libcrypto-lib-eng_fat.o crypto/engine/libcrypto-lib-eng_init.o crypto/engine/libcrypto-lib-eng_lib.o crypto/engine/libcrypto-lib-eng_list.o crypto/engine/libcrypto-lib-eng_openssl.o crypto/engine/libcrypto-lib-eng_pkey.o crypto/engine/libcrypto-lib-eng_rdrand.o crypto/engine/libcrypto-lib-eng_table.o crypto/engine/libcrypto-lib-tb_asnmth.o crypto/engine/libcrypto-lib-tb_cipher.o crypto/engine/libcrypto-lib-tb_dh.o crypto/engine/libcrypto-lib-tb_digest.o crypto/engine/libcrypto-lib-tb_dsa.o crypto/engine/libcrypto-lib-tb_eckey.o crypto/engine/libcrypto-lib-tb_pkmeth.o crypto/engine/libcrypto-lib-tb_rand.o crypto/engine/libcrypto-lib-tb_rsa.o crypto/err/libcrypto-lib-err.o crypto/err/libcrypto-lib-err_all.o crypto/err/libcrypto-lib-err_all_legacy.o crypto/err/libcrypto-lib-err_blocks.o crypto/err/libcrypto-lib-err_prn.o crypto/ess/libcrypto-lib-ess_asn1.o crypto/ess/libcrypto-lib-ess_err.o crypto/ess/libcrypto-lib-ess_lib.o crypto/evp/libcrypto-lib-asymcipher.o crypto/evp/libcrypto-lib-bio_b64.o crypto/evp/libcrypto-lib-bio_enc.o crypto/evp/libcrypto-lib-bio_md.o crypto/evp/libcrypto-lib-bio_ok.o crypto/evp/libcrypto-lib-c_allc.o crypto/evp/libcrypto-lib-c_alld.o crypto/evp/libcrypto-lib-cmeth_lib.o crypto/evp/libcrypto-lib-ctrl_params_translate.o crypto/evp/libcrypto-lib-dh_ctrl.o crypto/evp/libcrypto-lib-dh_support.o crypto/evp/libcrypto-lib-digest.o crypto/evp/libcrypto-lib-dsa_ctrl.o crypto/evp/libcrypto-lib-e_aes.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o crypto/evp/libcrypto-lib-e_aria.o crypto/evp/libcrypto-lib-e_bf.o crypto/evp/libcrypto-lib-e_camellia.o crypto/evp/libcrypto-lib-e_cast.o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o crypto/evp/libcrypto-lib-e_des.o crypto/evp/libcrypto-lib-e_des3.o crypto/evp/libcrypto-lib-e_idea.o crypto/evp/libcrypto-lib-e_null.o crypto/evp/libcrypto-lib-e_old.o crypto/evp/libcrypto-lib-e_rc2.o crypto/evp/libcrypto-lib-e_rc4.o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o crypto/evp/libcrypto-lib-e_rc5.o crypto/evp/libcrypto-lib-e_seed.o crypto/evp/libcrypto-lib-e_sm4.o crypto/evp/libcrypto-lib-e_xcbc_d.o crypto/evp/libcrypto-lib-ec_ctrl.o crypto/evp/libcrypto-lib-ec_support.o crypto/evp/libcrypto-lib-encode.o crypto/evp/libcrypto-lib-evp_cnf.o crypto/evp/libcrypto-lib-evp_enc.o crypto/evp/libcrypto-lib-evp_err.o crypto/evp/libcrypto-lib-evp_fetch.o crypto/evp/libcrypto-lib-evp_key.o crypto/evp/libcrypto-lib-evp_lib.o crypto/evp/libcrypto-lib-evp_pbe.o crypto/evp/libcrypto-lib-evp_pkey.o crypto/evp/libcrypto-lib-evp_rand.o crypto/evp/libcrypto-lib-evp_utils.o crypto/evp/libcrypto-lib-exchange.o crypto/evp/libcrypto-lib-kdf_lib.o crypto/evp/libcrypto-lib-kdf_meth.o crypto/evp/libcrypto-lib-kem.o crypto/evp/libcrypto-lib-keymgmt_lib.o crypto/evp/libcrypto-lib-keymgmt_meth.o crypto/evp/libcrypto-lib-legacy_blake2.o crypto/evp/libcrypto-lib-legacy_md4.o crypto/evp/libcrypto-lib-legacy_md5.o crypto/evp/libcrypto-lib-legacy_md5_sha1.o crypto/evp/libcrypto-lib-legacy_mdc2.o crypto/evp/libcrypto-lib-legacy_ripemd.o crypto/evp/libcrypto-lib-legacy_sha.o crypto/evp/libcrypto-lib-legacy_wp.o crypto/evp/libcrypto-lib-m_null.o crypto/evp/libcrypto-lib-m_sigver.o crypto/evp/libcrypto-lib-mac_lib.o crypto/evp/libcrypto-lib-mac_meth.o crypto/evp/libcrypto-lib-names.o crypto/evp/libcrypto-lib-p5_crpt.o crypto/evp/libcrypto-lib-p5_crpt2.o crypto/evp/libcrypto-lib-p_dec.o crypto/evp/libcrypto-lib-p_enc.o crypto/evp/libcrypto-lib-p_legacy.o crypto/evp/libcrypto-lib-p_lib.o crypto/evp/libcrypto-lib-p_open.o crypto/evp/libcrypto-lib-p_seal.o crypto/evp/libcrypto-lib-p_sign.o crypto/evp/libcrypto-lib-p_verify.o crypto/evp/libcrypto-lib-pbe_scrypt.o crypto/evp/libcrypto-lib-pmeth_check.o crypto/evp/libcrypto-lib-pmeth_gn.o crypto/evp/libcrypto-lib-pmeth_lib.o crypto/evp/libcrypto-lib-signature.o crypto/ffc/libcrypto-lib-ffc_backend.o crypto/ffc/libcrypto-lib-ffc_dh.o crypto/ffc/libcrypto-lib-ffc_key_generate.o crypto/ffc/libcrypto-lib-ffc_key_validate.o crypto/ffc/libcrypto-lib-ffc_params.o crypto/ffc/libcrypto-lib-ffc_params_generate.o crypto/ffc/libcrypto-lib-ffc_params_validate.o crypto/hmac/libcrypto-lib-hmac.o crypto/http/libcrypto-lib-http_client.o crypto/http/libcrypto-lib-http_err.o crypto/http/libcrypto-lib-http_lib.o crypto/idea/libcrypto-lib-i_cbc.o crypto/idea/libcrypto-lib-i_cfb64.o crypto/idea/libcrypto-lib-i_ecb.o crypto/idea/libcrypto-lib-i_ofb64.o crypto/idea/libcrypto-lib-i_skey.o crypto/kdf/libcrypto-lib-kdf_err.o crypto/lhash/libcrypto-lib-lh_stats.o crypto/lhash/libcrypto-lib-lhash.o crypto/libcrypto-lib-asn1_dsa.o crypto/libcrypto-lib-bsearch.o crypto/libcrypto-lib-context.o crypto/libcrypto-lib-core_algorithm.o crypto/libcrypto-lib-core_fetch.o crypto/libcrypto-lib-core_namemap.o crypto/libcrypto-lib-cpt_err.o crypto/libcrypto-lib-cryptlib.o crypto/libcrypto-lib-ctype.o crypto/libcrypto-lib-cversion.o crypto/libcrypto-lib-der_writer.o crypto/libcrypto-lib-ebcdic.o crypto/libcrypto-lib-ex_data.o crypto/libcrypto-lib-getenv.o crypto/libcrypto-lib-info.o crypto/libcrypto-lib-init.o crypto/libcrypto-lib-initthread.o crypto/libcrypto-lib-mem.o crypto/libcrypto-lib-mem_sec.o crypto/libcrypto-lib-o_dir.o crypto/libcrypto-lib-o_fopen.o crypto/libcrypto-lib-o_init.o crypto/libcrypto-lib-o_str.o crypto/libcrypto-lib-o_time.o crypto/libcrypto-lib-packet.o crypto/libcrypto-lib-param_build.o crypto/libcrypto-lib-param_build_set.o crypto/libcrypto-lib-params.o crypto/libcrypto-lib-params_from_text.o crypto/libcrypto-lib-passphrase.o crypto/libcrypto-lib-provider.o crypto/libcrypto-lib-provider_conf.o crypto/libcrypto-lib-provider_core.o crypto/libcrypto-lib-provider_predefined.o crypto/libcrypto-lib-punycode.o crypto/libcrypto-lib-self_test_core.o crypto/libcrypto-lib-sparse_array.o crypto/libcrypto-lib-threads_lib.o crypto/libcrypto-lib-threads_none.o crypto/libcrypto-lib-threads_pthread.o crypto/libcrypto-lib-threads_win.o crypto/libcrypto-lib-trace.o crypto/libcrypto-lib-uid.o crypto/libcrypto-lib-x86_64cpuid.o crypto/md4/libcrypto-lib-md4_dgst.o crypto/md4/libcrypto-lib-md4_one.o ar qc providers/libnonfips.a providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/libnonfips-lib-der_dsa_key.o providers/common/der/libnonfips-lib-der_dsa_sig.o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/libnonfips-lib-der_ec_key.o providers/common/der/libnonfips-lib-der_ec_sig.o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/libnonfips-lib-der_ecx_key.o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/libnonfips-lib-der_rsa_key.o providers/common/der/libnonfips-lib-der_rsa_sig.o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/libnonfips-lib-der_sm2_key.o providers/common/der/libnonfips-lib-der_sm2_sig.o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/libnonfips-lib-bio_prov.o providers/common/libnonfips-lib-capabilities.o providers/common/libnonfips-lib-digest_to_nid.o providers/common/libnonfips-lib-provider_seeding.o providers/common/libnonfips-lib-provider_util.o providers/common/libnonfips-lib-securitycheck.o providers/common/libnonfips-lib-securitycheck_default.o providers/implementations/ciphers/libnonfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libnonfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libnonfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-rsa_kmgmt.o providers/implementations/rands/libnonfips-lib-crngt.o providers/implementations/rands/libnonfips-lib-drbg.o providers/implementations/rands/libnonfips-lib-drbg_ctr.o providers/implementations/rands/libnonfips-lib-drbg_hash.o providers/implementations/rands/libnonfips-lib-drbg_hmac.o providers/implementations/rands/libnonfips-lib-seed_src.o providers/implementations/rands/libnonfips-lib-test_rng.o providers/implementations/rands/seeding/libnonfips-lib-rand_cpu_x86.o providers/implementations/rands/seeding/libnonfips-lib-rand_tsc.o providers/implementations/rands/seeding/libnonfips-lib-rand_unix.o providers/implementations/rands/seeding/libnonfips-lib-rand_win.o providers/implementations/signature/libnonfips-lib-mac_legacy.o providers/implementations/signature/libnonfips-lib-rsa.o providers/libnonfips-lib-prov_running.o ranlib providers/libnonfips.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/fips.so -Wl,--version-script=providers/fips.ld \ providers/fips/fips-dso-fipsprov.o \ providers/fips/fips-dso-self_test.o \ providers/fips/fips-dso-self_test_kats.o \ providers/libimplementations.a providers/libcommon.a providers/libfips.a -ldl -pthread ar qc libcrypto.a crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/libcrypto-lib-md5_dgst.o crypto/md5/libcrypto-lib-md5_one.o crypto/md5/libcrypto-lib-md5_sha1.o crypto/mdc2/libcrypto-lib-mdc2_one.o crypto/mdc2/libcrypto-lib-mdc2dgst.o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/libcrypto-lib-cbc128.o crypto/modes/libcrypto-lib-ccm128.o crypto/modes/libcrypto-lib-cfb128.o crypto/modes/libcrypto-lib-ctr128.o crypto/modes/libcrypto-lib-cts128.o crypto/modes/libcrypto-lib-gcm128.o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/libcrypto-lib-ocb128.o crypto/modes/libcrypto-lib-ofb128.o crypto/modes/libcrypto-lib-siv128.o crypto/modes/libcrypto-lib-wrap128.o crypto/modes/libcrypto-lib-xts128.o crypto/objects/libcrypto-lib-o_names.o crypto/objects/libcrypto-lib-obj_dat.o crypto/objects/libcrypto-lib-obj_err.o crypto/objects/libcrypto-lib-obj_lib.o crypto/objects/libcrypto-lib-obj_xref.o crypto/ocsp/libcrypto-lib-ocsp_asn.o crypto/ocsp/libcrypto-lib-ocsp_cl.o crypto/ocsp/libcrypto-lib-ocsp_err.o crypto/ocsp/libcrypto-lib-ocsp_ext.o crypto/ocsp/libcrypto-lib-ocsp_http.o crypto/ocsp/libcrypto-lib-ocsp_lib.o crypto/ocsp/libcrypto-lib-ocsp_prn.o crypto/ocsp/libcrypto-lib-ocsp_srv.o crypto/ocsp/libcrypto-lib-ocsp_vfy.o crypto/ocsp/libcrypto-lib-v3_ocsp.o crypto/pem/libcrypto-lib-pem_all.o crypto/pem/libcrypto-lib-pem_err.o crypto/pem/libcrypto-lib-pem_info.o crypto/pem/libcrypto-lib-pem_lib.o crypto/pem/libcrypto-lib-pem_oth.o crypto/pem/libcrypto-lib-pem_pk8.o crypto/pem/libcrypto-lib-pem_pkey.o crypto/pem/libcrypto-lib-pem_sign.o crypto/pem/libcrypto-lib-pem_x509.o crypto/pem/libcrypto-lib-pem_xaux.o crypto/pem/libcrypto-lib-pvkfmt.o crypto/pkcs12/libcrypto-lib-p12_add.o crypto/pkcs12/libcrypto-lib-p12_asn.o crypto/pkcs12/libcrypto-lib-p12_attr.o crypto/pkcs12/libcrypto-lib-p12_crpt.o crypto/pkcs12/libcrypto-lib-p12_crt.o crypto/pkcs12/libcrypto-lib-p12_decr.o crypto/pkcs12/libcrypto-lib-p12_init.o crypto/pkcs12/libcrypto-lib-p12_key.o crypto/pkcs12/libcrypto-lib-p12_kiss.o crypto/pkcs12/libcrypto-lib-p12_mutl.o crypto/pkcs12/libcrypto-lib-p12_npas.o crypto/pkcs12/libcrypto-lib-p12_p8d.o crypto/pkcs12/libcrypto-lib-p12_p8e.o crypto/pkcs12/libcrypto-lib-p12_sbag.o crypto/pkcs12/libcrypto-lib-p12_utl.o crypto/pkcs12/libcrypto-lib-pk12err.o crypto/pkcs7/libcrypto-lib-bio_pk7.o crypto/pkcs7/libcrypto-lib-pk7_asn1.o crypto/pkcs7/libcrypto-lib-pk7_attr.o crypto/pkcs7/libcrypto-lib-pk7_doit.o crypto/pkcs7/libcrypto-lib-pk7_lib.o crypto/pkcs7/libcrypto-lib-pk7_mime.o crypto/pkcs7/libcrypto-lib-pk7_smime.o crypto/pkcs7/libcrypto-lib-pkcs7err.o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/libcrypto-lib-poly1305.o crypto/property/libcrypto-lib-defn_cache.o crypto/property/libcrypto-lib-property.o crypto/property/libcrypto-lib-property_err.o crypto/property/libcrypto-lib-property_parse.o crypto/property/libcrypto-lib-property_string.o crypto/rand/libcrypto-lib-prov_seed.o crypto/rand/libcrypto-lib-rand_deprecated.o crypto/rand/libcrypto-lib-rand_err.o crypto/rand/libcrypto-lib-rand_lib.o crypto/rand/libcrypto-lib-rand_meth.o crypto/rand/libcrypto-lib-rand_pool.o crypto/rand/libcrypto-lib-randfile.o crypto/rc2/libcrypto-lib-rc2_cbc.o crypto/rc2/libcrypto-lib-rc2_ecb.o crypto/rc2/libcrypto-lib-rc2_skey.o crypto/rc2/libcrypto-lib-rc2cfb64.o crypto/rc2/libcrypto-lib-rc2ofb64.o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/ripemd/libcrypto-lib-rmd_dgst.o crypto/ripemd/libcrypto-lib-rmd_one.o crypto/rsa/libcrypto-lib-rsa_ameth.o crypto/rsa/libcrypto-lib-rsa_asn1.o crypto/rsa/libcrypto-lib-rsa_backend.o crypto/rsa/libcrypto-lib-rsa_chk.o crypto/rsa/libcrypto-lib-rsa_crpt.o crypto/rsa/libcrypto-lib-rsa_depr.o crypto/rsa/libcrypto-lib-rsa_err.o crypto/rsa/libcrypto-lib-rsa_gen.o crypto/rsa/libcrypto-lib-rsa_lib.o crypto/rsa/libcrypto-lib-rsa_meth.o crypto/rsa/libcrypto-lib-rsa_mp.o crypto/rsa/libcrypto-lib-rsa_mp_names.o crypto/rsa/libcrypto-lib-rsa_none.o crypto/rsa/libcrypto-lib-rsa_oaep.o crypto/rsa/libcrypto-lib-rsa_ossl.o crypto/rsa/libcrypto-lib-rsa_pk1.o crypto/rsa/libcrypto-lib-rsa_pmeth.o crypto/rsa/libcrypto-lib-rsa_prn.o crypto/rsa/libcrypto-lib-rsa_pss.o crypto/rsa/libcrypto-lib-rsa_saos.o crypto/rsa/libcrypto-lib-rsa_schemes.o crypto/rsa/libcrypto-lib-rsa_sign.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_check.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_gen.o crypto/rsa/libcrypto-lib-rsa_x931.o crypto/rsa/libcrypto-lib-rsa_x931g.o crypto/seed/libcrypto-lib-seed.o crypto/seed/libcrypto-lib-seed_cbc.o crypto/seed/libcrypto-lib-seed_cfb.o crypto/seed/libcrypto-lib-seed_ecb.o crypto/seed/libcrypto-lib-seed_ofb.o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/libcrypto-lib-sha1_one.o crypto/sha/libcrypto-lib-sha1dgst.o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/libcrypto-lib-sha256.o crypto/sha/libcrypto-lib-sha3.o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/libcrypto-lib-sha512.o crypto/siphash/libcrypto-lib-siphash.o crypto/sm2/libcrypto-lib-sm2_crypt.o crypto/sm2/libcrypto-lib-sm2_err.o crypto/sm2/libcrypto-lib-sm2_key.o crypto/sm2/libcrypto-lib-sm2_sign.o crypto/sm3/libcrypto-lib-legacy_sm3.o crypto/sm3/libcrypto-lib-sm3.o crypto/sm4/libcrypto-lib-sm4.o crypto/srp/libcrypto-lib-srp_lib.o crypto/srp/libcrypto-lib-srp_vfy.o crypto/stack/libcrypto-lib-stack.o crypto/store/libcrypto-lib-store_err.o crypto/store/libcrypto-lib-store_init.o crypto/store/libcrypto-lib-store_lib.o crypto/store/libcrypto-lib-store_meth.o crypto/store/libcrypto-lib-store_register.o crypto/store/libcrypto-lib-store_result.o crypto/store/libcrypto-lib-store_strings.o crypto/ts/libcrypto-lib-ts_asn1.o crypto/ts/libcrypto-lib-ts_conf.o crypto/ts/libcrypto-lib-ts_err.o crypto/ts/libcrypto-lib-ts_lib.o crypto/ts/libcrypto-lib-ts_req_print.o crypto/ts/libcrypto-lib-ts_req_utils.o crypto/ts/libcrypto-lib-ts_rsp_print.o crypto/ts/libcrypto-lib-ts_rsp_sign.o crypto/ts/libcrypto-lib-ts_rsp_utils.o crypto/ts/libcrypto-lib-ts_rsp_verify.o crypto/ts/libcrypto-lib-ts_verify_ctx.o crypto/txt_db/libcrypto-lib-txt_db.o crypto/ui/libcrypto-lib-ui_err.o crypto/ui/libcrypto-lib-ui_lib.o crypto/ui/libcrypto-lib-ui_null.o crypto/ui/libcrypto-lib-ui_openssl.o crypto/ui/libcrypto-lib-ui_util.o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/libcrypto-lib-wp_dgst.o crypto/x509/libcrypto-lib-by_dir.o crypto/x509/libcrypto-lib-by_file.o crypto/x509/libcrypto-lib-by_store.o crypto/x509/libcrypto-lib-pcy_cache.o crypto/x509/libcrypto-lib-pcy_data.o crypto/x509/libcrypto-lib-pcy_lib.o crypto/x509/libcrypto-lib-pcy_map.o crypto/x509/libcrypto-lib-pcy_node.o crypto/x509/libcrypto-lib-pcy_tree.o crypto/x509/libcrypto-lib-t_crl.o crypto/x509/libcrypto-lib-t_req.o crypto/x509/libcrypto-lib-t_x509.o crypto/x509/libcrypto-lib-v3_addr.o crypto/x509/libcrypto-lib-v3_admis.o crypto/x509/libcrypto-lib-v3_akeya.o crypto/x509/libcrypto-lib-v3_akid.o crypto/x509/libcrypto-lib-v3_asid.o crypto/x509/libcrypto-lib-v3_bcons.o crypto/x509/libcrypto-lib-v3_bitst.o crypto/x509/libcrypto-lib-v3_conf.o crypto/x509/libcrypto-lib-v3_cpols.o crypto/x509/libcrypto-lib-v3_crld.o crypto/x509/libcrypto-lib-v3_enum.o crypto/x509/libcrypto-lib-v3_extku.o crypto/x509/libcrypto-lib-v3_genn.o crypto/x509/libcrypto-lib-v3_ia5.o crypto/x509/libcrypto-lib-v3_info.o crypto/x509/libcrypto-lib-v3_int.o crypto/x509/libcrypto-lib-v3_ist.o crypto/x509/libcrypto-lib-v3_lib.o crypto/x509/libcrypto-lib-v3_ncons.o crypto/x509/libcrypto-lib-v3_pci.o crypto/x509/libcrypto-lib-v3_pcia.o crypto/x509/libcrypto-lib-v3_pcons.o crypto/x509/libcrypto-lib-v3_pku.o crypto/x509/libcrypto-lib-v3_pmaps.o crypto/x509/libcrypto-lib-v3_prn.o crypto/x509/libcrypto-lib-v3_purp.o crypto/x509/libcrypto-lib-v3_san.o crypto/x509/libcrypto-lib-v3_skid.o crypto/x509/libcrypto-lib-v3_sxnet.o crypto/x509/libcrypto-lib-v3_tlsf.o crypto/x509/libcrypto-lib-v3_utf8.o crypto/x509/libcrypto-lib-v3_utl.o crypto/x509/libcrypto-lib-v3err.o crypto/x509/libcrypto-lib-x509_att.o crypto/x509/libcrypto-lib-x509_cmp.o crypto/x509/libcrypto-lib-x509_d2.o crypto/x509/libcrypto-lib-x509_def.o crypto/x509/libcrypto-lib-x509_err.o crypto/x509/libcrypto-lib-x509_ext.o crypto/x509/libcrypto-lib-x509_lu.o crypto/x509/libcrypto-lib-x509_meth.o crypto/x509/libcrypto-lib-x509_obj.o crypto/x509/libcrypto-lib-x509_r2x.o crypto/x509/libcrypto-lib-x509_req.o crypto/x509/libcrypto-lib-x509_set.o crypto/x509/libcrypto-lib-x509_trs.o crypto/x509/libcrypto-lib-x509_txt.o crypto/x509/libcrypto-lib-x509_v3.o crypto/x509/libcrypto-lib-x509_vfy.o crypto/x509/libcrypto-lib-x509_vpm.o crypto/x509/libcrypto-lib-x509cset.o crypto/x509/libcrypto-lib-x509name.o crypto/x509/libcrypto-lib-x509rset.o crypto/x509/libcrypto-lib-x509spki.o crypto/x509/libcrypto-lib-x509type.o crypto/x509/libcrypto-lib-x_all.o crypto/x509/libcrypto-lib-x_attrib.o crypto/x509/libcrypto-lib-x_crl.o crypto/x509/libcrypto-lib-x_exten.o crypto/x509/libcrypto-lib-x_name.o crypto/x509/libcrypto-lib-x_pubkey.o crypto/x509/libcrypto-lib-x_req.o crypto/x509/libcrypto-lib-x_x509.o crypto/x509/libcrypto-lib-x_x509a.o engines/libcrypto-lib-e_afalg.o engines/libcrypto-lib-e_capi.o engines/libcrypto-lib-e_padlock-x86_64.o engines/libcrypto-lib-e_padlock.o providers/libcrypto-lib-baseprov.o providers/libcrypto-lib-defltprov.o providers/libcrypto-lib-nullprov.o providers/libcrypto-lib-prov_running.o crypto/md5/libimplementations-lib-md5-x86_64.o crypto/md5/libimplementations-lib-md5_dgst.o crypto/md5/libimplementations-lib-md5_one.o crypto/md5/libimplementations-lib-md5_sha1.o providers/implementations/asymciphers/libimplementations-lib-rsa_enc.o providers/implementations/asymciphers/libimplementations-lib-sm2_enc.o providers/implementations/ciphers/libimplementations-lib-cipher_aes.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha1_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cbc_hmac_sha256_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_cts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_ocb_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_siv_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_wrp.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts.o providers/implementations/ciphers/libimplementations-lib-cipher_aes_xts_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_ccm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_gcm_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_aria_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia.o providers/implementations/ciphers/libimplementations-lib-cipher_camellia_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305.o providers/implementations/ciphers/libimplementations-lib-cipher_chacha20_poly1305_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_null.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4.o providers/implementations/ciphers/libimplementations-lib-cipher_sm4_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_common.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_default_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_hw.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap.o providers/implementations/ciphers/libimplementations-lib-cipher_tdes_wrap_hw.o providers/implementations/digests/libimplementations-lib-blake2_prov.o providers/implementations/digests/libimplementations-lib-blake2b_prov.o providers/implementations/digests/libimplementations-lib-blake2s_prov.o providers/implementations/digests/libimplementations-lib-md5_prov.o providers/implementations/digests/libimplementations-lib-md5_sha1_prov.o providers/implementations/digests/libimplementations-lib-sha2_prov.o providers/implementations/digests/libimplementations-lib-sha3_prov.o providers/implementations/digests/libimplementations-lib-sm3_prov.o providers/implementations/encode_decode/libimplementations-lib-decode_der2key.o providers/implementations/encode_decode/libimplementations-lib-decode_ms2key.o providers/implementations/encode_decode/libimplementations-lib-decode_pem2der.o providers/implementations/encode_decode/libimplementations-lib-encode_key2any.o providers/implementations/encode_decode/libimplementations-lib-encode_key2blob.o providers/implementations/encode_decode/libimplementations-lib-encode_key2ms.o providers/implementations/encode_decode/libimplementations-lib-encode_key2text.o providers/implementations/encode_decode/libimplementations-lib-endecoder_common.o providers/implementations/exchange/libimplementations-lib-dh_exch.o providers/implementations/exchange/libimplementations-lib-ecdh_exch.o providers/implementations/exchange/libimplementations-lib-ecx_exch.o providers/implementations/exchange/libimplementations-lib-kdf_exch.o providers/implementations/kdfs/libimplementations-lib-hkdf.o providers/implementations/kdfs/libimplementations-lib-kbkdf.o providers/implementations/kdfs/libimplementations-lib-krb5kdf.o providers/implementations/kdfs/libimplementations-lib-pbkdf2.o providers/implementations/kdfs/libimplementations-lib-pkcs12kdf.o providers/implementations/kdfs/libimplementations-lib-scrypt.o providers/implementations/kdfs/libimplementations-lib-sshkdf.o providers/implementations/kdfs/libimplementations-lib-sskdf.o providers/implementations/kdfs/libimplementations-lib-tls1_prf.o providers/implementations/kdfs/libimplementations-lib-x942kdf.o providers/implementations/kem/libimplementations-lib-rsa_kem.o providers/implementations/keymgmt/libimplementations-lib-ecx_kmgmt.o providers/implementations/keymgmt/libimplementations-lib-kdf_legacy_kmgmt.o providers/implementations/macs/libimplementations-lib-blake2b_mac.o providers/implementations/macs/libimplementations-lib-blake2s_mac.o providers/implementations/macs/libimplementations-lib-cmac_prov.o providers/implementations/macs/libimplementations-lib-gmac_prov.o providers/implementations/macs/libimplementations-lib-hmac_prov.o providers/implementations/macs/libimplementations-lib-kmac_prov.o providers/implementations/macs/libimplementations-lib-poly1305_prov.o providers/implementations/macs/libimplementations-lib-siphash_prov.o providers/implementations/signature/libimplementations-lib-dsa.o providers/implementations/signature/libimplementations-lib-ecdsa.o providers/implementations/signature/libimplementations-lib-eddsa.o providers/implementations/signature/libimplementations-lib-sm2sig.o providers/implementations/storemgmt/libimplementations-lib-file_store.o providers/implementations/storemgmt/libimplementations-lib-file_store_der2obj.o ssl/libimplementations-lib-s3_cbc.o providers/common/libcommon-lib-provider_ctx.o providers/common/libcommon-lib-provider_err.o providers/implementations/ciphers/libcommon-lib-ciphercommon.o providers/implementations/ciphers/libcommon-lib-ciphercommon_block.o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm.o providers/implementations/ciphers/libcommon-lib-ciphercommon_ccm_hw.o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm.o providers/implementations/ciphers/libcommon-lib-ciphercommon_gcm_hw.o providers/implementations/ciphers/libcommon-lib-ciphercommon_hw.o providers/implementations/digests/libcommon-lib-digestcommon.o ssl/record/libcommon-lib-tls_pad.o providers/common/der/libnonfips-lib-der_digests_gen.o providers/common/der/libnonfips-lib-der_dsa_gen.o providers/common/der/libnonfips-lib-der_dsa_key.o providers/common/der/libnonfips-lib-der_dsa_sig.o providers/common/der/libnonfips-lib-der_ec_gen.o providers/common/der/libnonfips-lib-der_ec_key.o providers/common/der/libnonfips-lib-der_ec_sig.o providers/common/der/libnonfips-lib-der_ecx_gen.o providers/common/der/libnonfips-lib-der_ecx_key.o providers/common/der/libnonfips-lib-der_rsa_gen.o providers/common/der/libnonfips-lib-der_rsa_key.o providers/common/der/libnonfips-lib-der_rsa_sig.o providers/common/der/libnonfips-lib-der_sm2_gen.o providers/common/der/libnonfips-lib-der_sm2_key.o providers/common/der/libnonfips-lib-der_sm2_sig.o providers/common/der/libnonfips-lib-der_wrap_gen.o providers/common/libnonfips-lib-bio_prov.o providers/common/libnonfips-lib-capabilities.o providers/common/libnonfips-lib-digest_to_nid.o providers/common/libnonfips-lib-provider_seeding.o providers/common/libnonfips-lib-provider_util.o providers/common/libnonfips-lib-securitycheck.o providers/common/libnonfips-lib-securitycheck_default.o providers/implementations/ciphers/libnonfips-lib-cipher_aes_xts_fips.o providers/implementations/kdfs/libnonfips-lib-pbkdf2_fips.o providers/implementations/keymgmt/libnonfips-lib-dh_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-dsa_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-ec_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-mac_legacy_kmgmt.o providers/implementations/keymgmt/libnonfips-lib-rsa_kmgmt.o providers/implementations/rands/libnonfips-lib-crngt.o providers/implementations/rands/libnonfips-lib-drbg.o providers/implementations/rands/libnonfips-lib-drbg_ctr.o providers/implementations/rands/libnonfips-lib-drbg_hash.o providers/implementations/rands/libnonfips-lib-drbg_hmac.o providers/implementations/rands/libnonfips-lib-seed_src.o providers/implementations/rands/libnonfips-lib-test_rng.o providers/implementations/rands/seeding/libnonfips-lib-rand_cpu_x86.o providers/implementations/rands/seeding/libnonfips-lib-rand_tsc.o providers/implementations/rands/seeding/libnonfips-lib-rand_unix.o providers/implementations/rands/seeding/libnonfips-lib-rand_win.o providers/implementations/signature/libnonfips-lib-mac_legacy.o providers/implementations/signature/libnonfips-lib-rsa.o providers/libnonfips-lib-prov_running.o ranlib libcrypto.