From waywardgeek at google.com Sat Aug 1 00:09:12 2015 From: waywardgeek at google.com (Bill Cox) Date: Fri, 31 Jul 2015 17:09:12 -0700 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731234315.17788996.70845.14629@ll.mit.edu> References: <20150731234315.17788996.70845.14629@ll.mit.edu> Message-ID: On Fri, Jul 31, 2015 at 4:43 PM, Blumenthal, Uri - 0553 - MITLL < uri at ll.mit.edu> wrote: > I think adding the recommended check would be beneficial. Considering the > frequency of ?key generation, performance impact shouldn't matter all that > much. > Samuel's argument above is one I've heard before from Thomas Porin, which is why I was not recommending we do or do not do this check. I was just estimating the performance hit. I personally have not gone over the paper Samuel linked to other than to read the abstract. However, assuming the paper's claims are correct, which seems to be backed up by these two fine cryptography experts, I think the additional check would do more harm than good. Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From uri at ll.mit.edu Sat Aug 1 00:12:35 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Sat, 1 Aug 2015 00:12:35 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) Message-ID: <20150801001242.17788996.33329.14635@ll.mit.edu> I hear you. Let me discuss this with? my colleagues, and get back to the list if they see good reasons to add this check. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. From: Bill Cox Sent: Friday, July 31, 2015 20:09 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] common factors in (p-1) and (q-1) On Fri, Jul 31, 2015 at 4:43 PM, Blumenthal, Uri - 0553 - MITLL wrote: I think adding the recommended check would be beneficial. Considering the frequency of ?key generation, performance impact shouldn't matter all that much.? Samuel's argument above is one I've heard before from Thomas Porin, which is why I was not recommending we do or do not do this check.? I was just estimating the performance hit. I personally have not gone over the paper Samuel linked to other than to read the abstract.? However, assuming the paper's claims are correct, which seems to be backed up by these two fine cryptography experts, I think the additional check would do more harm than good. Bill? -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From openssl-users at dukhovni.org Sat Aug 1 02:06:59 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 1 Aug 2015 02:06:59 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731233108.Horde.L_3gtPaeghlpGXXRQ9JEUw7@bluepacific.oceania.com.au> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731160154.GA2900@zoho.com> <20150731233108.Horde.L_3gtPaeghlpGXXRQ9JEUw7@bluepacific.oceania.com.au> Message-ID: <20150801020658.GX4347@mournblade.imrryr.org> On Fri, Jul 31, 2015 at 11:31:08PM +0000, paul at securecottage.com wrote: > I have checked through the key generation code of the openssl ssl code. Not carefully enough... > I > hacked it to report the greatest common divisor of p-1 and q-1. I then ran > 100 key generations. It only had greatest common divisors of 2, 4 , 8, and > 16. There were no other primes reported besides small powers of 2. The reason is that all the pseudo-primes generated for testing are sieved to avoid numbers that are congruent to either 0 or 1 mod p for each of the first 2048 primes other than 2 (2 is avoided by forcing the low bit to 1). Thus any odd factor of (p-1) or (q-1) is necessarily larger than the 2048th prime or 17863. To see an appreciable chance of such a common factor you need O(20000) trials. While a check to avoid gcd(p-1, q-1) > 2 is not too expensive, it is not clear that it is worth the trouble. Perhaps it should be done anyway, just because we can, but I am not convinced. -- Viktor. From rt at openssl.org Sat Aug 1 02:07:20 2015 From: rt at openssl.org (Stuart, Harold via RT) Date: Sat, 01 Aug 2015 02:07:20 +0000 Subject: [openssl-dev] [openssl.org #3976] Bug report In-Reply-To: <4F0B5D0C-F6FF-4838-9F18-7BB7B69A65DA@bluecoat.com> References: <4F0B5D0C-F6FF-4838-9F18-7BB7B69A65DA@bluecoat.com> Message-ID: The cryptographic engineering team at Blue Coat systems is conducting a review of OpenSSL and have found the following minor bug. We would appreciate your consideration. Observe the following lines in evp_enc.c: if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); if (!out->cipher_data) { EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); return 0; } memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); Note that in->cipher data is checked for NULL, which implies that in->cipher_data can be NULL. Now, take a look at function ads_ccm_ctrl, which is what in->cipher_ctrl points to: static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { EVP_AES_CCM_CTX *cctx = c->cipher_data; switch (type) { case EVP_CTRL_INIT: cctx->key_set = 0; cctx->iv_set = 0; cctx->L = 8; cctx->M = 12; cctx->tag_set = 0; cctx->len_set = 0; return 1; Note that c->cipher_data has been dereferenced, even though it may be NULL. Thanks, Harold Stuart Senior Staff Engineer Blue Coat Systems, Inc. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Sat Aug 1 02:14:30 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Sat, 01 Aug 2015 02:14:30 +0000 Subject: [openssl-dev] [openssl.org #3976] Bug report In-Reply-To: <37402c45adc64dfba3f37a6f177aa678@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <4F0B5D0C-F6FF-4838-9F18-7BB7B69A65DA@bluecoat.com> <37402c45adc64dfba3f37a6f177aa678@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: My feeling is that you should not be copying an EVP if data is NULL and that the earlier null checks are erroneous. But I could be wrong. From mancha1 at zoho.com Sat Aug 1 13:18:30 2015 From: mancha1 at zoho.com (mancha) Date: Sat, 1 Aug 2015 13:18:30 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731233108.Horde.L_3gtPaeghlpGXXRQ9JEUw7@bluepacific.oceania.com.au> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731160154.GA2900@zoho.com> <20150731233108.Horde.L_3gtPaeghlpGXXRQ9JEUw7@bluepacific.oceania.com.au> Message-ID: <20150801131830.GC7416@zoho.com> On Fri, Jul 31, 2015 at 11:31:08PM +0000, paul at securecottage.com wrote: > Hi Mancha, > > Since p*q-1==(p-1)*(q-1)+(p-1)+q-1) any prime that divides (p-1) and > (q-1) will divide all 4 of the terms in the definition of p*q-1. Thus > it will be a common factor in the totient. Hi Paul, many thanks for your reply. Yes, it's clear any f that divides both (p-1) and (q-1) also divides (pq-1), (p-1)(q-1), and p-q. In another email in this thread, I mention one concern regarding having p-1 and q-1 share a large factor is that searching for a private exponent d becomes easier as lcm((p-1),(q-1)) decreases. However, approximations for the distribution of g=gcd((p-1),(q-1)) for randomly chosen 1024-bit primes p,q estimate P(g<=20)=91% and P(g<=100)=98% and that largely allays this concern because it can be expected with high probability lcm((p-1),(q-1)) and (p-1)(q-1) will be close in size. That said, I am certainly supportive of your suggestion to use safe primes, thereby ensuring gcd((p-1),(q-1))=2, as long as it's not overly costly. Your concerns appear different, however. Please correct me if I misunderstood but it seems you require Mallory (who only has access to {n,e}) discover a factor f common to (p-1) and (q-1). My question was on the mechanics of how this discovery occurs assuming Mallory is able to fully factor pq-1 (ie. n-1). Thanks. --mancha > I have checked through the key generation code of the openssl ssl > code. I hacked it to report the greatest common divisor of p-1 and > q-1. I then ran 100 key generations. It only had greatest common > divisors of 2, 4 , 8, and 16. There were no other primes reported > besides small powers of 2. > > So there doesn't seem to be a practical problem with common divisors > in the openssl code. > > Still, I think this is a theoretical problem. There should be a > gcd(p-1,q-1)>16 check for the two primes in key generation. > > Paul > > > Quoting mancha : > > >On Fri, Jul 31, 2015 at 02:36:03AM +0000, paul at securecottage.com > >wrote: > >> > >>Hi there, > >> > >>I have looked at the RSA protocol a bit and have concluded that > >> > >>1) common factors in (p-1) and (q-1) are also in the factorisation > >>of (p*q-1). 2) by factoring (p*q-1) you can come up with candidates > >>for squares in the totient. 3) you can also come up with d mod > >>commonfactor^2 if there is a common factor. > >> > >>the math is shown in my wikipedia users page math blog at: > >> > >>https://en.wikipedia.org/wiki/User:Endo999#The_Bad_Stuff_That_Happens_When_There_Are_Common_Factors_Between_.28P-1.29_and_.28Q-1.29 > > > >[SNIP] > > > >Hi. How are you finding a common factor f such that f|(p-1) and > >f|(q-1)? > > > >Thanks. > > > >--mancha > > > >-- https://twitter.com/mancha140 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From mancha1 at zoho.com Sat Aug 1 13:22:32 2015 From: mancha1 at zoho.com (mancha) Date: Sat, 1 Aug 2015 13:22:32 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731184621.GS4347@mournblade.imrryr.org> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731184621.GS4347@mournblade.imrryr.org> Message-ID: <20150801132232.GD7416@zoho.com> On Fri, Jul 31, 2015 at 06:46:22PM +0000, Viktor Dukhovni wrote: > On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote: > > > Cool observation. From running a bit of Python code, it looks like > > the probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at > > least for random numbers between 2048 and 4096 bits long. It looks > > like putting in a GCD(p-1, q-1) check will slow down finding > > suitable p and q by around a factor of 6.5. > > A smaller slow-down would be incurred one were to restrict both of p,q > to 3 mod 4. In that case 2 would be the largest common even factor of > (p-1) and (q-1), and any appreciably large common odd factor > (necessarily above 17863 due to how each of p/q is chosen) would be > very rare. > > Is there a good argument for adding the gcd test? How big does the > common factor have to be for any information it might provide to be > substantially useful in finding 1/e mod phi(m)? > > The larger the common factor is, the smaller the probability of p-1 > and q-1 sharing it (for a given sufficiently large prime factor "r" of > (p-1), the probability of (q-1) also having that factor is 1/(r-1)). > If say "r" needs be 80 bits long to be useful in attacking RSA 1024, > then only ~1 in 2^80 (p-1,q-1) pairs will have such a common factor, > which is sufficiently rare not warrant any attention. > > Also one still needs to be able to fully factor (n-1). After tens of > thousands of trials, I managed to generate a (p,q,n) triple with a > 1024-bit modulus n in which (p-1,q-1) have a common odd factor. > > n = > 123727085863382195696899362818055010267368591819174730632443285012648773223152448218495408371737254282531468855140111723936275062312943433684139231097953508685462994307654703316031424869371422426773001891452680576333954733056995016189880381373567072504551999849596021790801362257131899242011337424119163152403 > > e = F_4 = 65537 > > gcd(p-1,q-1) = 2 * 28559 > > What can the OP tell us about d, p or q? Can anyone produce a full > factorization of n - 1? n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628672342337619064712331937685677843283385813601700381667290503026724160750373906990713551823941904482040860073543880341612964100618466865014941425056336718955019 -- https://twitter.com/mancha140 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From ben at links.org Sat Aug 1 13:50:00 2015 From: ben at links.org (Ben Laurie) Date: Sat, 01 Aug 2015 13:50:00 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150801132232.GD7416@zoho.com> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731184621.GS4347@mournblade.imrryr.org> <20150801132232.GD7416@zoho.com> Message-ID: On Sat, 1 Aug 2015 at 14:22 mancha wrote: > On Fri, Jul 31, 2015 at 06:46:22PM +0000, Viktor Dukhovni wrote: > > On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote: > > > > > Cool observation. From running a bit of Python code, it looks like > > > the probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at > > > least for random numbers between 2048 and 4096 bits long. It looks > > > like putting in a GCD(p-1, q-1) check will slow down finding > > > suitable p and q by around a factor of 6.5. > > > > A smaller slow-down would be incurred one were to restrict both of p,q > > to 3 mod 4. In that case 2 would be the largest common even factor of > > (p-1) and (q-1), and any appreciably large common odd factor > > (necessarily above 17863 due to how each of p/q is chosen) would be > > very rare. > > > > Is there a good argument for adding the gcd test? How big does the > > common factor have to be for any information it might provide to be > > substantially useful in finding 1/e mod phi(m)? > > > > The larger the common factor is, the smaller the probability of p-1 > > and q-1 sharing it (for a given sufficiently large prime factor "r" of > > (p-1), the probability of (q-1) also having that factor is 1/(r-1)). > > If say "r" needs be 80 bits long to be useful in attacking RSA 1024, > > then only ~1 in 2^80 (p-1,q-1) pairs will have such a common factor, > > which is sufficiently rare not warrant any attention. > > > > Also one still needs to be able to fully factor (n-1). After tens of > > thousands of trials, I managed to generate a (p,q,n) triple with a > > 1024-bit modulus n in which (p-1,q-1) have a common odd factor. > > > > n = > > > 123727085863382195696899362818055010267368591819174730632443285012648773223152448218495408371737254282531468855140111723936275062312943433684139231097953508685462994307654703316031424869371422426773001891452680576333954733056995016189880381373567072504551999849596021790801362257131899242011337424119163152403 > > > > e = F_4 = 65537 > > > > gcd(p-1,q-1) = 2 * 28559 > > > > What can the OP tell us about d, p or q? Can anyone produce a full > > factorization of n - 1? > > n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * > > 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628672342337619064712331937685677843283385813601700381667290503026724160750373906990713551823941904482040860073543880341612964100618466865014941425056336718955019 > That is not a prime factorisation. > > -- > https://twitter.com/mancha140 > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mancha1 at zoho.com Sat Aug 1 13:58:24 2015 From: mancha1 at zoho.com (mancha) Date: Sat, 1 Aug 2015 13:58:24 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731184621.GS4347@mournblade.imrryr.org> <20150801132232.GD7416@zoho.com> Message-ID: <20150801135824.GE7416@zoho.com> On Sat, Aug 01, 2015 at 01:50:00PM +0000, Ben Laurie wrote: > On Sat, 1 Aug 2015 at 14:22 mancha wrote: > > > On Fri, Jul 31, 2015 at 06:46:22PM +0000, Viktor Dukhovni wrote: > > > On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote: > > > > > > > Cool observation. From running a bit of Python code, it looks > > > > like the probability that GCD(p-1, p-q) == 4 is a bit higher > > > > than 15%, at least for random numbers between 2048 and 4096 bits > > > > long. It looks like putting in a GCD(p-1, q-1) check will slow > > > > down finding suitable p and q by around a factor of 6.5. > > > > > > A smaller slow-down would be incurred one were to restrict both of > > > p,q to 3 mod 4. In that case 2 would be the largest common even > > > factor of (p-1) and (q-1), and any appreciably large common odd > > > factor (necessarily above 17863 due to how each of p/q is chosen) > > > would be very rare. > > > > > > Is there a good argument for adding the gcd test? How big does > > > the common factor have to be for any information it might provide > > > to be substantially useful in finding 1/e mod phi(m)? > > > > > > The larger the common factor is, the smaller the probability of > > > p-1 and q-1 sharing it (for a given sufficiently large prime > > > factor "r" of (p-1), the probability of (q-1) also having that > > > factor is 1/(r-1)). If say "r" needs be 80 bits long to be useful > > > in attacking RSA 1024, then only ~1 in 2^80 (p-1,q-1) pairs will > > > have such a common factor, which is sufficiently rare not warrant > > > any attention. > > > > > > Also one still needs to be able to fully factor (n-1). After tens > > > of thousands of trials, I managed to generate a (p,q,n) triple > > > with a 1024-bit modulus n in which (p-1,q-1) have a common odd > > > factor. > > > > > > n = > > > > > 123727085863382195696899362818055010267368591819174730632443285012648773223152448218495408371737254282531468855140111723936275062312943433684139231097953508685462994307654703316031424869371422426773001891452680576333954733056995016189880381373567072504551999849596021790801362257131899242011337424119163152403 > > > > > > e = F_4 = 65537 > > > > > > gcd(p-1,q-1) = 2 * 28559 > > > > > > What can the OP tell us about d, p or q? Can anyone produce a > > > full factorization of n - 1? > > > > n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * > > > > 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628672342337619064712331937685677843283385813601700381667290503026724160750373906990713551823941904482040860073543880341612964100618466865014941425056336718955019 > > > > That is not a prime factorisation. Just helping get things started. Feel free to take over and claim the last number in my product. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From doctor at doctor.nl2k.ab.ca Sat Aug 1 15:02:07 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sat, 1 Aug 2015 09:02:07 -0600 Subject: [openssl-dev] NEed help Message-ID: <20150801150207.GA14960@doctor.nl2k.ab.ca> I am trying to compile openssl 1.0.2 SNAP 20150801 and now I get if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libcrypto.so.1.0.0); fi [ -z "" ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -ldl -lm -lc /usr/lib/libc.a(sha.o): In function `SHA': sha.o(.text+0x0): multiple definition of `SHA' libcrypto.a(sha_one.o):/usr/source/openssl-1.0.2-stable-SNAP-20150801/crypto/sha/sha_one.c:66: first defined here ld: Warning: size of symbol `SHA' changed from 142 to 92 in /usr/lib/libc.a(sha.o) /usr/lib/libc.a(malloc.o)(.text+0x16): undefined reference to `__progname' /usr/lib/libc.a(malloc.o)(.text+0xe0): undefined reference to `__progname' /usr/lib/libc.a(syslog.o): In function `vsyslog': syslog.o(.text+0x3a5): undefined reference to `__progname' /usr/lib/libc.a(getenv.o): In function `__findenv': getenv.o(.text+0x65): undefined reference to `environ' getenv.o(.text+0x72): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execl': exec.o(.text+0x103): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execv': exec.o(.text+0x26b): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execvp': exec.o(.text+0x400): undefined reference to `environ' /usr/lib/libc.a(exec.o)(.text+0x4da): more undefined references to `environ' follow *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. Pointers please on how to fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe From doctor at doctor.nl2k.ab.ca Sat Aug 1 15:25:32 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sat, 1 Aug 2015 09:25:32 -0600 Subject: [openssl-dev] Debugging a compile issue Message-ID: <20150801152531.GA15397@doctor.nl2k.ab.ca> A few weeks ago, I overloaded my server and compiler and now I get signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: OK signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify error *** Error code 1 Stop. *** Error code 1 Stop. How can debug and rectify the situation? I do need to move forward. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe From paul at securecottage.com Sun Aug 2 00:59:49 2015 From: paul at securecottage.com (paul at securecottage.com) Date: Sun, 02 Aug 2015 00:59:49 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) Message-ID: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> I'd like to thank several people for looking into my assertion that it is possible for common factors in p-1 and q-1 to leak from the factorisation of n-1. Particularly, Viktor Dukhovni, for trying tens of thousands of key generation iterations to see if common factors are possible. From Viktor's work and other people's comments I drew the following conclusions: Viktor Dukhovni reports, after looking at the rsa key generation code of openssl, that p-1 and q-1 are both checked for the first 2048 factors (up to 17863). As such such low primes are not possible as factors of either p-1 or q-1. However, common factors higher than 17863 are possible as factors of both p-1 and q-1. But it takes 20,000 key generations (not in safe mode) before such an event happens. He managed to get a common factor of gcd(p-1,q-1) = 2 * 28559 from the following 1024 bit rsa generated key (factorisation of p*q-1 is shown): n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628 67234233761906471233193768567784328338581360170038166729050302672416075037390699071355182394190448204086007354388034161296410061846686501 4941425056336718955019 Any rsa key generation in SAFE mode will always have a gcd(p-1,q-1)=2, so SAFE mode always avoids common factors. My conclusion is that openssl code can have common factors (must be above 17863) in its rsa keys every 20,000 key generations or so when not generated in SAFE mode, and that at this time approximately 30 bits of the totient will be revealed out of the 1024 bits of the full totient. There is, of course, no way of knowing which of the 20,000 key generations will have the common factors. Most people felt that the check (for gcd(p-1,q-1)> 16) was possible but they were not sure it was worth doing. I'd like to point out from a cyber-attack possibility the check is worth doing. In RSA_generate_key_ex() in rsa_gen.c the following code is seen: int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { #ifdef OPENSSL_FIPS if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); return 0; } #endif if (rsa->meth->rsa_keygen) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); #ifdef OPENSSL_FIPS if (FIPS_mode()) return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); #endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } Third party modules, or methods, can be added to openssl code and these can do the rsa key generation as in: if (rsa->meth->rsa_keygen) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); As such it is appropriate that some checks be made at RSA_generate_key_ex() to make sure that the other software hasn't returned a bad key. Openssl software is a significant part of the Internet security infastructure and so it would obviously be the target of hacking and cyber infiltration. Some redundant checks are appropriate because of this. A gcd(p-1,q-1)>16 check will disallow less than 1 percent of the currently acceptable keys, won't take much time to run, and would defeat cyber attempts to create a key with a significant common factor within it. Thanks Paul Cheffers From openssl-users at dukhovni.org Sun Aug 2 03:14:55 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sun, 2 Aug 2015 03:14:55 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> References: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> Message-ID: <20150802031455.GA19228@mournblade.imrryr.org> On Sun, Aug 02, 2015 at 12:59:49AM +0000, paul at securecottage.com wrote: > He managed to get a common factor of > gcd(p-1,q-1) = 2 * 28559 from the following 1024 bit rsa generated key > (factorisation of p*q-1 is shown): > > n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * > 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628 67234233761906471233193768567784328338581360170038166729050302672416075037390699071355182394190448204086007354388034161296410061846686501 > 4941425056336718955019 Note, the last factor is not a prime, but producing its prime factors may be non-trivial. > Any rsa key generation in SAFE mode will always have a gcd(p-1,q-1)=2, so > SAFE mode always avoids common factors. Safe (Sophie Germain) primes are too expensive to generate, if your concerns are warranted, the simpler approach is to reject q when GCD (p-1,q-1) != 2. We can set p = 3 mod 4, to ensure that no higher power of 2 is ever possible. The GCD check will then rarely fail, so the overhead is mostly just the GCD check (much faster than generating "safe" primes). > My conclusion is that openssl code can have common factors (must be above > 17863) in its rsa keys every 20,000 key generations or so when not generated > in SAFE mode, and that at this time approximately 30 bits of the totient > will be revealed out of the 1024 bits of the full totient. There is, of > course, no way of knowing which of the 20,000 key generations will have the > common factors. It is a bit of a leap to claim a leak of 30 bits, because there's no obvious way to know which if any of the prime factors of (n-1) are also shared by (p-1) and (q-1). Also knowing d (e^-1) modulo an ~30 bit number, is not nearly so tidy as knowing "30 bits of d". The key question is whether this information can help speed up GNFS. Speeding up a brute force search through a 1024-bit keyspace by 30 bits is no use at all. I don't know enough about GNFS to comment on whether such residues can actually help speed factoring. Perhaps you are arguing that the GCD check is cheap, and should be done out of "an abundance of caution". That might be true, but I'd like to hear that advice from someone well versed in state of the art factorization methods. -- Viktor. From j at w1.fi Sun Aug 2 14:13:32 2015 From: j at w1.fi (Jouni Malinen) Date: Sun, 2 Aug 2015 17:13:32 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <55BBCE4E.1060903@openssl.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> <55B6B079.9040009@openssl.org> <20150728140938.GA4079@w1.fi> <55B9F5CD.7010901@openssl.org> <20150731175143.GA5276@w1.fi> <55BBC941.2090302@openssl.org> <55BBCE4E.1060903@openssl.org> Message-ID: <20150802141332.GA23923@w1.fi> On Fri, Jul 31, 2015 at 08:36:46PM +0100, Matt Caswell wrote: > https://github.com/openssl/openssl/commit/e1e088ec7f2f33c4c4ad31312d62c536441d4358 Thanks! With this, all my EAP test cases are now passing with the OpenSSL master branch snapshot. -- Jouni Malinen PGP id EFC895FA From mehdisotoodeh at gmail.com Sun Aug 2 15:31:19 2015 From: mehdisotoodeh at gmail.com (Mehdi Sotoodeh) Date: Sun, 2 Aug 2015 08:31:19 -0700 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150802031455.GA19228@mournblade.imrryr.org> References: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> <20150802031455.GA19228@mournblade.imrryr.org> Message-ID: This characteristic is not limited to common factors of p-1 and q-1. For every factor of (p-1) (and similarly for q-1) there exists a k where p*q+k having same factor. In this case p-1 and q+k are sharing the same factor: p*q+k = (p-1)(q-1) + (p-1) + (q+k). Based on this GCD(n+x,n+y) for a range of x and y's can reveal some factors of (p-1)(q-1). On Sat, Aug 1, 2015 at 8:14 PM, Viktor Dukhovni wrote: > On Sun, Aug 02, 2015 at 12:59:49AM +0000, paul at securecottage.com wrote: > > > He managed to get a common factor of > > gcd(p-1,q-1) = 2 * 28559 from the following 1024 bit rsa generated key > > (factorisation of p*q-1 is shown): > > > > n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * > > > 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628 > 67234233761906471233193768567784328338581360170038166729050302672416075037390699071355182394190448204086007354388034161296410061846686501 > > 4941425056336718955019 > > Note, the last factor is not a prime, but producing its prime > factors may be non-trivial. > > > Any rsa key generation in SAFE mode will always have a gcd(p-1,q-1)=2, so > > SAFE mode always avoids common factors. > > Safe (Sophie Germain) primes are too expensive to generate, if your > concerns are warranted, the simpler approach is to reject q when > GCD (p-1,q-1) != 2. We can set p = 3 mod 4, to ensure that no > higher power of 2 is ever possible. The GCD check will then rarely > fail, so the overhead is mostly just the GCD check (much faster > than generating "safe" primes). > > > My conclusion is that openssl code can have common factors (must be above > > 17863) in its rsa keys every 20,000 key generations or so when not > generated > > in SAFE mode, and that at this time approximately 30 bits of the totient > > will be revealed out of the 1024 bits of the full totient. There is, of > > course, no way of knowing which of the 20,000 key generations will have > the > > common factors. > > It is a bit of a leap to claim a leak of 30 bits, because there's > no obvious way to know which if any of the prime factors of (n-1) > are also shared by (p-1) and (q-1). Also knowing d (e^-1) modulo > an ~30 bit number, is not nearly so tidy as knowing "30 bits of d". > > The key question is whether this information can help speed up > GNFS. Speeding up a brute force search through a 1024-bit keyspace > by 30 bits is no use at all. > > I don't know enough about GNFS to comment on whether such residues > can actually help speed factoring. > > Perhaps you are arguing that the GCD check is cheap, and should be > done out of "an abundance of caution". That might be true, but > I'd like to hear that advice from someone well versed in state of > the art factorization methods. > > -- > Viktor. > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Sun Aug 2 17:47:13 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sun, 2 Aug 2015 17:47:13 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: References: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> <20150802031455.GA19228@mournblade.imrryr.org> Message-ID: <20150802174713.GC19228@mournblade.imrryr.org> On Sun, Aug 02, 2015 at 08:31:19AM -0700, Mehdi Sotoodeh wrote: > This characteristic is not limited to common factors of p-1 and q-1. For > every factor of (p-1) (and similarly for q-1) there exists a k where p*q+k > having same factor. In this case p-1 and q+k are sharing the same factor: > p*q+k = (p-1)(q-1) + (p-1) + (q+k). Based on this GCD(n+x,n+y) for a range > of x and y's can reveal some factors of (p-1)(q-1). For what it's worth, a common factor of (p-1) and (q-1), when it exists, in principle gets you twice as much information a common factor of either alone. It remains unclear whether such information is practically useful, and how you'd know you actually have it. Of course computing GCDs is much faster than factoring, but what sort of false positive rate should one expect? For (x,y) << n, how often will g=GCD(n + x, n + y) yield numbers that have nothing in common with either (p-1) or (q-1)? Any such g divides (x-y), and assuming wlog that r = x - y > 0, we can restate this as r | (n + x). Clearly for every r there is an x < r, such that r | (n + x). So there's no need to "search" for such pairs, just: Let r = some positive integer >= 2, with n mod r != 0. Let j,k = some non-negative integers. Let r' = r - (n mod r) Let y = r' + kr and x = y + jr. Then r | GCD(n+x, n+y). So every number will be a false positive, and no GCDs need to be computed at all. And of course this approach is rather impractical for finding large common factors, where-as, ECM might hypothetically find some large factor of (n-1) that (expontially rarely) just happens to be a factor of (p-1) and (q-1). It is not clear that finding modestly sized factors is particularly useful. -- Viktor. From uri at ll.mit.edu Sun Aug 2 21:41:48 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Sun, 2 Aug 2015 21:41:48 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) Message-ID: <20150802214157.17788996.89592.14722@ll.mit.edu> Viktor, This is my logic precisely:"Perhaps we should do this check, just because we can".? It makes things cryptographically better. Is it really necessary (better vs. good enough)? I don't know, maybe not. But the prudent approach seems to be closing as many of the potential loopholes as possible, even if we don't see an exploit coming from one right now. And it is possible to close this loophole without spending much on it, so why not? P.S. I didn't have a chance yet to discuss this with my colleagues. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Viktor Dukhovni Sent: Friday, July 31, 2015 22:07 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] common factors in (p-1) and (q-1) On Fri, Jul 31, 2015 at 11:31:08PM +0000, paul at securecottage.com wrote: > I have checked through the key generation code of the openssl ssl code. Not carefully enough... > I > hacked it to report the greatest common divisor of p-1 and q-1. I then ran > 100 key generations. It only had greatest common divisors of 2, 4 , 8, and > 16. There were no other primes reported besides small powers of 2. The reason is that all the pseudo-primes generated for testing are sieved to avoid numbers that are congruent to either 0 or 1 mod p for each of the first 2048 primes other than 2 (2 is avoided by forcing the low bit to 1). Thus any odd factor of (p-1) or (q-1) is necessarily larger than the 2048th prime or 17863. To see an appreciable chance of such a common factor you need O(20000) trials. While a check to avoid gcd(p-1, q-1) > 2 is not too expensive, it is not clear that it is worth the trouble. Perhaps it should be done anyway, just because we can, but I am not convinced. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From praveen at viptela.com Mon Aug 3 01:54:46 2015 From: praveen at viptela.com (Praveen Kariyanahalli) Date: Sun, 2 Aug 2015 18:54:46 -0700 Subject: [openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code In-Reply-To: References: Message-ID: Yes that worked. The previous version we were using 1.0.1m. Thanks for the quick turn around -Praveen On Wed, Jul 29, 2015 at 3:35 PM, Matt Caswell via RT wrote: > On Wed Jul 29 20:30:22 2015, praveen at viptela.com wrote: > > We seem to hit this assert with the latest code. Our sockets are all in > > non-blocking fashion. I dont see this assert in the previous releases. > > What was the last release you tried where this worked? Was this previously > working on a 1.0.2 release? > > > > > Can somebody throw more light on to this ? It is urgent. As we are not > able > > to migrate to this version because of this regression. > > Please can you try the attached patch and let me know if that makes any > difference. There seems to be an issue with DTLS1.2. If the underlying BIO > write buffers are full DTLS is supposed to drop the packet and clear out > the > internal OpenSSL buffer. This code was only testing for DTLS1 not DTLS1 and > DTLS1.2. If you are using DTLS1.2 then the internal buffer does not get > cleared > out, and the next time you try to write some data it falls over because the > buffer should be empty but it isn't. > > Matt > > -- -Praveen -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Mon Aug 3 01:55:07 2015 From: rt at openssl.org (Praveen Kariyanahalli via RT) Date: Mon, 03 Aug 2015 01:55:07 +0000 Subject: [openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code In-Reply-To: References: Message-ID: Yes that worked. The previous version we were using 1.0.1m. Thanks for the quick turn around -Praveen On Wed, Jul 29, 2015 at 3:35 PM, Matt Caswell via RT wrote: > On Wed Jul 29 20:30:22 2015, praveen at viptela.com wrote: > > We seem to hit this assert with the latest code. Our sockets are all in > > non-blocking fashion. I dont see this assert in the previous releases. > > What was the last release you tried where this worked? Was this previously > working on a 1.0.2 release? > > > > > Can somebody throw more light on to this ? It is urgent. As we are not > able > > to migrate to this version because of this regression. > > Please can you try the attached patch and let me know if that makes any > difference. There seems to be an issue with DTLS1.2. If the underlying BIO > write buffers are full DTLS is supposed to drop the packet and clear out > the > internal OpenSSL buffer. This code was only testing for DTLS1 not DTLS1 and > DTLS1.2. If you are using DTLS1.2 then the internal buffer does not get > cleared > out, and the next time you try to write some data it falls over because the > buffer should be empty but it isn't. > > Matt > > -- -Praveen From ho at cs.arizona.edu Mon Aug 3 02:08:52 2015 From: ho at cs.arizona.edu (Hilarie Orman) Date: Sun, 2 Aug 2015 20:08:52 -0600 Subject: [openssl-dev] common factors in (p-1) and (q-1) Message-ID: <201508030208.t7328qlY017653@sylvester.rhmr.com> For primes p and q for which p-1 and q-1 have no common factor <= n, probability of gcd(p, q) > 1 is very roughly 1/n. Therefore, 1. Use strong primes as in Rivest/Silverman. Simply described, choose large primes r and s. Choose small factors i and j, gcd(i, j) = 1. Find p such that 1+2*i*r is prime and q such that 1+2*j*s is prime. Or 2. Find large primes p and q such that gcd(p^2-1, q^2-1) < 10^6. Hilarie From openssl-users at dukhovni.org Mon Aug 3 04:04:01 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 3 Aug 2015 04:04:01 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <201508030208.t7328qlY017653@sylvester.rhmr.com> References: <201508030208.t7328qlY017653@sylvester.rhmr.com> Message-ID: <20150803040401.GK19228@mournblade.imrryr.org> On Sun, Aug 02, 2015 at 08:08:52PM -0600, Hilarie Orman wrote: > For primes p and q for which p-1 and q-1 have no common factor <= n, Other than 2 of course. > probability of gcd(p, q) > 1 is very roughly 1/n. That would be gcd(p-1, q-1), since gcd(p,q) is of course 1, unless p == q. > Therefore, > 1. Use strong primes as in Rivest/Silverman. Simply described, > choose large primes r and s. Choose small factors i and j, gcd(i, j) > = 1. Find p such that 1+2*i*r is prime and q such that 1+2*j*s is > prime. That's expensive to do. > 2. Find large primes p and q such that gcd(p^2-1, q^2-1) < 10^6. This is much cheaper, but why (p^2-1, q^2-1), rather than just (p-1, q-1). What use is a common factor (other than 2) of (p+1, q-1) or (p+1, q+1)? -- Viktor. From ho at cs.arizona.edu Mon Aug 3 06:07:18 2015 From: ho at cs.arizona.edu (Hilarie Orman) Date: Mon, 3 Aug 2015 00:07:18 -0600 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: Yourmessage <20150803040401.GK19228@mournblade.imrryr.org> Message-ID: <201508030607.t7367I9t017943@sylvester.rhmr.com> > Date: Mon, 3 Aug 2015 04:04:01 +0000 > From: Viktor Dukhovni > On Sun, Aug 02, 2015 at 08:08:52PM -0600, Hilarie Orman wrote: > > For primes p and q for which p-1 and q-1 have no common factor <= n, > Other than 2 of course. Of course. > > probability of gcd(p, q) > 1 is very roughly 1/n. > That would be gcd(p-1, q-1), since gcd(p,q) is of course 1, > unless p == q. Thank you. Yes, of course. > > Therefore, > > 1. Use strong primes as in Rivest/Silverman. Simply described, > > choose large primes r and s. Choose small factors i and j, gcd(i, j) > > = 1. Find p such that 1+2*i*r is prime and q such that 1+2*j*s is > > prime. > That's expensive to do. Twice as expensive. Is that really expensive? > > 2. Find large primes p and q such that gcd(p^2-1, q^2-1) < 10^6. > This is much cheaper, but why (p^2-1, q^2-1), rather than just > (p-1, q-1). What use is a common factor (other than 2) of (p+1, > q-1) or (p+1, q+1)? Rules out Lucas sequences. > -- > Viktor. From rt at openssl.org Mon Aug 3 07:39:06 2015 From: rt at openssl.org (Matt Caswell via RT) Date: Mon, 03 Aug 2015 07:39:06 +0000 Subject: [openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code In-Reply-To: References: Message-ID: On Mon Aug 03 01:55:07 2015, praveen at viptela.com wrote: > Yes that worked. The previous version we were using 1.0.1m. Commit has been applied to git here: https://github.com/openssl/openssl/commit/9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f Closing ticket. Matt From mancha1 at zoho.com Mon Aug 3 11:23:28 2015 From: mancha1 at zoho.com (mancha) Date: Mon, 3 Aug 2015 11:23:28 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <201508030208.t7328qlY017653@sylvester.rhmr.com> References: <201508030208.t7328qlY017653@sylvester.rhmr.com> Message-ID: <20150803112328.GA1599@zoho.com> On Sun, Aug 02, 2015 at 08:08:52PM -0600, Hilarie Orman wrote: > For primes p and q for which p-1 and q-1 have no common factor <= n, > probability of gcd(p, q) > 1 is very roughly 1/n. Hi There's a typo or two here. Assuming p!=q, we always have gcd(p,q)=1. > > Therefore, 1. Use strong primes as in Rivest/Silverman. Simply > described, choose large primes r and s. Choose small factors i and j, > gcd(i, j) = 1. Find p such that 1+2*i*r is prime and q such that > 1+2*j*s is prime. This appears a generalization of safe primes (i=j=1) which aren't overly costly to generate. In fact, OpenSSL surely uses them already for Diffie-Hellman MODPs. If they don't I'd be surprised (and alarmed). An added small benefit is they mitigate Pollard's 'p-1' (only a concern should p-1 or q-1 happen to be extremely smooth). Strong primes have a bit more structure and afford protection against repeated encryption attacks. If, as sometimes required of strong primes p, p+1 must have a large prime factor, they also mitigate Williams' 'p+1' algo. > > Or > > 2. Find large primes p and q such that gcd(p^2-1, q^2-1) < 10^6. That's an interesting formulation. What's the importance of 10^6? Thanks. --mancha (https://twitter.com/mancha140) > > Hilarie -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From rt at openssl.org Mon Aug 3 12:03:26 2015 From: rt at openssl.org (sandeep umesh via RT) Date: Mon, 03 Aug 2015 12:03:26 +0000 Subject: [openssl-dev] [openssl.org #3977] bug report : Ubutu 12.0.4 : Openssl 1.0.1p : allowing connections with EXP cipher In-Reply-To: References: Message-ID: Hi, I updated openssl version to 1.0.1p (to address logjam) and configured sendmail. To verify the logjam fix, I used openssl s_client and connected to the smtp server. --------------- Default log: ---------------- $ openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher EXP CONNECTED(00000003) 140482363598496:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:757: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 443 bytes and written 108 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- $ openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher EXP-EDH-RSA-DES-CBC-SHA CONNECTED(00000003) 140483069028000:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:757: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 443 bytes and written 134 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Now, I configured sendmail to set the CIPHER LIST as ALL $cat /etc/mail/sendmail.cf ..... ..... O DHParameters=5 O CipherList=ALL $ Here, I observe that smtp is allowing connections with EXP-EDH-RSA-DES-CBC-SHA ciphers ------ Log: ------ $ openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 CONNECTED(00000003) depth=1 C = In, ST = Kar, L = Ban, O = IBM, CN = test verify error:num=19:self signed certificate in certificate chain verify return:0 140467858261664:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3366: --- Certificate chain 0 s:/C=In/ST=Kar/L=Ban/O=IBM/CN=test i:/C=In/ST=Kar/L=Ban/O=IBM/CN=test 1 s:/C=In/ST=Kar/L=Ban/O=IBM/CN=test i:/C=In/ST=Kar/L=Ban/O=IBM/CN=test --- Server certificate -----BEGIN CERTIFICATE----- MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJJbjEM MAoGA1UECAwDS2FyMQwwCgYDVQQHDANCYW4xDDAKBgNVBAoMA0lCTTENMAsGA1UE AwwEdGVzdDAeFw0xNTA4MDMxMDM0NDlaFw0xNjA4MDIxMDM0NDlaMEYxCzAJBgNV BAYTAkluMQwwCgYDVQQIDANLYXIxDDAKBgNVBAcMA0JhbjEMMAoGA1UECgwDSUJN MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvezpb zeN3b246bSI240IO2SXjk1IQVCdFY88LDurJPUZ6ifkPXm4XD32HfpXYrCCBYPHz fw5TjOIbAsyl7qSmeidKExapkvuWOhcnTfUIQabOJ6lJnDtWBRX31SXvP8TyuP7u qD6sJsSFq2ZhHNqvXcmKlpKMKSPjikB7uatkyQIDAQABo3sweTAJBgNVHRMEAjAA MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd BgNVHQ4EFgQULHCyiorz14LsQKUYOpYP2UdtzE8wHwYDVR0jBBgwFoAUVw8ulnsu iWYgrABr1o8JYlXXFJcwDQYJKoZIhvcNAQEFBQADgYEAj7oMBUwMaheaVo6VgS+r QyBzfPfZG6npRf65cpn9k5zyEqgn/B+3zFRw3oODo8zkQu3pF3+mOFsdaxsQfuGg u0aTWSs3EC8dNW4UxfNXIS82PH9cmVSi9go8+2w0InAQF+n13IT87nHDfgPjvZVO yDjGIxDUqyRCmiWoh8g0LyA= -----END CERTIFICATE----- subject=/C=In/ST=Kar/L=Ban/O=IBM/CN=test issuer=/C=In/ST=Kar/L=Ban/O=IBM/CN=test --- No client certificate CA names sent --- SSL handshake has read 2040 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1438601133 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- $ $ openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher EXP-EDH-RSA-DES-CBC-SHA CONNECTED(00000003) depth=1 C = In, ST = Kar, L = Ban, O = IBM, CN = test verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=In/ST=Kar/L=Ban/O=IBM/CN=test i:/C=In/ST=Kar/L=Ban/O=IBM/CN=test 1 s:/C=In/ST=Kar/L=Ban/O=IBM/CN=test i:/C=In/ST=Kar/L=Ban/O=IBM/CN=test --- Server certificate -----BEGIN CERTIFICATE----- MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJJbjEM MAoGA1UECAwDS2FyMQwwCgYDVQQHDANCYW4xDDAKBgNVBAoMA0lCTTENMAsGA1UE AwwEdGVzdDAeFw0xNTA4MDMxMDM0NDlaFw0xNjA4MDIxMDM0NDlaMEYxCzAJBgNV BAYTAkluMQwwCgYDVQQIDANLYXIxDDAKBgNVBAcMA0JhbjEMMAoGA1UECgwDSUJN MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvezpb zeN3b246bSI240IO2SXjk1IQVCdFY88LDurJPUZ6ifkPXm4XD32HfpXYrCCBYPHz fw5TjOIbAsyl7qSmeidKExapkvuWOhcnTfUIQabOJ6lJnDtWBRX31SXvP8TyuP7u qD6sJsSFq2ZhHNqvXcmKlpKMKSPjikB7uatkyQIDAQABo3sweTAJBgNVHRMEAjAA MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd BgNVHQ4EFgQULHCyiorz14LsQKUYOpYP2UdtzE8wHwYDVR0jBBgwFoAUVw8ulnsu iWYgrABr1o8JYlXXFJcwDQYJKoZIhvcNAQEFBQADgYEAj7oMBUwMaheaVo6VgS+r QyBzfPfZG6npRf65cpn9k5zyEqgn/B+3zFRw3oODo8zkQu3pF3+mOFsdaxsQfuGg u0aTWSs3EC8dNW4UxfNXIS82PH9cmVSi9go8+2w0InAQF+n13IT87nHDfgPjvZVO yDjGIxDUqyRCmiWoh8g0LyA= -----END CERTIFICATE----- subject=/C=In/ST=Kar/L=Ban/O=IBM/CN=test issuer=/C=In/ST=Kar/L=Ban/O=IBM/CN=test --- Acceptable client certificate CA names /C=In/ST=Kar/L=Ban/O=IBM/CN=test --- SSL handshake has read 2401 bytes and written 280 bytes --- New, TLSv1/SSLv3, Cipher is EXP-EDH-RSA-DES-CBC-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : EXP-EDH-RSA-DES-CBC-SHA Session-ID: 94D8F8A53F856AEF7A2B48A68E16D23FBD30D0791E07C3CE32840DCB09F16396 Session-ID-ctx: Master-Key: B38ED908A44158B5AE012BDA921A2881AF0F43DABACC2C3DDBBF0E9D29D5CDB724E774455136772BBAF3DBBAFE67DE8A Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 1 (seconds) TLS session ticket: 0000 - 7b 61 cf aa 7c 2c bd 5c-3f ce c3 5f 1e 80 59 19 {a..|,.\?.._..Y. 0010 - 3d 38 e8 3e 9e 2b e0 73-8f 94 c6 f0 58 ed a6 ed =8.>.+.s....X... 0020 - c6 27 e2 98 cc f8 68 88-8f 50 d2 1d 19 fb dc 77 .'....h..P.....w 0030 - 7c 8d 4b 4a 09 90 a4 88-0d 0f cf 98 da 9d f5 be |.KJ............ 0040 - 65 37 db 30 fa d9 1c 27-52 75 ee 51 b8 6a c8 81 e7.0...'Ru.Q.j.. 0050 - 84 7c 7c 87 36 f4 21 2a-51 87 73 92 24 8d 1d 55 .||.6.!*Q.s.$..U 0060 - 66 fa 7f 19 f9 9d b4 a6-4d 32 b7 aa e5 1a f3 a8 f.......M2...... 0070 - e3 07 ef 3d 62 db 3a 75-db 80 82 93 86 cc f1 55 ...=b.:u.......U 0080 - 26 8b f7 a2 af 04 eb 71-31 43 04 73 18 99 4d ea &......q1C.s..M. 0090 - 3b e0 63 4d d4 05 95 37-67 63 ce a7 33 a6 d7 e6 ;.cM...7gc..3... Start Time: 1438601220 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- 250 HELP As seen above, smtp is allowing the connection when configured with EXP-EDH-RSA-DES-CBC-SHA cipher As per the statement in https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ - "Export cipher suites are disabled by default" I was expecting that openssl will reject connection request with EXP cipher which is not happening as seen above. Could you please verify this? Thanks Regards Sandeep -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From mancha1 at zoho.com Mon Aug 3 12:48:56 2015 From: mancha1 at zoho.com (mancha) Date: Mon, 3 Aug 2015 12:48:56 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> References: <20150802005949.Horde.N0IjPnfTI9Nhz6oZMVfwng1@bluepacific.oceania.com.au> Message-ID: <20150803124856.GB1599@zoho.com> On Sun, Aug 02, 2015 at 12:59:49AM +0000, paul at securecottage.com wrote: > > I'd like to thank several people for looking into my assertion that it > is possible for common factors in p-1 and q-1 to leak from the > factorisation of n-1. Hi Paul. I came across a paper by Mckee and Pinch [1] you might be interested in. They describe an algo to factor n=pq when a common factor b of (p-1) and (q-1) is known. Fortunately (for RSA), their algo is O(N^(1/4)/b) so to just break even with GNFS the factor needs to be quite large: modulus (n) common factor (b) (bits) (bits) 512 64 1024 169 2048 395 3072 629 4096 868 A literature review might uncover other interesting (and more recent) ways to leverage common factors. > (factorisation of p*q-1 is shown): > > n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * > 5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628 > 67234233761906471233193768567784328338581360170038166729050302672416075037390699071355182394190448204086007354388034161296410061846686501 > 4941425056336718955019 Here's a slight improvement to my initial decomposition: 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 * 475108039391 * 2304683693240273 * 27081000093637206233815756979 * 184975060461462389844824492821434552152567410456158418229544246514131718793664172374877783767032501925392596713947281388784630550689770489020593012165694501623162932662905453122620777823162028887054350359842476275647758696138793577667109927 Note: factoring the last term in my product is left as an exercise to the reader. > Any rsa key generation in SAFE mode will always have a gcd(p-1,q-1)=2, > so SAFE mode always avoids common factors. > > My conclusion is that openssl code can have common factors (must be > above 17863) in its rsa keys every 20,000 key generations or so when > not generated in SAFE mode, and that at this time approximately 30 > bits of the totient will be revealed out of the 1024 bits of the full > totient. There is, of course, no way of knowing which of the 20,000 > key generations will have the common factors. > > Most people felt that the check (for gcd(p-1,q-1)> 16) was possible > but they were not sure it was worth doing. > > I'd like to point out from a cyber-attack possibility the check is > worth doing. Safe primes (p=2q+1) play an important role in Diffie-Hellman to avoid subgroup confinement attacks. I just confirmed OpenSSL does indeed use them for DH; from dh_builtin_genparams: if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) goto err; So, OpenSSL users are already quite used to whatever performance hit is associated with them. > As such it is appropriate that some checks be made at > RSA_generate_key_ex() to make sure that the other software hasn't > returned a bad key. Openssl software is a significant part of the > Internet security infastructure and so it would obviously be the > target of hacking and cyber infiltration. Some redundant checks are > appropriate because of this. > > A gcd(p-1,q-1)>16 check will disallow less than 1 percent of the > currently acceptable keys, won't take much time to run, and would > defeat cyber attempts to create a key with a significant common factor > within it. > > Thanks > > Paul Cheffers Given the low costs, one would be hard-pressed to find an intelligent objection to your suggestion. Thanks for bringing this up. --mancha (https://twitter.com/mancha140) --- [1] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.33.1333 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From openssl-users at dukhovni.org Mon Aug 3 14:09:33 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 3 Aug 2015 14:09:33 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <201508030607.t7367I9t017943@sylvester.rhmr.com> References: <20150803040401.GK19228@mournblade.imrryr.org> <201508030607.t7367I9t017943@sylvester.rhmr.com> Message-ID: <20150803140933.GM19228@mournblade.imrryr.org> On Mon, Aug 03, 2015 at 12:07:18AM -0600, Hilarie Orman wrote: > > > 1. Use strong primes as in Rivest/Silverman. Simply described, > > > choose large primes r and s. Choose small factors i and j, gcd(i, j) > > > = 1. Find p such that 1+2*i*r is prime and q such that 1+2*j*s is > > > prime. > > > That's expensive to do. > > Twice as expensive. Is that really expensive? Perhaps the algorithm used to generate strong (Sophie Germain) primes in OpenSSL is not optimal, but it is noticeably slow. The probability that both p and 2*p+1 are prime (taking p=11 mod 12 to avoid obvious problems mod 2 and 3) is I would guess the square of the probability that p alone is prime. For P around 1024 bits, 1 in ~350 odd numbers of that size is prime, so only 1 in ~350^2 candidates will be a strong prime. Now, you've relaxed the conditions to admit i!=1 and j!=1, by what algorithm does one quickly find i so that 1 + 2ir is also prime. It seems to be me, and just finding p = 3 mod 4 some prime, and q any other prime with gcd(p-1, q-1) = 2 is a lot faster. For each of p,q we already ensure that the residue modulo each of the first 2047 odd primes is neither 0 nor 1, so exceptions will be very rare. > > > 2. Find large primes p and q such that gcd(p^2-1, q^2-1) < 10^6. > > > This is much cheaper, but why (p^2-1, q^2-1), rather than just > > (p-1, q-1). What use is a common factor (other than 2) of (p+1, > > q-1) or (p+1, q+1)? > > Rules out Lucas sequences. What problem does that avoid for RSA? -- Viktor. From rt at openssl.org Mon Aug 3 14:20:37 2015 From: rt at openssl.org (Kurt Roeckx via RT) Date: Mon, 03 Aug 2015 14:20:37 +0000 Subject: [openssl-dev] [openssl.org #3977] bug report : Ubutu 12.0.4 : Openssl 1.0.1p : allowing connections with EXP cipher In-Reply-To: <20150803142030.GA30232@roeckx.be> References: <20150803142030.GA30232@roeckx.be> Message-ID: On Mon, Aug 03, 2015 at 12:03:26PM +0000, sandeep umesh via RT wrote: > I was expecting that openssl will reject connection request with EXP cipher > which is not happening as seen above. > Could you please verify this? Thanks If you configure it to allow export ciphers or ALL, of course it's going to allow them. The export ciphers have been removed from DEFAULT. Kurt From kurt at roeckx.be Mon Aug 3 14:34:57 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 3 Aug 2015 16:34:57 +0200 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> Message-ID: <20150803143457.GB30232@roeckx.be> On Fri, Jul 31, 2015 at 02:36:03AM +0000, paul at securecottage.com wrote: > I have looked at your latest source to see if you have a possible common > factor for (p-1) and (q-1) in your RSA key generation code. I've seen various proposals heres to generate what might be stronger RSA keys. But 1 question I have in such cases is would it be possible to improve the factorisation knowning the additional properties of the primes that were selected? Kurt From ho at cs.arizona.edu Mon Aug 3 16:04:55 2015 From: ho at cs.arizona.edu (Hilarie Orman) Date: Mon, 3 Aug 2015 10:04:55 -0600 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: Yourmessage <20150803140933.GM19228@mournblade.imrryr.org> Message-ID: <201508031604.t73G4tRL025094@sylvester.rhmr.com> On Mon, 3 Aug 2015 at 14:09:33 +0000 Viktor Dukhovni wrote: > On Mon, Aug 03, 2015 at 12:07:18AM -0600, Hilarie Orman wrote: > > > > 1. Use strong primes as in Rivest/Silverman. Simply described, > > > > choose large primes r and s. Choose small factors i and j, gcd(i, j) > > > > = 1. Find p such that 1+2*i*r is prime and q such that 1+2*j*s is > > > > prime. > > > > > That's expensive to do. > > > > Twice as expensive. Is that really expensive? > Perhaps the algorithm used to generate strong (Sophie Germain) > primes in OpenSSL is not optimal, but it is noticeably slow. > The probability that both p and 2*p+1 are prime (taking p=11 mod > 12 to avoid obvious problems mod 2 and 3) is I would guess the > square of the probability that p alone is prime. For P around 1024 > bits, 1 in ~350 odd numbers of that size is prime, so only 1 in > ~350^2 candidates will be a strong prime. > Now, you've relaxed the conditions to admit i!=1 and j!=1, by what > algorithm does one quickly find i so that 1 + 2ir is also prime. Because you can search through many 1+2*i*r combinations without the need to generate a new base prime, the search is much faster than for Sophie Germain primes. > It seems to be me, and just finding p = 3 mod 4 some prime, and q > any other prime with gcd(p-1, q-1) = 2 is a lot faster. For each > of p,q we already ensure that the residue modulo each of the first > 2047 odd primes is neither 0 nor 1, so exceptions will be very > rare. About one time in 20K. For running time comparisons to strong primes, the devil is in the details. > > > > 2. Find large primes p and q such that gcd(p^2-1, q^2-1) < 10^6. > > > > > This is much cheaper, but why (p^2-1, q^2-1), rather than just > > > (p-1, q-1). What use is a common factor (other than 2) of (p+1, > > > q-1) or (p+1, q+1)? > > > > Rules out Lucas sequences. > What problem does that avoid for RSA? Common factors in p+-1, q+-1 can be exploited to use Lucas sequences to factor pq. 10^6 is a heuristic. It will be about a million times as hard get a Lucas attack rolling if small factors are eliminated. Hilarie From quanah at zimbra.com Mon Aug 3 21:51:12 2015 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Mon, 03 Aug 2015 14:51:12 -0700 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150731092954.76ce2b8a@pc1> Message-ID: --On Friday, July 31, 2015 3:19 PM -0400 Brian Smith wrote: > > > > On Fri, Jul 31, 2015 at 12:29 PM, Hanno B?ck wrote: > > "Salz, Rich" wrote: > In the spirit of making OpenSSL as useful as possible for everyone? I > > > would consider a permissive license that's more compatible (e.g. MIT) a > wiser choice. > > > ? > I agree 100%. What is wrong with the ISC-style license that LibreSSL and > BoringSSL have been using to share code? Why not use that same license > for new code? The ability to share code between these projects is hugely > valuable, especially when it comes to getting security problems fixed in > a timely and secure manner. > > > Also, I question the need for people to sign a CLA to contribute to > OpenSSL. OpenSSL has been very successful for decades without a CLA > requirement. Lots of other projects are extremely successful without a > CLA. A CLA seems unnecessary. +1 It is curious as well that the openssl project did not solicit feedback from it's community before announcing said license change to see what the general consensus of the community is on the best path forward, and instead is moving towards a significantly more restrictive license than what OpenSSL was previously offered under. --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From matt at openssl.org Mon Aug 3 22:02:05 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 03 Aug 2015 23:02:05 +0100 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150731092954.76ce2b8a@pc1> Message-ID: <55BFE4DD.4030507@openssl.org> On 03/08/15 22:51, Quanah Gibson-Mount wrote: > It is curious as well that the openssl project did not solicit feedback > from it's community before announcing said license change to see what > the general consensus of the community is on the best path forward, and > instead is moving towards a significantly more restrictive license than > what OpenSSL was previously offered under. In what way do you see it as more restrictive? That is not the intent. Matt From quanah at zimbra.com Mon Aug 3 23:37:12 2015 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Mon, 03 Aug 2015 16:37:12 -0700 Subject: [openssl-dev] We're working on license changes In-Reply-To: <55BFE4DD.4030507@openssl.org> References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150731092954.76ce2b8a@pc1> <55BFE4DD.4030507@openssl.org> Message-ID: <6C5D6A4CB413A1DD87777230@[192.168.1.9]> --On Tuesday, August 04, 2015 12:02 AM +0100 Matt Caswell wrote: > > > On 03/08/15 22:51, Quanah Gibson-Mount wrote: >> It is curious as well that the openssl project did not solicit feedback >> from it's community before announcing said license change to see what >> the general consensus of the community is on the best path forward, and >> instead is moving towards a significantly more restrictive license than >> what OpenSSL was previously offered under. > > In what way do you see it as more restrictive? That is not the intent. 1) Still incompatible with the GPLv1 & v2, which is still used by lots of software products. This has been a long standing problem with the current license, which is something I'd hope to see resolved, not made permanent. 2) Item 4, Section (b): You must cause any modified files to carry prominent notices stating that You changed the files; and That bit is somewhat onerous, as many of us patch openssl frequently to make up for years old bugs (Such as lack of IPv6 support...). Currently, under the more open licensing style, I do not have to go through and make prominent notices about modifications to the files. Not impossible to deal with, but a pain. I also don't get why a CLA is required, overall. I much prefer a simple IPR if necessary, along the lines of: --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From rt at openssl.org Tue Aug 4 03:24:21 2015 From: rt at openssl.org (Patil, Ashwini IN BLR STS via RT) Date: Tue, 04 Aug 2015 03:24:21 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> Message-ID: Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From jifl at eCosCentric.com Tue Aug 4 03:40:06 2015 From: jifl at eCosCentric.com (Jonathan Larmour) Date: Tue, 04 Aug 2015 04:40:06 +0100 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150731092954.76ce2b8a@pc1> Message-ID: <55C03416.2050206@eCosCentric.com> On 31/07/15 19:19, Brian Smith wrote: > > Also, I question the need for people to sign a CLA to contribute to OpenSSL. > OpenSSL has been very successful for decades without a CLA requirement. Lots > of other projects are extremely successful without a CLA. A CLA seems unnecessary. More importantly in my mind, I find it difficult to imagine at this point that OpenSSL will verifiably be able to obtain a CLA from every person who has *ever* contributed to OpenSSL code. But I agree with others that if you can somehow manage it, then choosing something (L)GPLv2 compatible would be vastly better. Jifl -- eCosCentric Limited http://www.eCosCentric.com/ The eCos experts Barnwell House, Barnwell Drive, Cambridge, UK. Tel: +44 1223 245571 Registered in England and Wales: Reg No 4422071. ------["Si fractum non sit, noli id reficere"]------ Opinions==mine From ashwini.vpatil at siemens.com Tue Aug 4 03:49:39 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Tue, 4 Aug 2015 09:19:39 +0530 Subject: [openssl-dev] FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Message-ID: <8878620CF8603E45BB794422B7899E9E115D23BFDB@INBLRK77M1MSX.in002.siemens.net> Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows XP Service pack 3 currently . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 -------------- next part -------------- An HTML attachment was scrubbed... URL: From kannanar at cisco.com Tue Aug 4 04:08:05 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Tue, 4 Aug 2015 04:08:05 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: <55BB7326.7010108@openssl.org> Message-ID: Hi Team, Any updates plz. Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Friday, July 31, 2015 6:43 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Hi Matt, Thanks for the details. I can compile the same without any issues for Linux platform. But facing issues with Windows currently. Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Friday, July 31, 2015 6:38 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 On 31/07/15 13:51, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi All, > > Any pointers on this much appreciated. I just tried it and those options appear to be broken for 0.9.8. I suspect they've been that way for a long time. That version is only receiving security fixes now so it won't be fixed either. Your only option is to use a more up to date version (which is advisable anyway since security fixes stop for 0.9.8 at the end of this year). Matt > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Monday, July 27, 2015 9:39 AM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Hi Team, > > Can anyone share the thoughts on this? > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Thursday, July 23, 2015 5:46 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Any thoughts much appreciated. > > ~Kannan N. > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Wednesday, July 22, 2015 4:54 PM > To: openssl-dev at openssl.org > Subject: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Hi, > > To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. > > LINK : warning LNK4001: no object files specified; libraries used LINK > : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : > warning LNK4001: no object files specified; libraries used > SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl > SSLEAY32.def : error LNK2001: unresolved external symbol > BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved > external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved > external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: > unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : > error LNK2001: unresolved external symbol BIO_ssl_shutdown > SSLEAY32.def : error LNK2001: unresolved external symbol > DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external > symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external > symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved > external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: > unresolved e x > ternal symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: > unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error > LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : > error LNK2001: unresolved external symbol SSL_CIPHER_get_version > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved > external symbol SSL_COMP_get_compression_ SSLEAY32.def : error > LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : > error LNK2001: unresolved external symbol SSL_CTX_add_client_CA > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external > symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved > external symbol SSL_CTX_check_private_key > > Openssl Version: openssl-0.9.8zc > > Commands used: > > VCVARS32.BAT > perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 > --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak > > > > Thanks, > Kannan Narayanasamy. > > > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From matt at openssl.org Tue Aug 4 07:36:43 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 04 Aug 2015 08:36:43 +0100 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: <55BB7326.7010108@openssl.org> Message-ID: <55C06B8B.4040208@openssl.org> On 04/08/15 05:08, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi Team, > > Any updates plz. Like I said, I am able to recreate the issue on Windows but as 0.9.8 is only receiving security fixes it won't be fixed. Please use a more up to date version of OpenSSL. Matt > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) > Sent: Friday, July 31, 2015 6:43 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 > > Hi Matt, > > Thanks for the details. I can compile the same without any issues for Linux platform. But facing issues with Windows currently. > > Thanks, > Kannan Narayanasamy. > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell > Sent: Friday, July 31, 2015 6:38 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 > > > > On 31/07/15 13:51, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: >> Hi All, >> >> Any pointers on this much appreciated. > > I just tried it and those options appear to be broken for 0.9.8. I suspect they've been that way for a long time. That version is only receiving security fixes now so it won't be fixed either. > > Your only option is to use a more up to date version (which is advisable anyway since security fixes stop for 0.9.8 at the end of this year). > > Matt From matt at openssl.org Tue Aug 4 07:56:19 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 04 Aug 2015 08:56:19 +0100 Subject: [openssl-dev] We're working on license changes In-Reply-To: <6C5D6A4CB413A1DD87777230@[192.168.1.9]> References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150731092954.76ce2b8a@pc1> <55BFE4DD.4030507@openssl.org> <6C5D6A4CB413A1DD87777230@[192.168.1.9]> Message-ID: <55C07023.7010200@openssl.org> On 04/08/15 00:37, Quanah Gibson-Mount wrote: > I also don't get why a CLA is required, overall. It's not something I'm thrilled about either. However we have been receiving legal advice. That advice tells us that we should be putting in place a CLA. Matt From kannanar at cisco.com Tue Aug 4 10:07:45 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Tue, 4 Aug 2015 10:07:45 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: <55C06B8B.4040208@openssl.org> References: <55BB7326.7010108@openssl.org> <55C06B8B.4040208@openssl.org> Message-ID: Hi Matt, Thanks for the details. We are working on the upgrade part to the latest version. Can you share if any workaround is there to overcome with older versions? Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Tuesday, August 04, 2015 1:07 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 On 04/08/15 05:08, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi Team, > > Any updates plz. Like I said, I am able to recreate the issue on Windows but as 0.9.8 is only receiving security fixes it won't be fixed. Please use a more up to date version of OpenSSL. Matt > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Friday, July 31, 2015 6:43 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Hi Matt, > > Thanks for the details. I can compile the same without any issues for Linux platform. But facing issues with Windows currently. > > Thanks, > Kannan Narayanasamy. > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Matt Caswell > Sent: Friday, July 31, 2015 6:38 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > > > On 31/07/15 13:51, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: >> Hi All, >> >> Any pointers on this much appreciated. > > I just tried it and those options appear to be broken for 0.9.8. I suspect they've been that way for a long time. That version is only receiving security fixes now so it won't be fixed either. > > Your only option is to use a more up to date version (which is advisable anyway since security fixes stop for 0.9.8 at the end of this year). > > Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From uri at ll.mit.edu Tue Aug 4 13:19:44 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 4 Aug 2015 13:19:44 +0000 Subject: [openssl-dev] We're working on license changes Message-ID: <20150804131953.17788996.93059.15020@ll.mit.edu> How about getting a second opinion? Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Matt Caswell Sent: Tuesday, August 4, 2015 03:56 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] We're working on license changes On 04/08/15 00:37, Quanah Gibson-Mount wrote: > I also don't get why a CLA is required, overall. It's not something I'm thrilled about either. However we have been receiving legal advice. That advice tells us that we should be putting in place a CLA. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From rt at openssl.org Tue Aug 4 14:08:47 2015 From: rt at openssl.org (mahendar katkuri via RT) Date: Tue, 04 Aug 2015 14:08:47 +0000 Subject: [openssl-dev] [openssl.org #3957] AutoReply: BUG:Double free in int_thread_del_item in crypto/err/err.c In-Reply-To: References: Message-ID: Dear Sir/Madam, Could you please let me know if there is any known issue as mentioned in this bug. BR, Mahendar On Mon, Jul 27, 2015 at 7:04 PM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "BUG:Double free in int_thread_del_item in crypto/err/err.c", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #3957]. > > Please include the string: > > [openssl.org #3957] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > rt at openssl.org > > ------------------------------------------------------------------------- > Dear Sir/Madam, > > During system restart, there is a crash in openSSL(ver openssl-1.0.1j) > pointing to crypto/err/err.c > From the backtrace, it is complaining about double free > in int_thread_del_item() function in crypto/err/err.c file. Please find > backtrace below. Could you let us know if this is a known issue. > > #3 0x000000801ea20000 in __GI_raise (sig=) at > ../sysdeps/unix/sysv/linux/raise.c:55 > #4 0x000000801ea25850 in __GI_abort () at abort.c:89 > #5 0x000000801ea60e24 in __libc_message (do_abort=, > fmt=) at ../sysdeps/posix/libc_fatal.c:175 > #6 0x000000801ea6f368 in malloc_printerr (action=, > str=0x801eb4f240 "*double free or corruption (!prev)*", ptr= out>) at malloc.c:4958 > #7 0x000000801ea701bc in _int_free (av=, p= out>, have_lock=) at malloc.c:3829 > #8 0x00003fff7ab472d8 in CRYPTO_free (str=0x3fff4c001010) at mem.c:397 > #9 0x00003fff7abda018 in lh_free (lh=0x3fff4c000f50) at lhash.c:175 > #10 0x00003fff7abdd858 in int_thread_del_item (d=) at > err.c:537 > #11 0x00003fff7abde978 in ERR_remove_thread_state (id=) > at err.c:994 > #12 0x00003fff7abdea14 in ERR_remove_state (pid=) at > err.c:1000 > > > BR > > Mahendar. > > From rsalz at akamai.com Tue Aug 4 14:53:45 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Aug 2015 14:53:45 +0000 Subject: [openssl-dev] We're working on license changes In-Reply-To: <20150804131953.17788996.93059.15020@ll.mit.edu> References: <20150804131953.17788996.93059.15020@ll.mit.edu> Message-ID: <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> > How about getting a second opinion? You want to hire us legal counsel who understands the issues? Great. From uri at ll.mit.edu Tue Aug 4 14:54:41 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 4 Aug 2015 14:54:41 +0000 Subject: [openssl-dev] We're working on license changes Message-ID: <20150804145450.17788996.34062.15073@ll.mit.edu> Also, did the advice you got explicitly state "'the' CLA as opposed to other possible licenses such as MIT, BSD, LGPL, etc."?? Were any reasons provided that you may be able to share? (I've dealt with lawyers in the past, and this seems weird.) Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Blumenthal, Uri - 0553 - MITLL Sent: Tuesday, August 4, 2015 09:20 To: Matt Caswell; openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] We're working on license changes How about getting a second opinion? Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Matt Caswell Sent: Tuesday, August 4, 2015 03:56 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] We're working on license changes On 04/08/15 00:37, Quanah Gibson-Mount wrote: > I also don't get why a CLA is required, overall. It's not something I'm thrilled about either. However we have been receiving legal advice. That advice tells us that we should be putting in place a CLA. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From rsalz at akamai.com Tue Aug 4 14:55:50 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Aug 2015 14:55:50 +0000 Subject: [openssl-dev] We're working on license changes In-Reply-To: <20150804145450.17788996.34062.15073@ll.mit.edu> References: <20150804145450.17788996.34062.15073@ll.mit.edu> Message-ID: <62a15911256447849d5398e29ef89647@ustx2ex-dag1mb2.msg.corp.akamai.com> > Also, did the advice you got explicitly state "'the' CLA as opposed to other > possible licenses such as MIT, BSD, LGPL, etc."?? Were any reasons provided > that you may be able to share? Nothing we wish to share at this point in time, no. From uri at ll.mit.edu Tue Aug 4 14:59:21 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 4 Aug 2015 14:59:21 +0000 Subject: [openssl-dev] We're working on license changes Message-ID: <20150804145929.17788996.87576.15083@ll.mit.edu> No I don't. And since I haven't contributed to this project in the past (rejected patch doesn't count), and don't have immediate code contribution plans for the future - I personally couldn't care less.? For my own use most any open source license works fine. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Salz, Rich? Sent: Tuesday, August 4, 2015 10:54 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] We're working on license changes ? > How about getting a second opinion? ? You want to hire us legal counsel who understands the issues? Great. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From doctor at doctor.nl2k.ab.ca Tue Aug 4 15:18:02 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 4 Aug 2015 09:18:02 -0600 Subject: [openssl-dev] Compile question Message-ID: <20150804151801.GA26020@doctor.nl2k.ab.ca> Just compile openssl 1.0.2 daily 20150804 and got making all in crypto/cmac... if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libcrypto.so.1.0.0); fi [ -z "" ] || gcc -dPIC -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -lgmp -lc -ldl -lm /usr/lib/libc.a(sha.o): In function `SHA': sha.o(.text+0x0): multiple definition of `SHA' libcrypto.a(sha_one.o):/usr/source/openssl-1.0.2-stable-SNAP-20150804/crypto/sha/sha_one.c:66: first defined here ld: Warning: size of symbol `SHA' changed from 142 to 92 in /usr/lib/libc.a(sha.o) /usr/lib/libc.a(syslog.o): In function `vsyslog': syslog.o(.text+0x3a5): undefined reference to `__progname' /usr/lib/libc.a(exec.o): In function `execl': exec.o(.text+0x103): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execv': exec.o(.text+0x26b): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execvp': exec.o(.text+0x400): undefined reference to `environ' exec.o(.text+0x4da): undefined reference to `environ' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. used ./Configure 386 threads shared no-sse2 no-srtp no-ssl2 no-ssl3 experimental-li bunbound experimental-dane experimental-jpake experimental-store disable-sctp e nable-ssl-trace enable-whrlpool enable-montasm enable-capieng enable-cms enable -seed enable-tlsext enable-camellia enable-rfc3779 enable-md2 enable-gmp enable -mdc2 enable-md5 enable-rc5 experimental-multiblock enable-unit-test zlib-dynam ic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; make u pdate; make depend with call "debug-bsdi-x86-elf", "gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -march=pentium3 -Wall -g::${BSDthreads}::-lgmp -lc -ldl -lm :THIRY_TWO_BIT_ LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd -gcc-shared:-dPIC -fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!! From doctor at doctor.nl2k.ab.ca Tue Aug 4 15:20:55 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 4 Aug 2015 09:20:55 -0600 Subject: [openssl-dev] New compile web server will not start up Message-ID: <20150804152055.GB26020@doctor.nl2k.ab.ca> Tryng to run Apache 2.2 using recent SSL and got [Wed Dec 31 16:26:58 1969] [error] Init: Unable to read server certificate from file /var/www/SSLconf/conf/secure.nl2k.ab.ca.2015.crt [Wed Dec 31 16:26:58 1969] [error] SSL Library Error: 218529960 error:0D0680A8: lib(13):func(104):wrong tag [Wed Dec 31 16:26:58 1969] [error] SSL Library Error: 218595386 error:0D07803A: lib(13):func(120):nested asn1 error [Wed Dec 31 17:02:32 1969] [error] Init: Unable to read server certificate from file /var/www/SSLconf/conf/secure.nl2k.ab.ca.2015b.crt [Wed Dec 31 17:02:32 1969] [error] SSL Library Error: 218529960 error:0D0680A8: lib(13):func(104):wrong tag [Wed Dec 31 17:02:32 1969] [error] SSL Library Error: 218595386 error:0D07803A: lib(13):func(120):nested asn1 error [Wed Dec 31 17:14:03 1969] [error] Init: Unable to read server certificate from file /var/www/SSLconf/conf/secure.nl2k.ab.ca.2015.crt [Wed Dec 31 17:14:03 1969] [error] SSL Library Error: 218529960 error:0D0680A8: lib(13):func(104):wrong tag [Wed Dec 31 17:14:03 1969] [error] SSL Library Error: 218595386 error:0D07803A: lib(13):func(120):nested asn1 error [Wed Dec 31 17:18:04 1969] [error] Init: Unable to read server certificate from file /var/www/SSLconf/conf/secure.nl2k.ab.ca.2015b.crt [Wed Dec 31 17:18:04 1969] [error] SSL Library Error: 218529960 error:0D0680A8: lib(13):func(104):wrong tag [Wed Dec 31 17:18:04 1969] [error] SSL Library Error: 218595386 error:0D07803A: lib(13):func(120):nested asn1 error One cert secure.nl2k.ab.ca.2015.crt was brought over from a server backup and the other secure.nl2k.ab.ca.2015b.crt was generated on this server. What is causing this issue? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!! From rsalz at akamai.com Tue Aug 4 16:03:20 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Aug 2015 16:03:20 +0000 Subject: [openssl-dev] We're working on license changes In-Reply-To: <20150804145929.17788996.87576.15083@ll.mit.edu> References: <20150804145929.17788996.87576.15083@ll.mit.edu> Message-ID: > For my own use most any open source license works fine. We are hoping most people will feel that way. Thanks for your interest! From uri at ll.mit.edu Tue Aug 4 16:38:21 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 4 Aug 2015 16:38:21 +0000 Subject: [openssl-dev] We're working on license changes Message-ID: <20150804163830.17788996.71062.15143@ll.mit.edu> True, but "most people" aren't contributing code. (Assuming this assumption is correct.) Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Salz, Rich Sent: Tuesday, August 4, 2015 12:03 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] We're working on license changes > For my own use most any open source license works fine. We are hoping most people will feel that way. Thanks for your interest! _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From rt at openssl.org Tue Aug 4 16:39:39 2015 From: rt at openssl.org (Short, Todd via RT) Date: Tue, 04 Aug 2015 16:39:39 +0000 Subject: [openssl-dev] [openssl.org #3885] [BUGFIX] OpenSSL fails to cross-compile on 32-bit->64-bit In-Reply-To: <0A0D00A3-2AE1-407B-A69A-9BFA3738A658@akamai.com> References: <0EBAC0E8-E1E9-4630-B627-9D7B90C25B03@akamai.com> <0A0D00A3-2AE1-407B-A69A-9BFA3738A658@akamai.com> Message-ID: Hello OpenSSL Org: We have an updated patch; there were issues with AES-GCM on some platforms, due to multiply operations on immediate constant values. Updated github patch: https://github.com/openssl/openssl/commit/15ecb1a4dc4f75d6c33e8cd9089ca5cfc78d28dc And attached. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3885-OpenSSL-fails-to-cross-compile-on-32-bit-64-b.patch Type: application/octet-stream Size: 2149 bytes Desc: not available URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Tue Aug 4 16:53:55 2015 From: rt at openssl.org (Short, Todd via RT) Date: Tue, 04 Aug 2015 16:53:55 +0000 Subject: [openssl-dev] [openssl.org #3869] [PATCH] Add shared session lists in SSL_CTX In-Reply-To: References: Message-ID: Hello OpenSSL Org: We have an updated patch for RT 3869, which includes a deadlock fix when flushing sessions. Github link: https://github.com/akamai/openssl/commit/6b8c80239d174e7ca55f052b86f942d70ffca29e And attachment. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0017-RT3869-Add-shared-session-lists-in-SSL_CTX.patch Type: application/octet-stream Size: 11909 bytes Desc: not available URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at briansmith.org Tue Aug 4 17:14:14 2015 From: brian at briansmith.org (Brian Smith) Date: Tue, 4 Aug 2015 13:14:14 -0400 Subject: [openssl-dev] We're working on license changes In-Reply-To: <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On Tue, Aug 4, 2015 at 10:53 AM, Salz, Rich wrote: > > How about getting a second opinion? > > You want to hire us legal counsel who understands the issues? Great. Who is "us"? It is natural for a lawyer to tell you to require lots of things to protect whatever entity is paying them. That's defense-in-depth type advice from them. However, lawyers do cost-benefit analysis based on the goals you give them. If you tell them that avoiding CLAs is important then they'll help you avoid CLAs, generally. For an example of this, see Mozilla, in particular see [1], particularly sections 2, 3, and 4. See also [2] where Mozilla recently gave up the requirement to have the agreement signed. Please let me know if you want me to put you in touch with the licensing people at Mozilla who can probably help you do the same. I went through a similar process with them for the mozilla::pkix license during the time I worked there, and after I worked there. Note that the proposed CLA is granting special privileges to a particular **for-profit** US corporation. It isn't technically copyright assignment, but is practically the same thing. If you read the agreement carefully, it is asking every contributor to give a license to that for-profit corporation to re-license contributions however it wants. It is unnecessary to do things this way. You could, instead, create a license agreement that asks prior contributors to re-license their previous contributions under the new license (Apache 2.0 or hopefully something better). Only prior contributors would have to sign it--not new contributors. Then you could just do what Mozilla does, so that everybody has the same rights. And, if for some reason it were necessary for new contributors to sign a CLA, then that CLA doesn't need to grant any particular entity any rights beyond what the new OpenSSL license already grants--i.e. it only needs to assert that the contributor has the right to license the work under the license that OpenSSL is using. (Again, see the Mozilla links.) Then, everybody would be being treated fairly, because everybody would have the exact same rights, instead of one corporation having more rights than the rest of the contributors. To be clear, I don't have any problem with the OpenSSL Foundation being a for-profit corporation. But, it does make for a very different situation than how the Apache Software Foundation[3] or even Mozilla operates, and I think that distinction is very important when it comes to licensing. Cheers, Brian [1] https://www.mozilla.org/en-US/about/governance/policies/commit/requirements/ [2] http://blog.gerv.net/2015/02/signed-committers-agreements-no-longer-required/ [3] http://apache.org/foundation/faq.html#is-ASF-a-corporation -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Tue Aug 4 18:25:25 2015 From: rt at openssl.org (Matt Bogosian via RT) Date: Tue, 04 Aug 2015 18:25:25 +0000 Subject: [openssl-dev] [openssl.org #3979] New OpenSSL issue: valid certificate fails validation where subject text == issuer text In-Reply-To: References: Message-ID: Later versions[1] of OpenSSL will (mistakenly) complain that if subject text == issuer text, then the certificate is self-signed (even if it isn't). [1] I haven't narrowed down exactly which; 0.9.8 and 1.0.0 generally don't exhibit this problem, whereas 1.0.1 and 1.0.2 generally do. A more detailed explanation (with examples) can be found here: https://github.com/docker/compose/issues/890#issuecomment-127662092 Please let me know if you have any questions, and I'd be happy to elaborate. Sincerely, Matt Bogosian +1.831.824.4442 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From matt at openssl.org Tue Aug 4 18:44:38 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 04 Aug 2015 19:44:38 +0100 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <55C10816.5010009@openssl.org> On 04/08/15 18:14, Brian Smith wrote: > Note that the proposed CLA is granting special privileges to a > particular **for-profit** US corporation. It isn't technically copyright > assignment, but is practically the same thing. If you read the agreement > carefully, it is asking every contributor to give a license to that > for-profit corporation to re-license contributions however it wants. It > is unnecessary to do things this way. This is not correct. The OpenSSL Software Foundation is incorporated in the state of Delaware as a "nonprofit corporation" that is not conducted for financial gain. (I should note that it does not have 501(c) status but that is about tax, not about how we conduct the organisation). Much has changed over the last year and this is one item that we have addressed. There *are* some for-profit organisations with an association to some members of the project. However these have been clearly separated out. Matt From rsalz at akamai.com Tue Aug 4 18:47:15 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Aug 2015 18:47:15 +0000 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <13f1edf5ab9e44e59008d4322c510599@ustx2ex-dag1mb2.msg.corp.akamai.com> > ?Who is "us"? The openssl dev team. > It is natural for a lawyer to tell you to require lots of things to protect whatever entity is paying them. Well, yeah, sure. But I would hope that the bono-fides of the SFLC and Eben Moglen aren't being called into question. >For an example of this, see Mozilla, in particular see [1], particularly sections 2, 3, and 4. See also [2] where Mozilla recently gave up the requirement to have the agreement signed. Please let me know if you want me to put you in touch with the licensing people at Mozilla who can probably help you do the same. Sure, please contact me (rsalz at openssl.org) > To be clear, I don't have any problem with the OpenSSL Foundation being a for-profit corporation. But, it does make for a very different situation than how the Apache Software Foundation[3] or even Mozilla operates, and I think that distinction is very important when it comes to licensing. Since Matt has explained that we're not a for-profit corporation, I assume that this is no longer a concern for you. We are *not* a tax-exempt charitable organization, but we are not for profit. From brian at briansmith.org Tue Aug 4 20:02:37 2015 From: brian at briansmith.org (Brian Smith) Date: Tue, 4 Aug 2015 16:02:37 -0400 Subject: [openssl-dev] We're working on license changes In-Reply-To: <13f1edf5ab9e44e59008d4322c510599@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> <13f1edf5ab9e44e59008d4322c510599@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On Tue, Aug 4, 2015 at 2:47 PM, Salz, Rich wrote: > > It is natural for a lawyer to tell you to require lots of things to > protect whatever entity is paying them. > > Well, yeah, sure. But I would hope that the bono-fides of the SFLC and > Eben Moglen aren't being called into question. > Nope. What I'm saying is that lawyers work a lot like us: They help you build a threat model, and then they help you create a defense for that threat model. Basically, I'm asking for more considerations to be added to the threat model: * The new licensing should facilitate sharing code between the BoringSSL, LibreSSL, and OpenSSL projects, and it should be clear how this is done. * The new licensing should facilitate using OpenSSL code with GPLv2 code, the LInux Kernel and GMP in particular. See [0] in the OpenSSL FAQ. * The new license should treat every contributor equally. Contributors should not have to grant privileges to any other contributor beyond the privileges given in the license that everybody has. > >Please let me know if you want me to put you in touch with the licensing > people at Mozilla who can probably help you do the same. > > Sure, please contact me (rsalz at openssl.org) > Sure, will do (privately). > > To be clear, I don't have any problem with the OpenSSL Foundation being > a for-profit corporation. But, it does make for a very different situation > than how the Apache Software Foundation[3] or even Mozilla operates, and I > think that distinction is very important when it comes to licensing. > > Since Matt has explained that we're not a for-profit corporation, I assume > that this is no longer a concern for you. We are *not* a tax-exempt > charitable organization, but we are not for profit. > The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is incorporated in the United States as a regular for-profit corporation," and the proposed CLA[2] is an agreement between the contributor and that for-profit corporation. Anyway, I don't think we need to rathole on that, because my point is that there should be a way to do the licensing that doesn't require any CLA for future contributions, but only for past contributions. [0] https://www.openssl.org/support/faq.html#LEGAL2 [1] https://openssl.org/support/donations.html [2] https://www.openssl.org/licenses/openssl_icla.pdf Cheers, Brian -- https://briansmith.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Tue Aug 4 20:06:49 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Aug 2015 20:06:49 +0000 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> <13f1edf5ab9e44e59008d4322c510599@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <1d5dd7c600154cf6a4db178ba2f163bd@ustx2ex-dag1mb2.msg.corp.akamai.com> >Basically, I'm asking for more considerations to be added to the threat model: Intereseting, thanks. >The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is incorporated in the United States as a regular for-profit corporation," and the proposed CLA[2] is an agreement between the contributor and that for-profit corporation. An outdated website; who would have thought :) I'll fix that. From marquess at openssl.com Tue Aug 4 20:23:40 2015 From: marquess at openssl.com (Steve Marquess) Date: Tue, 04 Aug 2015 16:23:40 -0400 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> <13f1edf5ab9e44e59008d4322c510599@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <55C11F4C.6000805@openssl.com> On 08/04/2015 04:02 PM, Brian Smith wrote: > ... > > > The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is > incorporated in the United States as a regular for-profit corporation," > and the proposed CLA[2] is an agreement between the contributor and that > for-profit corporation. I'm going to jump in here with some headache-inducing detail. In The Beginning there was one legal entity called "OSF". It handled everything legal/financial for the OpenSSL project, from commercial consulting to donations. Then with the rapid expansion of the project post-Heartbleed, and the receipt of some meaningful levels of funding for the first time ever, we began the arduous process of migrating to a new corporate structure, or structures plural. One new entity, OpenSSL Software Services Inc., has taken over almost all commercial and quasi-commercial activities. Another new entity, OpenSSL Software Foundation Inc., a non-profit Delaware corporation, has taken over all the non-commercial functions of representing the OpenSSL foundation (such as holding CLAs). We've deliberately and clearly delineated and separated those different functions. The original legal entity, a Maryland corporation still called OpenSSL Software Foundation, Inc., still exists but has been reduced to handling only FIPS 140-2 related work, and not much of that. The original intention was to rename it (to OpenSSL Validation Services, Inc.), but renaming a corporation is almost as much hassle and paperwork as starting one, and it appears there may be a significant chance that this original legal entity may be shutting down entirely. For that reason I've stalled on the formal name change (which become easier as ever fewer active contractual agreements are in place). If it isn't completely gone by the end of this year it will be renamed. All contemporary references you see to the OpenSSL Software Foundation are for the new non-profit Delaware entity. As Rich has noted we do need to change mentions of the original entity, now confined to FIPS related activities only. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From rsalz at akamai.com Tue Aug 4 20:32:05 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Aug 2015 20:32:05 +0000 Subject: [openssl-dev] We're working on license changes In-Reply-To: <55C11F4C.6000805@openssl.com> References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> <13f1edf5ab9e44e59008d4322c510599@ustx2ex-dag1mb2.msg.corp.akamai.com> <55C11F4C.6000805@openssl.com> Message-ID: <3e6e08c8b4e44e09ae81af1e4a5ff258@ustx2ex-dag1mb2.msg.corp.akamai.com> > All contemporary references you see to the OpenSSL Software Foundation > are for the new non-profit Delaware entity. As Rich has noted we do need to > change mentions of the original entity, now confined to FIPS related activities > only. I fixed the one I could find :) From rt at openssl.org Tue Aug 4 20:47:12 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Tue, 04 Aug 2015 20:47:12 +0000 Subject: [openssl-dev] [openssl.org #3980] [PATCH] Fix BIO_get_accept_socket so that "port-only" input works on FreeBSD In-Reply-To: References: Message-ID: Please refer to linked PR: https://github.com/openssl/openssl/pull/359 Without this fix an OCSP responder started as "openssl ocsp -port xxx" will cause "openssl s_server -status" calls to hang on FreeBSD. I'm not 100% sure this is the right overall fix... my knowledge here is weak, but it is verified to fix the problem I was having. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From imcfadri at cisco.com Tue Aug 4 21:03:59 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Tue, 4 Aug 2015 21:03:59 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> <20150723202111.GY4347@mournblade.imrryr.org> <20150723224636.GA3876@w1.fi> <20150723230939.GB4347@mournblade.imrryr.org> <20150724090409.GA8799@w1.fi> Message-ID: <522B816F59485D4FBCBAF2CE8015B8919A43C1@xmb-rcd-x01.cisco.com> Sorry for the delayed response, I was away for a week and was able to test the fix today. The fix did resolve the session ticket issue that I was encountering. However, now I get an error when I am not using the session tickets under the following conditions. I am continuing to investigate. Create an SSL Session using the context that negotiates the highest available version Client hello requests TLS 1.2 Server responds with server hello using TLS 1.0 Complete handshake with no problems Disconnect session Start new session which attempts a fast session resumption Client sends Alert 70 (SSL_AD_PROTOCOLVERSION) because SSL struct version contains version 0x303 but message after first message contains version 0x301 From quanah at zimbra.com Tue Aug 4 21:35:59 2015 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Tue, 04 Aug 2015 14:35:59 -0700 Subject: [openssl-dev] We're working on license changes In-Reply-To: References: <20150804131953.17788996.93059.15020@ll.mit.edu> <654e1a98c48e443e91c7412a03adefba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <163E1478CFDCDCC602DCDD3C@[192.168.1.9]> --On Tuesday, August 04, 2015 2:14 PM -0400 Brian Smith wrote: > It is natural for a lawyer to tell you to require lots of things to > protect whatever entity is paying them. That's defense-in-depth type > advice from them. However, lawyers do cost-benefit analysis based on the > goals you give them. If you tell them that avoiding CLAs is important > then they'll help you avoid CLAs, generally. I'll second this -- At Zimbra, I went through this recently with our legal team, as we are working to make it much simpler for the community to contribute back. Initially the legal team proposed a CLA. I spent a significant amount of time explaining why this was problematic, and they eventually agreed that an IPR similar to the one I noted for OpenLDAP was sufficient for our case. There of course could be reasons why a CLA would be necessary for the OpenSSL project, but nothing comes immediately to my mind as to why that'd be the case. CLA's just generally seem to be the default starting position with legal teams, in my experience. ;) --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From rt at openssl.org Wed Aug 5 00:05:14 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Wed, 05 Aug 2015 00:05:14 +0000 Subject: [openssl-dev] [openssl.org #3979] New OpenSSL issue: valid certificate fails validation where subject text == issuer text In-Reply-To: References: Message-ID: On Tue Aug 04 18:25:25 2015, matt at bogosian.net wrote: > > Please let me know if you have any questions, and I'd be happy to > elaborate. > Can you attach examples of the two certificates (EE and CA) that exhibit this problem? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Wed Aug 5 01:06:41 2015 From: rt at openssl.org (Matt Bogosian via RT) Date: Wed, 05 Aug 2015 01:06:41 +0000 Subject: [openssl-dev] [openssl.org #3979] New OpenSSL issue: valid certificate fails validation where subject text == issuer text In-Reply-To: <87B9972B-C251-4F90-A2AD-3785B1B8AA7B@bogosian.net> References: <87B9972B-C251-4F90-A2AD-3785B1B8AA7B@bogosian.net> Message-ID: Hi Steve, I've attached three certificate collections: two that fail (where subject == issuer) and one that works around the problem (where subject != issuer). In my personal testing (on OS X), OpenSSL 0.9.8zd (installed by the OS) works on all three collections, whereas OpenSSL 1.0.2d (installed via MacPorts) fails on the fail*.tar.gz ones. You can see the problem with the following: % tar xpvf ~/Desktop/fail1.tar.gz x tls/ x tls/ca.pem x tls/cakey.pem x tls/cert.pem x tls/hostnames x tls/key.pem x tls/server.pem x tls/serverkey.pem % openssl s_server -www -key tls/serverkey.pem -cert tls/server.pem \ > -CAfile tls/ca.pem -tls1 & ... % openssl-0.9.8zd s_client -showcerts -connect localhost:4433 -key tls/key.pem \ > -cert tls/cert.pem -CAfile tls/ca.pem -tls1 -cert tls/cert.pem -CAfile tls/ca.pem -tls1 -CAfile tls/ca.pem -tls1 & ... % openssl-0.9.8zd s_client -showcerts -connect localhost:4433 -key tls/key.pem \ > -cert tls/cert.pem -CAfile tls/ca.pem -tls1 -cert tls/cert.pem -CAfile tls/ca.pem -tls1 -CAfile tls/ca.pem -tls1 & ... % openssl-0.9.8zd s_client -showcerts -connect localhost:4433 -key tls/key.pem \ > -cert tls/cert.pem -CAfile tls/ca.pem -tls1 -cert tls/cert.pem -CAfile tls/ca.pem -tls1 wrote: > On Tue Aug 04 18:25:25 2015, matt at bogosian.net wrote: >> >> Please let me know if you have any questions, and I'd be happy to >> elaborate. >> > > Can you attach examples of the two certificates (EE and CA) that exhibit this > problem? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org -------------- next part -------------- A non-text attachment was scrubbed... Name: fail1.tar.gz Type: application/x-gzip Size: 6231 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: fail2.tar.gz Type: application/x-gzip Size: 6037 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: succ.tar.gz Type: application/x-gzip Size: 6177 bytes Desc: not available URL: -------------- next part -------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: not available URL: From rt at openssl.org Wed Aug 5 01:18:48 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Wed, 05 Aug 2015 01:18:48 +0000 Subject: [openssl-dev] [openssl.org #3981] [PATCH] Fix clang uninitialized variable warning In-Reply-To: References: Message-ID: Trivial patch, see PR: https://github.com/openssl/openssl/pull/361 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Aug 5 01:18:53 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Wed, 05 Aug 2015 01:18:53 +0000 Subject: [openssl-dev] [openssl.org #3982] [PATCH] Fix unhandled error condition in sslv2 client hello parsing In-Reply-To: References: Message-ID: --strict-warnings started showing warnings for this today... My guess is that an error should be raised if these reads fail? I don't believe any of these are optional. PR: https://github.com/openssl/openssl/pull/360 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From matt at openssl.org Wed Aug 5 10:45:54 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 05 Aug 2015 11:45:54 +0100 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: <55BB7326.7010108@openssl.org> <55C06B8B.4040208@openssl.org> Message-ID: <55C1E962.6080109@openssl.org> On 04/08/15 11:07, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi Matt, > > Thanks for the details. We are working on the upgrade part to the latest version. Can you share if any workaround is there to overcome with older versions? Well you won't be able to compile without SSL2/SSL3 support. You can change your application to not use SSL2/SSL3 (assuming you have access to the source code) using SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html Matt From rt at openssl.org Wed Aug 5 11:01:11 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Wed, 05 Aug 2015 11:01:11 +0000 Subject: [openssl-dev] [openssl.org #3984] [PATCH] Fix clang compiler warning where %ld is used for uint64_t on Mac OS X In-Reply-To: References: Message-ID: See PR: https://github.com/openssl/openssl/pull/362 I'm really not sure if this is the best fix or not (or even if it is reliable on older platforms) - but it cleared the error on my Mac OS X system, and didn't appear to cause any issues on an Ubuntu or FreeBSD distribution I tested on and I think it should fall back to current behavior in worst case. Without this fix we can't compile with "--strict-warnings" on Mac OS X. Cheers, Adam -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Aug 5 11:01:13 2015 From: rt at openssl.org (Alessandro Ghedini via RT) Date: Wed, 05 Aug 2015 11:01:13 +0000 Subject: [openssl-dev] [openssl.org #3985] [PATCH] Fix potential memory leaks In-Reply-To: <20150805094433.GA31335@kronk.local> References: <20150805094433.GA31335@kronk.local> Message-ID: Hello, see GitHub pull request at https://github.com/openssl/openssl/pull/354 which fixes memory leaks on error conditions in X509_add1_reject_object() and PKCS7_verify(). Cheers _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Aug 5 11:01:14 2015 From: rt at openssl.org (Alessandro Ghedini via RT) Date: Wed, 05 Aug 2015 11:01:14 +0000 Subject: [openssl-dev] [openssl.org #3986] [PATCH] Implement HKDF algorithm (RFC 5869) In-Reply-To: <20150805094825.GB31335@kronk.local> References: <20150805094825.GB31335@kronk.local> Message-ID: Hello, see GitHub pull request at https://github.com/openssl/openssl/pull/355 which implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869, and used by QUIC and TLS 1.3. It comes with tests as defined in the Appendix A of the same RFC. Cheers _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Aug 5 11:01:14 2015 From: rt at openssl.org (=?UTF-8?B?7Iah7ISx6re8?