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread make[1]: Leaving directory '/home/openssl/run-checker/no-autoalginit' $ make test make: *** No rule to make target 'apps/openssl', needed by 'providers/fipsmodule.cnf'. Stop. From openssl at openssl.org Thu Mar 11 02:08:03 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 02:08:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1615428483.288106.2752593.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=3145, 1093 wallclock secs (14.44 usr 1.32 sys + 1005.35 cusr 84.61 csys = 1105.72 CPU) Result: FAIL make[1]: *** [Makefile:3305: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' make: *** [Makefile:3302: tests] Error 2 From no-reply at appveyor.com Thu Mar 11 02:13:18 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Mar 2021 02:13:18 +0000 Subject: Build failed: openssl master.40569 Message-ID: <20210311021318.1.AC5C8780447449DA@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Mar 11 02:20:05 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 11 Mar 2021 02:20:05 +0000 Subject: [openssl] master update Message-ID: <1615429205.604647.3388.nullmailer@dev.openssl.org> The branch master has been updated via bf23b9a163658496c3cabb1d0a00a88b94aede0a (commit) from 903a6558471812c8884a8ba279ad96dc29ccd4b0 (commit) - Log ----------------------------------------------------------------- commit bf23b9a163658496c3cabb1d0a00a88b94aede0a Author: Pedro Monreal Date: Thu Mar 4 17:01:50 2021 +0100 Fix reason code: EVP_R_OPERATON_NOT_INITIALIZED Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14429) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 +- crypto/evp/asymcipher.c | 4 ++-- crypto/evp/evp_err.c | 2 +- crypto/evp/exchange.c | 4 ++-- crypto/evp/kem.c | 4 ++-- crypto/evp/pmeth_gn.c | 6 +++--- crypto/evp/signature.c | 6 +++--- include/openssl/cryptoerr_legacy.h | 5 +++++ include/openssl/evperr.h | 2 +- 9 files changed, 20 insertions(+), 15 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e9a179c362..53e8c4cd39 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -708,7 +708,7 @@ EVP_R_NULL_MAC_PKEY_CTX:208:null mac pkey ctx EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype -EVP_R_OPERATON_NOT_INITIALIZED:151:operation not initialized +EVP_R_OPERATION_NOT_INITIALIZED:151:operation not initialized EVP_R_OUTPUT_WOULD_OVERFLOW:202:output would overflow EVP_R_PARAMETER_TOO_LARGE:187:parameter too large EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index ee8e8662b0..221ceb038d 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -183,7 +183,7 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, } if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } @@ -220,7 +220,7 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, } if (ctx->operation != EVP_PKEY_OP_DECRYPT) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 5d9b82c289..850de00ca9 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -135,7 +135,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "only oneshot supported"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED), "operation not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"}, diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index e0f15026c8..1a512c4283 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -359,7 +359,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } @@ -419,7 +419,7 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) } if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index e26c3502db..b784d28d1c 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -117,7 +117,7 @@ int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, return 0; if (ctx->operation != EVP_PKEY_OP_ENCAPSULATE) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } @@ -148,7 +148,7 @@ int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, return 0; if (ctx->operation != EVP_PKEY_OP_DECAPSULATE) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 1953e0f958..091d387795 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -244,7 +244,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ret = -2; goto end; not_initialized: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); ret = -1; goto end; #ifndef FIPS_MODULE @@ -258,7 +258,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { if (ctx->operation != EVP_PKEY_OP_PARAMGEN) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } return EVP_PKEY_gen(ctx, ppkey); @@ -267,7 +267,7 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { if (ctx->operation != EVP_PKEY_OP_KEYGEN) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } return EVP_PKEY_gen(ctx, ppkey); diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 277e972414..d6d96908ab 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -555,7 +555,7 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, } if (ctx->operation != EVP_PKEY_OP_SIGN) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } @@ -594,7 +594,7 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, } if (ctx->operation != EVP_PKEY_OP_VERIFY) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } @@ -631,7 +631,7 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, } if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } diff --git a/include/openssl/cryptoerr_legacy.h b/include/openssl/cryptoerr_legacy.h index 34bb3dfd1e..6b78c5624c 100644 --- a/include/openssl/cryptoerr_legacy.h +++ b/include/openssl/cryptoerr_legacy.h @@ -1454,6 +1454,11 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void); # define X509V3_F_X509_PURPOSE_ADD 0 # define X509V3_F_X509_PURPOSE_SET 0 +/* + * Compatibility defines. + */ +# define EVP_R_OPERATON_NOT_INITIALIZED EVP_R_OPERATION_NOT_INITIALIZED + # endif # ifdef __cplusplus diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index a96c684f1f..b2e08b14b6 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -96,7 +96,7 @@ # define EVP_R_NULL_MAC_PKEY_CTX 208 # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 -# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_OPERATION_NOT_INITIALIZED 151 # define EVP_R_OUTPUT_WOULD_OVERFLOW 202 # define EVP_R_PARAMETER_TOO_LARGE 187 # define EVP_R_PARTIALLY_OVERLAPPING 162 From no-reply at appveyor.com Thu Mar 11 04:55:19 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Mar 2021 04:55:19 +0000 Subject: Build completed: openssl master.40570 Message-ID: <20210311045519.1.0090CEF6759B08C0@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Mar 11 08:06:53 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 08:06:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1615450013.563413.3487259.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp.t (Wstat: 512 Tests: 89 Failed: 2) Failed tests: 13, 39 Non-zero exit status: 2 30-test_evp_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=3147, 930 wallclock secs (14.24 usr 1.41 sys + 842.27 cusr 85.37 csys = 943.29 CPU) Result: FAIL make[1]: *** [Makefile:3209: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' make: *** [Makefile:3206: tests] Error 2 From tomas at openssl.org Thu Mar 11 09:25:13 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 11 Mar 2021 09:25:13 +0000 Subject: [openssl] master update Message-ID: <1615454713.708293.27520.nullmailer@dev.openssl.org> The branch master has been updated via 1aa7ecd0d3f6d9c3739cf2e2d87673a3be03b352 (commit) from bf23b9a163658496c3cabb1d0a00a88b94aede0a (commit) - Log ----------------------------------------------------------------- commit 1aa7ecd0d3f6d9c3739cf2e2d87673a3be03b352 Author: panda Date: Mon Mar 8 13:12:42 2021 -0800 Check SSL_set1_chain error in set_cert_cb CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14469) ----------------------------------------------------------------------- Summary of changes: apps/lib/s_cb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 6737eca13e..0ca9038738 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -952,7 +952,8 @@ static int set_cert_cb(SSL *ssl, void *arg) if (!SSL_build_cert_chain(ssl, 0)) return 0; } else if (exc->chain != NULL) { - SSL_set1_chain(ssl, exc->chain); + if (!SSL_set1_chain(ssl, exc->chain)) + return 0; } } exc = exc->prev; From openssl at openssl.org Thu Mar 11 09:40:46 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 09:40:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso Message-ID: <1615455646.594384.3687565.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. skipped: Test only supported in a dso build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a dso build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 15-test_rsaoaep.t (Wstat: 1536 Tests: 10 Failed: 6) Failed tests: 2, 4, 7-10 Non-zero exit status: 6 Files=233, Tests=2743, 747 wallclock secs ( 9.50 usr 1.19 sys + 682.29 cusr 66.94 csys = 759.92 CPU) Result: FAIL make[1]: *** [Makefile:3132: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dso' make: *** [Makefile:3129: tests] Error 2 From matt at openssl.org Thu Mar 11 10:45:56 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Mar 2021 10:45:56 +0000 Subject: [openssl] master update Message-ID: <1615459556.978959.7003.nullmailer@dev.openssl.org> The branch master has been updated via f70863d9dddd3ce3420f0e07841475a7e9680ca9 (commit) from 1aa7ecd0d3f6d9c3739cf2e2d87673a3be03b352 (commit) - Log ----------------------------------------------------------------- commit f70863d9dddd3ce3420f0e07841475a7e9680ca9 Author: Vincent Drake Date: Mon Mar 1 14:38:02 2021 -0500 Use read/write locking on Windows Fixes #13914 The "SRWLock" synchronization primitive is available in Windows Vista and later. CRYPTO_THREAD functions now use SRWLock functions when the target operating system supports them. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14381) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 +++++ crypto/threads_win.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a547b40829..bdac54c10f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Windows thread synchronization uses read/write primitives (SRWLock) when + supported by the OS, otherwise CriticalSection continues to be used. + + *Vincent Drake* + * Add filter BIO BIO_f_readbuffer() that allows BIO_tell() and BIO_seek() to work on read only BIO source/sinks that do not support these functions. This allows piping or redirection of a file BIO using stdin to be buffered diff --git a/crypto/threads_win.c b/crypto/threads_win.c index ef68fe2d24..34c8964aa6 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -9,29 +9,49 @@ #if defined(_WIN32) # include +# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +# include +# define USE_RWLOCK +# endif #endif #include #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) +# ifdef USE_RWLOCK +typedef struct { + SRWLOCK lock; + int exclusive; +} CRYPTO_win_rwlock; +# endif + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { CRYPTO_RWLOCK *lock; +# ifdef USE_RWLOCK + CRYPTO_win_rwlock *rwlock; + + if ((lock = OPENSSL_zalloc(sizeof(CRYPTO_win_rwlock))) == NULL) + return NULL; + rwlock = lock; + InitializeSRWLock(&rwlock->lock); +# else if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { /* Don't set error, to avoid recursion blowup. */ return NULL; } -# if !defined(_WIN32_WCE) +# if !defined(_WIN32_WCE) /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { OPENSSL_free(lock); return NULL; } -# else +# else InitializeCriticalSection(lock); +# endif # endif return lock; @@ -39,19 +59,43 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { +# ifdef USE_RWLOCK + CRYPTO_win_rwlock *rwlock = lock; + + AcquireSRWLockShared(&rwlock->lock); +# else EnterCriticalSection(lock); +# endif return 1; } int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { +# ifdef USE_RWLOCK + CRYPTO_win_rwlock *rwlock = lock; + + AcquireSRWLockExclusive(&rwlock->lock); + rwlock->exclusive = 1; +# else EnterCriticalSection(lock); +# endif return 1; } int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { +# ifdef USE_RWLOCK + CRYPTO_win_rwlock *rwlock = lock; + + if (rwlock->exclusive) { + rwlock->exclusive = 0; + ReleaseSRWLockExclusive(&rwlock->lock); + } else { + ReleaseSRWLockShared(&rwlock->lock); + } +# else LeaveCriticalSection(lock); +# endif return 1; } @@ -60,7 +104,9 @@ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) if (lock == NULL) return; +# ifndef USE_RWLOCK DeleteCriticalSection(lock); +# endif OPENSSL_free(lock); return; From openssl at openssl.org Thu Mar 11 10:50:11 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Mar 2021 10:50:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1615459811.117822.3816672.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cmp_http.t ................. ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_fipsload.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz_asn1.t ................ ok 99-test_fuzz_asn1parse.t ........... ok 99-test_fuzz_bignum.t .............. ok 99-test_fuzz_bndiv.t ............... ok 99-test_fuzz_client.t .............. ok 99-test_fuzz_cmp.t ................. ok 99-test_fuzz_cms.t ................. ok 99-test_fuzz_conf.t ................ ok 99-test_fuzz_crl.t ................. ok 99-test_fuzz_ct.t .................. ok 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok Test Summary Report ------------------- 30-test_evp_extra.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=233, Tests=2671, 782 wallclock secs (13.37 usr 1.18 sys + 704.44 cusr 72.11 csys = 791.10 CPU) Result: FAIL make[1]: *** [Makefile:3274: _tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' make: *** [Makefile:3271: tests] Error 2 From matt at openssl.org Thu Mar 11 13:34:50 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Mar 2021 13:34:50 +0000 Subject: [openssl] master update Message-ID: <1615469690.092875.616.nullmailer@dev.openssl.org> The branch master has been updated via 8020d79b4033400d0ef659a361c05b6902944042 (commit) from f70863d9dddd3ce3420f0e07841475a7e9680ca9 (commit) - Log ----------------------------------------------------------------- commit 8020d79b4033400d0ef659a361c05b6902944042 Author: Matt Caswell Date: Thu Mar 11 13:27:36 2021 +0000 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14512) ----------------------------------------------------------------------- Summary of changes: apps/fipsinstall.c | 2 +- apps/kdf.c | 2 +- apps/list.c | 2 +- apps/pkeyparam.c | 2 +- apps/testdsa.h | 2 +- crypto/asn1/a_strex.c | 2 +- crypto/asn1/bio_ndef.c | 2 +- crypto/bio/b_sock2.c | 2 +- crypto/bio/bss_conn.c | 2 +- crypto/bio/bss_fd.c | 2 +- crypto/bio/bss_sock.c | 2 +- crypto/bn/bn_const.c | 2 +- crypto/bn/bn_ctx.c | 2 +- crypto/bn/bn_dh.c | 2 +- crypto/bn/bn_rsa_fips186_4.c | 2 +- crypto/cmp/cmp_hdr.c | 2 +- crypto/cmp/cmp_local.h | 2 +- crypto/cmp/cmp_protect.c | 2 +- crypto/cmp/cmp_util.c | 2 +- crypto/cmp/cmp_vfy.c | 2 +- crypto/cms/cms_cd.c | 2 +- crypto/cms/cms_dd.c | 2 +- crypto/cms/cms_local.h | 2 +- crypto/cms/cms_rsa.c | 2 +- crypto/core_algorithm.c | 2 +- crypto/core_namemap.c | 2 +- crypto/crmf/crmf_pbm.c | 2 +- crypto/cryptlib.c | 2 +- crypto/ct/ct_sct.c | 2 +- crypto/dh/dh_ameth.c | 2 +- crypto/dh/dh_asn1.c | 2 +- crypto/dh/dh_check.c | 2 +- crypto/dh/dh_gen.c | 2 +- crypto/dh/dh_group_params.c | 2 +- crypto/dh/dh_kdf.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dh/dh_pmeth.c | 2 +- crypto/dh/dh_rfc5114.c | 2 +- crypto/dsa/dsa_check.c | 2 +- crypto/dsa/dsa_err.c | 2 +- crypto/dsa/dsa_gen.c | 2 +- crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsa_local.h | 2 +- crypto/dsa/dsa_ossl.c | 2 +- crypto/dsa/dsa_pmeth.c | 2 +- crypto/dsa/dsa_sign.c | 2 +- crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec2_smpl.c | 2 +- crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_curve.c | 2 +- crypto/ec/ec_cvt.c | 2 +- crypto/ec/ec_kmeth.c | 2 +- crypto/ec/ec_local.h | 2 +- crypto/ec/ec_oct.c | 2 +- crypto/ec/ecdh_kdf.c | 2 +- crypto/ec/ecdh_ossl.c | 2 +- crypto/ec/ecdsa_ossl.c | 2 +- crypto/ec/ecp_mont.c | 2 +- crypto/ec/ecp_nist.c | 2 +- crypto/ec/ecp_nistp224.c | 2 +- crypto/ec/ecp_nistp256.c | 2 +- crypto/ec/ecp_nistp521.c | 2 +- crypto/ec/ecp_nistputil.c | 2 +- crypto/ec/ecp_nistz256.c | 2 +- crypto/ec/ecp_oct.c | 2 +- crypto/ec/ecp_s390x_nistp.c | 2 +- crypto/ec/ecp_smpl.c | 2 +- crypto/ec/ecx_backend.c | 2 +- crypto/ec/ecx_key.c | 2 +- crypto/ec/ecx_meth.c | 2 +- crypto/encode_decode/decoder_lib.c | 2 +- crypto/encode_decode/encoder_lib.c | 2 +- crypto/err/err_local.h | 2 +- crypto/ess/ess_lib.c | 2 +- crypto/evp/asymcipher.c | 2 +- crypto/evp/dh_support.c | 2 +- crypto/evp/dsa_ctrl.c | 2 +- crypto/evp/ec_support.c | 2 +- crypto/evp/evp_local.h | 2 +- crypto/evp/kdf_lib.c | 2 +- crypto/evp/kdf_meth.c | 2 +- crypto/evp/kem.c | 2 +- crypto/evp/legacy_blake2.c | 2 +- crypto/evp/mac_lib.c | 2 +- crypto/evp/names.c | 2 +- crypto/evp/p5_crpt2.c | 2 +- crypto/evp/p_dec.c | 2 +- crypto/evp/p_enc.c | 2 +- crypto/evp/pbe_scrypt.c | 2 +- crypto/evp/signature.c | 2 +- crypto/ffc/ffc_params_generate.c | 2 +- crypto/ffc/ffc_params_validate.c | 2 +- crypto/http/http_lib.c | 2 +- crypto/modes/gcm128.c | 2 +- crypto/o_time.c | 2 +- crypto/ocsp/ocsp_cl.c | 2 +- crypto/ocsp/ocsp_local.h | 2 +- crypto/ocsp/ocsp_srv.c | 2 +- crypto/param_build.c | 2 +- crypto/param_build_set.c | 2 +- crypto/params.c | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/pkcs12/p12_crt.c | 2 +- crypto/pkcs12/p12_decr.c | 2 +- crypto/pkcs12/p12_key.c | 2 +- crypto/pkcs12/p12_kiss.c | 2 +- crypto/pkcs12/p12_mutl.c | 2 +- crypto/pkcs7/pk7_local.h | 2 +- crypto/provider.c | 2 +- crypto/provider_conf.c | 2 +- crypto/rsa/rsa_local.h | 2 +- crypto/rsa/rsa_ossl.c | 2 +- crypto/rsa/rsa_pmeth.c | 2 +- crypto/rsa/rsa_sp800_56b_check.c | 2 +- crypto/rsa/rsa_sp800_56b_gen.c | 2 +- crypto/siphash/siphash.c | 2 +- crypto/siphash/siphash_local.h | 2 +- crypto/sm2/sm2_crypt.c | 2 +- crypto/store/store_lib.c | 2 +- crypto/threads_win.c | 2 +- crypto/ts/ts_rsp_verify.c | 2 +- crypto/whrlpool/wp_block.c | 2 +- crypto/x509/by_store.c | 2 +- crypto/x509/pcy_tree.c | 2 +- crypto/x509/x509_trs.c | 2 +- crypto/x509/x509_vpm.c | 2 +- doc/internal/man3/evp_pkey_export_to_provider.pod | 2 +- doc/internal/man3/ossl_namemap_new.pod | 2 +- doc/internal/man3/ossl_provider_new.pod | 2 +- doc/internal/man7/build.info.pod | 2 +- doc/man1/openssl-ocsp.pod.in | 2 +- doc/man1/openssl-pkeyutl.pod.in | 2 +- doc/man1/openssl-rsautl.pod.in | 2 +- doc/man1/openssl-s_server.pod.in | 2 +- doc/man3/CMS_EncryptedData_encrypt.pod | 2 +- doc/man3/CMS_EnvelopedData_create.pod | 2 +- doc/man3/CMS_data_create.pod | 2 +- doc/man3/CMS_digest_create.pod | 2 +- doc/man3/DH_size.pod | 2 +- doc/man3/EVP_ASYM_CIPHER_free.pod | 2 +- doc/man3/EVP_EncryptInit.pod | 2 +- doc/man3/EVP_KDF.pod | 2 +- doc/man3/EVP_KEM_free.pod | 2 +- doc/man3/EVP_KEYEXCH_free.pod | 2 +- doc/man3/EVP_KEYMGMT.pod | 2 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 +- doc/man3/EVP_PKEY_CTX_new.pod | 2 +- doc/man3/EVP_PKEY_is_a.pod | 2 +- doc/man3/EVP_PKEY_set1_RSA.pod | 2 +- doc/man3/EVP_SIGNATURE_free.pod | 2 +- doc/man3/EVP_VerifyInit.pod | 2 +- doc/man3/OCSP_resp_find_status.pod | 2 +- doc/man3/OPENSSL_LH_COMPFUNC.pod | 2 +- doc/man3/OSSL_PARAM.pod | 2 +- doc/man3/OSSL_STORE_INFO.pod | 2 +- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/OpenSSL_version.pod | 2 +- doc/man3/PKCS12_create.pod | 2 +- doc/man3/RAND_get0_primary.pod | 2 +- doc/man3/RAND_set_rand_method.pod | 2 +- doc/man3/RSA_padding_add_PKCS1_type_1.pod | 2 +- doc/man3/RSA_public_encrypt.pod | 2 +- doc/man7/EVP_KDF-HKDF.pod | 2 +- doc/man7/EVP_KDF-KB.pod | 2 +- doc/man7/EVP_KDF-KRB5KDF.pod | 2 +- doc/man7/EVP_KDF-SCRYPT.pod | 2 +- doc/man7/EVP_KDF-SS.pod | 2 +- doc/man7/EVP_KDF-TLS1_PRF.pod | 2 +- doc/man7/EVP_KDF-X963.pod | 2 +- doc/man7/EVP_KEYEXCH-DH.pod | 2 +- doc/man7/EVP_MAC-BLAKE2.pod | 2 +- doc/man7/EVP_MAC-CMAC.pod | 2 +- doc/man7/EVP_MAC-GMAC.pod | 2 +- doc/man7/EVP_MAC-KMAC.pod | 2 +- doc/man7/EVP_MAC-Poly1305.pod | 2 +- doc/man7/EVP_MAC-Siphash.pod | 2 +- doc/man7/EVP_RAND-CTR-DRBG.pod | 2 +- doc/man7/EVP_RAND-HASH-DRBG.pod | 2 +- doc/man7/EVP_RAND-HMAC-DRBG.pod | 2 +- doc/man7/EVP_RAND-SEED-SRC.pod | 2 +- doc/man7/EVP_RAND-TEST-RAND.pod | 2 +- doc/man7/EVP_SIGNATURE-RSA.pod | 2 +- doc/man7/RAND.pod | 2 +- doc/man7/evp.pod | 2 +- doc/man7/provider-digest.pod | 2 +- doc/man7/provider-kem.pod | 2 +- doc/man7/provider-keyexch.pod | 2 +- engines/e_afalg.c | 2 +- fuzz/client.c | 2 +- fuzz/cmp.c | 2 +- fuzz/fuzzer.h | 2 +- include/crypto/bn_dh.h | 2 +- include/crypto/modes.h | 2 +- include/internal/namemap.h | 2 +- include/openssl/bio.h.in | 2 +- include/openssl/dh.h | 2 +- include/openssl/rand.h | 2 +- include/openssl/store.h | 2 +- include/openssl/symhacks.h | 2 +- include/openssl/tls1.h | 2 +- providers/common/bio_prov.c | 2 +- providers/common/digest_to_nid.c | 2 +- providers/common/include/prov/bio.h | 2 +- providers/common/include/prov/securitycheck.h | 2 +- providers/common/securitycheck_default.c | 2 +- providers/implementations/ciphers/cipher_aes_ccm.c | 2 +- providers/implementations/ciphers/cipher_aes_ccm_hw.c | 2 +- providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc | 2 +- providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc | 2 +- providers/implementations/ciphers/cipher_aes_gcm.c | 2 +- providers/implementations/ciphers/cipher_aes_gcm_hw.c | 2 +- providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc | 2 +- providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc | 2 +- providers/implementations/ciphers/cipher_aes_gcm_hw_t4.inc | 2 +- providers/implementations/ciphers/cipher_aria_ccm.c | 2 +- providers/implementations/ciphers/cipher_aria_ccm_hw.c | 2 +- providers/implementations/ciphers/cipher_aria_gcm.c | 2 +- providers/implementations/ciphers/cipher_aria_gcm_hw.c | 2 +- providers/implementations/ciphers/cipher_chacha20.h | 2 +- providers/implementations/ciphers/cipher_des_hw.c | 2 +- providers/implementations/ciphers/ciphercommon_ccm_hw.c | 2 +- providers/implementations/ciphers/ciphercommon_gcm_hw.c | 2 +- providers/implementations/ciphers/ciphercommon_local.h | 2 +- providers/implementations/digests/blake2_prov.c | 2 +- providers/implementations/digests/blake2b_prov.c | 2 +- providers/implementations/digests/blake2s_prov.c | 2 +- providers/implementations/digests/md5_sha1_prov.c | 2 +- providers/implementations/encode_decode/decode_ms2key.c | 2 +- providers/implementations/include/prov/blake2.h | 2 +- providers/implementations/include/prov/ciphercommon_ccm.h | 2 +- providers/implementations/include/prov/ciphercommon_gcm.h | 2 +- providers/implementations/include/prov/md5_sha1.h | 2 +- providers/implementations/macs/blake2b_mac.c | 2 +- providers/implementations/macs/blake2s_mac.c | 2 +- providers/implementations/macs/cmac_prov.c | 2 +- providers/implementations/rands/seeding/rand_unix.c | 2 +- providers/implementations/storemgmt/file_store_der2obj.c | 2 +- test/bad_dtls_test.c | 2 +- test/bn_internal_test.c | 2 +- test/cmp_ctx_test.c | 2 +- test/ecdsatest.c | 2 +- test/evp_extra_test2.c | 2 +- test/ffc_internal_test.c | 2 +- test/ossl_shim/include/openssl/base.h | 2 +- test/ossl_shim/ossl_shim.cc | 2 +- test/ossl_store_test.c | 2 +- test/p_test.c | 2 +- test/params_api_test.c | 2 +- test/provider_internal_test.c | 2 +- test/provider_test.c | 2 +- test/recipes/03-test_fipsinstall.t | 2 +- test/recipes/15-test_dsaparam.t | 2 +- test/recipes/15-test_rsaoaep.t | 2 +- test/recipes/20-test_cli_fips.t | 2 +- test/recipes/20-test_pkeyutl.t | 2 +- test/recipes/30-test_acvp.t | 2 +- test/recipes/30-test_defltfips.t | 2 +- test/recipes/30-test_evp.t | 2 +- test/recipes/30-test_evp_data/evpmac_blake.txt | 2 +- test/recipes/30-test_evp_data/evpmac_common.txt | 2 +- test/recipes/30-test_evp_data/evpmac_siphash.txt | 2 +- test/recipes/30-test_evp_fetch_prov.t | 2 +- test/recipes/30-test_evp_libctx.t | 2 +- test/recipes/30-test_provider_status.t | 2 +- test/recipes/65-test_cmp_client.t | 2 +- test/recipes/65-test_cmp_msg.t | 2 +- test/recipes/65-test_cmp_protect.t | 2 +- test/recipes/65-test_cmp_server.t | 2 +- test/recipes/65-test_cmp_vfy.t | 2 +- test/recipes/66-test_ossl_store.t | 2 +- test/recipes/90-test_sslapi.t | 2 +- test/recipes/95-test_external_gost_engine_data/gost_engine.sh | 2 +- test/recipes/95-test_external_krb5.t | 2 +- test/sm2_internal_test.c | 2 +- test/testutil/driver.c | 2 +- tools/c_rehash.in | 2 +- util/perl/OpenSSL/config.pm | 2 +- 278 files changed, 278 insertions(+), 278 deletions(-) diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 9aaa7522d2..e1279c32e9 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/kdf.c b/apps/kdf.c index 5c33234b57..c036a1bf47 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/list.c b/apps/list.c index e16e2bf7bc..5326a4b367 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index ef1a082d62..8b4ac1d222 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/testdsa.h b/apps/testdsa.h index 65028be46f..8738335391 100644 --- a/apps/testdsa.h +++ b/apps/testdsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 11c6296bba..b9b6f1c871 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index f1ad8d3e70..df462d741a 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c index 1817d9dd0f..0446e7fd8d 100644 --- a/crypto/bio/b_sock2.c +++ b/crypto/bio/b_sock2.