= via RT) Date: Wed, 05 Aug 2015 11:01:14 +0000 Subject: [openssl-dev] [openssl.org #3987] Bug report about crash related to ASN1_primitive_free In-Reply-To: <007101d0cf3c$e9904d00$bcb0e700$@lge.com> References: <007101d0cf3c$e9904d00$bcb0e700$@lge.com> Message-ID: Hi, I?ve been using openssl 1.0.1j on android 5.1. On test, I?ve been getting the following crash messages because of accessing unaccessable address (invalid pointer) on ASN1_primitive_free. Fault address is changed every time. Please provide your help. Case 1. 08-05 13:05:28.238 I 505 DEBUG signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x5f583449 08-05 13:05:28.248 I 505 DEBUG r0 5f583441 r1 00000000 r2 5f415441 r3 00000001 08-05 13:05:28.248 I 505 DEBUG r4 5f583441 r5 f7137bac r6 f713ff0c r7 f713ff0c 08-05 13:05:28.248 I 505 DEBUG r8 00000000 r9 00000000 sl e6818ac4 fp 32e900d0 08-05 13:05:28.248 I 505 DEBUG ip 00000000 sp f3ef87f0 lr f70a0ba1 pc f7098dca cpsr 20070030 08-05 13:05:28.248 I 505 DEBUG 08-05 13:05:28.248 I 505 DEBUG backtrace: 08-05 13:05:28.248 I 505 DEBUG #00 pc 00045dca /system/lib/libcrypto.so (ASN1_STRING_free+9) 08-05 13:05:28.248 I 505 DEBUG #01 pc 0004db9d /system/lib/libcrypto.so (ASN1_primitive_free+92) 08-05 13:05:28.248 I 505 DEBUG #02 pc 0004db75 /system/lib/libcrypto.so (ASN1_primitive_free+52) 08-05 13:05:28.248 I 505 DEBUG #03 pc 0004da11 /system/lib/libcrypto.so 08-05 13:05:28.248 I 505 DEBUG #04 pc 0004da11 /system/lib/libcrypto.so 08-05 13:05:28.248 I 505 DEBUG #05 pc 0004d965 /system/lib/libcrypto.so (ASN1_item_free+12) 08-05 13:05:28.248 I 505 DEBUG #06 pc 0002a5b1 /system/lib/libssl.so (SSL_SESSION_free+168) 08-05 13:05:28.248 I 505 DEBUG #07 pc 00026ccb /system/lib/libssl.so (SSL_free+166) openssl/crypto/asn1/asn1_lib.c void ASN1_STRING_free(ASN1_STRING *a) { if (a == NULL) return; if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) <= This point OPENSSL_free(a->data); OPENSSL_free(a); } Case 2. 08-05 13:23:42.598 I 505 DEBUG signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xdd000004 08-05 13:23:42.608 I 505 DEBUG r0 dd78f0a4 r1 00000000 r2 dd000000 r3 00000001 08-05 13:23:42.618 I 505 DEBUG r4 dd000000 r5 f7137bac r6 f713ff0c r7 f713ff0c 08-05 13:23:42.618 I 505 DEBUG r8 00000000 r9 00000000 sl e6845b40 fp 1335aab0 08-05 13:23:42.618 I 505 DEBUG ip 00000000 sp f3ef8800 lr f70a0b79 pc f70a0b5e cpsr 60070030 08-05 13:23:42.618 I 505 DEBUG 08-05 13:23:42.618 I 505 DEBUG backtrace: 08-05 13:23:42.618 I 505 DEBUG #00 pc 0004db5e /system/lib/libcrypto.so (ASN1_primitive_free+29) 08-05 13:23:42.618 I 505 DEBUG #01 pc 0004db75 /system/lib/libcrypto.so (ASN1_primitive_free+52) 08-05 13:23:42.618 I 505 DEBUG #02 pc 0004da11 /system/lib/libcrypto.so 08-05 13:23:42.618 I 505 DEBUG #03 pc 0004da11 /system/lib/libcrypto.so 08-05 13:23:42.618 I 505 DEBUG #04 pc 0004da11 /system/lib/libcrypto.so 08-05 13:23:42.618 I 505 DEBUG #05 pc 0004da11 /system/lib/libcrypto.so 08-05 13:23:42.618 I 505 DEBUG #06 pc 0004d965 /system/lib/libcrypto.so (ASN1_item_free+12) 08-05 13:23:42.618 I 505 DEBUG #07 pc 0002a5b1 /system/lib/libssl.so (SSL_SESSION_free+168) openssl/crypto/asn1/tasn_fre.c void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { ... if (!it) { ASN1_TYPE *typ = (ASN1_TYPE *)*pval; utype = typ->type; pval = &typ->value.asn1_value; if (!*pval) <= This point return; } ... } Thank you Sungkeun song -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Aug 5 11:32:18 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Wed, 05 Aug 2015 11:32:18 +0000 Subject: [openssl-dev] [openssl.org #3979] New OpenSSL issue: valid certificate fails validation where subject text == issuer text In-Reply-To: References: <87B9972B-C251-4F90-A2AD-3785B1B8AA7B@bogosian.net> Message-ID: On Wed Aug 05 01:06:40 2015, matt at bogosian.net wrote: > Hi Steve, > > I've attached three certificate collections: two that fail (where > subject == issuer) and one that works around the problem (where > subject != issuer). OK thanks for the examples. The bug is that OpenSSL 1.0.2 is less strict about what counts as a valid self signed certificate. Before 1.0.2 the certificate had to have issuer and subject matching, if present AKID==SKID and keyUsage (if present) had to include keyCertSign. For1.0.2 and later the keyCertSign check is no longer present. The attached patch should fix it. Let me know if it works for you. A workaround (other than making subject != issuer) is to include SKID/AKID in all certificates. Regards, Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -------------- next part -------------- A non-text attachment was scrubbed... Name: diffs.ss Type: application/octet-stream Size: 896 bytes Desc: not available URL: From rt at openssl.org Wed Aug 5 12:10:55 2015 From: rt at openssl.org (Alessandro Ghedini via RT) Date: Wed, 05 Aug 2015 12:10:55 +0000 Subject: [openssl-dev] [openssl.org #3985] [PATCH] Fix potential memory leaks In-Reply-To: <20150805121034.GA1539@kronk.local> References: <20150805094433.GA31335@kronk.local> <20150805121034.GA1539@kronk.local> Message-ID: On Wed, Aug 05, 2015 at 11:01:13am +0000, Alessandro Ghedini via RT wrote: > Hello, > > see GitHub pull request at > https://github.com/openssl/openssl/pull/354 > > which fixes memory leaks on error conditions in X509_add1_reject_object() > and PKCS7_verify(). I also added a couple more patches fixing memory leaks in the test suite. Now it's possible to run "make test" with GCC's address sanitizer, without any errors. From matt at openssl.org Wed Aug 5 12:40:25 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 05 Aug 2015 13:40:25 +0100 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <522B816F59485D4FBCBAF2CE8015B8919A43C1@xmb-rcd-x01.cisco.com> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> <20150723202111.GY4347@mournblade.imrryr.org> <20150723224636.GA3876@w1.fi> <20150723230939.GB4347@mournblade.imrryr.org> <20150724090409.GA8799@w1.fi> <522B816F59485D4FBCBAF2CE8015B8919A43C1@xmb-rcd-x01.cisco.com> Message-ID: <55C20439.500@openssl.org> On 04/08/15 22:03, Ian McFadries (imcfadri) wrote: > Sorry for the delayed response, I was away for a week and was able to test the fix today. > > The fix did resolve the session ticket issue that I was encountering. However, now I get an error when I am not using the session tickets under the following conditions. I am continuing to investigate. > > Create an SSL Session using the context that negotiates the highest available version > Client hello requests TLS 1.2 > Server responds with server hello using TLS 1.0 > Complete handshake with no problems > Disconnect session > Start new session which attempts a fast session resumption > Client sends Alert 70 (SSL_AD_PROTOCOLVERSION) because SSL struct version contains version 0x303 but message after first message contains version 0x301 Oh. Try this additional patch. By moving the session creation earlier in the process the session protocol version gets fixed at that earlier point. Unfortunately we have moved it to a point *before* version negotiation has completed. This patch just updates the session version once version negotiation is finished. Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: session-resum-1.0.2.patch Type: text/x-patch Size: 1017 bytes Desc: not available URL: From brian at briansmith.org Wed Aug 5 13:13:57 2015 From: brian at briansmith.org (Brian Smith) Date: Wed, 5 Aug 2015 09:13:57 -0400 Subject: [openssl-dev] Making assembly language optimizations working on Cortex-M3 Message-ID: Hi, In ./Configure, there is this comment: # big-endian platform. This is because ARMv7 processor always # picks instructions in little-endian order. Another similar # limitation is that -mthumb can't "cross" -march=armv6t2 # boundary, because that's where it became Thumb-2. Well, this # limitation is a bit artificial, because it's not really # impossible, but it's deemed too tricky to support. Cortex-M3 and Cortex-M4 processors are -mthumb, -march=armv7-m, which is exactly the problematic configuration, if I understand that comment correctly. I am interested in getting libcrypto working for these processors with the assembly language optimizations enabled. Specifically, the configuration I am interested in is: CC=arm-none-eabi-gcc -mcpu=cortex-m3 -march=armv7-m -mthumb -D__ARM_MAX_ARCH__=7. Currently, the assembly language source files don't compile because they expect to be able to use ARM (-marm) instructions when __ARM_MAX_ARCH__ >= 7. Further, they try to do feature detection for NEON in that case, but I'd prefer to not have the feature detection compiled in, since I know NEON is never available. Has anybody started working on this? If not, my thinking was to refactor the assembly language code so that all the ARM-only (-marm) code is cleanly separated from the unified (-mthumb and -marm) code, move the detection of NEON from the assembly language code to the C wrappers, and recognize two new settings, OPENSSL_NO_ARM_NEON and OPENSSL_ARM_THUMB_ONLY, to accommodate this. Does this seem like a reasonable strategy? It would be quite a large change so I think it would be good to have some coordination ahead of time. Cheers, Brian -- https://briansmith.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From quanah at zimbra.com Wed Aug 5 13:54:33 2015 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Wed, 05 Aug 2015 06:54:33 -0700 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM Message-ID: Yesterday, I was alerted by a member of the list that my emails to openssl-dev are ending up in their SPAM folder. After examining my emails as sent out by OpenSSL's mailman, I saw that it is mucking with the headers, causing DKIM failures. This could be because of one of two reasons: a) The version of mailman used by the OpenSSL project (2.1.18) has a known bug around DKIM that was fixed in 2.1.19 b) The mailman configuration is incorrect. I attempted to file an RT to alert the OpenSSL project of this significant issue. Unfortunately, I received the following grossly uneducated response. Can someone who actually understands email, and why it is critical that DKIM signed messages sent from list members *NOT* be broken by OpenSSL's mailman instance please educate whomever the moderator is on this? Personally I'd nominate Viktor for that activity. And then, can someone please fix this issue? :) Error is: Authentication-Results: edge01.zimbra.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=zimbra.com Thanks! --Quanah ------------ Forwarded Message ------------ Date: Wednesday, August 05, 2015 2:19 AM +0000 From: openssl-bugs-mod-owner at openssl.org To: quanah at zimbra.com Subject: Request to mailing list openssl-bugs-mod rejected Your request to the openssl-bugs-mod mailing list Posting of your message titled "mailman version and/or configuration for the openssl-dev list breaks DKIM" has been rejected by the list moderator. The moderator gave the following reason for rejecting your request: "This is not a bug. We're not really interested in DKIM FWIW. " Any questions or comments should be directed to the list administrator at: openssl-bugs-mod-owner at openssl.org ---------- End Forwarded Message ---------- -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From rt at openssl.org Wed Aug 5 14:53:06 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 05 Aug 2015 14:53:06 +0000 Subject: [openssl-dev] [openssl.org #3988] [PATCH] X509_check_host() has existed since 1.0.2 In-Reply-To: <1438785454.9814.67.camel@infradead.org> References: <1438785454.9814.67.camel@infradead.org> Message-ID: I was *distinctly* upset, some years ago, to find that OpenSSL couldn't do this for me and I had to do it myself. Now I see it can, and I can fix my own code to use that facility thus: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/674881cbb It looks like I can use it from 1.0.2 onwards though, not 1.1.0 as the documentation suggests: diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index eab2586..5804115 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -135,6 +135,6 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.1.0. +These functions were added in OpenSSL 1.0.2. =cut -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kurt at roeckx.be Wed Aug 5 14:54:25 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 5 Aug 2015 16:54:25 +0200 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: References: Message-ID: <20150805145425.GA10954@roeckx.be> On Wed, Aug 05, 2015 at 06:54:33AM -0700, Quanah Gibson-Mount wrote: > Yesterday, I was alerted by a member of the list that my emails to > openssl-dev are ending up in their SPAM folder. After examining my emails > as sent out by OpenSSL's mailman, I saw that it is mucking with the headers, > causing DKIM failures. This could be because of one of two reasons: You seems to be running with "p=reject". In my opinion p=reject is only useful for domains that don't have any users. > a) The version of mailman used by the OpenSSL project (2.1.18) has a known > bug around DKIM that was fixed in 2.1.19 That seems to be about wrapped messages in case of moderation? > b) The mailman configuration is incorrect. You mean things like: - We change the subject to include the list name? - We add a footer about the list? - We don't rewrite the From address? > Error is: Authentication-Results: edge01.zimbra.com (amavisd-new); > dkim=fail (1024-bit key) reason="fail (message has been altered)" > header.d=zimbra.com You really should consider moving to at least a 2048 bit key. Kurt From mancha1 at zoho.com Wed Aug 5 16:54:57 2015 From: mancha1 at zoho.com (mancha) Date: Wed, 5 Aug 2015 16:54:57 +0000 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <20150805145425.GA10954@roeckx.be> References: <20150805145425.GA10954@roeckx.be> Message-ID: <20150805165457.GA31602@zoho.com> On Wed, Aug 05, 2015 at 04:54:25PM +0200, Kurt Roeckx wrote: > On Wed, Aug 05, 2015 at 06:54:33AM -0700, Quanah Gibson-Mount wrote: > > Yesterday, I was alerted by a member of the list that my emails to > > openssl-dev are ending up in their SPAM folder. After examining my > > emails as sent out by OpenSSL's mailman, I saw that it is mucking > > with the headers, causing DKIM failures. This could be because of > > one of two reasons: > > You seems to be running with "p=reject". In my opinion p=reject is > only useful for domains that don't have any users. Yahoo adopted a reject DMARC policy back in 2014 and that caused all kinds of mailing list havoc. > > a) The version of mailman used by the OpenSSL project (2.1.18) has a > > known bug around DKIM that was fixed in 2.1.19 > > That seems to be about wrapped messages in case of moderation? Possibly referencing that 2.1.9 fixed an issue with not honoring REMOVE_DKIM_HEADERS=2. > > b) The mailman configuration is incorrect. > > You mean things like: - We change the subject to include the list > name? I interpret the comment to mean that, because OpenSSL lists modify messages (see below), they should strip DKIM headers (see above) before distribution to prevent false negatives in recipient implementations. zimbra.com includes the subject header when computing its header digest so yes, adding "[list-name]" invalidates its DKIM signature. > - We add a footer about the list? That also invalidates zimbra.com's DKIM sig because they don't use body hash length limits. > - We don't rewrite the From address? > > Error is: Authentication-Results: edge01.zimbra.com (amavisd-new); > > dkim=fail (1024-bit key) reason="fail (message has been altered)" > > header.d=zimbra.com > > You really should consider moving to at least a 2048 bit key. Good suggestion though orthogonal to the issue. --mancha (https://twitter.com/mancha140) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From rt at openssl.org Wed Aug 5 17:44:12 2015 From: rt at openssl.org (Han Shen via RT) Date: Wed, 05 Aug 2015 17:44:12 +0000 Subject: [openssl-dev] [openssl.org #3989] Bug report - clang fails to build openssl-1.0.2d In-Reply-To: References: Message-ID: OS - ChromeOs Version affected - 1.0.2d Hi, clang fails to build this version. 'ldrplb' and 'ldrneb' are pre-UAL format, could I suggest to replaced those with UAL-format 'ldrbpl' and 'ldrbne' respectively? (GCC recognizes both) A patch attached. Thanks, Han -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl.patch Type: text/x-patch Size: 499 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kurt at roeckx.be Wed Aug 5 19:33:02 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 5 Aug 2015 21:33:02 +0200 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <20150805165457.GA31602@zoho.com> References: <20150805145425.GA10954@roeckx.be> <20150805165457.GA31602@zoho.com> Message-ID: <20150805193301.GA15448@roeckx.be> On Wed, Aug 05, 2015 at 04:54:57PM +0000, mancha wrote: > > I interpret the comment to mean that, because OpenSSL lists modify > messages (see below), they should strip DKIM headers (see above) before > distribution to prevent false negatives in recipient implementations. Won't that always give DKIM failures instead, without also rewriting the From? Kurt From mancha1 at zoho.com Wed Aug 5 21:00:01 2015 From: mancha1 at zoho.com (mancha) Date: Wed, 5 Aug 2015 21:00:01 +0000 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <20150805193301.GA15448@roeckx.be> References: <20150805145425.GA10954@roeckx.be> <20150805165457.GA31602@zoho.com> <20150805193301.GA15448@roeckx.be> Message-ID: <20150805210001.GB31602@zoho.com> On Wed, Aug 05, 2015 at 09:33:02PM +0200, Kurt Roeckx wrote: > On Wed, Aug 05, 2015 at 04:54:57PM +0000, mancha wrote: > > > > I interpret the comment to mean that, because OpenSSL lists modify > > messages (see below), they should strip DKIM headers (see above) > > before distribution to prevent false negatives in recipient > > implementations. > > Won't that always give DKIM failures instead, without also rewriting > the From? I'm no expert on this but I believe the answer is not always. I think it depends on if a) the domain has an ADSP and, if it does, b) what its signing-practice is. I just did a quick check and it seems zimbra.com doesn't have an ADSP. Yahoo.com has an ADSP but doesn't specify all messages will be signed (has an "unknown" tag value). OpenSSL is certainly not alone in its practice of mangling headers and adding body footers so I'd be curious to hear how other lists handle domains such as yahoo.com. --mancha (https://twitter.com/mancha140) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From jonas.maebe at elis.ugent.be Wed Aug 5 21:04:30 2015 From: jonas.maebe at elis.ugent.be (Jonas Maebe) Date: Wed, 5 Aug 2015 23:04:30 +0200 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <20150805210001.GB31602@zoho.com> References: <20150805145425.GA10954@roeckx.be> <20150805165457.GA31602@zoho.com> <20150805193301.GA15448@roeckx.be> <20150805210001.GB31602@zoho.com> Message-ID: <55C27A5E.5040501@elis.ugent.be> On 05/08/15 23:00, mancha wrote: > OpenSSL is certainly not alone in its practice of mangling headers > and adding body footers so I'd be curious to hear how other lists > handle domains such as yahoo.com. We warn people that DKIM-using domains may experience bounces, and that they should subscribe using a different email address to our lists. Yahoo/AOL switching it on before the probably most used mailing list manager could handle it certainly did not help in creating goodwill. Even now the mailman version included in our distribution still can't handle it, and manually installing and maintaining a different one is not something we care to do. Jonas From dkg at fifthhorseman.net Wed Aug 5 21:23:41 2015 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Aug 2015 17:23:41 -0400 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <55C27A5E.5040501@elis.ugent.be> References: <20150805145425.GA10954@roeckx.be> <20150805165457.GA31602@zoho.com> <20150805193301.GA15448@roeckx.be> <20150805210001.GB31602@zoho.com> <55C27A5E.5040501@elis.ugent.be> Message-ID: <878u9pzaxu.fsf@alice.fifthhorseman.net> On Wed 2015-08-05 17:04:30 -0400, Jonas Maebe wrote: > On 05/08/15 23:00, mancha wrote: >> OpenSSL is certainly not alone in its practice of mangling headers >> and adding body footers so I'd be curious to hear how other lists >> handle domains such as yahoo.com. > > We warn people that DKIM-using domains may experience bounces, and > that they should subscribe using a different email address to our > lists. Yahoo/AOL switching it on before the probably most used mailing > list manager could handle it certainly did not help in creating > goodwill. Even now the mailman version included in our distribution > still can't handle it, and manually installing and maintaining a > different one is not something we care to do. fwiw, the intersection between dkim/dmarc and mailman policy affects even people who don't have dkim/dmarc enabled for their domains. mailman effectively puts subscribers on hold if some threshold number of mails sent to them bounce. if a subscriber's mail exchanger respects dkim/dmarc reject policy, even if they do not set it for their own domain, then all messages sent through mailman from a "dmarc reject" domain will bounce for that subscriber. So if Alice from yahoo.com (which has "dmarc reject") sends mail through mailman, which sends it to Bob from example.com (which doesn't have "dmarc reject" set, but respects it from other domains), Bob's mail exchanger will bounce the message. If Alice sends enough mail through mailman, mailman will rack up one bounce from Bob per message, and mailman will eventually unsubscribe Bob as a result. afaict, mailman 2.1.9 or rejecting all mail from domains with "dmarc reject" are the only sane paths through this thicket. bleah. --dkg From jifl at eCosCentric.com Thu Aug 6 01:36:04 2015 From: jifl at eCosCentric.com (Jonathan Larmour) Date: Thu, 06 Aug 2015 02:36:04 +0100 Subject: [openssl-dev] We're working on license changes In-Reply-To: <20150804145450.17788996.34062.15073@ll.mit.edu> References: <20150804145450.17788996.34062.15073@ll.mit.edu> Message-ID: <55C2BA04.9060902@eCosCentric.com> On 04/08/15 15:54, Blumenthal, Uri - 0553 - MITLL wrote: >> On 04/08/15 00:37, Quanah Gibson-Mount wrote: >>> I also don't get why a CLA is required, overall. >> >> It's not something I'm thrilled about either. However we have been >> receiving legal advice. That advice tells us that we should be putting >> in place a CLA. > > Also, did the advice you got explicitly state "'the' CLA as opposed to other possible licenses such as MIT, BSD, LGPL, etc."?? Were any reasons provided that you may be able to share? A CLA and the license that code has been put under are actually pretty orthogonal. > (I've dealt with lawyers in the past, and this seems weird.) The FSF requires copyright assignments for their projects, and a CLA could be considered just a milder equivalent of that, with the obvious exception of the legal title to the IP in the changes/additions doesn't change in a CLA. There _is_ a rationale, and a legally well-founded one: a lot of programmers have made contributions to projects, and did so during their work time or using employer's resources. Many (most?) software development companies, at least in the US and UK in my experience, have clauses in employment contracts which says that anything developed in company time and/or using company resources belongs to the company. In other words the company holds the copyright, and it should be up to an officer of the company (not necessarily an employee) to decide what gets released and under what terms. An employee is simply not entitled to release code they don't own. You could say the employee should be getting into trouble for that, but more importantly for OpenSSL, it means the company is entitled to require OpenSSL to remove it as it wasn't the employee's to give. I suspect OpenSSL doesn't want to have a massive body of code where some company, at some point, could come out of the woodwork and say you don't own large chunks of it, and are no longer allowed to use it; or could even say that users would have to pay a license fee! It would be bad enough for the OpenSSL project itself, but even worse for already shipped products using an OpenSSL library incorporating that code, especially embedded devices. There might even be issues with patents, as well as copyright. A CLA is a way of getting the employee to consider and affirm that they do in fact own the copyright to a contribution. Alternatively, the employer can do the CLA. Another important justification to have a CLA is so that in future, if the license needs to change again for whatever reason, e.g. a new version or because a legal flaw was found in the current license, then it doesn't require another round of finding every contributor to the OpenSSL project and obtaining their permission to change the license. I've already stated elsewhere that to be honest I'm doubtful it will be possible to do it once, but having to do it twice or more with a gap of further years is even less likely. You can't change the license of intellectual property you don't own. I've just stumbled on http://oss-watch.ac.uk/resources/cla which also covers these points but with rather more detail. Jifl -- ------["Si fractum non sit, noli id reficere"]------ Opinions==mine From rt at openssl.org Thu Aug 6 01:44:36 2015 From: rt at openssl.org (Anton Blanchard via RT) Date: Thu, 06 Aug 2015 01:44:36 +0000 Subject: [openssl-dev] [openssl.org #3990] [PATCH] Fix PowerPC build error in ppccap.c In-Reply-To: <20150806111935.286b40e3@kryten> References: <20150806111935.286b40e3@kryten> Message-ID: Hi, I'm seeing a build issue on PowerPC: ppccap.c:10:20: fatal error: crypto.h: No such file or directory #include A pull request to fix this is at: https://github.com/openssl/openssl/pull/363 Regards, Anton _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 6 02:07:54 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 06 Aug 2015 02:07:54 +0000 Subject: [openssl-dev] [openssl.org #3990] [PATCH] Fix PowerPC build error in ppccap.c In-Reply-To: <20150806111935.286b40e3@kryten> References: <20150806111935.286b40e3@kryten> Message-ID: fixed in master and 1.0.2, thanks! -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 6 13:01:08 2015 From: rt at openssl.org (bugtracking via RT) Date: Thu, 06 Aug 2015 13:01:08 +0000 Subject: [openssl-dev] [openssl.org #3991] Incorrect library names for Windows 64 bit builds with MingW In-Reply-To: <002601d0d037$d7780490$86680db0$@com> References: <002601d0d037$d7780490$86680db0$@com> Message-ID: Hi. I am building both 32 and 64 bit dynamic library versions. I can successfully compile and run the binaries, but they seem to be incorrectly named. For my use case, the binaries, both 32 and 64 bit, must live in the same directory so must be named differently. This is a non-negotiable requirement. I am told by colleagues that this is not a problem with M$ VC compiler as it does, correctly, name the binaries as *64.dll When building OpenSSL (1.0.2d) to create shared libraries using the MSYS build system and MingW64. The shared libraries output are named libeay32.dll and ssleay32.dll. They are 64 bit libraries and work correctly as 64 bit builds but are not named as such whereas when using M$ VC++ compiler; the DLL outputs are named libeay64.dll and ssleay64.dll as expected. Windows 7 64bit mingw-w64 gcc.exe (tdm64-1) 5.1.0 msis base 2013072300 msis-core 1.0.18-1 OpenSSL 1.0.2d Regards Shaun -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 6 13:14:30 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Thu, 06 Aug 2015 13:14:30 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <1438866658.9814.123.camel@infradead.org> References: <1438866658.9814.123.camel@infradead.org> Message-ID: This code does open-coded division on 64-bit quantities and thus when building with GCC on 32-bit platforms will require functions such as __umoddi3 and __udivdi3 from libgcc. In constrained environments such as firmware, those functions may not be available. So make it possible to compile out SCT support, which in fact (in the case of UEFI) we don't need anyway. --- crypto/x509v3/ext_dat.h | 2 ++ crypto/x509v3/v3_scts.c | 2 ++ makevms.com | 1 + util/mkdef.pl | 6 +++++- 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 9c3529b..76be621 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, +#ifndef OPENSSL_NO_SCT &v3_ct_scts[0], &v3_ct_scts[1], +#endif }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 61e5a83..0ffdfb8 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -61,6 +61,7 @@ #include #include +#ifndef OPENSSL_NO_SCT /* Signature and hash algorithms from RFC 5246 */ #define TLSEXT_hash_sha256 4 @@ -321,3 +322,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, return 1; } +#endif diff --git a/makevms.com b/makevms.com index 35c44ec..500b191 100755 --- a/makevms.com +++ b/makevms.com @@ -295,6 +295,7 @@ $ CONFIG_LOGICALS := AES,- RFC3779,- RMD160,- RSA,- + SCT,- SCTP,- SEED,- SOCK,- diff --git a/util/mkdef.pl b/util/mkdef.pl index 26fa209..c5aa99d 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "FP_API", "STDIO", "SOCK", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", + # X.509v3 Signed Certificate Timestamps + "SCT", # RFC3779 "RFC3779", # TLS @@ -126,7 +128,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng; +my $no_sct; $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ocb; @@ -215,6 +217,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } + elsif (/^no-sct$/) { $no_sct=1; } elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } @@ -1200,6 +1203,7 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } + if ($keyword eq "SCT" && $no_sct) { return 0; } if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } -- 2.4.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 6 13:17:39 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Thu, 06 Aug 2015 13:17:39 +0000 Subject: [openssl-dev] [openssl.org #3993] [PATCH] Fix VS2008 "result still unsigned" build warning In-Reply-To: <1438866987.9814.125.camel@infradead.org> References: <1438866987.9814.125.camel@infradead.org> Message-ID: When building with Visual Studio 2008, I get the following warning: C4146: unary minus operator applied to unsigned type, result still unsigned Fix it by casting to (int64_t) and *then* negating the value. --- crypto/asn1/a_int.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 0d020e0..5d5e7f6 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -338,7 +338,7 @@ static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL); return 0; } - *pr = (int64_t)-r; + *pr = -(int64_t)r; } else { if (r > INT64_MAX) { ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE); -- 2.4.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 6 13:22:48 2015 From: rt at openssl.org (Dmitry Belyavsky via RT) Date: Thu, 06 Aug 2015 13:22:48 +0000 Subject: [openssl-dev] [openssl.org #3994] make clean leaves extra files In-Reply-To: References: Message-ID: Hello, After make && make clean there are some files absent in the original archive: apps/CA.pl certs/demo/* crypto/ec/ecp_nistz256-x86_64.s engines/e_padlock-x86_64.s tools/c_rehash At least some of them should be removed. -- SY, Dmitry Belyavsky -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From dwmw2 at infradead.org Thu Aug 6 13:56:47 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Thu, 06 Aug 2015 14:56:47 +0100 Subject: [openssl-dev] We're working on license changes In-Reply-To: <55C2BA04.9060902@eCosCentric.com> References: <20150804145450.17788996.34062.15073@ll.mit.edu> <55C2BA04.9060902@eCosCentric.com> Message-ID: <1438869407.9814.136.camel@infradead.org> On Thu, 2015-08-06 at 02:36 +0100, Jonathan Larmour wrote: > A CLA is a way of getting the employee to consider and affirm that they do in > fact own the copyright to a contribution. Alternatively, the employer can do > the CLA. Many projects have started using 'Signed-off-by' to indicate this, rather than a separate CLA. In some senses it's better because it is explicitly attached to the submission in question. But really, a CLA is *not* the biggest barrier to contributing to OpenSSL, and I can't imagine it ever will be. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Thu Aug 6 18:22:36 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Thu, 06 Aug 2015 18:22:36 +0000 Subject: [openssl-dev] [openssl.org #3995] [PATCH] Fix VS2008 "implicitly converted to 64 bits" build warning In-Reply-To: <1438867429.9814.132.camel@infradead.org> References: <1438867429.9814.132.camel@infradead.org> Message-ID: When building with Visual Studio 2008, I get the following warning: C4334: '<<' : result of 32-bit shift implicitly converted to 64 bits (was 64-bit shift intended?) If '1UL' is an unsigned 32-bit value, the result of shifting it by more than 32 bits is *undefined*. The compiler isn't obliged to convert it to a 64-bit value for us ? hence the warning. We're lucky it noticed, in fact. Make the value explicitly 64-bit before doing the shift, and everything should be OK. We do it by casting to (uint64_t) since support for the ULL suffix isn't ubiquitous, --- In fact perhaps this could be expressed differently as if (N >> (16 * r)) but I figured I'd leave it in basically its original form. crypto/evp/scrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c index 09dfdf2..4254abf 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.c @@ -227,7 +227,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, */ if (16 * r <= LOG2_UINT64_MAX) { - if (N >= (1UL << (16 * r))) + if (N >= (((uint64_t)1) << (16 * r))) return 0; } -- 2.4.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 6 18:22:37 2015 From: rt at openssl.org (Kaduk, Ben via RT) Date: Thu, 06 Aug 2015 18:22:37 +0000 Subject: [openssl-dev] [openssl.org #3996] master does not build with no-ripemd In-Reply-To: References: Message-ID: Please see https://github.com/openssl/openssl/pull/365 ; just a couple of tweaks to preprocessor conditionals. -Ben _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From imcfadri at cisco.com Thu Aug 6 21:18:21 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Thu, 6 Aug 2015 21:18:21 +0000 Subject: [openssl-dev] tls_session_secret_cb method return value Message-ID: <522B816F59485D4FBCBAF2CE8015B8919A5A55@xmb-rcd-x01.cisco.com> I am trying to determine if the tls_session_secret_cb return value is used to indicate an unrecoverable error has been encountered (i.e. bad pointer for data needed to calculate secret) or if it is intended to be an indicator that the session secret is deemed invalid (EAP-FAST PAC expired resulting in new session therefore determine that secret should not be calculated). The code I am working on is using the tls_session_secret_cb return value as the latter specified above, and that resulted in our implementation of EAP-FAST to break when a PAC expires after we picked up release 1.0.1l of OpenSSL. A change was made in s3_clnt.c ssl3_get_server_hello method at line 889. Previously, if tls_session_secret_cb returned 0 no action was taken, but the change resulted in SSLErr if tls_session_secret_cb returned 0. I believe that we should treat the tls_session_secret_cb return value to indicate an unrecoverable error only. Then in the scenario where the PAC expires, although we would not calculate the secret, it will work fine since the secret will be calculated later in OpenSSL when servicing the client key exchange. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at roeckx.be Fri Aug 7 06:53:33 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Fri, 7 Aug 2015 08:53:33 +0200 Subject: [openssl-dev] SHA-3 standard Message-ID: <20150807065333.GA15206@roeckx.be> The SHA-3 standard seems to be out: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf Kurt From a.ankudinov at drweb.com Fri Aug 7 06:37:16 2015 From: a.ankudinov at drweb.com (Arseniy Ankudinov) Date: Fri, 07 Aug 2015 09:37:16 +0300 Subject: [openssl-dev] [PATCH] GOST engine and custom paramsets Message-ID: <55C4521C.1020101@drweb.com> We strictly need use our custom paramsets for GOST algorithms (all of cipher, hash and signature, including X509 and TLS). If most of the functionality may be implemented by "dirty" overriding initialization methods, X509 requires ccgost engine sources patching. Seems 2 ways: 1. Put our paramsets into ccgost sources and simple support for several paramsets in ASN1 hash params serializing. 2. Allow set any paramset from outside. First way seems the simplest, but second - more universal and useful. Our current implementation for second way (see attached patch) requires ccgost engine directly using, not only through high-level APIs. Example of usage for X509 (GOST 28147-89, GOST R 34.10-2001 and GOST R 34.11-94, with one paramset for cipher and hash): 1. Add custom paramsets to chains: gost2001_paramset_append( gost2001_custom_paramset ); gost_cipher_list_append( gost89_custom_paramset ); 2. Make private key for certificate: EC_KEY *ec( EC_KEY_new() ); BN_CTX *ctx( BN_CTX_new() ); BN_CTX_start( ctx ); EC_GROUP *grp( EC_GROUP_new_curve_GFp( gost2001_custom_paramset->p, gost2001_custom_paramset->a, gost2001_custom_paramset->b, ctx ) ); EC_GROUP_set_curve_name( grp, NID_id_GostR3410_2001_DrWebParamSet ); EC_POINT *P( EC_POINT_new( grp ) ); EC_POINT_set_affine_coordinates_GFp( grp, P, gost2001_custom_paramset->x, gost2001_custom_paramset->y, ctx ); EC_GROUP_set_generator( grp, P, gost2001_custom_paramset->q, 0 ); EC_KEY_set_group( ec, grp ); BN_CTX_end( ctx ); EVP_PKEY *pkey( EVP_PKEY_new() ); EVP_PKEY_assign( pkey, NID_id_GostR3410_2001, ec ); GOST3410_EX_DATA *ex_data = GOST3410_get_ex_data( pkey ); ex_data->hash_params_nid = NID_id_Gost28147_89_DrWebParamSet; ex_data->cipher_params_nid = NID_id_Gost28147_89_DrWebParamSet; Can this feature be useful for the community? And which way seems be more useful? -- With best regards, Arseniy Ankudinov Software Engineer, Doctor Web Ltd -------------- next part -------------- A non-text attachment was scrubbed... Name: Deleted: tls_gost_custom_paramsets.patch Type: text/x-moz-deleted Size: 275 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: tls_gost_custom_paramsets.patch Type: text/x-patch Size: 37423 bytes Desc: not available URL: From ben at links.org Fri Aug 7 08:58:13 2015 From: ben at links.org (Ben Laurie) Date: Fri, 07 Aug 2015 08:58:13 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <1438866658.9814.123.camel@infradead.org> Message-ID: On Thu, 6 Aug 2015 at 14:14 David Woodhouse via RT wrote: > This code does open-coded division on 64-bit quantities and thus when > building with GCC on 32-bit platforms will require functions such as > __umoddi3 and __udivdi3 from libgcc. > > In constrained environments such as firmware, those functions may not > be available. So make it possible to compile out SCT support, which in > fact (in the case of UEFI) we don't need anyway. > I am curious why you think you don't need CT for UEFI? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Fri Aug 7 08:58:32 2015 From: rt at openssl.org (Ben Laurie via RT) Date: Fri, 07 Aug 2015 08:58:32 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <1438866658.9814.123.camel@infradead.org> Message-ID: On Thu, 6 Aug 2015 at 14:14 David Woodhouse via RT wrote: > This code does open-coded division on 64-bit quantities and thus when > building with GCC on 32-bit platforms will require functions such as > __umoddi3 and __udivdi3 from libgcc. > > In constrained environments such as firmware, those functions may not > be available. So make it possible to compile out SCT support, which in > fact (in the case of UEFI) we don't need anyway. > I am curious why you think you don't need CT for UEFI? From rt at openssl.org Fri Aug 7 12:59:56 2015 From: rt at openssl.org (Puustinen, Ismo via RT) Date: Fri, 07 Aug 2015 12:59:56 +0000 Subject: [openssl-dev] [openssl.org #3997] Two pull requests In-Reply-To: References: Message-ID: Hi, I made two pull requests to openssl: https://github.com/openssl/openssl/pull/364 https://github.com/openssl/openssl/pull/367 Ismo Puustinen _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From dwmw2 at infradead.org Fri Aug 7 14:40:27 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Fri, 07 Aug 2015 15:40:27 +0100 Subject: [openssl-dev] [openssl.org #3969] [PATCH] Add OPENSSL_SYS_UEFI In-Reply-To: References: <1438255199.26511.151.camel@infradead.org> Message-ID: <1438958427.9814.177.camel@infradead.org> Updated patch. I had hoped to cope with the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT with nasty tricks, but those didn't work. For the EDKII build we can't configure OpenSSL separately for the specific architecture and toolchain we're using. People might be building on Windows and not even have perl available; it looks like we'll ship a prepackaged opensslconf.h with instructions to "download the OpenSSL tarball and drop this in place". So in our own headers on the EDKII side, we define SIXTY_FOUR_BIT or THIRTY_TWO_BIT as appropriate for the target. And we need opensslconf.h *not* to set it at all. I had attempted the horrid trick of *also* setting CONFIG_HEADER_BN_H in our own headers, to nastily bypass that part of opensslconf.h entirely. But that doesn't work if opensslconf.h gets included *first*. Which does actually happen when building with MSVC for some reason, although not with GCC. This version also reduces the false matches on Windows caused by using the MSVC toolchain (which defines _WIN32) to build EDK II. We do still explicitly undefine _WIN32 on our command line, but it would be useful to fix remaining instances of _WIN32 to depend on OPENSSL_SYS_WIN32 instead and reduce the need for that. I might do that later, but in the meantime let's at least not make the problem *worse* with my original placement of OPENSSL_SYS_UEFI in e_os.h. Also tidy up the definition of the standard integer types to make it work cleanly in the MSVC build. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3969-Add-OPENSSL_SYS_UEFI.patch Type: text/x-patch Size: 5649 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Fri Aug 7 14:40:53 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Fri, 07 Aug 2015 14:40:53 +0000 Subject: [openssl-dev] [openssl.org #3969] [PATCH] Add OPENSSL_SYS_UEFI In-Reply-To: <1438958427.9814.177.camel@infradead.org> References: <1438255199.26511.151.camel@infradead.org> <1438958427.9814.177.camel@infradead.org> Message-ID: Updated patch. I had hoped to cope with the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT with nasty tricks, but those didn't work. For the EDKII build we can't configure OpenSSL separately for the specific architecture and toolchain we're using. People might be building on Windows and not even have perl available; it looks like we'll ship a prepackaged opensslconf.h with instructions to "download the OpenSSL tarball and drop this in place". So in our own headers on the EDKII side, we define SIXTY_FOUR_BIT or THIRTY_TWO_BIT as appropriate for the target. And we need opensslconf.h *not* to set it at all. I had attempted the horrid trick of *also* setting CONFIG_HEADER_BN_H in our own headers, to nastily bypass that part of opensslconf.h entirely. But that doesn't work if opensslconf.h gets included *first*. Which does actually happen when building with MSVC for some reason, although not with GCC. This version also reduces the false matches on Windows caused by using the MSVC toolchain (which defines _WIN32) to build EDK II. We do still explicitly undefine _WIN32 on our command line, but it would be useful to fix remaining instances of _WIN32 to depend on OPENSSL_SYS_WIN32 instead and reduce the need for that. I might do that later, but in the meantime let's at least not make the problem *worse* with my original placement of OPENSSL_SYS_UEFI in e_os.h. Also tidy up the definition of the standard integer types to make it work cleanly in the MSVC build. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3969-Add-OPENSSL_SYS_UEFI.patch Type: text/x-patch Size: 5650 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From dwmw2 at infradead.org Fri Aug 7 14:55:54 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Fri, 07 Aug 2015 15:55:54 +0100 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <1438866658.9814.123.camel@infradead.org> Message-ID: <1438959354.9814.189.camel@infradead.org> On Fri, 2015-08-07 at 08:58 +0000, Ben Laurie via RT wrote: > I am curious why you think you don't need CT for UEFI? The use case for OpenSSL within UEFI is for Secure Boot ? checking PKCs#7 signatures on bootloader / operating system images. Referring to RFC6962... Abstract This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. I don't really see a viable use case for this in the UEFI environment. We don't have a way to get these (hypothetical) logs of validly issued certificates into the firmware. We certainly don't normally have the facility to perform HTTPS requests prior to booting the OS. I realise that this scheme allows for asynchronous verification, but it would be utterly pointless to devise a complex scheme for interaction between the firmware and the booted OS, when the whole point is that the OS *isn't* trustworthy if that signature wasn't valid. Even aside from the general rule that *anything* we implement like that, some idiot will break when they do their "value subtract" to the standard open source UEFI offering. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Fri Aug 7 14:56:06 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Fri, 07 Aug 2015 14:56:06 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <1438959354.9814.189.camel@infradead.org> References: <1438866658.9814.123.camel@infradead.org> <1438959354.9814.189.camel@infradead.org> Message-ID: On Fri, 2015-08-07 at 08:58 +0000, Ben Laurie via RT wrote: > I am curious why you think you don't need CT for UEFI? The use case for OpenSSL within UEFI is for Secure Boot ? checking PKCs#7 signatures on bootloader / operating system images. Referring to RFC6962... Abstract This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. I don't really see a viable use case for this in the UEFI environment. We don't have a way to get these (hypothetical) logs of validly issued certificates into the firmware. We certainly don't normally have the facility to perform HTTPS requests prior to booting the OS. I realise that this scheme allows for asynchronous verification, but it would be utterly pointless to devise a complex scheme for interaction between the firmware and the booted OS, when the whole point is that the OS *isn't* trustworthy if that signature wasn't valid. Even aside from the general rule that *anything* we implement like that, some idiot will break when they do their "value subtract" to the standard open source UEFI offering. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From uri at ll.mit.edu Fri Aug 7 15:07:35 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Fri, 7 Aug 2015 15:07:35 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled Message-ID: <20150807150743.17788996.93468.15829@ll.mit.edu> Considering emerging attacks against UEFI I'd be hesitant weakening protection mechanisms, even those that *currently* aren't likely to be used. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: David Woodhouse via RT Sent: Friday, August 7, 2015 10:56 Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled On Fri, 2015-08-07 at 08:58 +0000, Ben Laurie via RT wrote: > I am curious why you think you don't need CT for UEFI? The use case for OpenSSL within UEFI is for Secure Boot ? checking PKCs#7 signatures on bootloader / operating system images. Referring to RFC6962... Abstract This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. I don't really see a viable use case for this in the UEFI environment. We don't have a way to get these (hypothetical) logs of validly issued certificates into the firmware. We certainly don't normally have the facility to perform HTTPS requests prior to booting the OS. I realise that this scheme allows for asynchronous verification, but it would be utterly pointless to devise a complex scheme for interaction between the firmware and the booted OS, when the whole point is that the OS *isn't* trustworthy if that signature wasn't valid. Even aside from the general rule that *anything* we implement like that, some idiot will break when they do their "value subtract" to the standard open source UEFI offering. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From notdatoneguy at gmail.com Fri Aug 7 15:21:35 2015 From: notdatoneguy at gmail.com (Colin Lacina) Date: Fri, 7 Aug 2015 10:21:35 -0500 Subject: [openssl-dev] SHA-3 standard In-Reply-To: <20150807065333.GA15206@roeckx.be> References: <20150807065333.GA15206@roeckx.be> Message-ID: I asked about this before but no one answered. :( On Aug 7, 2015 1:54 AM, "Kurt Roeckx" wrote: > The SHA-3 standard seems to be out: > http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf > > > Kurt > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwmw2 at infradead.org Fri Aug 7 15:27:34 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Fri, 07 Aug 2015 16:27:34 +0100 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <20150807150743.17788996.93468.15829@ll.mit.edu> References: <20150807150743.17788996.93468.15829@ll.mit.edu> Message-ID: <1438961254.3098.0.camel@infradead.org> On Fri, 2015-08-07 at 15:07 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > Considering emerging attacks against UEFI I'd be hesitant weakening > protection mechanisms, even those that *currently* aren't likely to > be used. Can you suggest a practicable means by which this *could* be used? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Fri Aug 7 15:27:52 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Fri, 07 Aug 2015 15:27:52 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <1438961254.3098.0.camel@infradead.org> References: <20150807150743.17788996.93468.15829@ll.mit.edu> <1438961254.3098.0.camel@infradead.org> Message-ID: On Fri, 2015-08-07 at 15:07 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > Considering emerging attacks against UEFI I'd be hesitant weakening > protection mechanisms, even those that *currently* aren't likely to > be used. Can you suggest a practicable means by which this *could* be used? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From uri at ll.mit.edu Fri Aug 7 15:34:38 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Fri, 7 Aug 2015 15:34:38 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled Message-ID: <20150807153446.17788996.72019.15840@ll.mit.edu> Alas, not right now (and here we're in agreement). However I expect the field to evolve with the threats, and the means for using this capability to emerge. IMHO it would be easier to keep this feature waiting rather than opening a whole new discussion later on. Plus, by just being there it might "stimulate"? people to look for ways to use it. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: David Woodhouse via RT Sent: Friday, August 7, 2015 11:28 Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled On Fri, 2015-08-07 at 15:07 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > Considering emerging attacks against UEFI I'd be hesitant weakening > protection mechanisms, even those that *currently* aren't likely to > be used. ? Can you suggest a practicable means by which this *could* be used? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From rt at openssl.org Fri Aug 7 15:34:47 2015 From: rt at openssl.org (Blumenthal, Uri - 0553 - MITLL via RT) Date: Fri, 07 Aug 2015 15:34:47 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <20150807153446.17788996.72019.15840@ll.mit.edu> References: <20150807153446.17788996.72019.15840@ll.mit.edu> Message-ID: Alas, not right now (and here we're in agreement). However I expect the field to evolve with the threats, and the means for using this capability to emerge. IMHO it would be easier to keep this feature waiting rather than opening a whole new discussion later on. Plus, by just being there it might "stimulate"? people to look for ways to use it. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: David Woodhouse via RT Sent: Friday, August 7, 2015 11:28 Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled On Fri, 2015-08-07 at 15:07 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > Considering emerging attacks against UEFI I'd be hesitant weakening > protection mechanisms, even those that *currently* aren't likely to > be used. ? Can you suggest a practicable means by which this *could* be used? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From rt at openssl.org Fri Aug 7 15:52:19 2015 From: rt at openssl.org (Blumenthal, Uri - 0553 - MITLL via RT) Date: Fri, 07 Aug 2015 15:52:19 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <20150807150743.17788996.93468.15829@ll.mit.edu> References: <20150807150743.17788996.93468.15829@ll.mit.edu> Message-ID: Considering emerging attacks against UEFI I'd be hesitant weakening protection mechanisms, even those that *currently* aren't likely to be used. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: David Woodhouse via RT Sent: Friday, August 7, 2015 10:56 Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled On Fri, 2015-08-07 at 08:58 +0000, Ben Laurie via RT wrote: > I am curious why you think you don't need CT for UEFI? The use case for OpenSSL within UEFI is for Secure Boot ? checking PKCs#7 signatures on bootloader / operating system images. Referring to RFC6962... Abstract This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. I don't really see a viable use case for this in the UEFI environment. We don't have a way to get these (hypothetical) logs of validly issued certificates into the firmware. We certainly don't normally have the facility to perform HTTPS requests prior to booting the OS. I realise that this scheme allows for asynchronous verification, but it would be utterly pointless to devise a complex scheme for interaction between the firmware and the booted OS, when the whole point is that the OS *isn't* trustworthy if that signature wasn't valid. Even aside from the general rule that *anything* we implement like that, some idiot will break when they do their "value subtract" to the standard open source UEFI offering. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From Simon.Piche at tc.gc.ca Fri Aug 7 15:53:19 2015 From: Simon.Piche at tc.gc.ca (Piche, Simon) Date: Fri, 7 Aug 2015 11:53:19 -0400 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <20150807150743.17788996.93468.15829@ll.mit.edu> Message-ID: <20150807155318.6135897.31639.8884@tc.gc.ca> Original Message From: Blumenthal, Uri - 0553 - MITLL via RT Sent: Friday, August 7, 2015 11:52 AM To: dwmw2 at infradead.org Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled Considering emerging attacks against UEFI I'd be hesitant weakening protection mechanisms, even those that *currently* aren't likely to be used. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: David Woodhouse via RT Sent: Friday, August 7, 2015 10:56 Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled On Fri, 2015-08-07 at 08:58 +0000, Ben Laurie via RT wrote: > I am curious why you think you don't need CT for UEFI? The use case for OpenSSL within UEFI is for Secure Boot ? checking PKCs#7 signatures on bootloader / operating system images. Referring to RFC6962... Abstract This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. I don't really see a viable use case for this in the UEFI environment. We don't have a way to get these (hypothetical) logs of validly issued certificates into the firmware. We certainly don't normally have the facility to perform HTTPS requests prior to booting the OS. I realise that this scheme allows for asynchronous verification, but it would be utterly pointless to devise a complex scheme for interaction between the firmware and the booted OS, when the whole point is that the OS *isn't* trustworthy if that signature wasn't valid. Even aside from the general rule that *anything* we implement like that, some idiot will break when they do their "value subtract" to the standard open source UEFI offering. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation From rt at openssl.org Fri Aug 7 15:58:52 2015 From: rt at openssl.org (Piche, Simon via RT) Date: Fri, 07 Aug 2015 15:58:52 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <20150807155318.6135897.31639.8884@tc.gc.ca> References: <20150807150743.17788996.93468.15829@ll.mit.edu> <20150807155318.6135897.31639.8884@tc.gc.ca> Message-ID: Original Message From: Blumenthal, Uri - 0553 - MITLL via RT Sent: Friday, August 7, 2015 11:52 AM To: dwmw2 at infradead.org Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled Considering emerging attacks against UEFI I'd be hesitant weakening protection mechanisms, even those that *currently* aren't likely to be used. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: David Woodhouse via RT Sent: Friday, August 7, 2015 10:56 Reply To: rt at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled On Fri, 2015-08-07 at 08:58 +0000, Ben Laurie via RT wrote: > I am curious why you think you don't need CT for UEFI? The use case for OpenSSL within UEFI is for Secure Boot ? checking PKCs#7 signatures on bootloader / operating system images. Referring to RFC6962... Abstract This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. I don't really see a viable use case for this in the UEFI environment. We don't have a way to get these (hypothetical) logs of validly issued certificates into the firmware. We certainly don't normally have the facility to perform HTTPS requests prior to booting the OS. I realise that this scheme allows for asynchronous verification, but it would be utterly pointless to devise a complex scheme for interaction between the firmware and the booted OS, when the whole point is that the OS *isn't* trustworthy if that signature wasn't valid. Even aside from the general rule that *anything* we implement like that, some idiot will break when they do their "value subtract" to the standard open source UEFI offering. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation From appro at openssl.org Fri Aug 7 16:27:32 2015 From: appro at openssl.org (Andy Polyakov) Date: Fri, 07 Aug 2015 18:27:32 +0200 Subject: [openssl-dev] Making assembly language optimizations working on Cortex-M3 In-Reply-To: References: Message-ID: <55C4DC74.6060900@openssl.org> Hi, > In ./Configure, there is this comment: > > # big-endian platform. This is because ARMv7 processor always > # picks instructions in little-endian order. Another similar > # limitation is that -mthumb can't "cross" -march=armv6t2 > # boundary, because that's where it became Thumb-2. Well, this > # limitation is a bit artificial, because it's not really > # impossible, but it's deemed too tricky to support. > > Cortex-M3 and Cortex-M4 processors are -mthumb, -march=armv7-m, which is > exactly the problematic configuration, if I understand that comment > correctly. The comment in question applies *exclusively* to cases when you attempt to build "universal" binary, one that works on multiple platforms, e.g. on ARMv6 and ARMv7. > I am interested in getting libcrypto working for these > processors with the assembly language optimizations enabled. This is kind of problematic, but for reason different from what [I think] you imply. As you point out Cortex-Mx support *only* Thumb[-2] instruction set (it was news for me). And the trouble is that not all OpenSSL assembly modules can be compiled for Thumb-2. So far we kind of relied on the fact that target ARM processors can switch between real ARM and Thumb instruction sets (for those who wonder, yes, within same application, so that it's possible to freely mix them, compiler-generated code can be Thumb[-2] while assembly modules remain ARM). Originally it was utterly natural assumption to make, because Thumb (not Thumb-2!) really required separate development effort (less registers, poorer instruction set). But with introduction of Thumb-2 and Unified Assembler Language syntax it became possible to re-use ARM code, but small adjustments are normally required. Or to paraphrase beginning of this paragraph, not all OpenSSL assembly modules are Thumb-2 savvy. > Specifically, the configuration I am interested in is: > > CC=arm-none-eabi-gcc -mcpu=cortex-m3 -march=armv7-m > -mthumb -D__ARM_MAX_ARCH__=7. On side note for reference, -D__ARM_MAX_ARCH__ is redundant if it matches -march. Secondly, recommended way to engage cross-compiler is to pass --cross-compile-prefix to Configure, e.g. --cross-compile-prefix=arm-none-eabi-. > Currently, the assembly language source files don't compile because they > expect to be able to use ARM (-marm) instructions when __ARM_MAX_ARCH__ >>= 7. Further, they try to do feature detection for NEON in that case, > but I'd prefer to not have the feature detection compiled in, since I > know NEON is never available. It's a little bit more nuanced than that and can even be split to two sub-problems, namely a) making code Thumb-2 savvy and b) making NEON support conditionally compiled. > Has anybody started working on this? > > If not, my thinking was to refactor the assembly language code so that > all the ARM-only (-marm) code is cleanly separated from the unified > (-mthumb and -marm) code, As implied, there are few assembly modules that *can* be compiled for Thumb-2 today, namely aes-armv4, bsaes-armv7, sha256-armv4, sha512-armv4. Is there evidence that we can't adhere to this strategy of adjusting modules for ARM/Thumb-2 "duality"? (I think I have ghash...) (BTW, can you confirm that you can get mentioned modules work?) > move the detection of NEON from the assembly > language code to the C wrappers, ... I'd vote against... > and recognize two new settings, > OPENSSL_NO_ARM_NEON and OPENSSL_ARM_THUMB_ONLY, to accommodate this. While NO_NEON might make sense, I really see no reason to introduce THUMB_ONLY. Because pre-defines set by the compiler driver are sufficient. Actually, one can argue that even decision to omit NEON code can be made based on pre-defines, e.g. __ARM_ARCH_7M__. Well, this doesn't exclude possibility to define NO_NEON based on pre-define and using NO_NEON in code. Note that omission of NEON code implies even omission of NEON detection. This is basically why I object moving detection to to C. Keeping it in same place makes it more maintainable. A word of warning. When looking at ARM assembly code, you might find yourself asking "why isn't this done this way?" It's likely that answer to that question is "because old assembler fails to compile it." I mean there is certain level of legacy support there and it's not a coincidence. From rt at openssl.org Fri Aug 7 16:37:20 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Fri, 07 Aug 2015 16:37:20 +0000 Subject: [openssl-dev] [openssl.org #3998] [PATCH] Allow scrypt to be disabled In-Reply-To: <1438963122.3098.1.camel@infradead.org> References: <1438963122.3098.1.camel@infradead.org> Message-ID: >From a15e06fa9600aecfee8fead41c2f47e052958d12 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 7 Aug 2015 16:47:10 +0100 Subject: [PATCH] Allow scrypt to be disabled This does 64-bit division and multiplication, and on 32-bit platforms pulls in libgcc symbols (and MSVC does similar) which may not be available. --- apps/pkcs8.c | 12 +++++++++++- crypto/asn1/p5_scrypt.c | 2 ++ crypto/evp/evp_pbe.c | 2 ++ crypto/evp/scrypt.c | 3 +++ include/openssl/evp.h | 2 ++ include/openssl/x509.h | 3 ++- 6 files changed, 22 insertions(+), 2 deletions(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 919b8f1..9f689f1 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -69,7 +69,9 @@ typedef enum OPTION_choice { OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED, OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, - OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P +#ifndef OPENSSL_NO_SCRYPT + OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P, +#endif } OPTION_CHOICE; OPTIONS pkcs8_options[] = { @@ -94,10 +96,12 @@ OPTIONS pkcs8_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif +#ifndef OPENSSL_NO_SCRYPT {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"}, {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"}, {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"}, {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"}, +#endif {NULL} }; @@ -116,7 +120,9 @@ int pkcs8_main(int argc, char **argv) int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK; int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; int private = 0; +#ifndef OPENSSL_NO_SCRYPT unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0; +#endif prog = opt_init(argc, argv, pkcs8_options); while ((o = opt_next()) != OPT_EOF) { @@ -195,6 +201,7 @@ int pkcs8_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; +#ifndef OPENSSL_NO_SCRYPT case OPT_SCRYPT: scrypt_N = 1024; scrypt_r = 8; @@ -214,6 +221,7 @@ int pkcs8_main(int argc, char **argv) if (!opt_ulong(opt_arg(), &scrypt_p)) goto opthelp; break; +#endif } } argc = opt_num_rest(); @@ -260,10 +268,12 @@ int pkcs8_main(int argc, char **argv) } else { X509_ALGOR *pbe; if (cipher) { +#ifndef OPENSSL_NO_SCRYPT if (scrypt_N && scrypt_r && scrypt_p) pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL, scrypt_N, scrypt_r, scrypt_p); else +#endif pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, pbe_nid); } else { diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 5c4de79..35ff396 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -65,6 +65,7 @@ #include #include +#ifndef OPENSSL_NO_SCRYPT /* PKCS#5 scrypt password based encryption structures */ typedef struct { @@ -330,3 +331,4 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, SCRYPT_PARAMS_free(sparam); return rv; } +#endif /* OPENSSL_NO_SCRYPT */ diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 13d9658..f84973e 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -119,7 +119,9 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, +#ifndef OPENSSL_NO_SCRYPT {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} +#endif }; #ifdef TEST diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c index 4254abf..fb26e14 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.c @@ -64,6 +64,7 @@ #include #include +#ifndef OPENSSL_NO_SCRYPT #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) static void salsa208_word_specification(uint32_t inout[16]) { @@ -296,3 +297,5 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, OPENSSL_clear_free(B, Blen + Vlen); return rv; } + +#endif /* OPENSSL_NO_SCRYPT */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index dff81b0..68306a1 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1067,10 +1067,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); +#ifndef OPENSSL_NO_SCRYPT int EVP_PBE_scrypt(const char *pass, size_t passlen, const unsigned char *salt, size_t saltlen, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, unsigned char *key, size_t keylen); +#endif int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 3b186a4..b253b29 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1109,11 +1109,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen, unsigned char *aiv, int prf_nid); +#ifndef OPENSSL_NO_SCRYPT X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, const unsigned char *salt, int saltlen, unsigned char *aiv, uint64_t N, uint64_t r, uint64_t p); - +#endif X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, int keylen); -- 2.4.