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 5b0a69486b..7aaae65bc2 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index f0498a0969..65e0b10311 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 11a020d8dc..e142de1674 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c index 06a40d6fba..a36e0ac792 100644 --- a/crypto/bn/bn_const.c +++ b/crypto/bn/bn_const.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 63783dda0e..ec401032ad 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index 58f545642e..c0967e534c 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index a49166b9c3..dc83865e4b 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index a1770c1204..eca5578e44 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index c5f4fd198d..1ec16d4b2b 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index dcc0232e01..45bea73d13 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 81c7d02d88..eef297d50b 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index f525c691de..88052d5ec5 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2020 * Copyright Siemens AG 2015-2020 * diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index de38288d09..6de6d55e58 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 31b0a6f23f..6a7c049ef3 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index 82b4be5d19..2429202fa8 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index f9e9bffe21..f577d462f1 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index 59f6dddb14..6222c5364d 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index a81c2dec96..b19ca50786 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 03730c1505..78ab486e2d 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -1,5 +1,5 @@ /*- - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index fdefafc1fe..0b545af15a 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c index 41fbfaba75..10a67ed6d6 100644 --- a/crypto/ct/ct_sct.c +++ b/crypto/ct/ct_sct.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 18f4c9955e..cccd880c20 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 5c8af108f5..5fa91a8ec7 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 90697340f7..61be68bf64 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index aecf7195d8..66d1f94bc0 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c index 72082d6f50..ff6d7cdd66 100644 --- a/crypto/dh/dh_group_params.c +++ b/crypto/dh/dh_group_params.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 03e45aead9..d18e24eccb 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 78b984157d..f5e0f893c1 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 4a18205a7f..fdd9194f1a 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c index c578a89a58..7b1e0610bd 100644 --- a/crypto/dh/dh_rfc5114.c +++ b/crypto/dh/dh_rfc5114.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c index 705c7d22a0..7ee914a477 100644 --- a/crypto/dsa/dsa_check.c +++ b/crypto/dsa/dsa_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 6481e2dc58..888c043d89 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 2be9f48e27..3c46673984 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 2b7dc4e43d..1f951a9d36 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h index c4ed654b99..9e33fae131 100644 --- a/crypto/dsa/dsa_local.h +++ b/crypto/dsa/dsa_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 2f8cbe8ad4..c16d85c9e1 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index e5709b62c9..d9fdc90d25 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 84817d3009..6819e5c131 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 7d894c4bef..9f6e5de6fd 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index f58ce3367f..d8c2a7888f 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index b66e4a8b57..03c65ee403 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index 1d25010394..484124915d 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 31215dc7ab..6f1435c69f 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 30ee061123..1145bfb68f 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 4298bcc401..91b7a44082 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index 7ab5bd649c..693f21fa29 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index cb9352d639..790a0b2907 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index 450e2a872b..b8858cb3ef 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 8a521fd4a5..8016c6d7ad 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index d6df93a7de..b2bf68a5ce 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 8dc1c2f0b3..35b492453f 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index e41a67f647..3efd43e64c 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index aa470efd8d..c3dc0d9b7d 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 7fed6ccf57..c865cd7766 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 5c64477e97..72468a1d42 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c index 2c3dc26f6e..4e8c0e2767 100644 --- a/crypto/ec/ecp_nistputil.c +++ b/crypto/ec/ecp_nistputil.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index f348f97da1..a9982caef6 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2014, Intel Corporation. All Rights Reserved. * Copyright (c) 2015, CloudFlare, Inc. * diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index a8408b029b..b10947d714 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index ddaee93975..173fd72362 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index bca9da3e7e..c54d6fb6c8 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index f9f9d45f2d..3058cba913 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c index 45d55b5132..60d9f3cc9f 100644 --- a/crypto/ec/ecx_key.c +++ b/crypto/ec/ecx_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index fac1ba7270..cd73a15847 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 9c01dc894b..e928561b81 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index b25529e073..ea0a556e56 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h index abb6996e13..3de74b5c0d 100644 --- a/crypto/err/err_local.h +++ b/crypto/err/err_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 46004cc8da..a5cf5d8aa7 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index 221ceb038d..b30b05bfa9 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c index 0f33b28122..7e0256bd00 100644 --- a/crypto/evp/dh_support.c +++ b/crypto/evp/dh_support.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/dsa_ctrl.c b/crypto/evp/dsa_ctrl.c index 5fa2300abb..e0cc2b8852 100644 --- a/crypto/evp/dsa_ctrl.c +++ b/crypto/evp/dsa_ctrl.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c index a1eca28b79..b06157098f 100644 --- a/crypto/evp/ec_support.c +++ b/crypto/evp/ec_support.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index e0031a1d04..92a96f433e 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 5fe022a142..f5ff00d7e7 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/evp/kdf_meth.c b/crypto/evp/kdf_meth.c index 659788a58d..17526a8fe4 100644 --- a/crypto/evp/kdf_meth.c +++ b/crypto/evp/kdf_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index b784d28d1c..353c51a3ff 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/legacy_blake2.c b/crypto/evp/legacy_blake2.c index 22765aca0d..bdafd354b4 100644 --- a/crypto/evp/legacy_blake2.c +++ b/crypto/evp/legacy_blake2.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 91edb93afd..746abf53c1 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 97fd1b8302..19c03a3085 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index dff3310ded..d55199cccf 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index 2e90705656..822c214e6b 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index 5881153dbb..f1a7a839f6 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index be881b32fb..2537a073dd 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index d6d96908ab..bb99ff3095 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index e0ce7485cf..ee13a07d10 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ffc/ffc_params_validate.c b/crypto/ffc/ffc_params_validate.c index a2bfe22da2..0abbad2801 100644 --- a/crypto/ffc/ffc_params_validate.c +++ b/crypto/ffc/ffc_params_validate.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index 6b8c15471e..8b300a9db0 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index a6147e41a1..bdcb619cd8 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/o_time.c b/crypto/o_time.c index f367945a18..23ffe16245 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 2d544b444e..cfa85af240 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h index a7e6e86685..6542febc98 100644 --- a/crypto/ocsp/ocsp_local.h +++ b/crypto/ocsp/ocsp_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 2bd8b40d65..af1277942e 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/param_build.c b/crypto/param_build.c index 954ff81e2a..facbb281a4 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/param_build_set.c b/crypto/param_build_set.c index 7f62630053..8b570ded96 100644 --- a/crypto/param_build_set.c +++ b/crypto/param_build_set.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/params.c b/crypto/params.c index a3263e93c3..a1ed245a3c 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 8006c64b3a..0d8aa509b3 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 985b458cda..f735cb2a67 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 0f1c00aaca..b942b0cd52 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 8c7be88cd2..fd7f7a926b 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 140a690cbb..229b34cf64 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 20984055df..acf90051c4 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_local.h b/crypto/pkcs7/pk7_local.h index 77c6fbcf26..177ecc196b 100644 --- a/crypto/pkcs7/pk7_local.h +++ b/crypto/pkcs7/pk7_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/provider.c b/crypto/provider.c index 8eca9d3581..9c94e4e377 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index cbae99a474..fb83977e6d 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 6d3bc05c14..589d7ccf50 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 1fd0057202..b92137ee0a 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index def5641682..203612503b 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index 3bccbe4373..9b827d2872 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index 87fd4ad50c..63cd9afc2f 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c index eaad0a8e4a..071339d444 100644 --- a/crypto/siphash/siphash.c +++ b/crypto/siphash/siphash.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/siphash/siphash_local.h b/crypto/siphash/siphash_local.h index 8cd7c208cc..54d65dfc6e 100644 --- a/crypto/siphash/siphash_local.h +++ b/crypto/siphash/siphash_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 5e455d0613..cadc8ae201 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 1aaf9f89a4..29e68bf1ae 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 34c8964aa6..085ce9e96c 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index bba335a684..3aea4f4dfb 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index ac6cd95a74..bcf7a199ed 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index 9dd687f757..caccf38412 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c index 367de35857..ab5c677ea1 100644 --- a/crypto/x509/pcy_tree.c +++ b/crypto/x509/pcy_tree.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 88f2f057d5..bbde32af70 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 0334b58530..07615de7d7 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/evp_pkey_export_to_provider.pod b/doc/internal/man3/evp_pkey_export_to_provider.pod index 833ff44d53..44efbbe266 100644 --- a/doc/internal/man3/evp_pkey_export_to_provider.pod +++ b/doc/internal/man3/evp_pkey_export_to_provider.pod @@ -70,7 +70,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_namemap_new.pod b/doc/internal/man3/ossl_namemap_new.pod index 514ff5f8e6..d6f30a7047 100644 --- a/doc/internal/man3/ossl_namemap_new.pod +++ b/doc/internal/man3/ossl_namemap_new.pod @@ -118,7 +118,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index 40a2ebe7e3..dbf1e7cc5a 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -329,7 +329,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod index 9acfd02a8d..c959f1060d 100644 --- a/doc/internal/man7/build.info.pod +++ b/doc/internal/man7/build.info.pod @@ -620,7 +620,7 @@ L =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index 96fe6acbc9..9fdb25ba5a 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -486,7 +486,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index bc5fab5895..26b9ed1e42 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -417,7 +417,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index 516c4bc10b..62c39eb69e 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -238,7 +238,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 2bc307dca1..55227d9080 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -855,7 +855,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_EncryptedData_encrypt.pod b/doc/man3/CMS_EncryptedData_encrypt.pod index 1e7d3a49ba..d3c3b254be 100644 --- a/doc/man3/CMS_EncryptedData_encrypt.pod +++ b/doc/man3/CMS_EncryptedData_encrypt.pod @@ -59,7 +59,7 @@ The CMS_EncryptedData_encrypt_ex() method was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_EnvelopedData_create.pod b/doc/man3/CMS_EnvelopedData_create.pod index d88046236b..e5ff269e47 100644 --- a/doc/man3/CMS_EnvelopedData_create.pod +++ b/doc/man3/CMS_EnvelopedData_create.pod @@ -70,7 +70,7 @@ The CMS_EnvelopedData_create_ex() method was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_data_create.pod b/doc/man3/CMS_data_create.pod index 54ec71bb40..558e70b5e0 100644 --- a/doc/man3/CMS_data_create.pod +++ b/doc/man3/CMS_data_create.pod @@ -44,7 +44,7 @@ The CMS_data_create_ex() method was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_digest_create.pod b/doc/man3/CMS_digest_create.pod index c61cc15f32..bd83e2aa6f 100644 --- a/doc/man3/CMS_digest_create.pod +++ b/doc/man3/CMS_digest_create.pod @@ -48,7 +48,7 @@ The CMS_digest_create_ex() method was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod index 99e34034f2..cb30b27ff5 100644 --- a/doc/man3/DH_size.pod +++ b/doc/man3/DH_size.pod @@ -61,7 +61,7 @@ The DH_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod index bf6c9f7c3e..6558d0c0c4 100644 --- a/doc/man3/EVP_ASYM_CIPHER_free.pod +++ b/doc/man3/EVP_ASYM_CIPHER_free.pod @@ -92,7 +92,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 63b416289b..e31621b24a 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -912,7 +912,7 @@ functions were added in 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 7a012026c5..c5309dc430 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -289,7 +289,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod index a485f85815..69302880c7 100644 --- a/doc/man3/EVP_KEM_free.pod +++ b/doc/man3/EVP_KEM_free.pod @@ -86,7 +86,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index ab8f38e077..83dafde007 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -94,7 +94,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index e103b58e90..6eb4e5567d 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -139,7 +139,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 37630920c0..7c8db14cb6 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -680,7 +680,7 @@ and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index cb203dbd71..d7ac221f7c 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -122,7 +122,7 @@ added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_is_a.pod b/doc/man3/EVP_PKEY_is_a.pod index 228c312cee..467b0145e5 100644 --- a/doc/man3/EVP_PKEY_is_a.pod +++ b/doc/man3/EVP_PKEY_is_a.pod @@ -87,7 +87,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 68e13d3480..d437f5bc13 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -235,7 +235,7 @@ EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod index f5f06c8b4d..cfc3b4c3bf 100644 --- a/doc/man3/EVP_SIGNATURE_free.pod +++ b/doc/man3/EVP_SIGNATURE_free.pod @@ -92,7 +92,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index 288cc18857..0cb67d7dc1 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -97,7 +97,7 @@ The function EVP_VerifyFinal_ex() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index 3ded33f425..f4afddcdef 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -210,7 +210,7 @@ L =head1 COPYRIGHT -Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index c109601597..82beda458b 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -270,7 +270,7 @@ type checking. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 99f4e2ce62..a872de3b77 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -350,7 +350,7 @@ B was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 47882b002d..299249ceb1 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -221,7 +221,7 @@ The OSSL_STORE_INFO_PUBKEY object type was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 203286c70d..7602396ee2 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -374,7 +374,7 @@ were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index e28a35e73a..120a936f83 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -252,7 +252,7 @@ with the exception of the L ones. =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 994ff9f9e3..be898c6795 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -79,7 +79,7 @@ standards. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_get0_primary.pod b/doc/man3/RAND_get0_primary.pod index 6ee3da2df7..408d02077f 100644 --- a/doc/man3/RAND_get0_primary.pod +++ b/doc/man3/RAND_get0_primary.pod @@ -72,7 +72,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index 755e25dde1..ccc6d83f28 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -76,7 +76,7 @@ All of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod index 17eb86b9d2..873825a2c3 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -150,7 +150,7 @@ All of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod index 6012e911de..566b245f3f 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -106,7 +106,7 @@ Both of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod index 4fc663d1b6..b20fb7b613 100644 --- a/doc/man7/EVP_KDF-HKDF.pod +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -141,7 +141,7 @@ L =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod index 5da2787c0e..2ab3e55076 100644 --- a/doc/man7/EVP_KDF-KB.pod +++ b/doc/man7/EVP_KDF-KB.pod @@ -163,7 +163,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright 2019 Red Hat, Inc. Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod index 874b4d9753..b239f4ed30 100644 --- a/doc/man7/EVP_KDF-KRB5KDF.pod +++ b/doc/man7/EVP_KDF-KRB5KDF.pod @@ -105,7 +105,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod index 70edde375c..d2a1b4503a 100644 --- a/doc/man7/EVP_KDF-SCRYPT.pod +++ b/doc/man7/EVP_KDF-SCRYPT.pod @@ -136,7 +136,7 @@ L =head1 COPYRIGHT -Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod index 958fd06676..1c0c9d0f81 100644 --- a/doc/man7/EVP_KDF-SS.pod +++ b/doc/man7/EVP_KDF-SS.pod @@ -177,7 +177,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Copyright +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod index b7f8da5912..9996721d3c 100644 --- a/doc/man7/EVP_KDF-TLS1_PRF.pod +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -100,7 +100,7 @@ L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index 3272e1e755..1efda01ee0 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -98,7 +98,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KEYEXCH-DH.pod b/doc/man7/EVP_KEYEXCH-DH.pod index 4368c62140..34930ef1f7 100644 --- a/doc/man7/EVP_KEYEXCH-DH.pod +++ b/doc/man7/EVP_KEYEXCH-DH.pod @@ -101,7 +101,7 @@ L, =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index 042e2bfaa0..809a29a0fe 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -73,7 +73,7 @@ The macros and functions described here were added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index 3c6af827b9..4beac89d9c 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -67,7 +67,7 @@ L, L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index a392cf3dfe..7de83fe7b5 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -73,7 +73,7 @@ L, L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index 504622b7d1..6b02e94ef8 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -133,7 +133,7 @@ L, L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index a7e2f23439..59f9444214 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -56,7 +56,7 @@ L, L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index 01849f7c4a..7f5792bf31 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -58,7 +58,7 @@ L, L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_RAND-CTR-DRBG.pod b/doc/man7/EVP_RAND-CTR-DRBG.pod index 61dfa2672e..a8e92e5235 100644 --- a/doc/man7/EVP_RAND-CTR-DRBG.pod +++ b/doc/man7/EVP_RAND-CTR-DRBG.pod @@ -98,7 +98,7 @@ L =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_RAND-HASH-DRBG.pod b/doc/man7/EVP_RAND-HASH-DRBG.pod index a212add6d2..62ded203ad 100644 --- a/doc/man7/EVP_RAND-HASH-DRBG.pod +++ b/doc/man7/EVP_RAND-HASH-DRBG.pod @@ -90,7 +90,7 @@ L =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_RAND-HMAC-DRBG.pod b/doc/man7/EVP_RAND-HMAC-DRBG.pod index f345255efc..54ae61478d 100644 --- a/doc/man7/EVP_RAND-HMAC-DRBG.pod +++ b/doc/man7/EVP_RAND-HMAC-DRBG.pod @@ -93,7 +93,7 @@ L =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_RAND-SEED-SRC.pod b/doc/man7/EVP_RAND-SEED-SRC.pod index 4d21e4cd6e..516fa64f57 100644 --- a/doc/man7/EVP_RAND-SEED-SRC.pod +++ b/doc/man7/EVP_RAND-SEED-SRC.pod @@ -77,7 +77,7 @@ L =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_RAND-TEST-RAND.pod b/doc/man7/EVP_RAND-TEST-RAND.pod index c5f1a4d526..56e9d755e3 100644 --- a/doc/man7/EVP_RAND-TEST-RAND.pod +++ b/doc/man7/EVP_RAND-TEST-RAND.pod @@ -103,7 +103,7 @@ L =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod index 41e8ad9a42..1be30b3158 100644 --- a/doc/man7/EVP_SIGNATURE-RSA.pod +++ b/doc/man7/EVP_SIGNATURE-RSA.pod @@ -100,7 +100,7 @@ L, =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod index 8ae55ccac8..39a7bcc81e 100644 --- a/doc/man7/RAND.pod +++ b/doc/man7/RAND.pod @@ -72,7 +72,7 @@ L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod index c97abba3dd..74fc975ce1 100644 --- a/doc/man7/evp.pod +++ b/doc/man7/evp.pod @@ -104,7 +104,7 @@ L =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index a0327a85df..7165827160 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -266,7 +266,7 @@ The provider DIGEST interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-kem.pod b/doc/man7/provider-kem.pod index 4a094bd2c9..7903fb8ca4 100644 --- a/doc/man7/provider-kem.pod +++ b/doc/man7/provider-kem.pod @@ -197,7 +197,7 @@ The provider KEM interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod index bf97096cb2..b353f760bd 100644 --- a/doc/man7/provider-keyexch.pod +++ b/doc/man7/provider-keyexch.pod @@ -199,7 +199,7 @@ The provider KEYEXCH interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 4e9d67db2d..ac85f523d4 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/fuzz/client.c b/fuzz/client.c index 007b0d6443..b8afe55336 100644 --- a/fuzz/client.c +++ b/fuzz/client.