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Aug 7 20:03:40 2015 From: rt at openssl.org (Kaduk, Ben via RT) Date: Fri, 07 Aug 2015 20:03:40 +0000 Subject: [openssl-dev] [openssl.org #3999] consider removing the sub-component version strings In-Reply-To: References: Message-ID: It seems like this fine-grained level of detail may have been more suitable for an earlier point in time when the subcomponents were used. With the advent of shared libraries, there is less motivation to split things up in that way, and perhaps the decision to have separate version strings for each of them should be revisited. Although these symbols are not prototyped in any public header (which in some sense makes them "not a part of the public/stable API"), they are accessible at link time on at least some systems, and one might imagine they are in use somewhere. This would give some weight to the argument that, if these symbols are to be removed at all, it should only be done at a (major) version boundary, when ABI-breaking changes are permissible. For what it's worth (i.e., not very much), clang -Wmissing-variable-declarations (implied by -Weverything) complains about these version strings, since there is no forward declaration in advance of the actual declaration (and they are not static), never mind that forward declarations are not required by the C standard. -Ben _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Sat Aug 8 22:18:41 2015 From: rt at openssl.org (Rich Salz via RT) Date: Sat, 08 Aug 2015 22:18:41 +0000 Subject: [openssl-dev] [openssl.org #3988] [PATCH] X509_check_host() has existed since 1.0.2 In-Reply-To: <1438785454.9814.67.camel@infradead.org> References: <1438785454.9814.67.camel@infradead.org> Message-ID: doc fixed in master and 1.0.2-release. thanks! -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From brian at briansmith.org Mon Aug 10 02:31:16 2015 From: brian at briansmith.org (Brian Smith) Date: Sun, 9 Aug 2015 22:31:16 -0400 Subject: [openssl-dev] Making assembly language optimizations working on Cortex-M3 In-Reply-To: <55C4DC74.6060900@openssl.org> References: <55C4DC74.6060900@openssl.org> Message-ID: Andy Polyakov wrote: > > Cortex-M3 and Cortex-M4 processors are -mthumb, -march=armv7-m, which is > > exactly the problematic configuration, if I understand that comment > > correctly. > > The comment in question applies *exclusively* to cases when you attempt > to build "universal" binary, one that works on multiple platforms, e.g. > on ARMv6 and ARMv7. > OK. Thanks for clarifying things. > Has anybody started working on this? > > > > If not, my thinking was to refactor the assembly language code so that > > all the ARM-only (-marm) code is cleanly separated from the unified > > (-mthumb and -marm) code, > > As implied, there are few assembly modules that *can* be compiled for > Thumb-2 today, namely aes-armv4, bsaes-armv7, sha256-armv4, > sha512-armv4. Is there evidence that we can't adhere to this strategy of > adjusting modules for ARM/Thumb-2 "duality"? That sounds good to me. > (BTW, can you confirm that you can get mentioned modules work?) > Yes, I am able to compile those modules: git clone https://github.com/briansmith/openssl arm-openssl cd arm-openssl ./configure-arm-none-eabi.sh make depend make In particular, see this commit to understand the configuration: https://github.com/briansmith/openssl/commit/ffa6e0c7a575184bc171b72a7ff3715bde460163 I am using the toolchain from [1]: arm-none-eabi-gcc (GNU Tools for ARM Embedded Processors) 4.9.3 20150529 (release) [ARM/embedded-4_9-branch revision 224288] I ran out of time this weekend before I could test out the resultant library though. > > and recognize two new settings, > > OPENSSL_NO_ARM_NEON and OPENSSL_ARM_THUMB_ONLY, to accommodate this. > > While NO_NEON might make sense, I really see no reason to introduce > THUMB_ONLY. Because pre-defines set by the compiler driver are > sufficient. You mean, using __thumb__ (predefined for both thumb1 and thumb2) and __thumb2__ (predefined for thumb2 only)? > Actually, one can argue that even decision to omit NEON code > can be made based on pre-defines, e.g. __ARM_ARCH_7M__. Well, this > doesn't exclude possibility to define NO_NEON based on pre-define and > using NO_NEON in code. Right. If you are building for Cortex-A (armv7-a) then you may or may not want the NEON detection, depending on how much you know about the users' hardware in advance. Consequently, I think having an OPENSSL_ARM_NO_NEON option is useful. > A word of warning. When looking at ARM assembly code, you might find > yourself asking "why isn't this done this way?" It's likely that answer > to that question is "because old assembler fails to compile it." I mean > there is certain level of legacy support there and it's not a coincidence. > Understood. I also looked at some of the past commits where thumb2 support was added, e.g. [2]. So, basically, we just need to (a) understand which modules are thumb2-only and which aren't, and (b) adjust more modules to work for thumb2. I am mostly interested in getting the AES-GCM and sha1 assembly language optimizations working for this configuration. You mentioned in your message that you already have ghash working for thumb2. Is that right? [1] https://launchpad.net/~terry.guo/+archive/ubuntu/gcc-arm-embedded [2] https://github.com/openssl/openssl/commit/e0202d946d68bd91a3e99f223c66d1fce7db136a Thanks for your help! Cheers, Brian -- https://briansmith.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at roeckx.be Mon Aug 10 08:39:37 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 10 Aug 2015 10:39:37 +0200 Subject: [openssl-dev] 1.0.2 long term support Message-ID: <20150810083937.GA14110@roeckx.be> 1.0.2 long term support ======================= The OpenSSL project team would like to announce that the 1.0.2 version will be supported until 2019-12-31. Further details about the OpenSSL Release Strategy can be found here: https://www.openssl.org/about/releasestrat.html The OpenSSL Project Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From dwmw2 at infradead.org Mon Aug 10 09:44:01 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Mon, 10 Aug 2015 10:44:01 +0100 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <20150807153446.17788996.72019.15840@ll.mit.edu> Message-ID: <1439199841.3098.28.camel@infradead.org> On Fri, 2015-08-07 at 15:34 +0000, Blumenthal, Uri - 0553 - MITLL via RT wrote: > Alas, not right now (and here we're in agreement). > > However I expect the field to evolve with the threats, and the means > for using this capability to emerge. UEFI is widely mocked for how bloated it is, given that the job of a sane firmware is to boot the operating as quickly as possible and then get the hell out of the way. You seem to be suggesting that we build in some cryptographic functionality that we admit we have no *idea* how we could sensibly use it, and also build in various extended math library routines that are currently unneeded but would need a whole bunch of pain for different GCC/MSVC/LLVM toolchains and ABIs... just in case we one day work out how we might use it. > IMHO it would be easier to keep this feature waiting rather than > opening a whole new discussion later on. If you come up with a use case, it's hardly difficult for you to check out the open source UEFI implementation from its git tree, build it *without* OPENSSL_NO_SCT, and implement and test your ideas. When you submit that, of course there will be a "whole new discussion". about your design and your implementation. But it's largely distinct from this one and will need to happen *anyway* even if we disable SCT in the meantime. > Plus, by just being there it might "stimulate"? people to look for > ways to use it. It'll "stimulate" people, I'm sure. But not in a good way. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From appro at openssl.org Mon Aug 10 09:49:44 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 10 Aug 2015 11:49:44 +0200 Subject: [openssl-dev] Making assembly language optimizations working on Cortex-M3 In-Reply-To: References: <55C4DC74.6060900@openssl.org> Message-ID: <55C873B8.9060602@openssl.org> > > and recognize two new settings, > > OPENSSL_NO_ARM_NEON and OPENSSL_ARM_THUMB_ONLY, to accommodate this. > > While NO_NEON might make sense, I really see no reason to introduce > THUMB_ONLY. Because pre-defines set by the compiler driver are > sufficient. > > > You mean, using __thumb__ (predefined for both thumb1 and thumb2) > and __thumb2__ (predefined for thumb2 only)? Yes. > Actually, one can argue that even decision to omit NEON code > can be made based on pre-defines, e.g. __ARM_ARCH_7M__. Well, this > doesn't exclude possibility to define NO_NEON based on pre-define and > using NO_NEON in code. > > > Right. If you are building for Cortex-A (armv7-a) then you may or may > not want the NEON detection, depending on how much you know about the > users' hardware in advance. Consequently, I think having an > OPENSSL_ARM_NO_NEON option is useful. Well, there is kind of conflict of approaches. Distribution vendors and generic Linux application developers appreciate if NEON is always included, because they want to target as many configurations as they can. On the other hand we have tailored system designers [like yourself] who prefer "perfect fit" for their target. But probability that tailored system is armv7-a is rather low. This is rationale behind suggestion to use pre-defines. But once again, these are not mutually exclusive. In sense that NO_NEON can be set automatically on __ARM_ARCH_7M__ [in case user forgets to pass it]. > So, basically, we just need to (a) understand which modules are > thumb2-only and which aren't, We already know that. I mean I'm confident that those that are not in already mentioned list can't be compiled for Thumb-2. > and (b) adjust more modules to work for thumb2. That's the idea. > I am mostly interested in getting the AES-GCM and sha1 assembly > language optimizations working for this configuration. You mentioned in > your message that you already have ghash working for thumb2. Is that right? Yes. Well, even if it's lost, as far as I recall it wasn't really really complicated... From rt at openssl.org Mon Aug 10 10:05:36 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Mon, 10 Aug 2015 10:05:36 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <1439201106.9814.192.camel@infradead.org> References: <1438866658.9814.123.camel@infradead.org> <1439201106.9814.192.camel@infradead.org> Message-ID: Updated patch. fixing a typo that broke the no-rfc3779 support in util/mkdef.pl -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3992-Allow-RFC6962-Signed-Certificate-Timestamps-t.patch Type: text/x-patch Size: 3692 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Mon Aug 10 10:09:28 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Mon, 10 Aug 2015 10:09:28 +0000 Subject: [openssl-dev] [openssl.org #3998] [PATCH] Allow scrypt to be disabled In-Reply-To: <1439201349.9814.194.camel@infradead.org> References: <1438963122.3098.1.camel@infradead.org> <1439201349.9814.194.camel@infradead.org> Message-ID: Apologies, previous patch was incomplete. This one actually builds *and* I committed the last changes and included them this time. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3998-Allow-scrypt-to-be-disabled.patch Type: text/x-patch Size: 11336 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From vitus at wagner.pp.ru Mon Aug 10 13:38:14 2015 From: vitus at wagner.pp.ru (Victor Wagner) Date: Mon, 10 Aug 2015 16:38:14 +0300 Subject: [openssl-dev] Cross-compiling 64-bit openssl for Windows under Linux Message-ID: <20150810163814.274424b0@arkturus.local> Hi I'm trying to build windows version of OpenSSL using Debian oldstable system with GCC 4.6.3 configured for x86_64-w64-mingw32 target. (from the package gcc-mingw32-w64-x86-64). First, I've tried with latest stable 1.0.2d version. ./Configure --prefix=c:/openssl --openssldir=c:/openssl mingw64 shared --cross-compile-prefix=x86_64-w64-mingw32- (32-bit version with mingw target and i686-w64-mingw32- prefix compiles fine) Compilation fails when processing ecp_nistz256-x86_64.s assembler file generated from crypto/ec/asm/ecp_nistz256-x86_64.pl Then I've tried a latest development snapshot. (openssl-SNAP-20150810.tar.gz) It seems that this bug is fixed and there is compilable ecp_nistz256-x86_64.pl, Both fails with same diagnostics: ...-windres Invalid syntax: line 6 Investigation shows, that problem is with util/mkrc.pl script It attempts to open crypto/opensslv.h which doesn't exists in snapshot. and doesn't fail on file opening error. Instead it generates resource script with empty version numbers in FILEVERSION (which is syntactically incorrect). It seems that when opensslv.h was relocated and Configure script was fixed (and Configure script does properly check file open error) it was forgotten to fix mkrc.pl There is analogous problem in netware.pl script, although it does check for file opening error. From imcfadri at cisco.com Mon Aug 10 15:34:02 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Mon, 10 Aug 2015 15:34:02 +0000 Subject: [openssl-dev] tls_session_secret_cb method return value Message-ID: <522B816F59485D4FBCBAF2CE8015B8919A6F0E@xmb-rcd-x01.cisco.com> I am trying to determine if the tls_session_secret_cb return value is used to indicate an unrecoverable error has been encountered (i.e. bad pointer for data needed to calculate secret) or if it is intended to be an indicator that the session secret is deemed invalid (EAP-FAST PAC expired resulting in new session therefore determine that secret should not be calculated). The code I am working on is using the tls_session_secret_cb return value as the latter specified above, and that resulted in our implementation of EAP-FAST to break when a PAC expires after we picked up release 1.0.1l of OpenSSL. A change was made in s3_clnt.c ssl3_get_server_hello method at line 889. Previously, if tls_session_secret_cb returned 0 no action was taken, but the change resulted in SSLErr if tls_session_secret_cb returned 0. I believe that we should treat the tls_session_secret_cb return value to indicate an unrecoverable error only. Then in the scenario where the PAC expires, although we would not calculate the secret, it will work fine since the secret will be calculated later in OpenSSL when servicing the client key exchange. -------------- next part -------------- An HTML attachment was scrubbed... URL: From uri at ll.mit.edu Mon Aug 10 16:11:16 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Mon, 10 Aug 2015 16:11:16 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: <1439199841.3098.28.camel@infradead.org> References: <20150807153446.17788996.72019.15840@ll.mit.edu> <1439199841.3098.28.camel@infradead.org> Message-ID: For the sake of brevity I?ll answer to only some of your points (that I consider relevant to my views or work). On 8/10/15, 5:44 , "openssl-dev on behalf of David Woodhouse" wrote: >UEFI is widely mocked for how bloated it is, given that the job of a sane >firmware is to boot the operating as quickly as possible and then get the >hell out of the way. Yes. But skimping on security features is not a good way to deal with software/firmware bloat. And again, attacks on this layer are increasing in quantity and sophistication. The current protection mechanisms appear insufficient. Draw your own conclusions. >You seem to be suggesting that we build in some cryptographic >functionality that we admit we have no *idea* how we could sensibly use >it, and also build in various extended math library routines that are >currently unneeded but would need a whole bunch of pain for different >GCC/MSVC/LLVM toolchains and ABIs... just in case we one day work out how >we might use it. All that for just one attribute? Of a certificate that you already have to deal with? I?m missing something, or you?re not correct. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4308 bytes Desc: not available URL: From rt at openssl.org Mon Aug 10 16:14:34 2015 From: rt at openssl.org (Rich Salz via RT) Date: Mon, 10 Aug 2015 16:14:34 +0000 Subject: [openssl-dev] [openssl.org #3999] consider removing the sub-component version strings In-Reply-To: References: Message-ID: Removed in master. Thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Mon Aug 10 16:20:24 2015 From: rt at openssl.org (Rich Salz via RT) Date: Mon, 10 Aug 2015 16:20:24 +0000 Subject: [openssl-dev] [openssl.org #3996] master does not build with no-ripemd In-Reply-To: References: Message-ID: oops, fixed :) thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Tue Aug 11 00:09:50 2015 From: rt at openssl.org (Stuart, Harold via RT) Date: Tue, 11 Aug 2015 00:09:50 +0000 Subject: [openssl-dev] [openssl.org #4000] Bug in Branch OpenSSL-fips-2_0-stable; file rsa_x931g.c In-Reply-To: <9872E68DAF3EF5498FBA2777898A9D5F656417@pwsvl-excmbx-05.internal.cacheflow.com> References: <9872E68DAF3EF5498FBA2777898A9D5F656417@pwsvl-excmbx-05.internal.cacheflow.com> Message-ID: The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and has discovered the following minor bug. We do not believe that this bug is exploitable. In branch OpenSSL-fips-2_0-stable, file rsa_x931g.c observe the function RSA_X931_derive_ex. At line 84 we see the following: if (!rsa) goto err; However, at line 190 we see this: err: if (ctx) { BN_CTX_end(ctx); BN_CTX_free(ctx); } if (ctx2) BN_CTX_free(ctx2); /* If this is set all calls successful */ if (rsa->iqmp != NULL) return 1; Note that the variable rsa is dereferenced, even though it is possible that it can be NULL at this point. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Aug 11 00:09:50 2015 From: rt at openssl.org (Stuart, Harold via RT) Date: Tue, 11 Aug 2015 00:09:50 +0000 Subject: [openssl-dev] [openssl.org #4001] Bug in branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c In-Reply-To: <9872E68DAF3EF5498FBA2777898A9D5F656437@pwsvl-excmbx-05.internal.cacheflow.com> References: <9872E68DAF3EF5498FBA2777898A9D5F656437@pwsvl-excmbx-05.internal.cacheflow.com> Message-ID: The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and has discovered the following minor bug. We do not believe that this bug is exploitable. In branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c observe the function FIPS_rsa_verify_digest. At line 353 the code looks like this: if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING) md_type = saltlen; else md_type = M_EVP_MD_type(mhash); Note that mhash can be accessed in the else statement, even if it is NULL. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Aug 11 00:09:52 2015 From: rt at openssl.org (Stuart, Harold via RT) Date: Tue, 11 Aug 2015 00:09:52 +0000 Subject: [openssl-dev] [openssl.org #4002] Bug in branch master, file evp_pbe.c In-Reply-To: <9872E68DAF3EF5498FBA2777898A9D5F656454@pwsvl-excmbx-05.internal.cacheflow.com> References: <9872E68DAF3EF5498FBA2777898A9D5F656454@pwsvl-excmbx-05.internal.cacheflow.com> Message-ID: The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and has discovered the following minor bug. We do not believe that this bug is exploitable. In branch master, file evp_pbe.c, observe the function EVP_Cipher_init. At line 175, we see the following: if (cipher_nid == -1) cipher = NULL; At line 195, we see this: if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) { EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE); return 0; } Note that cipher is passed to the keygen function. One of the possible functions for keygen is PKCS12_PBE_keyivgen (file p12_crpt.c), where we see this at line 94: if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, iter, EVP_CIPHER_iv_length(cipher), iv, md)) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); return 0; } Note that cipher is being dereferenced, even though it can be NULL. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From emilia at openssl.org Tue Aug 11 10:12:55 2015 From: emilia at openssl.org (=?UTF-8?Q?Emilia_K=C3=A4sper?=) Date: Tue, 11 Aug 2015 12:12:55 +0200 Subject: [openssl-dev] tls_session_secret_cb method return value In-Reply-To: <522B816F59485D4FBCBAF2CE8015B8919A6F0E@xmb-rcd-x01.cisco.com> References: <522B816F59485D4FBCBAF2CE8015B8919A6F0E@xmb-rcd-x01.cisco.com> Message-ID: Hi Ian, Thanks for the report! Your colleague John Foley suggested to treat this error as unrecoverable: https://mta.openssl.org/pipermail/openssl-dev/2015-March/001030.html The error is set while processing the ServerHello, at which point the PAC has already been sent to the server in the ticket in the ClientHello, and it's the server's call whether it'll be resuming. So either (a) we make the assumption that the server would agree that the PAC has expired and not attempt a resumption - and we make the resumption attempt an internal error; or (b) the client-side check for expiration would have to be moved to an earlier place in the handshake. I am afraid that you know better than me what the intended behaviour is. How about you describe the complete correct flow and propose a patch? Cheers, Emilia On Mon, Aug 10, 2015 at 5:34 PM, Ian McFadries (imcfadri) < imcfadri at cisco.com> wrote: > > > I am trying to determine if the tls_session_secret_cb return value is used > to indicate an unrecoverable error has been encountered > > (i.e. bad pointer for data needed to calculate secret) or if it is > intended to be an indicator that the session secret is deemed > > invalid (EAP-FAST PAC expired resulting in new session therefore determine > that secret should not be calculated). > > > > The code I am working on is using the tls_session_secret_cb return value > as the latter specified above, and that resulted in our > > implementation of EAP-FAST to break when a PAC expires after we picked up > release 1.0.1l of OpenSSL. A change was made in s3_clnt.c > > ssl3_get_server_hello method at line 889. Previously, if > tls_session_secret_cb returned 0 no action was taken, but the change > > resulted in SSLErr if tls_session_secret_cb returned 0. > > > > I believe that we should treat the tls_session_secret_cb return value to > indicate an unrecoverable error only. Then in the scenario > > where the PAC expires, although we would not calculate the secret, it will > work fine since the secret will be calculated later in > > OpenSSL when servicing the client key exchange. > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Tue Aug 11 12:06:41 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 11 Aug 2015 12:06:41 +0000 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <20150807153446.17788996.72019.15840@ll.mit.edu> <1439199841.3098.28.camel@infradead.org> Message-ID: > Yes. But skimping on security features is not a good way to deal with > software/firmware bloat. And again, attacks on this layer are increasing in > quantity and sophistication. The current protection mechanisms appear > insufficient. Draw your own conclusions. But this isn't a general-purpose library. It is a boot system embedded into firmware. If the system needs to be updated to address new security concerns, that part of OpenSSL that is also embedded will be updated with the rest of the system. It makes no sense, to me, to add things that aren't being used by this one application. The library and application are tied together. From Stefan.Neis at t-online.de Tue Aug 11 17:55:33 2015 From: Stefan.Neis at t-online.de (Stefan.Neis at t-online.de) Date: Tue, 11 Aug 2015 19:55:33 +0200 Subject: [openssl-dev] =?utf-8?q?1=2E0=2E2_long_term_support?= In-Reply-To: <20150810083937.GA14110@roeckx.be> References: <20150810083937.GA14110@roeckx.be> Message-ID: <134946409255ca37157890a7.66002318@email.t-online.de> Hi, Kurt Roeckx wrote: > 1.0.2 long term support > ======================= > > The OpenSSL project team would like to announce that the 1.0.2 > version will be supported until 2019-12-31. Looking at the release date of 1.0.2 (22 Jan 2015) that seems to be (very slightly) less than the "at least five years" you promise in your release strategy. ;-) Not a big problem, but with the current state, it effectively blurs the distinction between the non-LTS release (1.0.1, being supported for 4 years and 9 months) and the LTS release (1.0.2 being supported for 4 years and eleven months). And no, this isn't meant to be complaint about 1.0.1 being supported for "too long". ;-) Regards, Stefan From kurt at roeckx.be Tue Aug 11 18:29:58 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Tue, 11 Aug 2015 20:29:58 +0200 Subject: [openssl-dev] 1.0.2 long term support In-Reply-To: <134946409255ca37157890a7.66002318@email.t-online.de> References: <20150810083937.GA14110@roeckx.be> <134946409255ca37157890a7.66002318@email.t-online.de> Message-ID: <20150811182958.GA16622@roeckx.be> On Tue, Aug 11, 2015 at 07:55:33PM +0200, Stefan.Neis at t-online.de wrote: > Hi, > > Kurt Roeckx wrote: > > > 1.0.2 long term support > > ======================= > > > > The OpenSSL project team would like to announce that the 1.0.2 > > version will be supported until 2019-12-31. > > Looking at the release date of 1.0.2 (22 Jan 2015) that seems to > be (very slightly) less than the "at least five years" you promise in > your release strategy. ;-) > > Not a big problem, but with the current state, it effectively blurs the > distinction between the non-LTS release (1.0.1, being supported > for 4 years and 9 months) and the LTS release (1.0.2 being supported for > 4 years and eleven months). > > And no, this isn't meant to be complaint about 1.0.1 being > supported for "too long". ;-) 1.0.1 would also be a "long term" version. The other releases are only 2 years. The change on the page was from "at least 2016-12-31" to 2019-12-31. Maybe the wording could be improved. Kurt From rt at openssl.org Tue Aug 11 18:53:29 2015 From: rt at openssl.org (Sekwon Choi via RT) Date: Tue, 11 Aug 2015 18:53:29 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: References: Message-ID: Hi openssl team, I would like to report a bug as below and patch for the fix. [ Version affected ] : 1.0.2d (latest) and below (basically, all versions of openssl) [ Operating system ] : All [ Bug description ] : When we want to perform a host verification using openssl's APIs that use X509_check_host, host URL that includes specific characters such as '_' or '~' will be failing when CN from the certificate contains wildcard character. The reason is that, wildcard_match function in openssl-version/crypto/x509v3/v3_utils.c is not handling '_' and '~' while those are allowed character for URL. (patch attached separately) --- ./openssl-1.0.2d/crypto/x509v3/v3_utl.c 2015-07-09 04:57:15.000000000 -0700 +++ ../OpenSSL/openssl-1.0.2d/crypto/x509v3/v3_utl.c 2015-08-11 10:15:19.905814872 -0700 @@ -787,7 +787,7 @@ if (!(('0' <= *p && *p <= '9') || ('A' <= *p && *p <= 'Z') || ('a' <= *p && *p <= 'z') || - *p == '-' || (allow_multi && *p == '.'))) + *p == '-' || *p == '_' || *p == '~' || (allow_multi && *p == '.'))) return 0; return 1; [ FYI ] : RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax) https://tools.ietf.org/html/rfc3986#section-2.1 2.3. Unreserved Characters Characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include uppercase and lowercase letters, decimal digits, hyphen, period, underscore, and tilde. unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" Suggested fix: We propose to include '_' and '~' in wildcard_match function so that hostname including those characters can be evaluated correctly. Thanks Sekwon Choi senior software engineer Netflix -------------- next part -------------- A non-text attachment was scrubbed... Name: wildcard_match.patch Type: text/x-patch Size: 499 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Aug 11 19:22:58 2015 From: rt at openssl.org (Kurt Roeckx via RT) Date: Tue, 11 Aug 2015 19:22:58 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: <20150811192250.GA17851@roeckx.be> References: <20150811192250.GA17851@roeckx.be> Message-ID: On Tue, Aug 11, 2015 at 06:53:29PM +0000, Sekwon Choi via RT wrote: > When we want to perform a host verification using openssl's APIs that use > X509_check_host, host URL that includes specific characters such as '_' or > '~' will be failing when CN from the certificate contains wildcard > character. > > The reason is that, wildcard_match function in > openssl-version/crypto/x509v3/v3_utils.c is not handling '_' and '~' while > those are allowed character for URL. It's checking the hostname, not the URL. _ and ~ are not allowed in DNS and so not in a hostname. It looks to me that you're trying to validate an URL instead of a hostname. I don't know of any standart that allows you to put a URL in a certificate and it also doesn't make much sense. Kurt From openssl-users at dukhovni.org Tue Aug 11 19:29:15 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 11 Aug 2015 19:29:15 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: References: <20150811192250.GA17851@roeckx.be> Message-ID: <20150811192915.GF9139@mournblade.imrryr.org> On Tue, Aug 11, 2015 at 07:22:58PM +0000, Kurt Roeckx via RT wrote: > It looks to me that you're trying to validate an URL instead of a > hostname. I don't know of any standart that allows you to put a > URL in a certificate and it also doesn't make much sense. Certificates IIRC can have URI subjectAltNames, I don't recall whether we support matching these. If we did, that would certainly not be via X509_check_host(), there would have to be an X509_check_uri() interface. -- Viktor. From openssl-users at dukhovni.org Tue Aug 11 19:52:46 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 11 Aug 2015 19:52:46 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: <20150811192915.GF9139@mournblade.imrryr.org> References: <20150811192250.GA17851@roeckx.be> <20150811192915.GF9139@mournblade.imrryr.org> Message-ID: <20150811195246.GG9139@mournblade.imrryr.org> On Tue, Aug 11, 2015 at 07:29:15PM +0000, Viktor Dukhovni wrote: > On Tue, Aug 11, 2015 at 07:22:58PM +0000, Kurt Roeckx via RT wrote: > > > It looks to me that you're trying to validate an URL instead of a > > hostname. I don't know of any standart that allows you to put a > > URL in a certificate and it also doesn't make much sense. > > Certificates IIRC can have URI subjectAltNames, I don't recall > whether we support matching these. If we did, that would certainly > not be via X509_check_host(), there would have to be an X509_check_uri() > interface. We don't currently support URI subjectAltNames. -- Viktor. From rt at openssl.org Tue Aug 11 20:25:53 2015 From: rt at openssl.org (Sekwon Choi via RT) Date: Tue, 11 Aug 2015 20:25:53 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: References: <20150811192250.GA17851@roeckx.be> <20150811192915.GF9139@mournblade.imrryr.org> Message-ID: Hi Viktor and Kurt, Thanks for the quick response. I think I agree with you guys. I looked up hostname RFC again (RFC952 and 1123), not URI RFC, and indeed, '_' and '~' are not valid character to be used for hostname. So technically, what openssl is doing is right. What makes tricky is that, since there are many hostname using '_' in the wild, even libcurl seems not to check '_' or '~' for hostname's validity. I think hostname verification with those characters should be handled outside of openssl context. Thanks Sekwon On Tue, Aug 11, 2015 at 12:29 PM, openssl-dev at openssl.org via RT < rt at openssl.org> wrote: > On Tue, Aug 11, 2015 at 07:22:58PM +0000, Kurt Roeckx via RT wrote: > > > It looks to me that you're trying to validate an URL instead of a > > hostname. I don't know of any standart that allows you to put a > > URL in a certificate and it also doesn't make much sense. > > Certificates IIRC can have URI subjectAltNames, I don't recall > whether we support matching these. If we did, that would certainly > not be via X509_check_host(), there would have to be an X509_check_uri() > interface. > > -- > Viktor. > > > From openssl-users at dukhovni.org Tue Aug 11 21:42:46 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 11 Aug 2015 21:42:46 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: References: <20150811192250.GA17851@roeckx.be> <20150811192915.GF9139@mournblade.imrryr.org> Message-ID: <20150811214246.GH9139@mournblade.imrryr.org> On Tue, Aug 11, 2015 at 08:25:53PM +0000, Sekwon Choi via RT wrote: > Hi Viktor and Kurt, > > Thanks for the quick response. I think I agree with you guys. I looked up > hostname RFC again (RFC952 and 1123), not URI RFC, and indeed, '_' and '~' > are not valid character to be used for hostname. > > So technically, what openssl is doing is right. What makes tricky is that, > since there are many hostname using '_' in the wild, even libcurl seems not > to check '_' or '~' for hostname's validity. > > I think hostname verification with those characters should be handled > outside of openssl context. When processing DNS name wildcards it is appropriate to ensure that one is actually dealing with valid DNS names. If certificates contain garbage in subjectAltName components of type DNSName, then they won't be matched by X509_check_host(). Perhaps we should also check for correct hostname syntax when processing non-wildcard names (exact case-insensitive comparison with user supplied name), and may do so in the future, but I see no reason to relax the rules that ensure name validity in the wildcard case. -- Viktor. From rt at openssl.org Tue Aug 11 22:11:43 2015 From: rt at openssl.org (Matt Caswell via RT) Date: Tue, 11 Aug 2015 22:11:43 +0000 Subject: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification In-Reply-To: References: Message-ID: Closing this ticket: works as intended, won't fix. From dwmw2 at infradead.org Wed Aug 12 15:59:14 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 12 Aug 2015 16:59:14 +0100 Subject: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled In-Reply-To: References: <20150807153446.17788996.72019.15840@ll.mit.edu> <1439199841.3098.28.camel@infradead.org> Message-ID: <1439395154.3100.103.camel@infradead.org> On Mon, 2015-08-10 at 16:11 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > > >You seem to be suggesting that we build in some cryptographic > >functionality that we admit we have no *idea* how we could sensibly use > >it, and also build in various extended math library routines that are > >currently unneeded but would need a whole bunch of pain for different > >GCC/MSVC/LLVM toolchains and ABIs... just in case we one day work out how > >we might use it. > > All that for just one attribute? Of a certificate that you already have to > deal with? I?m missing something, or you?re not correct. Yes, really all that for just one attribute. The real pain point here is the 64-bit division. That's why we disable SCT, instead of just ignoring it like we do various other attributes which are irrelevant to us and will never be seen on certificates we care about. If you do division on a uint64_t in 32-bit mode, GCC will emit out-of -line calls to functions such as __udivdi3(), which are provided by libgcc. Even if you're building with -ffreestanding. Those functions do not exist, because libgcc is not linked into the final UEFI image (and is not even suitable to be so linked). The situation is the same (with slightly different functions) for building with MSVC. I haven't even looked at the clang/llvm build. It would be quite painful to have to provide these functions in the UEFI image. We'd basically end up having to lift copies of those functions (or reimplement them, if necessary for licensing reasons) and copy them into the UEFI package for OpenSSL. And then cope with the fact that we need *different* functions, or different versions of them, depending on which toolchain we build with. And depending on whether we're building with the MS ABI as the default or not. So yes. All that "whole bunch of pain", for just one attribute. FWIW the Linux kernel had a similar issue, on the many platforms where libgcc.a is *not* included into the kernel. There we avoid 64-bit division and instead have a 'do_div()' macro which divides a 64-bit integer by a 32-bit one and returns both the dividend and the remainder. OpenSSL just goes ahead and does 64-bit division. The reason I've submitted patches to disable SCRYPT and SCT, which are the two offending locations in OpenSSL, is because the Linux 'do_div()' solution requires inline assembly, and we can't necessary assume that we have inline assembly in OpenSSL. And because we actively do not care about losing those pieces of functionality. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From imcfadri at cisco.com Wed Aug 12 19:26:19 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Wed, 12 Aug 2015 19:26:19 +0000 Subject: [openssl-dev] tls_session_secret_cb method return value In-Reply-To: References: <522B816F59485D4FBCBAF2CE8015B8919A6F0E@xmb-rcd-x01.cisco.com> Message-ID: <522B816F59485D4FBCBAF2CE8015B8919A7A7D@xmb-rcd-x01.cisco.com> Hi Emelia, Thanks for your response. Your pointer to the discussion in March has answered my question. Now that I am aware of the intended use of the return values from the secret callback, I am all set. I have changed our code to return the appropriate values in the callback. My only suggestion is that you may consider adding comments to the tls_session_secret_cb definition and/or declaration to document the use of the callback return value. Thanks, Ian From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Emilia K?sper Sent: Tuesday, August 11, 2015 6:13 AM To: OpenSSL development Subject: Re: [openssl-dev] tls_session_secret_cb method return value Hi Ian, Thanks for the report! Your colleague John Foley suggested to treat this error as unrecoverable: https://mta.openssl.org/pipermail/openssl-dev/2015-March/001030.html The error is set while processing the ServerHello, at which point the PAC has already been sent to the server in the ticket in the ClientHello, and it's the server's call whether it'll be resuming. So either (a) we make the assumption that the server would agree that the PAC has expired and not attempt a resumption - and we make the resumption attempt an internal error; or (b) the client-side check for expiration would have to be moved to an earlier place in the handshake. I am afraid that you know better than me what the intended behaviour is. How about you describe the complete correct flow and propose a patch? Cheers, Emilia On Mon, Aug 10, 2015 at 5:34 PM, Ian McFadries (imcfadri) > wrote: I am trying to determine if the tls_session_secret_cb return value is used to indicate an unrecoverable error has been encountered (i.e. bad pointer for data needed to calculate secret) or if it is intended to be an indicator that the session secret is deemed invalid (EAP-FAST PAC expired resulting in new session therefore determine that secret should not be calculated). The code I am working on is using the tls_session_secret_cb return value as the latter specified above, and that resulted in our implementation of EAP-FAST to break when a PAC expires after we picked up release 1.0.1l of OpenSSL. A change was made in s3_clnt.c ssl3_get_server_hello method at line 889. Previously, if tls_session_secret_cb returned 0 no action was taken, but the change resulted in SSLErr if tls_session_secret_cb returned 0. I believe that we should treat the tls_session_secret_cb return value to indicate an unrecoverable error only. Then in the scenario where the PAC expires, although we would not calculate the secret, it will work fine since the secret will be calculated later in OpenSSL when servicing the client key exchange. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Aug 13 02:43:40 2015 From: rt at openssl.org (Patil, Ashwini IN BLR STS via RT) Date: Thu, 13 Aug 2015 02:43:40 +0000 Subject: [openssl-dev] [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115DD2AF52@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115DD2AF52@INBLRK77M1MSX.in002.siemens.net> Message-ID: Hello All, Appreciate for any suggestion. Currently no clue about the issue. Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Tuesday, August 04, 2015 8:24 AM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org'; 'rt at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS; Reddy, Harshavardhana IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 From ashwini.vpatil at siemens.com Thu Aug 13 06:53:00 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Thu, 13 Aug 2015 12:23:00 +0530 Subject: [openssl-dev] [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Message-ID: <8878620CF8603E45BB794422B7899E9E115DDD6971@INBLRK77M1MSX.in002.siemens.net> Hello All, Some details are given in the below link.(PAGE 13) http://openssl.org/docs/fips/UserGuide-2.0.pdf HMAC-SHA-1 digest A HMAC-SHA-1 digest of a file using a specific HMAC key (the ASCII string "etaonrishdlcupfm"). Such digests are referred to in this document as "digests" or "fingerprints". The digests are used for integrity checking to verify that the software in question has not been modified or corrupted from the form originally used as the basis of the FIPS 140-2 validation. Trying to relate the following error code status from test Application: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide about this command. openssl sha1 -hmac etaonrishdlcupfm openssl-fips-2.0.9.tar.gz Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 8:13 AM To: 'rt at openssl.org' Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Appreciate for any suggestion. Currently no clue about the issue. Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Tuesday, August 04, 2015 8:24 AM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org'; 'rt at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS; Reddy, Harshavardhana IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Aug 13 06:55:35 2015 From: rt at openssl.org (Patil, Ashwini IN BLR STS via RT) Date: Thu, 13 Aug 2015 06:55:35 +0000 Subject: [openssl-dev] [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115DDD6971@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115DDD6971@INBLRK77M1MSX.in002.siemens.net> Message-ID: Hello All, Some details are given in the below link.(PAGE 13) http://openssl.org/docs/fips/UserGuide-2.0.pdf HMAC-SHA-1 digest A HMAC-SHA-1 digest of a file using a specific HMAC key (the ASCII string "etaonrishdlcupfm"). Such digests are referred to in this document as "digests" or "fingerprints". The digests are used for integrity checking to verify that the software in question has not been modified or corrupted from the form originally used as the basis of the FIPS 140-2 validation. Trying to relate the following error code status from test Application: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide about this command. openssl sha1 -hmac etaonrishdlcupfm openssl-fips-2.0.9.tar.gz Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 8:13 AM To: 'rt at openssl.org' Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Appreciate for any suggestion. Currently no clue about the issue. Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Tuesday, August 04, 2015 8:24 AM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org'; 'rt at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS; Reddy, Harshavardhana IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 From ashwini.vpatil at siemens.com Thu Aug 13 09:15:25 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Thu, 13 Aug 2015 14:45:25 +0530 Subject: [openssl-dev] [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Message-ID: <8878620CF8603E45BB794422B7899E9E115DDD6D00@INBLRK77M1MSX.in002.siemens.net> Hello All, fips_standalone_sha1 command can be used to perform the verification of the FIPS Object Module and to generate the new HMAC-SHA-1 digest for the runtime executable application. Failure to embed the digest in the executable object will prevent initialization of FIPS mode. Please guide how to use the above command to verify the FIPS object module. Any help is appreciated. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 12:23 PM To: 'rt at openssl.org'; 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Reddy, Harshavardhana IN BLR STS; CN, Sujai IN BLR STS Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Some details are given in the below link.(PAGE 13) http://openssl.org/docs/fips/UserGuide-2.0.pdf HMAC-SHA-1 digest A HMAC-SHA-1 digest of a file using a specific HMAC key (the ASCII string "etaonrishdlcupfm"). Such digests are referred to in this document as "digests" or "fingerprints". The digests are used for integrity checking to verify that the software in question has not been modified or corrupted from the form originally used as the basis of the FIPS 140-2 validation. Trying to relate the following error code status from test Application: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide about this command. openssl sha1 -hmac etaonrishdlcupfm openssl-fips-2.0.9.tar.gz Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 8:13 AM To: 'rt at openssl.org' Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Appreciate for any suggestion. Currently no clue about the issue. Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Tuesday, August 04, 2015 8:24 AM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org'; 'rt at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS; Reddy, Harshavardhana IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Aug 13 09:15:43 2015 From: rt at openssl.org (Patil, Ashwini IN BLR STS via RT) Date: Thu, 13 Aug 2015 09:15:43 +0000 Subject: [openssl-dev] [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115DDD6D00@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115DDD6D00@INBLRK77M1MSX.in002.siemens.net> Message-ID: Hello All, fips_standalone_sha1 command can be used to perform the verification of the FIPS Object Module and to generate the new HMAC-SHA-1 digest for the runtime executable application. Failure to embed the digest in the executable object will prevent initialization of FIPS mode. Please guide how to use the above command to verify the FIPS object module. Any help is appreciated. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 12:23 PM To: 'rt at openssl.org'; 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Reddy, Harshavardhana IN BLR STS; CN, Sujai IN BLR STS Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Some details are given in the below link.(PAGE 13) http://openssl.org/docs/fips/UserGuide-2.0.pdf HMAC-SHA-1 digest A HMAC-SHA-1 digest of a file using a specific HMAC key (the ASCII string "etaonrishdlcupfm"). Such digests are referred to in this document as "digests" or "fingerprints". The digests are used for integrity checking to verify that the software in question has not been modified or corrupted from the form originally used as the basis of the FIPS 140-2 validation. Trying to relate the following error code status from test Application: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide about this command. openssl sha1 -hmac etaonrishdlcupfm openssl-fips-2.0.9.tar.gz Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 8:13 AM To: 'rt at openssl.org' Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Appreciate for any suggestion. Currently no clue about the issue. Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Tuesday, August 04, 2015 8:24 AM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org'; 'rt at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS; Reddy, Harshavardhana IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev at openssl.org'; 'openssl-users at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev at openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 From rt at openssl.org Thu Aug 13 16:18:30 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 13 Aug 2015 16:18:30 +0000 Subject: [openssl-dev] [openssl.org #3997] Two pull requests In-Reply-To: References: Message-ID: The first pull request is done in master and 1.0.2 -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 13 20:53:49 2015 From: rt at openssl.org (bitsocoin@hush.com via RT) Date: Thu, 13 Aug 2015 20:53:49 +0000 Subject: [openssl-dev] [openssl.org #4005] enhancement request: improve performance of pbkdf2 In-Reply-To: <20150813200644.2237BE038B@smtp.hushmail.com> References: <20150813200644.2237BE038B@smtp.hushmail.com> Message-ID: Please consider borrowing performance improvements from this library: https://github.com/ctz/fastpbkdf2 _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From Michael.Tuexen at lurchi.franken.de Thu Aug 13 21:23:28 2015 From: Michael.Tuexen at lurchi.franken.de (Michael Tuexen) Date: Thu, 13 Aug 2015 23:23:28 +0200 Subject: [openssl-dev] [openssl.org #4004] Patch resolving the issue Message-ID: <16F2EE91-73C9-4F9A-9D3E-7376E3012F09@lurchi.franken.de> Dear all, the attached patch solves the reported issue. With the attached patch all tests in the test directory pass using openssl configured with sctp support. Tested on Ubuntu 14.04 and Mac OS X. Best regards Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: BIO_dgram_is_sctp.patch Type: application/octet-stream Size: 432 bytes Desc: not available URL: From Matthias.St.Pierre at ncp-e.com Fri Aug 14 06:12:58 2015 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Fri, 14 Aug 2015 08:12:58 +0200 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> <5593F0CA.7070803@openssl.com> Message-ID: <55CD86EA.8060707@ncp-e.com> Hello Jan, thank you for sharing your observations and your patch. I stumbled over it, because we are currently having a similar problem with our Windows builds producing these "OPENSSL_Uplink/no OPENSSL_Applink" errors. However, I'm in doubt whether your patch really fixes the cause of the problem or just the symptoms. I believe that there must be a fix for the problem without modifying the sequestered code of the fips module. You say that FIPS 140-2 was broken by the introduction of applink.c . However the applink.c module was introduced way back in 2004 and nevertheless OpenSSL 1.0.1 and the FIPS 2.0.9 module built happily together on Windows ever since. (and you can see in the build logs that '-DOPENSSL_USE_APPLINK' appears a lot) Even OpenSSL 1.0.2 and FIPS 2.0.9 build together perfectly on our Windows machines with VS2012. Only after migrating to VS2015 we started to have this problem. So I am quite sure that the true cause of the problem does not lie in incompatible changes between 1.0.1 and 1.0.2, the problem must lie elsewhere. But unfortunately, I have no solution yet. If you (or anybody else) disagree(s), I would be happy to hear from you. Regards, Matthias On 07/11/2015 06:08 PM, Jan Ehrhardt wrote: > Steve Marquess in gmane.comp.encryption.openssl.devel (Wed, 01 Jul 2015 > 09:53:14 -0400): >> On 07/01/2015 02:24 AM, Patil, Ashwini IN BLR STS wrote: >>> Hello All, >>> >>> Please let me know if openssl-1.0.2c include FIPS 140-2 Object Module. >>> Also please explain how to validate the application. >> >> This question would be more appropriate for the openssl-users list. The >> -dev list is for OpenSSL development issues, not for basic usage questions. > > Patil has a point, because FIPS 140-2 building on Windows is broken > since the introduction of applink.c. The generated fips_premain_dso.exe > fails during the building process: > > link /nologo /subsystem:console /opt:ref /debug /dll /fixed /map > /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def > @D:\Temp\nmB1D5.tmp > Creating library out32dll\libeay32.lib and object > out32dll\libeay32.exp > out32dll\fips_premain_dso.exe out32dll\libeay32.dll > OPENSSL_Uplink(00CBB000,08): no OPENSSL_Applink > Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. > NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' > > Outside of the building script the error is the same > C:\openssl>out32dll\fips_premain_dso.exe out32dll\libeay32.dll > OPENSSL_Uplink(010CB000,08): no OPENSSL_Applink > > Solution: fips/fips_premain.c in the FIPS sources should include > applink.c on Windows > > I managed to build a fips_premain_dso.exe with Applink and use that to > create Openssl 1.0.2d fips, but this was certainly not without breaking > the FIPS rules. > > It is time for openssl-fips-2.0.10 > From rt at openssl.org Fri Aug 14 11:52:58 2015 From: rt at openssl.org (Simon Richter via RT) Date: Fri, 14 Aug 2015 11:52:58 +0000 Subject: [openssl-dev] [openssl.org #4006] [1.0.2] crypto\x509\x509_vfy.c(509) : error C2094: label 'done' was undefined In-Reply-To: <55CDBA8F.90206@hogyros.de> References: <55CDBA8F.90206@hogyros.de> Message-ID: Hi, current 1.0.2 branch tip fails to compile with MSVC 9. Full build log can be found at http://ci.kicad-pcb.org/job/windows-openssl-msvc/cpu=x86,label=windows/95/consoleFull Simon _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Aug 14 12:23:04 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 14 Aug 2015 12:23:04 +0000 Subject: [openssl-dev] [openssl.org #4006] [1.0.2] crypto\x509\x509_vfy.c(509) : error C2094: label 'done' was undefined In-Reply-To: <55CDBA8F.90206@hogyros.de> References: <55CDBA8F.90206@hogyros.de> Message-ID: fix just committed, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Aug 14 13:52:39 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Fri, 14 Aug 2015 13:52:39 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> Message-ID: On Tue Aug 04 03:24:21 2015, ashwini.vpatil at siemens.com wrote: > Hello All, > > Following steps are done to check the FIPS feasibility . > > To check ASLR dependency the following link was referred. > http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual- > Studio-2010-fails-self-tests-td36372.html > > Linker properties were changed in visual studio 2008 for the test > application executable file. > The following flag was disabled ( which was enabled by default in > 2008VS) > Linker> Advanced Properties>Disable the "Randomized Base Address > Linker> property " > > I have followed the below steps Integration of FIPS Complaint compiled > OPENSSL Library with Visual Studio 2008 > ==================================================================== > > 1. Open Visual Studio 2008 > > 2. File => New => Project => Visual C++ => Win 32 => Win32 Console > Application=> Next => Empty Project => Finish > > 3. Right Click on source file => Add => Existing Items => C:\openssl- > fips-2.0\fips\hmac\fips_hmactest.c > > 4. Right Click on Resources File => Add => Existing Items => > libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl- > 1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e- > simple\out32\libeay32.lib (OpenSSL simple Version) > > 5. Right Click on fips_hmactest.c=> Properties => C++ => General => > Additional Include Directories : C:\usr\local\ssl\include => Finish > > 6. Compile the Project => Works Fine > > We get the below error when run the exe: > ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 > FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); > Your problem is that your link procedure doesn't embed the incore fingerprint in the target binary. You have two options. The easiest is to link against the FIPS capable OpenSSL shared library instead of the static one: the signature is already in the DLL so it should just work. The second and much harder option is to follow the appropriate link procedure to embed a signature in the target binary. There is a perl script called fipslink.pl in the FIPS module which does this and examples in the static makefile ms\nt.mak. You would have to customise the VC build procedure to do something similar and/or link using a script instead. Closing this as it isn't a bug report, please address and follow up to openssl-users. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From phpdev at ehrhardt.nl Fri Aug 14 14:22:51 2015 From: phpdev at ehrhardt.nl (Jan Ehrhardt) Date: Fri, 14 Aug 2015 16:22:51 +0200 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> <5593F0CA.7070803@openssl.com> <55CD86EA.8060707@ncp-e.com> Message-ID: <6ltrsadoqbcgggh7n6ifrq1sr227l7pm06@4ax.com> Dr. Matthias St. Pierre in gmane.comp.encryption.openssl.devel (Fri, 14 Aug 2015 08:12:58 +0200): >You say that FIPS 140-2 was broken by the introduction of applink.c . > >However the applink.c module was introduced way back in 2004 and nevertheless >OpenSSL 1.0.1 and the FIPS 2.0.9 module built happily together on Windows ever since. >(and you can see in the build logs that '-DOPENSSL_USE_APPLINK' appears a lot) I guess there was a change from optional (in VC9/VC11) to required in VC14, but only for the 1.0.2 branch. The PHP devs were the first to notice and included applink.c in the VS2015/VC14 builds of PHP7. Apachelounge followed by including applink.c in the VS2015/VC14 builds of Apache 2.4.16. Then I tried to compile OpenSSL 1.0.2c + FIPS 2.0.9 with VC14 and ran into the error. >Even OpenSSL 1.0.2 and FIPS 2.0.9 build together perfectly on our Windows machines >with VS2012. Only after migrating to VS2015 we started to have this problem. True. But the Windows world is moving to VS2015/VC14, so OpenSSL has to follow. I have a faint recollection that OpenSSL 1.0.2a still had FIPS support. If that is the case, maybe you can track down where it went wrong. Jan PS. We are not obliged to use a FIPS compliant OpenSSL, so I did not investigate further. And, besides that, we are still running OpenSSL 1.0.1. From rt at openssl.org Fri Aug 14 15:32:13 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Fri, 14 Aug 2015 15:32:13 +0000 Subject: [openssl-dev] [openssl.org #3878] [DOC] add documentation for SSL_CTX_clear_extra_chain_certs In-Reply-To: <45D7A9E73441C949B737387EB8B1D14299F7B936@de-wie-exch3b.green.sophos> References: <45D7A9E73441C949B737387EB8B1D14299F7B936@de-wie-exch3b.green.sophos> Message-ID: Done, ticket close. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Fri Aug 14 16:09:40 2015 From: rt at openssl.org (Vivekanandhan Subramanian via RT) Date: Fri, 14 Aug 2015 16:09:40 +0000 Subject: [openssl-dev] [openssl.org #4007] Segmantation fault in OpenSSL 1.0.2a In-Reply-To: References: Message-ID: Hi, I am using OpenSSL 1.0.2a in our product in which I have come across segmentation fault while trying to de-initialize OpenSSL. This issue has been reproduced in Windows, Mac and Android OS. From my basic analysis I've found that crash happens in BIO_Free() function. While comparing the code with OpenSSL 1.0.1e, following difference was found. Crash was not happening after reverting below change to v1.0.1e. Kindly let me know if there is any limitation in using the below change. v1.0.2a: if ((a->method != NULL) && (a->method->destroy != NULL)) a->method->destroy(a); v1.0.1e: if ((a->method == NULL) || (a->method->destroy == NULL)) return 1; a->method->destroy(a); Regards, Vivek "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus." -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From peck at bay2sierra.com Fri Aug 14 16:38:18 2015 From: peck at bay2sierra.com (John Peck) Date: Fri, 14 Aug 2015 11:38:18 -0500 (CDT) Subject: [openssl-dev] Build issues for demos/engines/zencod on openssl_1_0_2 Message-ID: <474144820.1620145.1439570298946.JavaMail.zimbra@bay2sierra.com> Hello All, I want to create a dynamic engine and am looking to the demos section for reference code on building, etc. So far I have found the demos rsaref and zencod not to compile out of the box in OpenSSL_1_0_2. I have hacked zencod to push it forward and now getting an error during the link, excerpted below. My question are: 1. Is dynamic engine support stable and expected to work in openssl_1_0_2? 2. Are there controls I need to enable to the build procedure or tool chain to get dynamic engine support/libcrypto.a in workable state? ~/test2/openssl_1_0_2/demos/engines/zencod$ make ... ar r libzencod.a hw_zencod.o ar: creating libzencod.a ranlib libzencod.a ALLSYMSFLAGS='--whole-archive' \ SHAREDFLAGS='-shared -Wl,-soname=libzencod.so' \ SHAREDCMD='gcc'; \ ld -r -o libzencod.o $ALLSYMSFLAGS libzencod.a && (nm -Pg libzencod.o | grep ' [BDT] ' | cut -f1 -d' ' > libzencod.exp; $SHAREDCMD $SHAREDFLAGS -o libzencod.so libzencod.o -L ../../.. -lcrypto -lc) /usr/bin/ld: ../../../libcrypto.a(cryptlib.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC ../../../libcrypto.a: could not read symbols: Bad value collect2: error: ld returned 1 exit status make: *** [libzencod.so.gnu] Error 1 adminuser at debian-amd64-700:~/test2/openssl_1_0_2/demos/engines/zencod$ gcc -version gcc: error: unrecognized command line option ?-version? gcc: fatal error: no input files compilation terminated. adminuser at debian-amd64-700:~/test2/openssl_1_0_2/demos/engines/zencod$ gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.7/lto-wrapper Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.7.2-5' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs --enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.7 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.7.2 (Debian 4.7.2-5) peck at bay2sierra.com Mobile: +1-415-420-8449 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Fri Aug 14 17:53:52 2015 From: rt at openssl.org (Michael Tuexen via RT) Date: Fri, 14 Aug 2015 17:53:52 +0000 Subject: [openssl-dev] [openssl.org #4004] Patch resolving the issue In-Reply-To: References: Message-ID: Dear all, the attached patch solves the reported issue. With the attached patch all tests in the test directory pass using openssl configured with sctp support. Tested on Ubuntu 14.04 and Mac OS X. Best regards Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: BIO_dgram_is_sctp.patch Type: application/octet-stream Size: 432 bytes Desc: not available URL: From imcfadri at cisco.com Fri Aug 14 17:55:55 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Fri, 14 Aug 2015 17:55:55 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <55C20439.500@openssl.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> <20150723202111.GY4347@mournblade.imrryr.org> <20150723224636.GA3876@w1.fi> <20150723230939.GB4347@mournblade.imrryr.org> <20150724090409.GA8799@w1.fi> <522B816F59485D4FBCBAF2CE8015B8919A43C1@xmb-rcd-x01.cisco.com> <55C20439.500@openssl.org> Message-ID: <522B816F59485D4FBCBAF2CE8015B8919A86C2@xmb-rcd-x01.cisco.com> That worked. Thanks Matt -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Wednesday, August 05, 2015 8:40 AM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method On 04/08/15 22:03, Ian McFadries (imcfadri) wrote: > Sorry for the delayed response, I was away for a week and was able to test the fix today. > > The fix did resolve the session ticket issue that I was encountering. However, now I get an error when I am not using the session tickets under the following conditions. I am continuing to investigate. > > Create an SSL Session using the context that negotiates the highest > available version Client hello requests TLS 1.2 Server responds with > server hello using TLS 1.0 Complete handshake with no problems > Disconnect session Start new session which attempts a fast session > resumption Client sends Alert 70 (SSL_AD_PROTOCOLVERSION) because SSL > struct version contains version 0x303 but message after first message > contains version 0x301 Oh. Try this additional patch. By moving the session creation earlier in the process the session protocol version gets fixed at that earlier point. Unfortunately we have moved it to a point *before* version negotiation has completed. This patch just updates the session version once version negotiation is finished. Matt From rsalz at akamai.com Fri Aug 14 20:26:21 2015 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 14 Aug 2015 20:26:21 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: Message-ID: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> From: Salz, Rich [mailto:rsalz at akamai.com] Sent: Friday, August 14, 2015 4:20 PM To: openssl-announce at openssl.org Subject: [openssl-announce] Website changing this weekend We're bringing up a new website this weekend. Please be patient if you have problems. If you notice any broken links, let us know. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Sat Aug 15 11:52:29 2015 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Sat, 15 Aug 2015 14:52:29 +0300 Subject: [openssl-dev] [PATCH] GOST engine and custom paramsets In-Reply-To: <55C4521C.1020101@drweb.com> References: <55C4521C.1020101@drweb.com> Message-ID: Hello Arseniy, On Fri, Aug 7, 2015 at 9:37 AM, Arseniy Ankudinov wrote: > We strictly need use our custom paramsets for GOST algorithms (all of > cipher, hash and signature, > including X509 and TLS). If most of the functionality may be implemented > by "dirty" overriding > initialization methods, X509 requires ccgost engine sources patching. > > Seems 2 ways: > 1. Put our paramsets into ccgost sources and simple support for several > paramsets in ASN1 hash > params serializing. > 2. Allow set any paramset from outside. > > First way seems the simplest, but second - more universal and useful. > The 2nd way is not universal until the GOST algorithms become the 1st-class citizens. And becoming the 1st-class citizens is hardly possible. So the patch you suggest is engine-specific, and it means that it will be unsuitable for any other implementation. > Our current implementation for second way (see attached patch) requires > ccgost engine directly > using, not only through high-level APIs. > > Example of usage for X509 (GOST 28147-89, GOST R 34.10-2001 and GOST R > 34.11-94, with one paramset > for cipher and hash): > > 1. Add custom paramsets to chains: > > gost2001_paramset_append( gost2001_custom_paramset ); > gost_cipher_list_append( gost89_custom_paramset ); > > 2. Make private key for certificate: > > EC_KEY *ec( EC_KEY_new() ); > BN_CTX *ctx( BN_CTX_new() ); > BN_CTX_start( ctx ); > EC_GROUP *grp( EC_GROUP_new_curve_GFp( gost2001_custom_paramset->p, > gost2001_custom_paramset->a, > gost2001_custom_paramset->b, ctx ) ); > EC_GROUP_set_curve_name( grp, NID_id_GostR3410_2001_DrWebParamSet ); > EC_POINT *P( EC_POINT_new( grp ) ); > EC_POINT_set_affine_coordinates_GFp( grp, P, gost2001_custom_paramset->x, > gost2001_custom_paramset->y, ctx ); > EC_GROUP_set_generator( grp, P, gost2001_custom_paramset->q, 0 ); > EC_KEY_set_group( ec, grp ); > BN_CTX_end( ctx ); > > EVP_PKEY *pkey( EVP_PKEY_new() ); > EVP_PKEY_assign( pkey, NID_id_GostR3410_2001, ec ); > > GOST3410_EX_DATA *ex_data = GOST3410_get_ex_data( pkey ); > ex_data->hash_params_nid = NID_id_Gost28147_89_DrWebParamSet; > ex_data->cipher_params_nid = NID_id_Gost28147_89_DrWebParamSet; > > Can this feature be useful for the community? And which way seems be more > useful? > -- > With best regards, Arseniy Ankudinov > Software Engineer, Doctor Web Ltd > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Sat Aug 15 14:56:13 2015 From: rt at openssl.org (stathis via RT) Date: Sat, 15 Aug 2015 14:56:13 +0000 Subject: [openssl-dev] [openssl.org #4008] Building statically OpenSSL 1.0.1p with MSVC2015 fails In-Reply-To: <55CF0F44.2000409@npcglib.org> References: <55CF0F44.2000409@npcglib.org> Message-ID: Hi, When building OpenSSL 1.0.1p with MSVC 2015 (community) on Win7 64-bit statically, the build fails with: t1_reneg.c cl /Fotmp32\ssl_utst.obj -Iinc32 -Itmp32 /MT /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_utst.c ssl_utst.c lib /nologo /out:out32\ssleay32.lib @C:\Users\admin\AppData\Local\Temp\nm1B7F.tmp cl /Fotmp32\constant_time_test.obj -Iinc32 -Itmp32 /MT /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zi /Fdtmp32/app -c .