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fuzz/cmp.c b/fuzz/cmp.c index 82a812baba..490c4211f8 100644 --- a/fuzz/cmp.c +++ b/fuzz/cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h index 517a8622d9..cd460dea8d 100644 --- a/fuzz/fuzzer.h +++ b/fuzz/fuzzer.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/include/crypto/bn_dh.h b/include/crypto/bn_dh.h index e0506b753e..6d12c20e02 100644 --- a/include/crypto/bn_dh.h +++ b/include/crypto/bn_dh.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/modes.h b/include/crypto/modes.h index 119314d172..19f9d85959 100644 --- a/include/crypto/modes.h +++ b/include/crypto/modes.h @@ -1,5 +1,5 @@ /* - * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/namemap.h b/include/internal/namemap.h index bbdc041173..a4c60ae695 100644 --- a/include/internal/namemap.h +++ b/include/internal/namemap.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in index 3b2f7e98f5..f3a9543da1 100644 --- a/include/openssl/bio.h.in +++ b/include/openssl/bio.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/dh.h b/include/openssl/dh.h index d17f01334f..b97871eca7 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 08593705c3..100da328c3 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/store.h b/include/openssl/store.h index 304532bde3..19669b55f1 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index b2ae379525..816f8f9989 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 10332997de..cd1f818c1a 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index 47f04c47e2..4db224ba05 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/digest_to_nid.c b/providers/common/digest_to_nid.c index f66b61b4fa..96c5e4e38b 100644 --- a/providers/common/digest_to_nid.c +++ b/providers/common/digest_to_nid.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index fc8237a249..18c0f9a752 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h index 2b81092f30..c322457fc8 100644 --- a/providers/common/include/prov/securitycheck.h +++ b/providers/common/include/prov/securitycheck.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c index 7bb5639882..c3a9325a1f 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_ccm.c b/providers/implementations/ciphers/cipher_aes_ccm.c index 8da044bd95..bb4b1e1e64 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm.c +++ b/providers/implementations/ciphers/cipher_aes_ccm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw.c b/providers/implementations/ciphers/cipher_aes_ccm_hw.c index c9a7d18d7a..263d190281 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ccm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc index 4772a42f21..579e5a3d4f 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc +++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc index e783b008cf..a676d411b5 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc +++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index f9463ea7df..a9f574ab23 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c index b322a29196..1aca2bf9e7 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc index e17ff8cf94..e6aa0479dd 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc index 572f8412bf..310f4470d6 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.inc index 8ccc802814..2b3a6d1d5e 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.inc +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.inc @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c index 9952078c91..d6b5517ee0 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm.c +++ b/providers/implementations/ciphers/cipher_aria_ccm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aria_ccm_hw.c b/providers/implementations/ciphers/cipher_aria_ccm_hw.c index 6d5a435a62..700958cbac 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_aria_ccm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c index 974d70b844..c2fe7ec185 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm.c +++ b/providers/implementations/ciphers/cipher_aria_gcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aria_gcm_hw.c b/providers/implementations/ciphers/cipher_aria_gcm_hw.c index 3f9832dea0..d5f211a484 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm_hw.c +++ b/providers/implementations/ciphers/cipher_aria_gcm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_chacha20.h b/providers/implementations/ciphers/cipher_chacha20.h index c986838d93..9db8ed9cb4 100644 --- a/providers/implementations/ciphers/cipher_chacha20.h +++ b/providers/implementations/ciphers/cipher_chacha20.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_des_hw.c b/providers/implementations/ciphers/cipher_des_hw.c index 4ae15c3826..a77fcc681a 100644 --- a/providers/implementations/ciphers/cipher_des_hw.c +++ b/providers/implementations/ciphers/cipher_des_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/ciphercommon_ccm_hw.c b/providers/implementations/ciphers/ciphercommon_ccm_hw.c index f16ca76f10..ad3fbc59e4 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm_hw.c +++ b/providers/implementations/ciphers/ciphercommon_ccm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/ciphercommon_gcm_hw.c b/providers/implementations/ciphers/ciphercommon_gcm_hw.c index 3c68f3c779..c0a7399640 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm_hw.c +++ b/providers/implementations/ciphers/ciphercommon_gcm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/ciphercommon_local.h b/providers/implementations/ciphers/ciphercommon_local.h index 6cc57934c5..11cb6116a8 100644 --- a/providers/implementations/ciphers/ciphercommon_local.h +++ b/providers/implementations/ciphers/ciphercommon_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/blake2_prov.c b/providers/implementations/digests/blake2_prov.c index a97d17a91b..74ff44e6b7 100644 --- a/providers/implementations/digests/blake2_prov.c +++ b/providers/implementations/digests/blake2_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index 2b31882c1f..11271e1b59 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/blake2s_prov.c b/providers/implementations/digests/blake2s_prov.c index 997d0e2943..a9a8f9d048 100644 --- a/providers/implementations/digests/blake2s_prov.c +++ b/providers/implementations/digests/blake2s_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/md5_sha1_prov.c b/providers/implementations/digests/md5_sha1_prov.c index d05a7e7d85..e41ac815c5 100644 --- a/providers/implementations/digests/md5_sha1_prov.c +++ b/providers/implementations/digests/md5_sha1_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c index e1741f4e53..5635a70960 100644 --- a/providers/implementations/encode_decode/decode_ms2key.c +++ b/providers/implementations/encode_decode/decode_ms2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/include/prov/blake2.h b/providers/implementations/include/prov/blake2.h index 305f7a3c53..d18cbc708c 100644 --- a/providers/implementations/include/prov/blake2.h +++ b/providers/implementations/include/prov/blake2.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/include/prov/ciphercommon_ccm.h b/providers/implementations/include/prov/ciphercommon_ccm.h index a4e02d484b..4c184b395f 100644 --- a/providers/implementations/include/prov/ciphercommon_ccm.h +++ b/providers/implementations/include/prov/ciphercommon_ccm.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h index d878261dfb..3e01cc7e7b 100644 --- a/providers/implementations/include/prov/ciphercommon_gcm.h +++ b/providers/implementations/include/prov/ciphercommon_gcm.h @@ -1,6 +1,6 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/include/prov/md5_sha1.h b/providers/implementations/include/prov/md5_sha1.h index 284ec957ba..181267d6b1 100644 --- a/providers/implementations/include/prov/md5_sha1.h +++ b/providers/implementations/include/prov/md5_sha1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/macs/blake2b_mac.c b/providers/implementations/macs/blake2b_mac.c index d1781d0d96..0bc5b1c275 100644 --- a/providers/implementations/macs/blake2b_mac.c +++ b/providers/implementations/macs/blake2b_mac.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/macs/blake2s_mac.c b/providers/implementations/macs/blake2s_mac.c index 90583a51a8..cb500e29ab 100644 --- a/providers/implementations/macs/blake2s_mac.c +++ b/providers/implementations/macs/blake2s_mac.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 9aefc2cbec..9807799fe0 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index 3e99fce70a..ec0e55bec8 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c index d34e90540d..854a720f60 100644 --- a/providers/implementations/storemgmt/file_store_der2obj.c +++ b/providers/implementations/storemgmt/file_store_der2obj.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 0eef2a2239..524ec52cf0 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bn_internal_test.c b/test/bn_internal_test.c index 952369c7a1..7ef398a8b3 100644 --- a/test/bn_internal_test.c +++ b/test/bn_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index e841f029ce..96b0f1b511 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/test/ecdsatest.c b/test/ecdsatest.c index cf09419c94..38486f5955 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index e61f50baad..45d1ce2569 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index 3c54d68010..026158d4ba 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h index 84918289c0..9b07292673 100644 --- a/test/ossl_shim/include/openssl/base.h +++ b/test/ossl_shim/include/openssl/base.h @@ -1,5 +1,5 @@ /* - * Copyright 1998-2001 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index eff0b3eb9b..7ea8050ae7 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c index 773c696fec..7a5df01647 100644 --- a/test/ossl_store_test.c +++ b/test/ossl_store_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/p_test.c b/test/p_test.c index 02a822c486..6f55abda01 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/params_api_test.c b/test/params_api_test.c index 2d69b5c327..38d6913ec5 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index fc04d2d925..aeb38339fa 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/provider_test.c b/test/provider_test.c index 7406bb4318..d89611b9b2 100644 --- a/test/provider_test.c +++ b/test/provider_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index d603b24356..9ba6d2eb85 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/15-test_dsaparam.t b/test/recipes/15-test_dsaparam.t index c34d8ec9cd..2f06c1f4e0 100644 --- a/test/recipes/15-test_dsaparam.t +++ b/test/recipes/15-test_dsaparam.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t index 47aac78f35..5618d5e2bc 100644 --- a/test/recipes/15-test_rsaoaep.t +++ b/test/recipes/15-test_rsaoaep.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t index e7291df456..f70de7e574 100644 --- a/test/recipes/20-test_cli_fips.t +++ b/test/recipes/20-test_cli_fips.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 618088a577..7f2ff029ba 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_acvp.t b/test/recipes/30-test_acvp.t index f86055666e..8f36325f21 100644 --- a/test/recipes/30-test_acvp.t +++ b/test/recipes/30-test_acvp.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t index afdfd0ac70..73bb4bce9c 100644 --- a/test/recipes/30-test_defltfips.t +++ b/test/recipes/30-test_defltfips.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 3398a1ab9a..fde0f658ee 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpmac_blake.txt b/test/recipes/30-test_evp_data/evpmac_blake.txt index 416d6b25dd..cd9a75e82e 100644 --- a/test/recipes/30-test_evp_data/evpmac_blake.txt +++ b/test/recipes/30-test_evp_data/evpmac_blake.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt index 67a0d3482d..35bba4fcaa 100644 --- a/test/recipes/30-test_evp_data/evpmac_common.txt +++ b/test/recipes/30-test_evp_data/evpmac_common.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpmac_siphash.txt b/test/recipes/30-test_evp_data/evpmac_siphash.txt index 028b2d656f..a9081a1c81 100644 --- a/test/recipes/30-test_evp_data/evpmac_siphash.txt +++ b/test/recipes/30-test_evp_data/evpmac_siphash.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index e033f49d63..63082dd311 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t index 36802c8d7b..81abbdb3bf 100644 --- a/test/recipes/30-test_evp_libctx.t +++ b/test/recipes/30-test_evp_libctx.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_provider_status.t b/test/recipes/30-test_provider_status.t index 0aaaf7ef49..b3a239fb6a 100644 --- a/test/recipes/30-test_provider_status.t +++ b/test/recipes/30-test_provider_status.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/65-test_cmp_client.t b/test/recipes/65-test_cmp_client.t index 0cd4982e89..c6c66fe54c 100644 --- a/test/recipes/65-test_cmp_client.t +++ b/test/recipes/65-test_cmp_client.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t index 3fc091a461..d104576a9d 100644 --- a/test/recipes/65-test_cmp_msg.t +++ b/test/recipes/65-test_cmp_msg.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t index 4fa7c8298b..631603df7c 100644 --- a/test/recipes/65-test_cmp_protect.t +++ b/test/recipes/65-test_cmp_protect.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # diff --git a/test/recipes/65-test_cmp_server.t b/test/recipes/65-test_cmp_server.t index fb9dcef081..478de7751a 100644 --- a/test/recipes/65-test_cmp_server.t +++ b/test/recipes/65-test_cmp_server.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2020 # Copyright Siemens AG 2015-2020 # diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t index c1851cbc6e..cc0ef8cee7 100644 --- a/test/recipes/65-test_cmp_vfy.t +++ b/test/recipes/65-test_cmp_vfy.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # diff --git a/test/recipes/66-test_ossl_store.t b/test/recipes/66-test_ossl_store.t index 0385e452b7..21bec4395c 100644 --- a/test/recipes/66-test_ossl_store.t +++ b/test/recipes/66-test_ossl_store.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 02a620367d..b890be6218 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh index 44810b5936..4fd434f29a 100755 --- a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh +++ b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/95-test_external_krb5.t b/test/recipes/95-test_external_krb5.t index 9d6824cb6f..dca2c065d3 100644 --- a/test/recipes/95-test_external_krb5.t +++ b/test/recipes/95-test_external_krb5.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index 72a7baaeff..e91a1a4898 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 24222fa865..700f77fd6b 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/tools/c_rehash.in b/tools/c_rehash.in index 3e2e9c0f52..1566d141d3 100644 --- a/tools/c_rehash.in +++ b/tools/c_rehash.in @@ -1,7 +1,7 @@ #!{- $config{HASHBANGPERL} -} # {- join("\n# ", @autowarntext) -} -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index d09d017c87..4b40a62fd8 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Thu Mar 11 14:04:28 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Mar 2021 14:04:28 +0000 Subject: [openssl] master update Message-ID: <1615471468.499221.31227.nullmailer@dev.openssl.org> The branch master has been updated via e66682a838a60351cf112830dee263862a1f9d10 (commit) via 88df2c0b3d6162971304c06a240deb9320c9ae67 (commit) from 8020d79b4033400d0ef659a361c05b6902944042 (commit) - Log ----------------------------------------------------------------- commit e66682a838a60351cf112830dee263862a1f9d10 Author: Matt Caswell Date: Thu Mar 11 13:47:21 2021 +0000 Prepare for 3.0 alpha 14 Reviewed-by: Richard Levitte commit 88df2c0b3d6162971304c06a240deb9320c9ae67 Author: Matt Caswell Date: Thu Mar 11 13:47:12 2021 +0000 Prepare for release of 3.0 alpha 13 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index e54cbf764d..2526e2d6e3 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha13-dev +PRE_RELEASE_TAG=alpha14-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3 From matt at openssl.org Thu Mar 11 14:04:37 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Mar 2021 14:04:37 +0000 Subject: [openssl] openssl-3.0.0-alpha13 create Message-ID: <1615471477.172113.32208.nullmailer@dev.openssl.org> The annotated tag openssl-3.0.0-alpha13 has been created at 534f796a081450da2bcab4d889dacef51cf13c3a (tag) tagging 88df2c0b3d6162971304c06a240deb9320c9ae67 (commit) replaces openssl-3.0.0-alpha12 tagged by Matt Caswell on Thu Mar 11 13:47:13 2021 +0000 - Log ----------------------------------------------------------------- OpenSSL 3.0.0-alpha13 release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmBKH2ERHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHhTggApIG8kTYo1+cmY6ju554WAwPrvGraob7T /V89xCAV/173BZo9YiJQ3CIYAkqbArrWiEvtzKq/ydSSPmUv3fw7d6LGCjaMr/nB xgnyxQWlYalZImVB5jasRYE2jUUPI0EMcBZqMRxfgXjnQ+gGDWQRt+9lv40fnbad 62YSI5GbIsNqH1U3+P8I7r8kPhA8tKErmX3IDtMAF6JRthp2N4dSzahGT3NLzp35 X9mu/nhzfZAzSTzjW4xSfoK+OIyeRz1kZyC+1rL+zmadWOt/juPk0JOQoPjYnU8v qP+RakyNNIeTywoKDNo2oJ+DVMRIHt4JCQ0YdTG2IC5KN37e0wzDvw== =wvd0 -----END PGP SIGNATURE----- Alistair Francis (1): Fixup support for io_pgetevents_time64 syscall Armin Fuerst (1): fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined Arthur Gautier (1): EVP_KDF-KB man page: Fix typo in the example code Benjamin Kaduk (5): Remove disabled TLS 1.3 ciphers from the SSL(_CTX) Check ASN1_item_ndef_i2d() return value. Add test for EC pubkey export/import test_ecpub: verify returned length after encoding test_ecpub: test that we can decode the DER we encoded Chenglong Zhang (1): Fix speed sm2 bug Daniel Bevenius (1): Fix typo in comment in DH_set0_pqg function Dmitry Belyavskiy (2): Restore GOST macros compatibility with 1.1.1 Non-const accessor to legacy keys Dr. David von Oheimb (24): Add internal X509_add_certs_new(), which simplifies matters Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() 81-test_cmp_cli_data: fixup on CSR test cases CMP: Fix total_timeout behavior; small doc and diagnostic improvements Handle NULL result of ERR_reason_error_string() in some apps Code cleanup mostly in crypto/x509/v3_purp.c apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently apps/x509.c: Improve indentation of the large print loop in x509_main() apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() apps/x509.c: Fix mem leaks in processing of -next_serial in print loop OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() CMP: On NULL-DN subject or issuer input omit field in cert template openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' OSSL_STORE: restore diagnostics on decrypt error; provide password hints crypto/ocsp/ocsp_cl.c: coding style improvements OCSP_resp_find_status.pod: Complete the RETURN VALUES section Make more use of X509_add_certs(); minor related code & comments cleanup Simplify OCSP_sendreq_bio() http_local.h: Remove unused declaration of HTTP_sendreq_bio() HTTP: Fix BIO_mem_d2i() on NULL mem input apps/x509.c: Rename -signkey to -key for consistency with the req app http_test.c: Fix minor Coverity issue CID 1473608 cmp_hdr.c: Fix minor Coverity issue CID 1473605 Fangming.Fang (1): Fix compiling error on arm Georg H?llrigl (1): rfc2606 compliant example domains for x509v3_config.pod John Baldwin (1): Correct the return value of BIO_get_ktls_*(). Mark (1): Fix filename escaping in c_rehash Matt Caswell (27): Prepare for 3.0 alpha 13 Don't forget the type of thing we are loading Pass the object type and data structure from the pem2der decoder Suppress errors about undocumented asn1_d2i_read_bio Document OPENSSL_LH_flush() Add documentation for the macro OPENSSL_VERSION_PREREQ Document the OSSL_PARAM_DEFN macro Note that the OSSL_CORE_MAKE_FUNC macro is reserved Fix no-tests on mingw Duplicate the file and func error strings Test errors from a provider can still be accessed after unload Don't hold a lock when calling a callback in ossl_namemap_doall_names Add a test for a names_do_all function Fix a copy&paste error in evp_extra_test Add a multi thread test for downgrading keys Avoid a null pointer deref on a malloc failure Cache legacy keys instead of downgrading them Ensure the various legacy key EVP_PKEY getters/setters are deprecated Document the change in behaviour of the the low level key getters/setters Make the EVP_PKEY_get0* functions have a const return type Fix the check for suitable groups and TLSv1.3 Add a missing CHANGES.md entry for the legacy provider Add a CHANGES for OSSL_STORE_INFO_get_type() Expand the CHANGES entry for SHA1 and libssl Mention the change of licence in NEWS.md Update copyright year Prepare for release of 3.0 alpha 13 Paul Nelson (1): Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo Pauli (88): doc: remove notes section in OSSL_ENCODER.pod RAND_METHOD deprecation: documentation RAND_METHOD deprecation: tests RAND_METHOD deprecation: fuzzer RAND_METHOD deprecation: code changes rand: allow lock/unlock functions to be absent rand: add DRBG/seed setting functions test: add framework for generic fake random number generator test: make the DRBG test work without RAND_METHOD support. test: update tests to use the fake random number generator provider: add option to load a provider without disabling the fallbacks. changes: note the deprecation of RAND_METHOD APIs rand: note that locking needs to be explicitly enabled. provider: add an unquery function to allow providers to clean up. prov: update digests to support modified ctx params core: update digest gettable/settable ctx params calls modify EVP to support digest gettable/settable calls doc: note changes to digest gettable/settable provider calls doc: note changes to rand gettable/settable provider call prov: update RNGs to support modified gettable/settable CTX params core: update RNG gettable/settable ctx param calls evp: support modified gettable/settable ctx calls for RNGs doc: changes to match the updated context gettable/settable calls evp: support modified gettable/settable ctx calls for KDFs core: support modified gettable/settable ctx calls for KDFs prov: support modified gettable/settable ctx calls for KDFs prov: support modified gettable/settable ctx calls for MACs core: core: support modified gettable/settable ctx calls for MACs doc: changes to match the updated context gettable/settable calls for MACs evp: support modified gettable/settable ctx calls for MACs prov: upport modified gettable/settable ctx calls for ciphers evp: upport modified gettable/settable ctx calls for ciphers changes to match the updated context gettable/settable calls for ciphers core: support modified gettable/settable ctx calls for ciphers test: add ctx gettable/settable to the generic fake random number generator fuzzer: add ctx gettable/settable to the fuzzer RNG siphash: Add the C and D round parameters for SipHash. prov: update SipHash to new init function prov kdf: update to use the extra MAC init arguments apps: update fipsinstall to work with additional MAC_init arguments apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. apps: updates for the new additional MAC_init arguments crmf: updates for the new additional MAC_init arguments evp: updates for the new additional MAC_init arguments tls: updates for the new additional MAC_init arguments evp_test: updates for the new additional MAC_init arguments test: updates for the new additional MAC_init arguments core: update to use the extra MAC init arguments fips: update to use the extra MAC init arguments prov: update provider util to be less agressive about changing things unnecessarily prov: use new MAC_init arguments in signature legacy code prov: use new MAC_init arguments in HMAC-DRBG prov: update cmac to have additional init arguments prov: update gmac to have additional init arguments prov: update hmac to have additional init arguments prov: update kmac to have additional init arguments update BLAKE2 to have additional init arguments update poly1305 to have additional init arguments doc: note the additional parameters to EVP_MAC_init() apps: update speed to use the additional arguments to MAC_init doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call doc: update provider-mac documentation to account for the additional init() arguments core: add param argument to KDF derive call evp: add param argument to KDF derive call test: adjust tests to include extra argument to KDF derive call tls: adjust for extra argument to KDF derive call prov: add extra params argument to KDF implementations apps: add addition argument to KDF derive call crypto: add additional argument to KDF derive calls fips: add additional argument to KDF derive call in self test prov: add additional argument to KDF derive call in key exchange doc: document additional argument to KDF derive calls evp: add params argument to EVP_RAND_instantiate() fips: update DRBG KATs for the extra instantiate argument prov: update rand implementations to have a params argument for the instantiate call test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs doc: update documenation with params argument on DRBG instantiate calls core: add params argument to DRBG instantiate call rand: use params argument on instantiate call test: update test_random to create real contexts instead of sharing one test: update ECDSA and SM2 internal tests in line with the fake_random change test: add utility function to set the fake random callback on both the public and private instances test: use the new set public and private together call rand: remove FIPS mode conditional code. doc: add a note to the RAND_get0_ calls indicating how to set the DRBG type. Add a real type for OSSL_CORE_BIO which is distinct from and not castable to BIO core: add up_ref callback for OSSL_CORE_BIO test: convert store test to use relative paths Pedro Monreal (1): Fix reason code: EVP_R_OPERATON_NOT_INITIALIZED Petr Gotthard (1): Fix -pkeyopt handling in apps/pkeyutl -rawin Rich Salz (1): Remove RSA SSLv23 padding mode Richard Levitte (42): OSSL_PARAM: Correct the assumptions on the UTF8 string length Adjust the few places where the string length was confused DECODER: Use the data structure from the last decoder to select the next DECODER: Add better tracing of the chain walking process util/perl/OpenSSL/config.pm: Fix determine_compiler_settings() util/perl/OpenSSL/config.pm: Add VMS specific C compiler settings EVP: Implement EVP_PKEY_CTX_is_a() EVP: Make evp_pkey_ctx_state() available to all of EVP EVP: make evp_pkey_is_assigned() usable in the FIPS module EVP: Implement data-driven translation between known ctrl and OSSL_PARAMs EVP: Make evp_pkey_ctx_{set,get}_params_strict() legacy aware EVP: Adapt diverse OSSL_PARAM setters and getters EVP: Adapt the EVP_PKEY_CTX ctrl functions EVP: Adapt the DH specific EVP_PKEY_CTX setter / getter functions EVP: Adapt the RSA specific EVP_PKEY_CTX setter / getter functions EVP: Make checks in evp_pkey_ctx_store_cached_data() more restricted EVP: Adapt the EC_KEY specific EVP_PKEY_CTX setter / getter functions Generate doc/build.info with 'make update' rather than on the fly make update appveyor.yml: clarify conditions for building the plain configuration make update X509: Refactor X509_PUBKEY processing to include provider side keys Allow the sshkdf type to be passed as a single character Fix OSSL_PARAM_allocate_from_text() for OSSL_PARAM_UTF8_STRING Fix string termination and length setting in OSSL_PARAM_BLD_push_utf8_string() Makefile: Only update doc/build.info when there's an actual change Modify i2d_PublicKey() so it can get an EC public key as a blob PROV: Implement an EC key -> blob encoder, to get the public key crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length make update DOCS: Fix provider-mac.pod and the docs of our implementations build.info: Add the possibility to add dependencies on raw targets build.info: Make it possible to use compiled programs as generators Make 'tests' depend on a generated 'providers/fipsmodule.cnf' APPS: Modify 'fipsinstall' to output all notifications on stderr TEST: Remove the build of fipsmodule.cnf from test recipes Fix the perl code to get FIPSMODULENAME Add a new test recipe to verify the generated test fipsmodule.cnf test/threadstest.c: Add a test to load providers concurrently Make ossl_provider_disable_fallback_loading() thread safe Make provider provider_init thread safe, and flag checking/setting too DOCS: Document OSSL_STORE_INFO_PUBKEY in doc/man3/OSSL_STORE_INFO.pod Shane Lontis (15): Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). Fix DH ASN1 decode so that it detects named groups. Fix merge problem in d2i_PrivateKey_ex Fix external symbols for cms. Fix external symbols for pkcs7. Add EVP_PKEY_public_check_quick. Add back in legacy paths for d2i_PrivateKey/d2i_AutoPrivateKey. Fix external symbols for bn Fix external symbols related to dh keys Fix external symbols related to dsa keys Fix external symbols related to ec & sm2 keys Fix NULL access in ssl_build_cert_chain() when ctx is NULL. Reword repeated words. Add new filter BIO BIO_f_readbuffer() Use BIO_f_readbuffer() in the decoder to support stdin. Tobias Nie?en (1): crypto: rename error flags in internal structures Tomas Mraz (45): Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() speed: Drop code to handle platforms without SIGALRM speed: Adapt digests and hmac to always use non-deprecated APIs speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa speed: Drop deprecated _options() calls Use strcasecmp when comparing kdf_type Remove inclusion of unnecessary header files Fix missing EOL at the end of the rsa/build.info Cleanup of some of the EVP_PKEY_CTX_ctrl related TODOs Ensure that the fake rand is initialized fake_random: Do not overwrite the callback on instatiation evp_extra_test: Do not manipulate providers in default context tests: Always print errors before test verdict evp_pkey_provided_test: Improve diagnostic output evp_extra_test: Remove TODO comment as setting the curve is mandatory evp_extra_test2: Remove TODO 3.0 test_ssl_new: X448, X25519, and EdDSA are supported with fips statem_lib.c: Remove TODOs that are unnecessary Resolve TODOs in signature implementations. Remove todos in providers/implementations/include/prov Remove unused MAX_TLS_MAC_SIZE define Improve error reporting in key exchange provider implementations Remove todos in decode_der2key.c and decode_ms2key.c EVP_PKEY_CTX_get/settable_params: pass provider operation context ossl_rsa_sp800_56b_check_public: Be more lenient with small keys test/x509: Test for issuer being overwritten when printing. include/internal: Remove TODOs that are irrelevant for 3.0 include/crypto: Remove TODOs that are irrelevant for 3.0 crypto/ppccap.c: Remove useless TODO 3.0 crypto/param_build_set.c: Remove irrelevant TODO 3.0 Remove some of the TODO 3.0 in crypto/evp related to legacy support. do_sigver_init: Remove fallback for missing provider implementations. ecx_set_priv_key: Remove TODO 3.0 related to setting libctx bn_ctx.c: Remove TODO 3.0 related to tracing in FIPS module ecx_set_priv_key: Try to obtain libctx from the pkey's keymgmt CI: add job with external tests gost_engine test: Run also perl and tcl tests gost_engine test: further cleanups and fixes CI external test: for now run only the krb5 and gost_engine tests CI external tests: separate each external test into its own phase apps/pkcs12: Properly detect MAC setup failure apps/pkcs12: Detect missing PKCS12KDF support on import apps/pkcs12: Allow continuing on absent mac Change default algorithms in PKCS12_create() and PKCS12_set_mac() Fix formatting error of HISTORY section in some manual pages. UndefBehavior (1): Fix build of /dev/crypto engine with no-dynamic-engine option Vincent Drake (1): Use read/write locking on Windows Zhang Jinde (1): CRYPTO_gcm128_decrypt: fix mac or tag calculation georg-x (1): Various improvements of doc/man5/x509v3_config.pod jwalch (2): -Wunused-function cleanup Fix an integer overflow in o_time.c panda (1): Check SSL_set1_chain error in set_cert_cb ----------------------------------------------------------------------- From matt at openssl.org Thu Mar 11 14:05:51 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Mar 2021 14:05:51 +0000 Subject: [web] master update Message-ID: <1615471551.250349.2302.nullmailer@dev.openssl.org> The branch master has been updated via a12160447e27f7fd9dd1d84441d527de2545a4a8 (commit) from 534023923c6dc5b0d26ea9a1fd28456f80afd311 (commit) - Log ----------------------------------------------------------------- commit a12160447e27f7fd9dd1d84441d527de2545a4a8 Author: Matt Caswell Date: Thu Mar 11 13:55:44 2021 +0000 Update newsflash for the 3.0 alpha13 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/223) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 89e7ae8..1bbcaf2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it 18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it 16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes 28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it From dev at ddvo.net Thu Mar 11 14:28:21 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 11 Mar 2021 14:28:21 +0000 Subject: [openssl] master update Message-ID: <1615472901.693214.8451.nullmailer@dev.openssl.org> The branch master has been updated via 6bbff162f1d72ed52d705c4c146cd3152ef4648c (commit) from e66682a838a60351cf112830dee263862a1f9d10 (commit) - Log ----------------------------------------------------------------- commit 6bbff162f1d72ed52d705c4c146cd3152ef4648c Author: Dr. David von Oheimb Date: Tue Mar 9 13:32:43 2021 +0100 openssl-cmp.pod.in and apps/cmp.c: Various minor do improvements Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14493) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 18 ++++---- doc/man1/openssl-cmp.pod.in | 109 +++++++++++++++++++++----------------------- 2 files changed, 63 insertions(+), 64 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 40815930cf..519e0bc2a5 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -71,6 +71,7 @@ static char server_port[32] = { '\0' }; static char *opt_path = NULL; static char *opt_proxy = NULL; static char *opt_no_proxy = NULL; +static char *opt_recipient = NULL; static int opt_msg_timeout = -1; static int opt_total_timeout = -1; @@ -78,7 +79,6 @@ static int opt_total_timeout = -1; static char *opt_trusted = NULL; static char *opt_untrusted = NULL; static char *opt_srvcert = NULL; -static char *opt_recipient = NULL; static char *opt_expect_sender = NULL; static int opt_ignore_keyusage = 0; static int opt_unprotected_errors = 0; @@ -204,10 +204,11 @@ typedef enum OPTION_choice { OPT_OLDCERT, OPT_REVREASON, OPT_SERVER, OPT_PATH, OPT_PROXY, OPT_NO_PROXY, + OPT_RECIPIENT, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT, OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT, - OPT_RECIPIENT, OPT_EXPECT_SENDER, + OPT_EXPECT_SENDER, OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS, OPT_EXTRACERTSOUT, OPT_CACERTSOUT, @@ -340,6 +341,8 @@ const OPTIONS cmp_options[] = { "List of addresses of servers not to use HTTP(S) proxy for"}, {OPT_MORE_STR, 0, 0, "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, + {"recipient", OPT_RECIPIENT, 's', + "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, {"msg_timeout", OPT_MSG_TIMEOUT, 'n', "Timeout per CMP message round trip (or 0 for none). Default 120 seconds"}, {"total_timeout", OPT_TOTAL_TIMEOUT, 'n', @@ -353,8 +356,6 @@ const OPTIONS cmp_options[] = { "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"}, {"srvcert", OPT_SRVCERT, 's', "Server cert to pin and trust directly when verifying signed CMP responses"}, - {"recipient", OPT_RECIPIENT, 's', - "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, {"expect_sender", OPT_EXPECT_SENDER, 's', "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', @@ -527,10 +528,11 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_oldcert}, {(char **)&opt_revreason}, {&opt_server}, {&opt_path}, {&opt_proxy}, {&opt_no_proxy}, + {&opt_recipient}, {(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout}, {&opt_trusted}, {&opt_untrusted}, {&opt_srvcert}, - {&opt_recipient}, {&opt_expect_sender}, + {&opt_expect_sender}, {(char **)&opt_ignore_keyusage}, {(char **)&opt_unprotected_errors}, {&opt_extracertsout}, {&opt_cacertsout}, @@ -2375,6 +2377,9 @@ static int get_opts(int argc, char **argv) case OPT_PATH: opt_path = opt_str("path"); break; + case OPT_RECIPIENT: + opt_recipient = opt_str("recipient"); + break; case OPT_MSG_TIMEOUT: if ((opt_msg_timeout = opt_nat()) < 0) goto opthelp; @@ -2444,9 +2449,6 @@ static int get_opts(int argc, char **argv) case OPT_SRVCERT: opt_srvcert = opt_str("srvcert"); break; - case OPT_RECIPIENT: - opt_recipient = opt_str("recipient"); - break; case OPT_EXPECT_SENDER: opt_expect_sender = opt_str("expect_sender"); break; diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 5d09557e04..f449cb6630 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -15,7 +15,7 @@ B B Generic message options: -[B<-cmd> I] +[B<-cmd> I] [B<-infotype> I] [B<-geninfo> I] @@ -51,22 +51,22 @@ Message transfer options: [B<-path> I] [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>] [B<-no_proxy> I] +[B<-recipient> I] [B<-msg_timeout> I] [B<-total_timeout> I] Server authentication options: [B<-trusted> I|I] -[B<-untrusted> I] +[B<-untrusted> I|I] [B<-srvcert> I|I] -[B<-recipient> I] [B<-expect_sender> I] [B<-ignore_keyusage>] [B<-unprotected_errors>] [B<-extracertsout> I] [B<-cacertsout> I] -Client authentication options: +Client authentication and protection options: [B<-ref> I] [B<-secret> I] @@ -76,7 +76,7 @@ Client authentication options: [B<-keypass> I] [B<-digest> I] [B<-mac> I] -[B<-extracerts> I] +[B<-extracerts> I|I] [B<-unprotected_requests>] Credentials format options: @@ -100,11 +100,11 @@ Client-side debugging options: [B<-batch>] [B<-repeat> I] -[B<-reqin>] I +[B<-reqin> I] [B<-reqin_new_tid>] -[B<-reqout>] I -[B<-rspin>] I -[B<-rspout>] I +[B<-reqout> I] +[B<-rspin> I] +[B<-rspout> I] [B<-use_mock_srv>] Mock server options: @@ -267,7 +267,7 @@ For KUR, it defaults to the public key in the PKCS#10 CSR given with the B<-csr> option, if provided, or of the reference certificate (see B<-oldcert>) if provided. This default is used for IR and CR only if no SANs are set. -If the NULL-DN (C) is given then no subject is placed in the template. +If the NULL-DN (C<"/">) is given then no subject is placed in the template. If provided and neither B<-cert> nor B<-oldcert> is given, the subject DN is used as fallback sender of outgoing CMP messages. @@ -286,7 +286,7 @@ C X509 issuer Distinguished Name (DN) of the CA server to place in the requested certificate template in IR/CR/KUR. -If the NULL-DN (C) is given then no issuer is placed in the template. +If the NULL-DN (C<"/">) is given then no issuer is placed in the template. If provided and neither B<-recipient> nor B<-srvcert> is given, the issuer DN is used as fallback recipient of outgoing CMP messages. @@ -393,7 +393,7 @@ The file where the chain of the newly enrolled certificate should be saved. =over 4 -=item B<-oldcert> I|I] +=item B<-oldcert> I|I The certificate to be updated (i.e., renewed or re-keyed) in Key Update Request (KUR) messages or to be revoked in Revocation Request (RR) messages. @@ -466,6 +466,22 @@ not to use an HTTP(S) proxy for, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). Default is from the environment variable C if set, else C. +=item B<-recipient> I + +Distinguished Name (DN) to use in the recipient field of CMP request message +headers, i.e., the CMP server (usually the addressed CA). + +The recipient field in the header of a CMP message is mandatory. +If not given explicitly the recipient is determined in the following order: +the subject of the CMP server certificate given with the B<-srvcert> option, +the B<-issuer> option, +the issuer of the certificate given with the B<-oldcert> option, +the issuer of the CMP client certificate (B<-cert> option), +as far as any of those is present, else the NULL-DN as last resort. + +The argument must be formatted as I. +For details see the description of the B<-subject> option. + =item B<-msg_timeout> I Number of seconds (or 0 for infinite) a CMP request-response message round trip @@ -504,7 +520,7 @@ The certificate verification options B<-verify_hostname>, B<-verify_ip>, and B<-verify_email> have no effect on the certificate verification enabled via this option. -=item B<-untrusted> I +=item B<-untrusted> I|I Non-trusted intermediate CA certificate(s). Any extra certificates given with the B<-cert> option are appended to it. @@ -518,7 +534,7 @@ CMP message protection) and when validating newly enrolled certificates. Multiple sources may be given, separated by commas and/or whitespace. Each file may contain multiple certificates. -=item B<-srvcert> I|I] +=item B<-srvcert> I|I The specific CMP server certificate to expect and directly trust (even if it is expired) when validating signature-based protection of CMP response messages. @@ -528,22 +544,6 @@ If set, the subject of the certificate is also used as default value for the recipient of CMP requests and as default value for the expected sender of incoming CMP messages. -=item B<-recipient> I - -Distinguished Name (DN) to use in the recipient field of CMP request messages, -i.e., the CMP server (usually the addressed CA). - -The recipient field in the header of a CMP message is mandatory. -If not given explicitly the recipient is determined in the following order: -the subject of the CMP server certificate given with the B<-srvcert> option, -the B<-issuer> option, -the issuer of the certificate given with the B<-oldcert> option, -the issuer of the CMP client certificate (B<-cert> option), -as far as any of those is present, else the NULL-DN as last resort. - -The argument must be formatted as I. -For details see the description of the B<-subject> option. - =item B<-expect_sender> I Distinguished Name (DN) expected in the sender field of incoming CMP messages. @@ -634,7 +634,7 @@ This takes precedence over the B<-cert> and B<-key> options. For more information about the format of B see L. -=item B<-cert> I|I] +=item B<-cert> I|I The client's current CMP signer certificate. Requires the corresponding key to be given with B<-key>. @@ -667,7 +667,7 @@ The certificate verification options B<-verify_hostname>, B<-verify_ip>, and B<-verify_email> have no effect on the certificate verification enabled via this option. -=item B<-key> I|I] +=item B<-key> I|I The corresponding private key file for the client's current certificate given in the B<-cert> option. @@ -700,7 +700,7 @@ and possibly combine such a name with the name of a supported digest algorithm, e.g., hmacWithSHA256. Defaults to C as per RFC 4210. -=item B<-extracerts> I +=item B<-extracerts> I|I Certificates to append in the extraCerts field when sending messages. They can be used as the default CMP signer certificate chain to include. @@ -768,7 +768,7 @@ B<-tls_key>. Enable using TLS (even when other TLS_related options are not set) when connecting to CMP server. -=item B<-tls_cert> I|I] +=item B<-tls_cert> I|I Client's TLS certificate. If the source includes further certs they are used (along with B<-untrusted> @@ -893,11 +893,11 @@ Reference value to use as senderKID of server in case no B<-srv_cert> is given. Password source for server authentication with a pre-shared key (secret). -=item B<-srv_cert> I|I] +=item B<-srv_cert> I|I Certificate of the server. -=item B<-srv_key> I|I] +=item B<-srv_key> I|I Private key used by the server for signing messages. @@ -917,7 +917,7 @@ have no effect on the certificate verification enabled via this option. Intermediate CA certs that may be useful when validating client certificates. -=item B<-rsp_cert> I|I] +=item B<-rsp_cert> I|I Certificate to be returned as mock enrollment result. @@ -1022,8 +1022,7 @@ which can be used to interact conveniently with the Insta Demo CA. In order to enroll an initial certificate from that CA it is sufficient to issue the following shell commands. - cd /path/to/openssl - export OPENSSL_CONF=openssl.cnf + export OPENSSL_CONF=/path/to/openssl/apps/openssl.cnf =begin comment @@ -1042,8 +1041,8 @@ It can be viewed using, e.g., openssl x509 -noout -text -in insta.cert.pem In case the network setup requires using an HTTP proxy it may be given as usual -via the environment variable B or via the B option or -the CMP command-line argument B<-proxy>, for example +via the environment variable B or via the B option in the +configuration file or the CMP command-line argument B<-proxy>, for example -proxy http://192.168.1.1:8080 @@ -1085,7 +1084,7 @@ or openssl cmp -section insta,rr,signature -Many more options can be used in the configuration file +Many more options can be given in the configuration file and/or on the command line. For instance, the B<-reqexts> CLI option may refer to a section in the configuration file defining X.509 extensions to use in certificate requests, @@ -1095,24 +1094,23 @@ such as B in F: =head2 Certificate enrollment -The following examples at first do not make use of a configuration file. +The following examples do not make use of a configuration file at first. They assume that a CMP server can be contacted on the local TCP port 80 and accepts requests under the alias I. -For enrolling its very first certificate the client generates a first client key +For enrolling its very first certificate the client generates a client key and sends an initial request message to the local CMP server using a pre-shared secret key for mutual authentication. In this example the client does not have the CA certificate yet, so we specify the name of the CA with the B<-recipient> option and save any CA certificates that we may receive in the C file. -In below command line usage examples the C<\> at line ends is just used +In below command line usage examples the C<\> at line ends is used just for formatting; each of the command invocations should be on a single line. openssl genrsa -out cl_key.pem - openssl cmp -cmd ir -server 127.0.0.1:80/pkix/ \ - -ref 1234 -secret pass:1234-5678-1234-5678 \ - -recipient "/CN=CMPserver" \ + openssl cmp -cmd ir -server 127.0.0.1:80/pkix/ -recipient "/CN=CMPserver" \ + -ref 1234 -secret pass:1234-5678 \ -newkey cl_key.pem -subject "/CN=MyName" \ -cacertsout capubs.pem -certout cl_cert.pem @@ -1138,9 +1136,8 @@ This command sequence can be repated as often as needed. Requesting "all relevant information" with an empty General Message. This prints information about all received ITAV Bs to stdout. - openssl cmp -cmd genm -server 127.0.0.1/pkix/ \ - -ref 1234 -secret pass:1234-5678-1234-5678 \ - -recipient "/CN=CMPserver" + openssl cmp -cmd genm -server 127.0.0.1/pkix/ -recipient "/CN=CMPserver" \ + -ref 1234 -secret pass:1234-5678 =head2 Using a custom configuration file @@ -1163,7 +1160,7 @@ After including in the configuration file the following sections: newkey = cl_key.pem certout = cl_cert.pem - [cmp-init] + [init] recipient = "/CN=CMPserver" trusted = cert = @@ -1173,14 +1170,14 @@ After including in the configuration file the following sections: subject = "/CN=MyName" cacertsout = capubs.pem -the above enrollment invocations reduce to +the above enrollment transactions reduce to - openssl cmp -section cmp,cmp-init + openssl cmp -section cmp,init openssl cmp -cmd kur -newkey cl_key_new.pem -and the above genm call reduces to +and the above transaction using a general message reduces to - openssl cmp -section cmp,cmp-init -cmd genm + openssl cmp -section cmp,init -cmd genm =head1 SEE ALSO From levitte at openssl.org Thu Mar 11 15:45:57 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 11 Mar 2021 15:45:57 +0000 Subject: [web] master update Message-ID: <1615477557.655941.6841.nullmailer@dev.openssl.org> The branch master has been updated via abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit) from a12160447e27f7fd9dd1d84441d527de2545a4a8 (commit) - Log ----------------------------------------------------------------- commit abbb2d45bbd7db0f8733a2ca997300b572d19061 Author: Richard Levitte Date: Thu Mar 11 16:27:33 2021 +0100 Complete the transition changelog.txt -> changelog.md Almost a year ago, in 4b0220368e888aab29972537aff8602a45b724e9, changelog.txt was renamed to changelog.md. It seems, however, that we didn't make that change complete. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/224) ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 +- Makefile | 2 +- news/changelog.html.tt | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 83f4641..e2cf52a 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,7 @@ docs/fips.inc docs/man*/ news/changelog.html news/changelog.inc -news/changelog.txt +news/changelog.md news/cl*.txt news/newsflash.inc news/openssl-*-notes.html diff --git a/Makefile b/Makefile index 4b1bd1f..741be51 100644 --- a/Makefile +++ b/Makefile @@ -218,7 +218,7 @@ news/$(1): $(CHECKOUTS)/$(2) cp $$? $$@ endef -# Create the target 'news/changelog.txt', taking the source from +# Create the target 'news/changelog.md', taking the source from # $(CHECKOUTS)/openssl/CHANGES.md $(eval $(call mknews_changelogtxt,changelog.md,openssl/CHANGES.md)) diff --git a/news/changelog.html.tt b/news/changelog.html.tt index 95097b7..2b7a510 100644 --- a/news/changelog.html.tt +++ b/news/changelog.html.tt @@ -22,8 +22,8 @@

This is the changelog for the master branch, the one that is currently in active development. - The plain-text version of this document is available - here: changelog.txt + The plain-text / markdown version of this document is available + here: changelog.md

For other branches, the changelogs are distributed with From levitte at openssl.org Thu Mar 11 16:22:51 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 11 Mar 2021 16:22:51 +0000 Subject: [openssl] master update Message-ID: <1615479771.399174.2319.nullmailer@dev.openssl.org> The branch master has been updated via 92e9359b24660228fa8fbf9129837ce5ab287715 (commit) via c9d01f4186817612e8afa401951e0968aed83b2e (commit) from 6bbff162f1d72ed52d705c4c146cd3152ef4648c (commit) - Log ----------------------------------------------------------------- commit 92e9359b24660228fa8fbf9129837ce5ab287715 Author: Richard Levitte Date: Tue Mar 9 18:49:06 2021 +0100 TEST: Stop the cleanup in test/recipes/20-test_mac.t Let the files remain to make test forensics easy Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14484) commit c9d01f4186817612e8afa401951e0968aed83b2e Author: Richard Levitte Date: Tue Mar 9 18:23:39 2021 +0100 PROV: use EVP_CIPHER_CTX_set_params() rather than EVP_CIPHER_CTX_ctrl() This is in gmac_final(), where the cipher is known to be fetched. It's more suitable to use OSSL_PARAMs than _ctrl functions, as the latter are expected to become obsolete. Fixes #14359 Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14484) ----------------------------------------------------------------------- Summary of changes: providers/implementations/macs/gmac_prov.c | 7 ++++--- test/recipes/20-test_mac.t | 20 +++++++++++++------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 14ca948077..1f4047ccd3 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -146,6 +146,7 @@ static int gmac_update(void *vmacctx, const unsigned char *data, static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, size_t outsize) { + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; struct gmac_data_st *macctx = vmacctx; int hlen = 0; @@ -155,10 +156,10 @@ static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen)) return 0; - /* TODO(3.0) Use params */ hlen = gmac_size(); - if (!EVP_CIPHER_CTX_ctrl(macctx->ctx, EVP_CTRL_AEAD_GET_TAG, - hlen, out)) + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + out, (size_t)hlen); + if (!EVP_CIPHER_CTX_get_params(macctx->ctx, params)) return 0; *outl = hlen; diff --git a/test/recipes/20-test_mac.t b/test/recipes/20-test_mac.t index fac72cfaaf..b6a8078763 100644 --- a/test/recipes/20-test_mac.t +++ b/test/recipes/20-test_mac.t @@ -97,21 +97,26 @@ push @mac_fail_tests, @siphash_fail_tests unless disabled("siphash"); plan tests => (scalar @mac_tests * 2) + scalar @mac_fail_tests; +my $test_count = 0; + foreach (@mac_tests) { + $test_count++; ok(compareline($_->{cmd}, $_->{type}, $_->{input}, $_->{expected}, $_->{err}), $_->{desc}); } foreach (@mac_tests) { + $test_count++; ok(comparefile($_->{cmd}, $_->{type}, $_->{input}, $_->{expected}), $_->{desc}); } foreach (@mac_fail_tests) { + $test_count++; ok(compareline($_->{cmd}, $_->{type}, $_->{input}, $_->{expected}, $_->{err}), $_->{desc}); } # Create a temp input file and save the input data into it, and # then compare the stdout output matches the expected value. sub compareline { - my $tmpfile = 'tmp.bin'; + my $tmpfile = "input-$test_count.bin"; my ($cmdarray_orig, $type, $input, $expect, $err) = @_; my $cmdarray = dclone $cmdarray_orig; if (defined($expect)) { @@ -129,7 +134,7 @@ sub compareline { push @$cmdarray, @other; my @lines = run(app($cmdarray), capture => 1); - unlink $tmpfile; + # Not unlinking $tmpfile if (defined($expect)) { if ($lines[1] =~ m|^\Q${expect}\E\R$|) { @@ -162,8 +167,8 @@ sub compareline { # use the '-bin -out ' commandline options to save results out to a file. # Read this file back in and check its output matches the expected value. sub comparefile { - my $tmpfile = 'tmp.bin'; - my $outfile = 'out.bin'; + my $tmpfile = "input-$test_count.bin"; + my $outfile = "output-$test_count.bin"; my ($cmdarray, $type, $input, $expect) = @_; $expect = uc $expect; @@ -178,16 +183,17 @@ sub comparefile { push @$cmdarray, @other; run(app($cmdarray)); - unlink $tmpfile; + # Not unlinking $tmpfile + open(my $out, '<', $outfile) or die "Could not open file"; binmode($out); my $buffer; my $BUFSIZE = 1024; read($out, $buffer, $BUFSIZE) or die "unable to read"; - + # Not unlinking $outfile + my $line = uc unpack("H*", $buffer); close($out); - unlink $outfile; if ($line eq $expect) { return 1; From tomas at openssl.org Thu Mar 11 19:12:09 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 11 Mar 2021 19:12:09 +0000 Subject: [openssl] master update Message-ID: <1615489929.791737.27961.nullmailer@dev.openssl.org> The branch master has been updated via 0a8e6c1fb77612feba350a67dad3e548300785a7 (commit) from 92e9359b24660228fa8fbf9129837ce5ab287715 (commit) - Log ----------------------------------------------------------------- commit 0a8e6c1fb77612feba350a67dad3e548300785a7 Author: Anthony Hu Date: Wed Mar 10 11:15:57 2021 -0500 Increase the upper limit on group name length While all the standardized groups would fit within the old limit, with the addition of providers, some might want to experiment with new and unstandardized groups. As such, their names might not fit within the old limit. Define it as GROUP_NAME_BUFFER_LENGTH with value 64. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14502) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4d66db9f9d..a389b0feed 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -693,7 +693,7 @@ err: /* TODO(3.0): An arbitrary amount for now. Take another look at this */ # define MAX_GROUPLIST 40 - +# define GROUP_NAME_BUFFER_LENGTH 64 typedef struct { SSL_CTX *ctx; size_t gidcnt; @@ -705,7 +705,7 @@ static int gid_cb(const char *elem, int len, void *arg) gid_cb_st *garg = arg; size_t i; uint16_t gid = 0; - char etmp[20]; + char etmp[GROUP_NAME_BUFFER_LENGTH]; if (elem == NULL) return 0; From pauli at openssl.org Thu Mar 11 22:00:41 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 11 Mar 2021 22:00:41 +0000 Subject: [openssl] master update Message-ID: <1615500041.062124.20592.nullmailer@dev.openssl.org> The branch master has been updated via 3d8905f85945d899192b113ae495e99894687c4f (commit) from 0a8e6c1fb77612feba350a67dad3e548300785a7 (commit) - Log ----------------------------------------------------------------- commit 3d8905f85945d899192b113ae495e99894687c4f Author: Rich Salz Date: Thu Feb 18 16:27:08 2021 -0500 Fix error-checking compiles for mutex Fixes: #14229 Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14264) ----------------------------------------------------------------------- Summary of changes: INSTALL.md | 7 +++++++ crypto/threads_pthread.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 01c360e8d4..d6ef21d20e 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1666,6 +1666,13 @@ most UNIX/Linux systems), and Windows threads. No other threading models are supported. If your platform does not provide pthreads or Windows threads then you should use `Configure` with the `no-threads` option. +For pthreads, all locks are non-recursive. In addition, in a debug build, +the mutex attribute `PTHREAD_MUTEX_ERRORCHECK` is used. If this is not +available on your platform, you might have to add +`-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation. +(On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in +ifdef test cannot be used.) + Notes on shared libraries ------------------------- diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 3004e1bd2f..e81f3cf1ef 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -55,7 +55,7 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) * We don't use recursive mutexes, but try to catch errors if we do. */ pthread_mutexattr_init(&attr); -# if defined(NDEBUG) && defined(PTHREAD_MUTEX_ERRORCHECK) +# if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK) pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK); # else pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL); From pauli at openssl.org Thu Mar 11 22:33:56 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 11 Mar 2021 22:33:56 +0000 Subject: [openssl] master update Message-ID: <1615502036.687534.6721.nullmailer@dev.openssl.org> The branch master has been updated via 8bf611bc7f68ae6480f30e4ef085d141f3a2b884 (commit) via 20b8dc6fb1964ca16b85799b25c5f46d23b1a7cb (commit) via 5a6b62bb427e828edecf52c2280f9958d97142b6 (commit) via c983a0e5214db7f0a668f5e9ddda9362ca0d6ac9 (commit) via f59612fed8def965c61cdb002fa20f61943f50a0 (commit) via f187d4f9f8d69a9d6d9e35e41284bff28649ea13 (commit) via 12ddfa6b3461698543381a6087bd3f5d3a38d3f0 (commit) via 1036bb64a7af960a4abf9ff3c782668062030786 (commit) via 83da94ffa8ef3589d48db5453a68e4d7a5fbb534 (commit) via deee9672723f1cfaaf6770f856345bccf94217d6 (commit) via 8b81a89d06ab0eb4121c7f9eaf1454aef3180289 (commit) via f336f98dbf80af632ea142ea3d43fe1e9d727e14 (commit) via 8f42380a21e7732cc0931be1921e24d360285278 (commit) via 556b8937d0fc323da2b206d6c13f0ddee8a7d340 (commit) via 5506cd0bbd874b164f59e3e6a6a530426a2b38bf (commit) via 5a7e999114562e5d9b696effac550d9d141ff087 (commit) via d7ec1dda2ec543153a7a1602aa8421849d33f9b5 (commit) via 408def8b30756469c1b657b9271832f7c1bdce12 (commit) via 8ea34a6efa0cfe61abc413525be5b8aaee5f603f (commit) via af6171b35aa4d066f6834c4fb917372b81d92489 (commit) via d38b6ae96fa810891e38d2f952ff7fe857be80c9 (commit) via ebbf3563bdc41595eb0dacc932b7e8d440b6d267 (commit) via 5a084c5f0b5ebd9be6de0e09b75215e9c3094db1 (commit) via 2b2f4f9b1bba61e989adddc7affcdbe5d89c7c05 (commit) via 1666eec83722ff9e2c80ec8fe86c71b317959591 (commit) via ee22fca5cec53c9775cbdf1c44677ba5ee9b5049 (commit) via 4b58d9b41b7e43b2f6f4171df9e84bf6a0866b99 (commit) via 480c8ef8b5804b15ef97320290bc326adfaa0f84 (commit) via cbdeb04c90d2ab3e3b497f9cc7dce8c2ac828f4d (commit) via c4c422e0ccd2d72c22f3787570d075f56f089298 (commit) via 2faea85380a5ffd17169e0624493c11658ea193e (commit) via f9562909b73f02f0ca5f411f87a2e73de654f3bd (commit) via 1be63b3e962097f20db2172e2c468a2a51d01da0 (commit) via 10ffdda4209371dcd839d78081e1a65d2a8b67b0 (commit) from 3d8905f85945d899192b113ae495e99894687c4f (commit) - Log ----------------------------------------------------------------- commit 8bf611bc7f68ae6480f30e4ef085d141f3a2b884 Author: Pauli Date: Wed Mar 10 18:40:00 2021 +1000 update set_ctx_param store management calls to return 1 for a NULL params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 20b8dc6fb1964ca16b85799b25c5f46d23b1a7cb Author: Pauli Date: Wed Mar 10 18:38:04 2021 +1000 update set_ctx_param DRBG calls to return 1 for a NULL params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 5a6b62bb427e828edecf52c2280f9958d97142b6 Author: Pauli Date: Wed Mar 10 18:37:07 2021 +1000 update set_ctx_param MAC calls to return 1 for a NULL params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit c983a0e5214db7f0a668f5e9ddda9362ca0d6ac9 Author: Pauli Date: Wed Mar 10 18:28:35 2021 +1000 prov: add extra params argument to KDF implementations Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit f59612fed8def965c61cdb002fa20f61943f50a0 Author: Pauli Date: Wed Mar 3 11:32:39 2021 +1000 doc: note that get_params and set_params calls should return true if the param array is null Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit f187d4f9f8d69a9d6d9e35e41284bff28649ea13 Author: Pauli Date: Wed Mar 3 11:26:51 2021 +1000 doc: document the additional params argument to the various init() calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 12ddfa6b3461698543381a6087bd3f5d3a38d3f0 Author: Pauli Date: Tue Mar 2 22:46:24 2021 +1000 support params argument to AES cipher init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 1036bb64a7af960a4abf9ff3c782668062030786 Author: Pauli Date: Wed Mar 3 10:59:18 2021 +1000 doc: update cipher documentation to include the new init functions with params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 83da94ffa8ef3589d48db5453a68e4d7a5fbb534 Author: Pauli Date: Tue Mar 2 22:46:04 2021 +1000 prov: support params argument to common cipher init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit deee9672723f1cfaaf6770f856345bccf94217d6 Author: Pauli Date: Tue Mar 2 22:45:34 2021 +1000 prov: support param argument to DES cipher init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 8b81a89d06ab0eb4121c7f9eaf1454aef3180289 Author: Pauli Date: Tue Mar 2 22:45:13 2021 +1000 prov: support param argument to null cipher init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit f336f98dbf80af632ea142ea3d43fe1e9d727e14 Author: Pauli Date: Tue Mar 2 22:44:53 2021 +1000 prov: support params argument to CHACHA20 ciphers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 8f42380a21e7732cc0931be1921e24d360285278 Author: Pauli Date: Tue Mar 2 22:44:25 2021 +1000 prov: support params argument to RCx ciphers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 556b8937d0fc323da2b206d6c13f0ddee8a7d340 Author: Pauli Date: Tue Mar 2 22:43:36 2021 +1000 prov: support params arguments to signature init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 5506cd0bbd874b164f59e3e6a6a530426a2b38bf Author: Pauli Date: Wed Mar 3 09:20:21 2021 +1000 prov: update digests to support modified ctx params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 5a7e999114562e5d9b696effac550d9d141ff087 Author: Pauli Date: Wed Mar 3 10:59:01 2021 +1000 doc: update digest documentation to include the new init functions with params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit d7ec1dda2ec543153a7a1602aa8421849d33f9b5 Author: Pauli Date: Tue Mar 2 22:42:41 2021 +1000 prov: support param argument to digest init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 408def8b30756469c1b657b9271832f7c1bdce12 Author: Pauli Date: Tue Mar 2 22:42:10 2021 +1000 doc: document param argument to RSA calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 8ea34a6efa0cfe61abc413525be5b8aaee5f603f Author: Pauli Date: Tue Mar 2 22:41:58 2021 +1000 doc: document param argument to cipher init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit af6171b35aa4d066f6834c4fb917372b81d92489 Author: Pauli Date: Tue Mar 2 22:41:24 2021 +1000 test: support params arguments to init functions Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit d38b6ae96fa810891e38d2f952ff7fe857be80c9 Author: Pauli Date: Tue Mar 2 22:41:10 2021 +1000 ssl: support params arguments to init functions Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit ebbf3563bdc41595eb0dacc932b7e8d440b6d267 Author: Pauli Date: Tue Mar 2 22:40:25 2021 +1000 apps: support param argument to init functions Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 5a084c5f0b5ebd9be6de0e09b75215e9c3094db1 Author: Pauli Date: Tue Mar 2 22:01:12 2021 +1000 prov: update KEM to support params on init() Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 2b2f4f9b1bba61e989adddc7affcdbe5d89c7c05 Author: Pauli Date: Tue Mar 2 22:00:53 2021 +1000 prov: update exchange algorithms to support params on the init call Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 1666eec83722ff9e2c80ec8fe86c71b317959591 Author: Pauli Date: Tue Mar 2 20:21:00 2021 +1000 misc: other init function param additions Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit ee22fca5cec53c9775cbdf1c44677ba5ee9b5049 Author: Pauli Date: Wed Mar 3 11:02:42 2021 +1000 doc: update PKEY documentation to include the new init functions with params Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 4b58d9b41b7e43b2f6f4171df9e84bf6a0866b99 Author: Pauli Date: Tue Mar 2 20:20:25 2021 +1000 evp: add params arguments to init functions Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 480c8ef8b5804b15ef97320290bc326adfaa0f84 Author: Pauli Date: Tue Mar 2 19:05:39 2021 +1000 core: add params arguments to init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit cbdeb04c90d2ab3e3b497f9cc7dce8c2ac828f4d Author: Pauli Date: Tue Mar 2 19:04:55 2021 +1000 prov: asym ciphers take an extra init() params argument Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit c4c422e0ccd2d72c22f3787570d075f56f089298 Author: Pauli Date: Tue Mar 2 09:05:15 2021 +1000 doc: add params argument to key manager's gen_init call Fixes #14286 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 2faea85380a5ffd17169e0624493c11658ea193e Author: Pauli Date: Tue Mar 2 09:03:00 2021 +1000 core: add params argument to key manager's gen_init call Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit f9562909b73f02f0ca5f411f87a2e73de654f3bd Author: Pauli Date: Tue Mar 2 09:02:25 2021 +1000 provider: add params argument to key manager's gen_init call Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 1be63b3e962097f20db2172e2c468a2a51d01da0 Author: Pauli Date: Tue Mar 2 09:01:33 2021 +1000 evp: add params argument to key manager's gen_init call Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) commit 10ffdda4209371dcd839d78081e1a65d2a8b67b0 Author: Pauli Date: Tue Mar 2 09:01:14 2021 +1000 test: add params argument to key manager's gen_init call Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) ----------------------------------------------------------------------- Summary of changes: apps/pkeyutl.c | 6 +- crypto/cms/cms_sd.c | 7 +- crypto/ct/ct_vfy.c | 2 +- crypto/evp/asymcipher.c | 21 +++-- crypto/evp/digest.c | 28 +++++-- crypto/evp/evp_enc.c | 58 ++++++++++--- crypto/evp/exchange.c | 7 +- crypto/evp/kem.c | 15 ++-- crypto/evp/keymgmt_meth.c | 5 +- crypto/evp/m_sigver.c | 25 ++++-- crypto/evp/pmeth_gn.c | 5 +- crypto/evp/signature.c | 32 ++++++-- crypto/pkcs7/pk7_doit.c | 3 +- doc/man3/EVP_DigestInit.pod | 39 ++++++--- doc/man3/EVP_EncryptInit.pod | 96 ++++++++++++++-------- doc/man3/EVP_PKEY_decapsulate.pod | 10 +-- doc/man3/EVP_PKEY_decrypt.pod | 18 ++-- doc/man3/EVP_PKEY_derive.pod | 12 ++- doc/man3/EVP_PKEY_encapsulate.pod | 9 +- doc/man3/EVP_PKEY_encrypt.pod | 16 +++- doc/man3/EVP_PKEY_sign.pod | 11 ++- doc/man3/EVP_PKEY_verify.pod | 11 ++- doc/man3/EVP_PKEY_verify_recover.pod | 14 +++- doc/man3/RSA_private_encrypt.pod | 5 +- doc/man3/RSA_public_encrypt.pod | 5 +- doc/man7/provider-asym_cipher.pod | 14 +++- doc/man7/provider-cipher.pod | 8 +- doc/man7/provider-digest.pod | 6 +- doc/man7/provider-encoder.pod | 1 + doc/man7/provider-kdf.pod | 2 + doc/man7/provider-kem.pod | 8 +- doc/man7/provider-keyexch.pod | 10 ++- doc/man7/provider-keymgmt.pod | 5 +- doc/man7/provider-mac.pod | 2 + doc/man7/provider-rand.pod | 2 + doc/man7/provider-signature.pod | 39 +++++++-- doc/man7/provider-storemgmt.pod | 1 + include/crypto/evp.h | 3 +- include/openssl/core_dispatch.h | 50 ++++++----- include/openssl/evp.h | 30 ++++++- providers/implementations/asymciphers/rsa_enc.c | 21 +++-- providers/implementations/asymciphers/sm2_enc.c | 10 ++- .../ciphers/cipher_aes_cbc_hmac_sha.c | 25 +++++- .../implementations/ciphers/cipher_aes_cts.inc | 24 +++++- providers/implementations/ciphers/cipher_aes_ocb.c | 21 +++-- providers/implementations/ciphers/cipher_aes_siv.c | 23 ++++-- providers/implementations/ciphers/cipher_aes_wrp.c | 18 ++-- providers/implementations/ciphers/cipher_aes_xts.c | 21 +++-- .../implementations/ciphers/cipher_chacha20.c | 17 +++- .../ciphers/cipher_chacha20_poly1305.c | 15 +++- .../ciphers/cipher_chacha20_poly1305_hw.c | 8 +- providers/implementations/ciphers/cipher_des.c | 18 ++-- providers/implementations/ciphers/cipher_null.c | 6 +- providers/implementations/ciphers/cipher_rc2.c | 32 +++++++- providers/implementations/ciphers/cipher_rc4.c | 24 +++++- .../implementations/ciphers/cipher_rc4_hmac_md5.c | 25 +++++- providers/implementations/ciphers/cipher_rc5.c | 28 ++++++- .../implementations/ciphers/cipher_tdes_common.c | 18 ++-- providers/implementations/ciphers/ciphercommon.c | 21 +++-- .../implementations/ciphers/ciphercommon_ccm.c | 21 +++-- .../implementations/ciphers/ciphercommon_gcm.c | 21 +++-- providers/implementations/digests/blake2_prov.c | 3 - providers/implementations/digests/md5_sha1_prov.c | 17 ++-- providers/implementations/digests/mdc2_prov.c | 16 ++-- providers/implementations/digests/sha2_prov.c | 17 ++-- providers/implementations/digests/sha3_prov.c | 28 +++++-- providers/implementations/exchange/dh_exch.c | 10 ++- providers/implementations/exchange/ecdh_exch.c | 11 ++- providers/implementations/exchange/ecx_exch.c | 3 +- providers/implementations/exchange/kdf_exch.c | 4 +- .../implementations/include/prov/digestcommon.h | 31 ++++--- providers/implementations/kdfs/hkdf.c | 3 + providers/implementations/kdfs/kbkdf.c | 3 + providers/implementations/kdfs/krb5kdf.c | 3 + providers/implementations/kdfs/pbkdf2.c | 3 + providers/implementations/kdfs/pkcs12kdf.c | 3 + providers/implementations/kdfs/scrypt.c | 3 + providers/implementations/kdfs/sshkdf.c | 3 + providers/implementations/kdfs/sskdf.c | 3 + providers/implementations/kdfs/tls1_prf.c | 3 + providers/implementations/kdfs/x942kdf.c | 2 + providers/implementations/kem/rsa_kem.c | 24 +++--- providers/implementations/keymgmt/dh_kmgmt.c | 20 +++-- providers/implementations/keymgmt/dsa_kmgmt.c | 10 ++- providers/implementations/keymgmt/ec_kmgmt.c | 10 ++- providers/implementations/keymgmt/ecx_kmgmt.c | 32 ++++++-- .../implementations/keymgmt/mac_legacy_kmgmt.c | 29 ++++++- providers/implementations/keymgmt/rsa_kmgmt.c | 20 +++-- providers/implementations/macs/blake2_mac_impl.c | 3 + providers/implementations/macs/cmac_prov.c | 3 + providers/implementations/macs/hmac_prov.c | 3 + providers/implementations/macs/kmac_prov.c | 3 + providers/implementations/macs/siphash_prov.c | 3 + providers/implementations/rands/drbg.c | 3 + providers/implementations/rands/test_rng.c | 3 + providers/implementations/signature/dsa.c | 40 +++++---- providers/implementations/signature/ecdsa.c | 38 +++++---- providers/implementations/signature/eddsa.c | 5 +- providers/implementations/signature/mac_legacy.c | 5 +- providers/implementations/signature/rsa.c | 43 ++++++---- providers/implementations/signature/sm2sig.c | 17 ++-- providers/implementations/storemgmt/file_store.c | 3 + ssl/s3_lib.c | 4 +- ssl/statem/extensions.c | 2 +- ssl/statem/extensions_srvr.c | 4 +- ssl/statem/statem_clnt.c | 3 +- ssl/statem/statem_lib.c | 6 +- ssl/statem/statem_srvr.c | 3 +- ssl/t1_enc.c | 3 +- test/acvp_test.c | 6 +- test/algorithmid_test.c | 2 +- test/evp_extra_test.c | 2 +- test/evp_libctx_test.c | 16 ++-- test/evp_test.c | 6 +- test/tls-provider.c | 16 ++-- util/libcrypto.num | 10 +++ 116 files changed, 1172 insertions(+), 455 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index f2efa1d5b8..27ade9f079 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -606,11 +606,13 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, switch (pkey_op) { case EVP_PKEY_OP_SIGN: - rv = EVP_DigestSignInit_ex(mctx, NULL, digestname, libctx, propq, pkey); + rv = EVP_DigestSignInit_ex(mctx, NULL, digestname, libctx, propq, + pkey, NULL); break; case EVP_PKEY_OP_VERIFY: - rv = EVP_DigestVerifyInit_ex(mctx, NULL, digestname, libctx, propq, pkey); + rv = EVP_DigestVerifyInit_ex(mctx, NULL, digestname, libctx, propq, + pkey, NULL); break; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index cc980d4e58..0c3f04388b 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -419,7 +419,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md), ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_propq(ctx), - pk) <= 0) { + pk, NULL) <= 0) { goto err; } } @@ -743,7 +743,8 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), si->pkey) <= 0) + ossl_cms_ctx_get0_propq(ctx), si->pkey, + NULL) <= 0) goto err; si->pctx = pctx; } @@ -853,7 +854,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) } mctx = si->mctx; if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_name(md), libctx, - propq, si->pkey) <= 0) + propq, si->pkey, NULL) <= 0) goto err; if (!cms_sd_asn1_ctrl(si, 1)) diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c index 2ffca19400..0226dbf0c5 100644 --- a/crypto/ct/ct_vfy.c +++ b/crypto/ct/ct_vfy.c @@ -123,7 +123,7 @@ int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) goto end; if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx, - sctx->propq, sctx->pkey)) + sctx->propq, sctx->pkey, NULL)) goto end; if (!sct_ctx_update(ctx, sctx, sct)) diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index b30b05bfa9..e74aafcb13 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -16,7 +16,8 @@ #include "internal/provider.h" #include "evp_local.h" -static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) +static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, + const OSSL_PARAM params[]) { int ret = 0; void *provkey = NULL; @@ -111,7 +112,7 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey); + ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey, params); break; case EVP_PKEY_OP_DECRYPT: if (cipher->decrypt_init == NULL) { @@ -119,7 +120,7 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey); + ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey, params); break; default: ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -168,7 +169,12 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) { - return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT); + return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT, NULL); +} + +int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) +{ + return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT, params); } int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, @@ -205,7 +211,12 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) { - return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT); + return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT, NULL); +} + +int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) +{ + return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT, params); } int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 069eb192c1..dbbc44f046 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -124,13 +124,8 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) return; } -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) -{ - EVP_MD_CTX_reset(ctx); - return EVP_DigestInit_ex(ctx, type, NULL); -} - -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, + const OSSL_PARAM params[], ENGINE *impl) { #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; @@ -272,7 +267,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return 0; } - return ctx->digest->dinit(ctx->provctx); + return ctx->digest->dinit(ctx->provctx, params); /* Code below to be removed when legacy support is dropped. */ legacy: @@ -346,6 +341,23 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return ctx->digest->init(ctx); } +int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, + const OSSL_PARAM params[]) +{ + return evp_md_init_internal(ctx, type, params, NULL); +} + +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) +{ + EVP_MD_CTX_reset(ctx); + return evp_md_init_internal(ctx, type, NULL, NULL); +} + +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +{ + return evp_md_init_internal(ctx, type, NULL, impl); +} + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { if (count == 0) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 40e9f0b6c3..eb174c2d9f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -72,17 +72,11 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) OPENSSL_free(ctx); } -int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) -{ - if (cipher != NULL) - EVP_CIPHER_CTX_reset(ctx); - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); -} - -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc) +static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, + const unsigned char *iv, int enc, + const OSSL_PARAM params[]) { #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; @@ -221,7 +215,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, : EVP_CIPHER_CTX_key_length(ctx), iv, iv == NULL ? 0 - : EVP_CIPHER_CTX_iv_length(ctx)); + : EVP_CIPHER_CTX_iv_length(ctx), + params); } if (ctx->cipher->dinit == NULL) { @@ -235,7 +230,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, : EVP_CIPHER_CTX_key_length(ctx), iv, iv == NULL ? 0 - : EVP_CIPHER_CTX_iv_length(ctx)); + : EVP_CIPHER_CTX_iv_length(ctx), + params); /* Code below to be removed when legacy support is dropped. */ legacy: @@ -370,6 +366,28 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 1; } +int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc, const OSSL_PARAM params[]) +{ + return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params); +} + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc) +{ + if (cipher != NULL) + EVP_CIPHER_CTX_reset(ctx); + return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, NULL); +} + +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, + const unsigned char *iv, int enc) +{ + return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL); +} + int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { @@ -408,6 +426,13 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); } +int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + const OSSL_PARAM params[]) +{ + return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params); +} + int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv) { @@ -421,6 +446,13 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); } +int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + const OSSL_PARAM params[]) +{ + return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params); +} + /* * According to the letter of standard difference between pointers * is specified to be valid only within same object. This makes diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 1a512c4283..e0e0597b3b 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -175,6 +175,11 @@ EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, } int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) +{ + return EVP_PKEY_derive_init_ex(ctx, NULL); +} + +int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) { int ret; void *provkey = NULL; @@ -279,7 +284,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } - ret = exchange->init(ctx->op.kex.exchprovctx, provkey); + ret = exchange->init(ctx->op.kex.exchprovctx, provkey, params); return ret ? 1 : 0; err: diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index 353c51a3ff..a4183e8311 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -16,7 +16,8 @@ #include "internal/provider.h" #include "evp_local.h" -static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation) +static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation, + const OSSL_PARAM params[]) { int ret = 0; EVP_KEM *kem = NULL; @@ -79,7 +80,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = kem->encapsulate_init(ctx->op.encap.kemprovctx, provkey); + ret = kem->encapsulate_init(ctx->op.encap.kemprovctx, provkey, params); break; case EVP_PKEY_OP_DECAPSULATE: if (kem->decapsulate_init == NULL) { @@ -87,7 +88,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = kem->decapsulate_init(ctx->op.encap.kemprovctx, provkey); + ret = kem->decapsulate_init(ctx->op.encap.kemprovctx, provkey, params); break; default: ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -104,9 +105,9 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation) return ret; } -int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx) +int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) { - return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE); + return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params); } int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, @@ -133,9 +134,9 @@ int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, out, outlen, secret, secretlen); } -int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx) +int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) { - return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE); + return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params); } int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 3142996cab..b42e2b77c9 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -302,13 +302,14 @@ void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keydata) keymgmt->free(keydata); } -void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection) +void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, + const OSSL_PARAM params[]) { void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); if (keymgmt->gen_init == NULL) return NULL; - return keymgmt->gen_init(provctx, selection); + return keymgmt->gen_init(provctx, selection, params); } int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 7650512d2a..3fca9bc529 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -39,7 +39,8 @@ static const char *canon_mdname(const char *mdname) static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, const char *mdname, OSSL_LIB_CTX *libctx, const char *props, - ENGINE *e, EVP_PKEY *pkey, int ver) + ENGINE *e, EVP_PKEY *pkey, int ver, + OSSL_PARAM params[]) { EVP_PKEY_CTX *locpctx = NULL; EVP_SIGNATURE *signature = NULL; @@ -202,14 +203,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, goto err; } ret = signature->digest_verify_init(locpctx->op.sig.sigprovctx, - mdname, provkey); + mdname, provkey, params); } else { if (signature->digest_sign_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } ret = signature->digest_sign_init(locpctx->op.sig.sigprovctx, - mdname, provkey); + mdname, provkey, params); } goto end; @@ -301,28 +302,34 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey) + const char *props, EVP_PKEY *pkey, + OSSL_PARAM params[]) { - return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0); + return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0, + params); } int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0); + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0, + NULL); } int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey) + const char *props, EVP_PKEY *pkey, + OSSL_PARAM params[]) { - return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1); + return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1, + params); } int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1); + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, + NULL); } #endif /* FIPS_MDOE */ diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 091d387795..7383fbe072 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -37,11 +37,12 @@ static int gen_init(EVP_PKEY_CTX *ctx, int operation) case EVP_PKEY_OP_PARAMGEN: ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt, - OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL); break; case EVP_PKEY_OP_KEYGEN: ctx->op.keymgmt.genctx = - evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR); + evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR, + NULL); break; } diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index bb99ff3095..09cf4539d9 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -361,7 +361,8 @@ const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig) return sig->settable_ctx_params(NULL, provctx); } -static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) +static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, + const OSSL_PARAM params[]) { int ret = 0; void *provkey = NULL; @@ -456,7 +457,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey); + ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey, params); break; case EVP_PKEY_OP_VERIFY: if (signature->verify_init == NULL) { @@ -464,7 +465,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey); + ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey, params); break; case EVP_PKEY_OP_VERIFYRECOVER: if (signature->verify_recover_init == NULL) { @@ -472,7 +473,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) ret = -2; goto err; } - ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey); + ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey, + params); break; default: ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -540,7 +542,12 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN); + return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL); +} + +int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) +{ + return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params); } int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, @@ -579,7 +586,12 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) { - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY); + return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL); +} + +int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) +{ + return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params); } int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, @@ -616,7 +628,13 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) { - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER); + return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL); +} + +int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, + const OSSL_PARAM params[]) +{ + return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params); } int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index ab23100f49..c9e4d719aa 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -928,7 +928,8 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md), ossl_pkcs7_ctx_get0_libctx(ctx), - ossl_pkcs7_ctx_get0_propq(ctx), si->pkey) <= 0) + ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, + NULL) <= 0) goto err; /* diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index ac527e407e..043717758e 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -10,8 +10,8 @@ EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, -EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, -EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, +EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_is_a, EVP_MD_name, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_name, @@ -49,6 +49,8 @@ EVP_MD_do_all_provided int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); + int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, + const OSSL_PARAM params[]); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); @@ -154,7 +156,7 @@ providers.> Performs digest-specific control actions on context I. The control command is indicated in I and any additional arguments in I and I. -EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions +EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex2(). Other restrictions may apply depending on the control type and digest implementation. If this function happens to be used with a fetched B, it will @@ -216,6 +218,18 @@ I. The digest value is placed in I and its length is written at I bytes will be written. If I is NULL the default implementation of digest I is used. +=item EVP_DigestInit_ex2() + +Sets up digest context I to use a digest I. +I is typically supplied by a function such as EVP_sha1(), or a +value explicitly fetched with EVP_MD_fetch(). + +The parameters B are set on the context after initialisation. + +The I parameter can be NULL if I has been already initialized +with another EVP_DigestInit_ex() call and has not been reset with +EVP_MD_CTX_reset(). + =item EVP_DigestInit_ex() Sets up digest context I to use a digest I. @@ -242,14 +256,14 @@ parameter is not NULL then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at I, at most B bytes will be written. After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but -EVP_DigestInit_ex() can be called to initialize a new digest operation. +EVP_DigestInit_ex2() can be called to initialize a new digest operation. =item EVP_DigestFinalXOF() Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. It retrieves the digest value from I and places it in I-sized I. After calling this function no additional calls to EVP_DigestUpdate() can be -made, but EVP_DigestInit_ex() can be called to initialize a new operation. +made, but EVP_DigestInit_ex2() can be called to initialize a new operation. =item EVP_MD_CTX_copy_ex() @@ -259,9 +273,9 @@ few bytes. =item EVP_DigestInit() -Behaves in the same way as EVP_DigestInit_ex() except it always uses the -default digest implementation and calls EVP_MD_CTX_reset() so it cannot -be used with an I of NULL. +Behaves in the same way as EVP_DigestInit_ex2() except it doesn't set any +parameters and calls EVP_MD_CTX_reset() so it cannot be used with an I +of NULL. =item EVP_DigestFinal() @@ -333,7 +347,7 @@ EVP_MD_meth_set_app_datasize(). =item EVP_MD_CTX_md() Returns the B structure corresponding to the passed B. This -will be the same B object originally passed to EVP_DigestInit_ex() (or +will be the same B object originally passed to EVP_DigestInit_ex2() (or other similar function) when the EVP_MD_CTX was first initialised. Note that where explicit fetch is in use (see L) the value returned from this function will not have its reference count incremented and therefore it @@ -500,7 +514,8 @@ Returns a pointer to a B for success or NULL for failure. Returns 1 for success or 0 for failure. -=item EVP_DigestInit_ex(), +=item EVP_DigestInit_ex2(), +EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex() @@ -620,7 +635,7 @@ digest name passed on the command line. } mdctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestInit_ex2(mdctx, md, NULL); EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); EVP_DigestFinal_ex(mdctx, md_value, &md_len); @@ -669,7 +684,7 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0. The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1. -The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), +The EVP_DigestInit_ex2(), EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_get_params(), EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params(), EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index e31621b24a..d2880b20f2 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -9,12 +9,15 @@ EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, +EVP_EncryptInit_ex2, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, +EVP_DecryptInit_ex2, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, +EVP_CipherInit_ex2, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, @@ -84,18 +87,27 @@ EVP_CIPHER_do_all_provided int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv); + int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *key, const unsigned char *iv, + const OSSL_PARAM params[]); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv); + int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *key, const unsigned char *iv, + const OSSL_PARAM params[]); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); + int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *key, const unsigned char *iv, + int enc, const OSSL_PARAM params[]); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); @@ -196,6 +208,20 @@ itself. This function should be called after all operations using a cipher are complete so sensitive information does not remain in memory. +EVP_EncryptInit_ex2() sets up cipher context B for encryption +with cipher B. B is typically supplied by a function such +as EVP_aes_256_cbc(), or a value explicitly fetched with +EVP_CIPHER_fetch(). B is the symmetric key to use +and B is the IV to use (if necessary), the actual number of bytes +used for the key and IV depends on the cipher. The parameters B will +be set on the context after initialisation. It is possible to set +all parameters to NULL except B in an initial call and supply +the remaining parameters in subsequent calls, all of which have B +set to NULL. This is done when the default cipher parameters are not +appropriate. +For EVP_CIPH_GCM_MODE the IV will be generated internally if it is not +specified. + EVP_EncryptInit_ex() sets up cipher context B for encryption with cipher B. B is typically supplied by a function such as EVP_aes_256_cbc(), or a value explicitly fetched with @@ -239,20 +265,22 @@ If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. -EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the -corresponding decryption operations. EVP_DecryptFinal() will return an -error code if padding is enabled and the final block is not correctly -formatted. The parameters and restrictions are identical to the encryption -operations except that if padding is enabled the decrypted data buffer B -passed to EVP_DecryptUpdate() should have sufficient room for -(B + cipher_block_size) bytes unless the cipher block size is 1 in -which case B bytes is sufficient. - -EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are -functions that can be used for decryption or encryption. The operation -performed depends on the value of the B parameter. It should be set -to 1 for encryption, 0 for decryption and -1 to leave the value unchanged -(the actual value of 'enc' being supplied in a previous call). +EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate() +and EVP_DecryptFinal_ex() are the corresponding decryption +operations. EVP_DecryptFinal() will return an error code if padding is +enabled and the final block is not correctly formatted. The parameters +and restrictions are identical to the encryption operations except +that if padding is enabled the decrypted data buffer B passed +to EVP_DecryptUpdate() should have sufficient room for (B + +cipher_block_size) bytes unless the cipher block size is 1 in which case +B bytes is sufficient. + +EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and +EVP_CipherFinal_ex() are functions that can be used for decryption or +encryption. The operation performed depends on the value of the B +parameter. It should be set to 1 for encryption, 0 for decryption and -1 +to leave the value unchanged (the actual value of 'enc' being supplied +in a previous call). EVP_CIPHER_CTX_reset() clears all information from a cipher context and free up any allocated memory associate with it, except the B @@ -290,8 +318,8 @@ IDENTIFIER. EVP_CIPHER_CTX_set_padding() enables or disables padding. This function should be called after the context is set up for encryption -or decryption with EVP_EncryptInit_ex(), EVP_DecryptInit_ex() or -EVP_CipherInit_ex(). By default encryption operations are padded using +or decryption with EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or +EVP_CipherInit_ex2(). By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the B parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then @@ -436,13 +464,13 @@ EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. EVP_CIPHER_CTX_new() returns a pointer to a newly created B for success and B for failure. -EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() +EVP_EncryptInit_ex2(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() return 1 for success and 0 for failure. -EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. +EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and 0 for failure. EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. -EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. +EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 @@ -692,12 +720,14 @@ the input data earlier on will not produce a final decrypt error. If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. -The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), -EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for -compatibility with existing code. New code should use EVP_EncryptInit_ex(), -EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), -EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an -existing context without allocating and freeing it up on each call. +The functions EVP_EncryptInit(), EVP_EncryptInit_ex1(), +EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex1(), +EVP_CipherInit(), EVP_CipherInit_ex1() and EVP_CipherFinal() are obsolete +but are retained for compatibility with existing code. New code should +use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex2(), +EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and EVP_CipherFinal_ex() +because they can reuse an existing context without allocating and freeing +it up on each call. There are some differences between functions EVP_CipherInit() and EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills @@ -740,7 +770,7 @@ Encrypt a string using IDEA: FILE *out; ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); + EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL); if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { /* Error */ @@ -798,13 +828,13 @@ with a 128-bit key: /* Don't set key or IV right away; we want to check lengths */ ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, - do_encrypt); + EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, + do_encrypt, NULL); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); /* Now we can set key and IV */ - EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); + EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL); for (;;) { inlen = fread(inbuf, 1, 1024, in); @@ -849,8 +879,6 @@ Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. if (ctx == NULL || cipher == NULL) goto err; - if (!EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, encrypt)) - goto err; /* * The default is "CS1" so this is not really needed, * but would be needed to set either "CS2" or "CS3". @@ -858,7 +886,8 @@ Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, "CS1", 0); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_CIPHER_CTX_set_params(ctx, params)) + + if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params)) goto err; /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ @@ -903,7 +932,8 @@ EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset(). -The EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), +The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), +EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(), EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), diff --git a/doc/man3/EVP_PKEY_decapsulate.pod b/doc/man3/EVP_PKEY_decapsulate.pod index 7dd47a1e58..36e8f9c9d4 100644 --- a/doc/man3/EVP_PKEY_decapsulate.pod +++ b/doc/man3/EVP_PKEY_decapsulate.pod @@ -9,7 +9,7 @@ EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate #include - int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, unsigned char *secret, size_t *secretlen, const unsigned char *wrapped, size_t wrappedlen); @@ -17,7 +17,8 @@ EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate =head1 DESCRIPTION The EVP_PKEY_decapsulate_init() function initializes a private key algorithm -context I for a decapsulation operation. +context I for a decapsulation operation and then sets the I +on the context in the same way as calling L. The EVP_PKEY_decapsulate() function performs a private key decapsulation operation using I. The data to be decapsulated is specified using the @@ -30,8 +31,7 @@ the amount of data written to I. =head1 NOTES After the call to EVP_PKEY_decapsulate_init() algorithm specific parameters -for the operation may be set using L. There are no -settable parameters currently. +for the operation may be set or modified using L. =head1 RETURN VALUES @@ -57,7 +57,7 @@ Decapsulate data using RSA: ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL); if (ctx = NULL) /* Error */ - if (EVP_PKEY_decapsulate_init(ctx) <= 0) + if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0) /* Error */ /* Set the mode - only 'RSASVE' is currently supported */ diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod index a78c1ee8e4..0528663d67 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -2,13 +2,15 @@ =head1 NAME -EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt_init_ex, +EVP_PKEY_decrypt - decrypt using a public key algorithm =head1 SYNOPSIS #include int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); @@ -18,6 +20,10 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm The EVP_PKEY_decrypt_init() function initializes a public key algorithm context using key B for a decryption operation. +The EVP_PKEY_decrypt_init_ex() function initializes a public key algorithm +context using key B for a decryption operation and sets the +algorithm specific B. + The EVP_PKEY_decrypt() function performs a public key decryption operation using B. The data to be decrypted is specified using the B and B parameters. If B is B then the maximum size of the output @@ -30,16 +36,18 @@ B and the amount of data written to B. After the call to EVP_PKEY_decrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation. These operations can be included in the EVP_PKEY_decrypt_init_ex() +call. The function EVP_PKEY_decrypt() can be called more than once on the same context if several operations are performed using the same parameters. =head1 RETURN VALUES -EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. +EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt_init_ex() and EVP_PKEY_decrypt() +return 1 for success and 0 or a negative value for failure. In particular a +return value of -2 indicates the operation is not supported by the public key +algorithm. =head1 EXAMPLES diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index 5bfb316382..be5cf3945e 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive +EVP_PKEY_derive_init, EVP_PKEY_derive_init_ex, +EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret =head1 SYNOPSIS @@ -10,6 +11,7 @@ EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive #include int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); @@ -21,6 +23,9 @@ using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L for more information about implicit fetches. +EVP_PKEY_derive_init_ex() is the same as EVP_PKEY_derive_init() but additionally +sets the passed parameters I on the context before returning. + EVP_PKEY_derive_set_peer() sets the peer key: this will normally be a public key. @@ -95,7 +100,10 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.0.0. +The EVP_PKEY_derive_init(), EVP_PKEY_derive_set_peer() and EVP_PKEY_derive() +functions were originally added in OpenSSL 1.0.0. + +The EVP_PKEY_derive_init_ex() function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_encapsulate.pod b/doc/man3/EVP_PKEY_encapsulate.pod index 0e911f71cf..7547c7ae34 100644 --- a/doc/man3/EVP_PKEY_encapsulate.pod +++ b/doc/man3/EVP_PKEY_encapsulate.pod @@ -9,7 +9,7 @@ EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate #include - int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, unsigned char *genkey, size_t *genkeylen); @@ -17,7 +17,8 @@ EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate =head1 DESCRIPTION The EVP_PKEY_encapsulate_init() function initializes a public key algorithm -context I for an encapsulation operation. +context I for an encapsulation operation and then sets the I +on the context in the same way as calling L. The EVP_PKEY_encapsulate() function performs a public key encapsulation operation using I with the name I. @@ -31,7 +32,7 @@ I and its size is written to I<*outlen>. =head1 NOTES After the call to EVP_PKEY_encapsulate_init() algorithm specific parameters -for the operation may be set using L. +for the operation may be set or modified using L. =head1 RETURN VALUES @@ -56,7 +57,7 @@ Encapsulate an RSASVE key (for RSA keys). ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL); if (ctx = NULL) /* Error */ - if (EVP_PKEY_encapsulate_init(ctx) <= 0) + if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0) /* Error */ /* Set the mode - only 'RSASVE' is currently supported */ diff --git a/doc/man3/EVP_PKEY_encrypt.pod b/doc/man3/EVP_PKEY_encrypt.pod index 73ca8bae3e..5a8fe0ece7 100644 --- a/doc/man3/EVP_PKEY_encrypt.pod +++ b/doc/man3/EVP_PKEY_encrypt.pod @@ -2,6 +2,7 @@ =head1 NAME +EVP_PKEY_encrypt_init_ex, EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm =head1 SYNOPSIS @@ -9,6 +10,7 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm #include int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); @@ -18,6 +20,10 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm The EVP_PKEY_encrypt_init() function initializes a public key algorithm context using key B for an encryption operation. +The EVP_PKEY_encrypt_init_ex() function initializes a public key algorithm +context using key B for an encryption operation and sets the +algorithm specific B. + The EVP_PKEY_encrypt() function performs a public key encryption operation using B. The data to be encrypted is specified using the B and B parameters. If B is B then the maximum size of the output @@ -30,16 +36,18 @@ B and the amount of data written to B. After the call to EVP_PKEY_encrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation. These operations can be included in the EVP_PKEY_encrypt_init_ex() +call. The function EVP_PKEY_encrypt() can be called more than once on the same context if several operations are performed using the same parameters. =head1 RETURN VALUES -EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. +EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt_init_ex() and EVP_PKEY_encrypt() +return 1 for success and 0 or a negative value for failure. In particular a +return value of -2 indicates the operation is not supported by the public key +algorithm. =head1 EXAMPLES diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod index bd65bd9237..1e2f71862a 100644 --- a/doc/man3/EVP_PKEY_sign.pod +++ b/doc/man3/EVP_PKEY_sign.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_PKEY_sign_init, EVP_PKEY_sign +EVP_PKEY_sign_init, EVP_PKEY_sign_init_ex, EVP_PKEY_sign - sign using a public key algorithm =head1 SYNOPSIS @@ -10,6 +10,7 @@ EVP_PKEY_sign_init, EVP_PKEY_sign #include int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); @@ -22,6 +23,9 @@ using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L for more information about implicit fetches. +EVP_PKEY_sign_init_ex() is the same as EVP_PKEY_sign_init() but additionally +sets the passed parameters I on the context before returning. + The EVP_PKEY_sign() function performs a public key signing operation using I. The data to be signed is specified using the I and I parameters. If I is NULL then the maximum size of the output @@ -105,7 +109,10 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.0.0. +The EVP_PKEY_sign_init() and EVP_PKEY_sign() functions were added in +OpenSSL 1.0.0. + +The EVP_PKEY_sign_init_ex() function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod index c41525246a..972c5c54b9 100644 --- a/doc/man3/EVP_PKEY_verify.pod +++ b/doc/man3/EVP_PKEY_verify.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_PKEY_verify_init, EVP_PKEY_verify +EVP_PKEY_verify_init, EVP_PKEY_verify_init_ex, EVP_PKEY_verify - signature verification using a public key algorithm =head1 SYNOPSIS @@ -10,6 +10,7 @@ EVP_PKEY_verify_init, EVP_PKEY_verify #include int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); @@ -22,6 +23,9 @@ using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L for more information about implicit fetches. +EVP_PKEY_verify_init_ex() is the same as EVP_PKEY_verify_init() but additionally +sets the passed parameters I on the context before returning. + The EVP_PKEY_verify() function performs a public key verification operation using I. The signature is specified using the I and I parameters. The verified data (i.e. the data believed originally @@ -93,7 +97,10 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.0.0. +The EVP_PKEY_verify_init() and EVP_PKEY_verify() functions were added in +OpenSSL 1.0.0. + +The EVP_PKEY_verify_init_ex() function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index e8acd6ab8d..5b7535007c 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover_init_ex, +EVP_PKEY_verify_recover - recover signature using a public key algorithm =head1 SYNOPSIS @@ -10,6 +11,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover #include int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, + const OSSL_PARAM params[]); int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, const unsigned char *sig, size_t siglen); @@ -22,6 +25,10 @@ using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L for more information about implicit fetches. +EVP_PKEY_verify_recover_init_ex() is the same as +EVP_PKEY_verify_recover_init() but additionally sets the passed parameters +I on the context before returning. + The EVP_PKEY_verify_recover() function recovers signed data using I. The signature is specified using the I and I parameters. If I is NULL then the maximum size of the output @@ -104,7 +111,10 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.0.0. +The EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() +functions were added in OpenSSL 1.0.0. + +The EVP_PKEY_verify_recover_init_ex() function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod index eaa7715bfb..ca77320baa 100644 --- a/doc/man3/RSA_private_encrypt.pod +++ b/doc/man3/RSA_private_encrypt.pod @@ -21,8 +21,9 @@ L: =head1 DESCRIPTION Both of the functions described on this page are deprecated. -Applications should instead use L, -L, L and L. +Applications should instead use L, +L, L and +L. These functions handle RSA signatures at a low-level. diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod index 566b245f3f..1624c16002 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -21,8 +21,9 @@ L: =head1 DESCRIPTION Both of the functions described on this page are deprecated. -Applications should instead use L, -L, L and L. +Applications should instead use L, +L, L and +L. RSA_public_encrypt() encrypts the B bytes at B (usually a session key) using the public key B and stores the ciphertext in diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod index 939dc76f76..108fbceceb 100644 --- a/doc/man7/provider-asym_cipher.pod +++ b/doc/man7/provider-asym_cipher.pod @@ -23,13 +23,15 @@ provider-asym_cipher - The asym_cipher library E-E provider functions void *OSSL_FUNC_asym_cipher_dupctx(void *ctx); /* Encryption */ - int OSSL_FUNC_asym_cipher_encrypt_init(void *ctx, void *provkey); + int OSSL_FUNC_asym_cipher_encrypt_init(void *ctx, void *provkey, + const OSSL_PARAM params[]); int OSSL_FUNC_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen); /* Decryption */ - int OSSL_FUNC_asym_cipher_decrypt_init(void *ctx, void *provkey); + int OSSL_FUNC_asym_cipher_decrypt_init(void *ctx, void *provkey, + const OSSL_PARAM params[]); int OSSL_FUNC_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen); @@ -122,10 +124,11 @@ context in the I parameter and return the duplicate copy. OSSL_FUNC_asym_cipher_encrypt_init() initialises a context for an asymmetric encryption given a provider side asymmetric cipher context in the I parameter, and a pointer to a provider key object in the I parameter. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_asym_cipher_set_ctx_params(). The key object should have been previously generated, loaded or imported into the provider using the key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. - OSSL_FUNC_asym_cipher_encrypt() performs the actual encryption itself. A previously initialised asymmetric cipher context is passed in the I parameter. @@ -143,6 +146,8 @@ written to I<*outlen>. OSSL_FUNC_asym_cipher_decrypt_init() initialises a context for an asymmetric decryption given a provider side asymmetric cipher context in the I parameter, and a pointer to a provider key object in the I parameter. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_asym_cipher_set_ctx_params(). The key object should have been previously generated, loaded or imported into the provider using the key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. @@ -168,9 +173,12 @@ functions. OSSL_FUNC_asym_cipher_get_ctx_params() gets asymmetric cipher parameters associated with the given provider side asymmetric cipher context I and stores them in I. +Passing NULL for I should return true. + OSSL_FUNC_asym_cipher_set_ctx_params() sets the asymmetric cipher parameters associated with the given provider side asymmetric cipher context I to I. Any parameter settings are additional to any that were previously set. +Passing NULL for I should return true. Parameters currently recognised by built-in asymmetric cipher algorithms are as follows. diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 133ee07d67..de5be060a1 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -25,10 +25,10 @@ provider-cipher - The cipher library E-E provider functions /* Encryption/decryption */ int OSSL_FUNC_cipher_encrypt_init(void *cctx, const unsigned char *key, size_t keylen, const unsigned char *iv, - size_t ivlen); + size_t ivlen, const OSSL_PARAM params[]); int OSSL_FUNC_cipher_decrypt_init(void *cctx, const unsigned char *key, size_t keylen, const unsigned char *iv, - size_t ivlen); + size_t ivlen, const OSSL_PARAM params[]); int OSSL_FUNC_cipher_update(void *cctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl); int OSSL_FUNC_cipher_final(void *cctx, unsigned char *out, size_t *outl, @@ -129,6 +129,8 @@ OSSL_FUNC_cipher_encrypt_init() initialises a cipher operation for encryption gi newly created provider side cipher context in the I parameter. The key to be used is given in I which is I bytes long. The IV to be used is given in I which is I bytes long. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_cipher_set_ctx_params(). OSSL_FUNC_cipher_decrypt_init() is the same as OSSL_FUNC_cipher_encrypt_init() except that it initialises the context for a decryption operation. @@ -184,9 +186,11 @@ and stores them in I. OSSL_FUNC_cipher_set_ctx_params() sets cipher operation parameters for the provider side cipher context I to I. Any parameter settings are additional to any that were previously set. +Passing NULL for I should return true. OSSL_FUNC_cipher_get_ctx_params() gets cipher operation details details from the given provider side cipher context I and stores them in I. +Passing NULL for I should return true. OSSL_FUNC_cipher_gettable_params(), OSSL_FUNC_cipher_gettable_ctx_params(), and OSSL_FUNC_cipher_settable_ctx_params() all return constant B diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 7165827160..ce53c61de4 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -22,7 +22,7 @@ provider-digest - The digest library E-E provider functions void *OSSL_FUNC_digest_dupctx(void *dctx); /* Digest generation */ - int OSSL_FUNC_digest_init(void *dctx); + int OSSL_FUNC_digest_init(void *dctx, const OSSL_PARAM params[]); int OSSL_FUNC_digest_update(void *dctx, const unsigned char *in, size_t inl); int OSSL_FUNC_digest_final(void *dctx, unsigned char *out, size_t *outl, size_t outsz); @@ -115,6 +115,8 @@ I parameter and return the duplicate copy. OSSL_FUNC_digest_init() initialises a digest operation given a newly created provider side digest context in the I parameter. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_digest_set_ctx_params(). OSSL_FUNC_digest_update() is called to supply data to be digested as part of a previously initialised digest operation. @@ -150,9 +152,11 @@ and stores them in I. OSSL_FUNC_digest_set_ctx_params() sets digest operation parameters for the provider side digest context I to I. Any parameter settings are additional to any that were previously set. +Passing NULL for I should return true. OSSL_FUNC_digest_get_ctx_params() gets digest operation details details from the given provider side digest context I and stores them in I. +Passing NULL for I should return true. OSSL_FUNC_digest_gettable_params() returns a constant B array containing descriptors of the parameters that OSSL_FUNC_digest_get_params() diff --git a/doc/man7/provider-encoder.pod b/doc/man7/provider-encoder.pod index 2fcbd6499a..5e34b7a394 100644 --- a/doc/man7/provider-encoder.pod +++ b/doc/man7/provider-encoder.pod @@ -197,6 +197,7 @@ OSSL_FUNC_encoder_newctx(). OSSL_FUNC_encoder_set_ctx_params() sets context data according to parameters from I that it recognises. Unrecognised parameters should be ignored. +Passing NULL for I should return true. OSSL_FUNC_encoder_settable_ctx_params() returns a constant B array describing the parameters that OSSL_FUNC_encoder_set_ctx_params() diff --git a/doc/man7/provider-kdf.pod b/doc/man7/provider-kdf.pod index 0b13537e8d..fb9e30a843 100644 --- a/doc/man7/provider-kdf.pod +++ b/doc/man7/provider-kdf.pod @@ -127,9 +127,11 @@ provider algorithm and stores them in I. OSSL_FUNC_kdf_set_ctx_params() sets KDF parameters associated with the given provider side KDF context I to I. Any parameter settings are additional to any that were previously set. +Passing NULL for I should return true. OSSL_FUNC_kdf_get_ctx_params() retrieves gettable parameter values associated with the given provider side KDF context I and stores them in I. +Passing NULL for I should return true. OSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params(), and OSSL_FUNC_kdf_settable_ctx_params() all return constant B diff --git a/doc/man7/provider-kem.pod b/doc/man7/provider-kem.pod index 7903fb8ca4..3ed9ff11fc 100644 --- a/doc/man7/provider-kem.pod +++ b/doc/man7/provider-kem.pod @@ -23,7 +23,8 @@ provider-kem - The kem library E-E provider functions void *OSSL_FUNC_kem_dupctx(void *ctx); /* Encapsulation */ - int OSSL_FUNC_kem_encapsulate_init(void *ctx, void *provkey, const char *name); + int OSSL_FUNC_kem_encapsulate_init(void *ctx, void *provkey, const char *name, + const OSSL_PARAM params[]); int OSSL_FUNC_kem_encapsulate(void *ctx, unsigned char *out, size_t *outlen, unsigned char *secret, size_t *secretlen); @@ -120,6 +121,8 @@ OSSL_FUNC_kem_encapsulate_init() initialises a context for an asymmetric encapsulation given a provider side asymmetric kem context in the I parameter, a pointer to a provider key object in the I parameter and the I of the algorithm. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_kem_set_ctx_params(). The key object should have been previously generated, loaded or imported into the provider using the key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. @@ -168,9 +171,12 @@ functions. OSSL_FUNC_kem_get_ctx_params() gets asymmetric kem parameters associated with the given provider side asymmetric kem context I and stores them in I. +Passing NULL for I should return true. + OSSL_FUNC_kem_set_ctx_params() sets the asymmetric kem parameters associated with the given provider side asymmetric kem context I to I. Any parameter settings are additional to any that were previously set. +Passing NULL for I should return true. No parameters are currently recognised by built-in asymmetric kem algorithms. diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod index b353f760bd..0fc36c5da6 100644 --- a/doc/man7/provider-keyexch.pod +++ b/doc/man7/provider-keyexch.pod @@ -23,7 +23,8 @@ provider-keyexch - The keyexch library E-E provider functions void *OSSL_FUNC_keyexch_dupctx(void *ctx); /* Shared secret derivation */ - int OSSL_FUNC_keyexch_init(void *ctx, void *provkey); + int OSSL_FUNC_keyexch_init(void *ctx, void *provkey, + const OSSL_PARAM params[]); int OSSL_FUNC_keyexch_set_peer(void *ctx, void *provkey); int OSSL_FUNC_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen, size_t outlen); @@ -107,7 +108,10 @@ the I parameter and return the duplicate copy. OSSL_FUNC_keyexch_init() initialises a key exchange operation given a provider side key exchange context in the I parameter, and a pointer to a provider key object -in the I parameter. The key object should have been previously +in the I parameter. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_keyexch_set_params(). +The key object should have been previously generated, loaded or imported into the provider using the key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. @@ -135,10 +139,12 @@ OSSL_FUNC_keyexch_set_ctx_params() sets key exchange parameters associated with given provider side key exchange context I to I, see L. Any parameter settings are additional to any that were previously set. +Passing NULL for I should return true. OSSL_FUNC_keyexch_get_ctx_params() gets key exchange parameters associated with the given provider side key exchange context I into I, see L. +Passing NULL for I should return true. OSSL_FUNC_keyexch_settable_ctx_params() yields a constant B array that describes the settable parameters, i.e. parameters that can be used with diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 2156ed9b7f..fa901b2742 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -19,7 +19,8 @@ provider-keymgmt - The KEYMGMT library E-E provider functions void OSSL_FUNC_keymgmt_free(void *keydata); /* Generation, a more complex constructor */ - void *OSSL_FUNC_keymgmt_gen_init(void *provctx, int selection); + void *OSSL_FUNC_keymgmt_gen_init(void *provctx, int selection, + const OSSL_PARAM params[]); int OSSL_FUNC_keymgmt_gen_set_template(void *genctx, void *template); int OSSL_FUNC_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]); const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_settable_params(void *genctx, @@ -222,6 +223,8 @@ more elaborate context based key object constructor. OSSL_FUNC_keymgmt_gen_init() should create the key object generation context and initialize it with I, which will determine what kind of contents the key object to be generated should get. +The I, if not NULL, should be set on the context in a manner similar to +using OSSL_FUNC_keymgmt_set_params(). OSSL_FUNC_keymgmt_gen_set_template() should add I