\crypto\constant_time_test.c constant_time_test.c link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\admin\AppData\Local\Temp\nm1C3B.tmp constant_time_test.obj : error LNK2019: unresolved external symbol __iob_func referenced in function main out32\constant_time_test.exe : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: 'D:\dev\vs2015\VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Note that shared builds complete successfully. I configured with: perl Configure VC-WIN64A enable-static-engine --prefix=D:\dist\openssl-dist-1.0.1p-vs2015\openssl-x64-static-release-vs2015 Same config with 1.0.2d works just fine building with MSVC2015. Building 1.0.1p with earlier compilers (MSVC2008, 2010, 2013) succeeds. regards, stathis _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From vitus at wagner.pp.ru Sat Aug 15 16:29:54 2015 From: vitus at wagner.pp.ru (Victor Wagner) Date: Sat, 15 Aug 2015 19:29:54 +0300 Subject: [openssl-dev] [PATCH] GOST engine and custom paramsets In-Reply-To: References: <55C4521C.1020101@drweb.com> Message-ID: <20150815192954.148e7b47@arkturus.local> On Sat, 15 Aug 2015 14:52:29 +0300 Dmitry Belyavsky wrote: > Hello Arseniy, > > On Fri, Aug 7, 2015 at 9:37 AM, Arseniy Ankudinov > wrote: > > > We strictly need use our custom paramsets for GOST algorithms (all > > of cipher, hash and signature, > > including X509 and TLS). If most of the functionality may be > > implemented by "dirty" overriding > > initialization methods, X509 requires ccgost engine sources > > patching. > > > > Seems 2 ways: > > 1. Put our paramsets into ccgost sources and simple support for > > several paramsets in ASN1 hash > > params serializing. > > 2. Allow set any paramset from outside. > > > > First way seems the simplest, but second - more universal and > > useful. > > > > The 2nd way is not universal until the GOST algorithms become the > 1st-class citizens. And becoming the 1st-class citizens is hardly > possible. So the patch you suggest is engine-specific, and it means > that it will be unsuitable for any other implementation. I think it would be nice to provide ability to set parameters from the parameter file same way as dsa and ec keys do. I don't like the idea of running separate command to create parameter file which contain just curve OID, it is why currently GOST engine accept paramset name as key generation parameter. But accepting either paramset name or parameter file with actual curve parameters seems to be feasible. S-Blocks for algorithms, derived from GOST 28147-89 also can be handled this way. For MAC it would look like openssl dgst -mac gost-mac -macopt paramfile:filename -macopt key:... Digest and encryption algorithms now do not have support for calling control function with arbitrary command from the command line utility, but control functions present in EVP_MD and EVP_CIPHER structures. ASN.1 structures for parameters are defined in the RFC 4357. So presence of such feature in the reference implementation may influence authors of other implementations. There are various legacy software packages which use non RFC 4357 parameters for all algorithms, So support for explicitely specifying parameters would greatly help people who need to interoperate with them, > > > > Our current implementation for second way (see attached patch) > > requires ccgost engine directly > > using, not only through high-level APIs. > > > > Example of usage for X509 (GOST 28147-89, GOST R 34.10-2001 and > > GOST R 34.11-94, with one paramset > > for cipher and hash): > > > > 1. Add custom paramsets to chains: > > > > gost2001_paramset_append( gost2001_custom_paramset ); > > gost_cipher_list_append( gost89_custom_paramset ); > > > > 2. Make private key for certificate: > > > > EC_KEY *ec( EC_KEY_new() ); > > BN_CTX *ctx( BN_CTX_new() ); > > BN_CTX_start( ctx ); > > EC_GROUP > > *grp( EC_GROUP_new_curve_GFp( gost2001_custom_paramset->p, > > gost2001_custom_paramset->a, gost2001_custom_paramset->b, ctx ) ); > > EC_GROUP_set_curve_name( grp, NID_id_GostR3410_2001_DrWebParamSet > > ); EC_POINT *P( EC_POINT_new( grp ) ); > > EC_POINT_set_affine_coordinates_GFp( grp, P, > > gost2001_custom_paramset->x, gost2001_custom_paramset->y, ctx ); > > EC_GROUP_set_generator( grp, P, gost2001_custom_paramset->q, 0 ); > > EC_KEY_set_group( ec, grp ); > > BN_CTX_end( ctx ); > > > > EVP_PKEY *pkey( EVP_PKEY_new() ); > > EVP_PKEY_assign( pkey, NID_id_GostR3410_2001, ec ); > > > > GOST3410_EX_DATA *ex_data = GOST3410_get_ex_data( pkey ); > > ex_data->hash_params_nid = NID_id_Gost28147_89_DrWebParamSet; > > ex_data->cipher_params_nid = NID_id_Gost28147_89_DrWebParamSet; > > > > Can this feature be useful for the community? And which way seems > > be more useful? > > -- > > With best regards, Arseniy Ankudinov > > Software Engineer, Doctor Web Ltd > > > > > > _______________________________________________ > > openssl-dev mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > > > > > From phpdev at ehrhardt.nl Sat Aug 15 20:50:07 2015 From: phpdev at ehrhardt.nl (Jan Ehrhardt) Date: Sat, 15 Aug 2015 22:50:07 +0200 Subject: [openssl-dev] [openssl.org #4008] Building statically OpenSSL 1.0.1p with MSVC2015 fails References: <55CF0F44.2000409@npcglib.org> Message-ID: stathis via RT in gmane.comp.encryption.openssl.devel (Sat, 15 Aug 2015 14:56:13 +0000): > link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe >@C:\Users\admin\AppData\Local\Temp\nm1C3B.tmp >constant_time_test.obj : error LNK2019: unresolved external symbol __iob_func referenced in function >main >out32\constant_time_test.exe : fatal error LNK1120: 1 unresolved externals >NMAKE : fatal error U1077: 'D:\dev\vs2015\VC\BIN\amd64\link.EXE' : return code '0x460' >Stop. https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/e_os.h#L318 should be equal to https://github.com/openssl/openssl/blob/master/e_os.h#L272 to make OpenSSL 1.0.1 compile with VS2015 aka VC14. Jan From phpdev at ehrhardt.nl Sat Aug 15 21:02:49 2015 From: phpdev at ehrhardt.nl (Jan Ehrhardt) Date: Sat, 15 Aug 2015 23:02:49 +0200 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> <5593F0CA.7070803@openssl.com> <55CD86EA.8060707@ncp-e.com> <6ltrsadoqbcgggh7n6ifrq1sr227l7pm06@4ax.com> Message-ID: <14avsat32msvea5mfpmcvrspl2al8frssl@4ax.com> Jan Ehrhardt in gmane.comp.encryption.openssl.devel (Fri, 14 Aug 2015 16:22:51 +0200): >I have a faint recollection that OpenSSL 1.0.2a still had FIPS support. I checked that. OpenSSL 1.0.2a has the same problem and also does not compile with FIPS enabled. -- Jan From Matthias.St.Pierre at ncp-e.com Sun Aug 16 21:52:21 2015 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Sun, 16 Aug 2015 23:52:21 +0200 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <6ltrsadoqbcgggh7n6ifrq1sr227l7pm06@4ax.com> References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> <5593F0CA.7070803@openssl.com> <55CD86EA.8060707@ncp-e.com> <6ltrsadoqbcgggh7n6ifrq1sr227l7pm06@4ax.com> Message-ID: <55D10615.9040609@ncp-e.com> Am 14.08.2015 um 16:22 schrieb Jan Ehrhardt: > I guess there was a change from optional (in VC9/VC11) to required in > VC14, but only for the 1.0.2 branch. The PHP devs were the first to > notice and included applink.c in the VS2015/VC14 builds of PHP7. > Apachelounge followed by including applink.c in the VS2015/VC14 builds > of Apache 2.4.16. Then I tried to compile OpenSSL 1.0.2c + FIPS 2.0.9 > with VC14 and ran into the error. Thank you once more for the detailed reply. I applied your patches provisorily before going on vacation last friday to keep the builds going. After my vacation we will have to decide what to do about the FIPS problem. Regards, Matthias From ashwini.vpatil at siemens.com Mon Aug 17 06:35:55 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Mon, 17 Aug 2015 12:05:55 +0530 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> Message-ID: <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> Hi Mr. Stephen N. Henson, Thankyou so much for the reply. We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. Please guide if we have missed any steps. ===================================================== Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0.9 module ================================= a. Extract the contents of openssl-fips-2.0.9.tar.gz to C:\openssl-fips-2.0\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.2c.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 11 Feb 2013**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.2c-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.2c-fips-compliant\out32 But for the step-n fipslibeay32.dll was not generated. Please let me know if the dll will be generated with some other naming convention. Or some procedure was missing. Your help is most appreciated. Please do not close the call. Thanks&Regards Ashwini V Patil -----Original Message----- From: Stephen Henson via RT [mailto:rt at openssl.org] Sent: Friday, August 14, 2015 7:23 PM To: Patil, Ashwini IN BLR STS Cc: openssl-dev at openssl.org Subject: [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module On Tue Aug 04 03:24:21 2015, ashwini.vpatil at siemens.com wrote: > Hello All, > > Following steps are done to check the FIPS feasibility . > > To check ASLR dependency the following link was referred. > http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual- > Studio-2010-fails-self-tests-td36372.html > > Linker properties were changed in visual studio 2008 for the test > application executable file. > The following flag was disabled ( which was enabled by default in > 2008VS) > Linker> Advanced Properties>Disable the "Randomized Base Address > Linker> property " > > I have followed the below steps Integration of FIPS Complaint compiled > OPENSSL Library with Visual Studio 2008 > ==================================================================== > > 1. Open Visual Studio 2008 > > 2. File => New => Project => Visual C++ => Win 32 => Win32 Console > Application=> Next => Empty Project => Finish > > 3. Right Click on source file => Add => Existing Items => C:\openssl- > fips-2.0\fips\hmac\fips_hmactest.c > > 4. Right Click on Resources File => Add => Existing Items => > libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl- > 1.0.2c-fips-compliant\out32) and C:\openssl-1.0.2c- > simple\out32\libeay32.lib (OpenSSL simple Version) > > 5. Right Click on fips_hmactest.c=> Properties => C++ => General => > Additional Include Directories : C:\usr\local\ssl\include => Finish > > 6. Compile the Project => Works Fine > > We get the below error when run the exe: > ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 > FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); > Your problem is that your link procedure doesn't embed the incore fingerprint in the target binary. You have two options. The easiest is to link against the FIPS capable OpenSSL shared library instead of the static one: the signature is already in the DLL so it should just work. The second and much harder option is to follow the appropriate link procedure to embed a signature in the target binary. There is a perl script called fipslink.pl in the FIPS module which does this and examples in the static makefile ms\nt.mak. You would have to customise the VC build procedure to do something similar and/or link using a script instead. Closing this as it isn't a bug report, please address and follow up to openssl-users. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Mon Aug 17 06:36:19 2015 From: rt at openssl.org (Patil, Ashwini IN BLR STS via RT) Date: Mon, 17 Aug 2015 06:36:19 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> Message-ID: Hi Mr. Stephen N. Henson, Thankyou so much for the reply. We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. Please guide if we have missed any steps. ===================================================== Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0.9 module ================================= a. Extract the contents of openssl-fips-2.0.9.tar.gz to C:\openssl-fips-2.0\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.2c.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 11 Feb 2013**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.2c-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.2c-fips-compliant\out32 But for the step-n fipslibeay32.dll was not generated. Please let me know if the dll will be generated with some other naming convention. Or some procedure was missing. Your help is most appreciated. Please do not close the call. Thanks&Regards Ashwini V Patil -----Original Message----- From: Stephen Henson via RT [mailto:rt at openssl.org] Sent: Friday, August 14, 2015 7:23 PM To: Patil, Ashwini IN BLR STS Cc: openssl-dev at openssl.org Subject: [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module On Tue Aug 04 03:24:21 2015, ashwini.vpatil at siemens.com wrote: > Hello All, > > Following steps are done to check the FIPS feasibility . > > To check ASLR dependency the following link was referred. > http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual- > Studio-2010-fails-self-tests-td36372.html > > Linker properties were changed in visual studio 2008 for the test > application executable file. > The following flag was disabled ( which was enabled by default in > 2008VS) > Linker> Advanced Properties>Disable the "Randomized Base Address > Linker> property " > > I have followed the below steps Integration of FIPS Complaint compiled > OPENSSL Library with Visual Studio 2008 > ==================================================================== > > 1. Open Visual Studio 2008 > > 2. File => New => Project => Visual C++ => Win 32 => Win32 Console > Application=> Next => Empty Project => Finish > > 3. Right Click on source file => Add => Existing Items => C:\openssl- > fips-2.0\fips\hmac\fips_hmactest.c > > 4. Right Click on Resources File => Add => Existing Items => > libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl- > 1.0.2c-fips-compliant\out32) and C:\openssl-1.0.2c- > simple\out32\libeay32.lib (OpenSSL simple Version) > > 5. Right Click on fips_hmactest.c=> Properties => C++ => General => > Additional Include Directories : C:\usr\local\ssl\include => Finish > > 6. Compile the Project => Works Fine > > We get the below error when run the exe: > ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 > FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); > Your problem is that your link procedure doesn't embed the incore fingerprint in the target binary. You have two options. The easiest is to link against the FIPS capable OpenSSL shared library instead of the static one: the signature is already in the DLL so it should just work. The second and much harder option is to follow the appropriate link procedure to embed a signature in the target binary. There is a perl script called fipslink.pl in the FIPS module which does this and examples in the static makefile ms\nt.mak. You would have to customise the VC build procedure to do something similar and/or link using a script instead. Closing this as it isn't a bug report, please address and follow up to openssl-users. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From steve at openssl.org Mon Aug 17 10:20:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 17 Aug 2015 10:20:10 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> Message-ID: <20150817102010.GA9833@openssl.org> On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS via RT wrote: > Hi Mr. Stephen N. Henson, > > > > Thankyou so much for the reply. > > > > We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. > > Please guide if we have missed any steps. > [snip] > > g. nmake -f ms\nt.mak > This builds the static libraries. If you do: nmake -f ms\ntdll.mak you will get the DLLs. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Mon Aug 17 10:20:13 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Mon, 17 Aug 2015 10:20:13 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <20150817102010.GA9833@openssl.org> References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> <20150817102010.GA9833@openssl.org> Message-ID: On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS via RT wrote: > Hi Mr. Stephen N. Henson, > > > > Thankyou so much for the reply. > > > > We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. > > Please guide if we have missed any steps. > [snip] > > g. nmake -f ms\nt.mak > This builds the static libraries. If you do: nmake -f ms\ntdll.mak you will get the DLLs. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From ashwini.vpatil at siemens.com Mon Aug 17 10:36:19 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Mon, 17 Aug 2015 16:06:19 +0530 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> <20150817102010.GA9833@openssl.org> Message-ID: <8878620CF8603E45BB794422B7899E9E115DF18A35@INBLRK77M1MSX.in002.siemens.net> Hi Mr.Henson, Thankyou so much. But when nmake -f ms\nt.mak command was given below static libs where successfully generated. m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.2c-fips-compliant\out32 But when nmake -f ms\ntdll.mak command was given fipslibeay32.dll was missing in the location. But ssleay32.dll was successfully generated. n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.2c-fips-compliant\out32 Please let me know if I need to make changes in ntdll.mak file to generate the corresponding fipslibeay32.dll . As I need to include this dll in my test application to turn on the fips module. Please guide me as I am new to FIPs module. Thanks&Regards Ashwini V Patil -----Original Message----- From: Stephen Henson via RT [mailto:rt at openssl.org] Sent: Monday, August 17, 2015 3:50 PM To: Patil, Ashwini IN BLR STS Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS via RT wrote: > Hi Mr. Stephen N. Henson, > > > > Thankyou so much for the reply. > > > > We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. > > Please guide if we have missed any steps. > [snip] > > g. nmake -f ms\nt.mak > This builds the static libraries. If you do: nmake -f ms\ntdll.mak you will get the DLLs. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Mon Aug 17 10:37:59 2015 From: rt at openssl.org (Patil, Ashwini IN BLR STS via RT) Date: Mon, 17 Aug 2015 10:37:59 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115DF18A35@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> <20150817102010.GA9833@openssl.org> <8878620CF8603E45BB794422B7899E9E115DF18A35@INBLRK77M1MSX.in002.siemens.net> Message-ID: Hi Mr.Henson, Thankyou so much. But when nmake -f ms\nt.mak command was given below static libs where successfully generated. m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.2c-fips-compliant\out32 But when nmake -f ms\ntdll.mak command was given fipslibeay32.dll was missing in the location. But ssleay32.dll was successfully generated. n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.2c-fips-compliant\out32 Please let me know if I need to make changes in ntdll.mak file to generate the corresponding fipslibeay32.dll . As I need to include this dll in my test application to turn on the fips module. Please guide me as I am new to FIPs module. Thanks&Regards Ashwini V Patil -----Original Message----- From: Stephen Henson via RT [mailto:rt at openssl.org] Sent: Monday, August 17, 2015 3:50 PM To: Patil, Ashwini IN BLR STS Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS via RT wrote: > Hi Mr. Stephen N. Henson, > > > > Thankyou so much for the reply. > > > > We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. > > Please guide if we have missed any steps. > [snip] > > g. nmake -f ms\nt.mak > This builds the static libraries. If you do: nmake -f ms\ntdll.mak you will get the DLLs. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From steve at openssl.org Mon Aug 17 11:19:50 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 17 Aug 2015 11:19:50 +0000 Subject: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E115DF18A35@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E115D23BF0E@INBLRK77M1MSX.in002.siemens.net> <8878620CF8603E45BB794422B7899E9E115DF183B7@INBLRK77M1MSX.in002.siemens.net> <20150817102010.GA9833@openssl.org> <8878620CF8603E45BB794422B7899E9E115DF18A35@INBLRK77M1MSX.in002.siemens.net> Message-ID: <20150817111950.GA11090@openssl.org> On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS wrote: > > > Please let me know if I need to make changes in ntdll.mak file to generate the corresponding fipslibeay32.dll . > > As I need to include this dll in my test application to turn on the fips module. > There is no fipsleay32.dll library, link against libeay32.dll instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Mon Aug 17 15:33:18 2015 From: rt at openssl.org (Wall, Stephen via RT) Date: Mon, 17 Aug 2015 15:33:18 +0000 Subject: [openssl-dev] [openssl.org #4009] bug: Handling of SUITEB* ciphers does not match documentation In-Reply-To: <401084E5E73F4241A44F3C9E6FD79428011BC29128@exch-01> References: <401084E5E73F4241A44F3C9E6FD79428011BC29128@exch-01> Message-ID: The ciphers man page contains the following text in the description of the SUITEB cipher strings: If used these cipherstrings[sic] should appear first in the cipher list and anything after them is ignored. In actual fact, if anything appears after them, they are completely ignored. I.e., "SUITEB192:EXP" is identical to "EXP". Also, "SUITEB128:!NULL:!DES:!MD5" results in a cipher suite failure. It is fairly trivial to make the code behave as documented, simply add a strncmp() to the relevant if statements in ssl.ciph.c [check_suiteb_cipher_list()], like so: if (!strcmp(*prule_str, "SUITEB128") || !strncmp(*prule_str, "SUITEB128:", 10)) suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; else ... Please, do not change to documentation to match what the code is currently doing - some projects try to enforce better security by adding "!EXP:!NULL" or similar to the user provided cipher string. Allowing "SUITEB128:!EXP:!NULL" will avoid special handling for Suite B in those cases. Perhaps a better implementation would be to handle the SUITEB* ciphers more like the FIPS cipher, with names SSL_TXT_SUITEB128, SSL_TXT_SUITEB128ONLY, SSL_TXT_SUITEB192 defined, and algo_strength flags SSL_SUITEB128 and SSL_SUITEB192 defined. _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From openssl-users at dukhovni.org Mon Aug 17 15:54:03 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 17 Aug 2015 15:54:03 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150731173720.GP4347@mournblade.imrryr.org> References: <20150730150917.GV4347@mournblade.imrryr.org> <4961725.NBo7d4Nl4U@pintsize.usersys.redhat.com> <20150731173720.GP4347@mournblade.imrryr.org> Message-ID: <20150817155403.GG24426@mournblade.imrryr.org> On Fri, Jul 31, 2015 at 05:37:20PM +0000, Viktor Dukhovni wrote: > Which ciphers are actually needed by PSK users? My hope is that > at this point RC4 and 3DES are not. It is highly likely that CBC > AES-CBC is needed, perhaps also Camellia, but the question is I > think worth asking. So what's the final resolution of this? Should we keep or drop the new PSK RC4 and PSK 3DES codepoints: TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA On a related note (for those also reading the TLS WG list), any thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe ciphers? -- Viktor. From rsalz at akamai.com Mon Aug 17 15:56:23 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 17 Aug 2015 15:56:23 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150817155403.GG24426@mournblade.imrryr.org> References: <20150730150917.GV4347@mournblade.imrryr.org> <4961725.NBo7d4Nl4U@pintsize.usersys.redhat.com> <20150731173720.GP4347@mournblade.imrryr.org> <20150817155403.GG24426@mournblade.imrryr.org> Message-ID: > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC- > SHA Remove. > On a related note (for those also reading the TLS WG list), any thoughts on > deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe ciphers? Remove. From quanah at zimbra.com Mon Aug 17 17:55:53 2015 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Mon, 17 Aug 2015 10:55:53 -0700 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <20150805145425.GA10954@roeckx.be> References: <20150805145425.GA10954@roeckx.be> Message-ID: --On Wednesday, August 05, 2015 5:54 PM +0200 Kurt Roeckx wrote: > On Wed, Aug 05, 2015 at 06:54:33AM -0700, Quanah Gibson-Mount wrote: >> Yesterday, I was alerted by a member of the list that my emails to >> openssl-dev are ending up in their SPAM folder. After examining my >> emails as sent out by OpenSSL's mailman, I saw that it is mucking with >> the headers, causing DKIM failures. This could be because of one of two >> reasons: >> a) The version of mailman used by the OpenSSL project (2.1.18) has a >> known bug around DKIM that was fixed in 2.1.19 > > That seems to be about wrapped messages in case of moderation? Ok, good to know, not applicable here then. ;) >> b) The mailman configuration is incorrect. > > You mean things like: > - We change the subject to include the list name? I've fixed our config to no longer sign the subject header. > - We add a footer about the list? Yes, this is definitely a problem, since it screws with the body. Personally, I don't see the point of the openssl-dev footer. If someone's on the list, I would hope they're smart enough to figure out how to unsubscribe (although sadly, I see time and again on other lists where people aren't...). However, there are two solutions to that allow adding a footer when list subscribers may have DKIM signed email: a) As noted in the OpenDKIM README, in the "Mailing Lists" section, if the list traffic is itself has DKIM signing in place, it will override the DKIM signing done by the sender. This allows the footer modification to the message to no longer be an issue. b) Mailman can be configured to strip DKIM headers entirely from incoming email. This is generally considered bad practice, but it does allow the emails to get delivered to all list members w/o issue. --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From kurt at roeckx.be Tue Aug 18 08:30:37 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Tue, 18 Aug 2015 10:30:37 +0200 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: References: <20150805145425.GA10954@roeckx.be> Message-ID: <20150818083037.GA30093@roeckx.be> On Mon, Aug 17, 2015 at 10:55:53AM -0700, Quanah Gibson-Mount wrote: > However, there are two solutions to that allow adding a footer when list > subscribers may have DKIM signed email: > > a) As noted in the OpenDKIM README, in the "Mailing Lists" section, if the > list traffic is itself has DKIM signing in place, it will override the DKIM > signing done by the sender. This allows the footer modification to the > message to no longer be an issue. This fixed the DKIM problem, not the DMARC issue. For DMARC the signature should come from the same as the From address. Since SPF is going to fail with your From, the receiver will need to see DKIM that matches the From. For DMARC either SPF or DKIM should be valid and match the From field, while for SPF and DKIM itself the From doesn't matter. So really the only options for DMARC are: - Do not touch either the signed headers or body at all, leave From intact, keep the DKIM signatures. But even then it might break. - Change the From. You can leave the DKIM signature in tact or remove it, it doesn't change anything. - Do not allow people with a p=reject DMARC policy on the list > b) Mailman can be configured to strip DKIM headers entirely from incoming > email. This is generally considered bad practice, but it does allow the > emails to get delivered to all list members w/o issue. No it doesn't, see above. The DMARC test should always fail if you do that. Kurt From rt at openssl.org Tue Aug 18 14:16:24 2015 From: rt at openssl.org (=?UTF-8?B?S2ltIEdyw6RzbWFu?= via RT) Date: Tue, 18 Aug 2015 14:16:24 +0000 Subject: [openssl-dev] [openssl.org #4010] [PATCH] Fix #include order in rand.h for Windows In-Reply-To: References: Message-ID: Hi all, When using OpenSSL on Windows, we've seen compiler errors when we #include after and then attempting to use X509_NAME in our code. This is because engine.h pulls in rand.h, which in turn includes windows.h. The Windows headers introduce conflicting #defines for X509_NAME (among other names). Most of the OpenSSL headers counteract this by #undef-ing the conflicting names. However, rand.h includes windows.h *after* ossl_types.h, so Windows re-#defines the symbols and wins again. The attached patch switches include order around so that ossl_types.h is included after windows.h, and thereby fixing the namespace up again. I've built on Windows and Linux and everything still appears to work. Please let me know if this is applicable to mainline OpenSSL. Thanks, - Kim -------------- next part -------------- A non-text attachment was scrubbed... Name: rand.h-include-order-windows.patch Type: application/octet-stream Size: 879 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From hkario at redhat.com Tue Aug 18 16:48:25 2015 From: hkario at redhat.com (Hubert Kario) Date: Tue, 18 Aug 2015 18:48:25 +0200 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150817155403.GG24426@mournblade.imrryr.org> References: <20150731173720.GP4347@mournblade.imrryr.org> <20150817155403.GG24426@mournblade.imrryr.org> Message-ID: <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> On Monday 17 August 2015 15:54:03 Viktor Dukhovni wrote: > On Fri, Jul 31, 2015 at 05:37:20PM +0000, Viktor Dukhovni wrote: > > Which ciphers are actually needed by PSK users? My hope is that > > at this point RC4 and 3DES are not. It is highly likely that CBC > > AES-CBC is needed, perhaps also Camellia, but the question is I > > think worth asking. > > So what's the final resolution of this? Should we keep or drop > the new PSK RC4 and PSK 3DES codepoints: > > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA how do you define "remove"? 1. not part of DEFAULT, part of ALL? 2. part of COMPLEMENTOFALL 3. behind compile time option 4. behind #if 0 5. actually removed from source 1-3 are fine by me, 4 I wouldn't like, I'm against 5 > On a related note (for those also reading the TLS WG list), any > thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe > ciphers? if "deprecate" means 1) or 2), I'm all for it -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From rt at openssl.org Tue Aug 18 16:51:19 2015 From: rt at openssl.org (Hubert Kario via RT) Date: Tue, 18 Aug 2015 16:51:19 +0000 Subject: [openssl-dev] [openssl.org #4009] bug: Handling of SUITEB* ciphers does not match documentation In-Reply-To: <1448028.TzhhnYIdFI@pintsize.usersys.redhat.com> References: <401084E5E73F4241A44F3C9E6FD79428011BC29128@exch-01> <1448028.TzhhnYIdFI@pintsize.usersys.redhat.com> Message-ID: On Monday 17 August 2015 15:33:18 Wall, Stephen via RT wrote: > Please, do not change to documentation to match what the code is currently > doing - some projects try to enforce better security by adding "!EXP:!NULL" > or similar to the user provided cipher string. Allowing > "SUITEB128:!EXP:!NULL" will avoid special handling for Suite B in those > cases. or !aNULL for that matter -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic From openssl-users at dukhovni.org Tue Aug 18 17:02:24 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 18 Aug 2015 17:02:24 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> References: <20150731173720.GP4347@mournblade.imrryr.org> <20150817155403.GG24426@mournblade.imrryr.org> <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> Message-ID: <20150818170224.GI24426@mournblade.imrryr.org> On Tue, Aug 18, 2015 at 06:48:25PM +0200, Hubert Kario wrote: > > So what's the final resolution of this? Should we keep or drop > > the new PSK RC4 and PSK 3DES codepoints: > > > > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA > > how do you define "remove"? > > 1. not part of DEFAULT, part of ALL? > 2. part of COMPLEMENTOFALL > 3. behind compile time option > 4. behind #if 0 > 5. actually removed from source > > 1-3 are fine by me, 4 I wouldn't like, I'm against 5 These are brand new cipher suites, never before seen in OpenSSL. The argument is that it makes no sense to *add* these, because they're already obsolete. So I was hoping for 4 or 5. > > On a related note (for those also reading the TLS WG list), any > > thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe > > ciphers? > > if "deprecate" means 1) or 2), I'm all for it For these, I'd like to suggest at least 2, but is there any need to actually support the underlying static (EC)DH key exchange methods? Who needs these? Why work so hard to defeat forward secrecy and enable the KCI attacks? We can lose a bunch of code and attack surface by not supporting fixed (EC)DH. Does this code have any users? -- Viktor. From rsalz at akamai.com Tue Aug 18 17:33:33 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 18 Aug 2015 17:33:33 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150818170224.GI24426@mournblade.imrryr.org> References: <20150731173720.GP4347@mournblade.imrryr.org> <20150817155403.GG24426@mournblade.imrryr.org> <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> <20150818170224.GI24426@mournblade.imrryr.org> Message-ID: <66cc9c8615f444b9b9c986959657cc2f@ustx2ex-dag1mb2.msg.corp.akamai.com> > These are brand new cipher suites, never before seen in OpenSSL. > The argument is that it makes no sense to *add* these, because they're > already obsolete. So I was hoping for 4 or 5. Strongly agree. > We can lose a bunch of code and attack surface by not supporting fixed > (EC)DH. Does this code have any users? Perhaps posting to openssl-users, like we've done in the past about platforms and other #ifdef's? From quanah at zimbra.com Tue Aug 18 17:56:27 2015 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Tue, 18 Aug 2015 10:56:27 -0700 Subject: [openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM In-Reply-To: <20150818083037.GA30093@roeckx.be> References: <20150805145425.GA10954@roeckx.be> <20150818083037.GA30093@roeckx.be> Message-ID: --On Tuesday, August 18, 2015 11:30 AM +0200 Kurt Roeckx wrote: > On Mon, Aug 17, 2015 at 10:55:53AM -0700, Quanah Gibson-Mount wrote: >> However, there are two solutions to that allow adding a footer when list >> subscribers may have DKIM signed email: >> >> a) As noted in the OpenDKIM README, in the "Mailing Lists" section, if >> the list traffic is itself has DKIM signing in place, it will override >> the DKIM signing done by the sender. This allows the footer >> modification to the message to no longer be an issue. > > This fixed the DKIM problem, not the DMARC issue. For DMARC the > signature should come from the same as the From address. Since > SPF is going to fail with your From, the receiver will need to see > DKIM that matches the From. For DMARC either SPF or DKIM should > be valid and match the From field, while for SPF and DKIM itself > the From doesn't matter. > > So really the only options for DMARC are: > - Do not touch either the signed headers or body at all, leave From > intact, keep the DKIM signatures. But even then it might break. > - Change the From. You can leave the DKIM signature in tact or > remove it, it doesn't change anything. I think option #3 here: would be the solution? --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From hkario at redhat.com Wed Aug 19 12:59:59 2015 From: hkario at redhat.com (Hubert Kario) Date: Wed, 19 Aug 2015 14:59:59 +0200 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150818170224.GI24426@mournblade.imrryr.org> References: <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> <20150818170224.GI24426@mournblade.imrryr.org> Message-ID: <1497522.Jf6FAksxa1@pintsize.usersys.redhat.com> On Tuesday 18 August 2015 17:02:24 Viktor Dukhovni wrote: > On Tue, Aug 18, 2015 at 06:48:25PM +0200, Hubert Kario wrote: > > > So what's the final resolution of this? Should we keep or drop > > > > > > the new PSK RC4 and PSK 3DES codepoints: > > > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > > > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA > > > > how do you define "remove"? > > > > 1. not part of DEFAULT, part of ALL? > > 2. part of COMPLEMENTOFALL > > 3. behind compile time option > > 4. behind #if 0 > > 5. actually removed from source > > > > 1-3 are fine by me, 4 I wouldn't like, I'm against 5 > > These are brand new cipher suites, never before seen in OpenSSL. they are brand new only in OpenSSL, not in general > The argument is that it makes no sense to *add* these, because > they're already obsolete. So I was hoping for 4 or 5. If you have a server or a client which needs to interoperate with both very old systems and new systems, you need both obsolete and modern ciphers at the same time. as long as OpenSSL ships support for single DES by default, giving those ciphers the treatment 4 is... inconsistent... to put it mildly. > > > On a related note (for those also reading the TLS WG list), any > > > thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe > > > ciphers? > > > > if "deprecate" means 1) or 2), I'm all for it > > For these, I'd like to suggest at least 2, but is there any need > to actually support the underlying static (EC)DH key exchange > methods? Who needs these? Why work so hard to defeat forward > secrecy and enable the KCI attacks? > > We can lose a bunch of code and attack surface by not supporting > fixed (EC)DH. Does this code have any users? I've heard that there are servers which support those exclusively, so yes, they do have users. But I can't point at an example server as I haven't seen them in Alexa top 1M. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From openssl-users at dukhovni.org Wed Aug 19 14:02:58 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 19 Aug 2015 14:02:58 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <1497522.Jf6FAksxa1@pintsize.usersys.redhat.com> References: <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> <20150818170224.GI24426@mournblade.imrryr.org> <1497522.Jf6FAksxa1@pintsize.usersys.redhat.com> Message-ID: <20150819140257.GP24426@mournblade.imrryr.org> On Wed, Aug 19, 2015 at 02:59:59PM +0200, Hubert Kario wrote: > > > > So what's the final resolution of this? Should we keep or drop > > > > > > > > the new PSK RC4 and PSK 3DES codepoints: > > > > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > > > > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA > > > > These are brand new cipher suites, never before seen in OpenSSL. > > they are brand new only in OpenSSL, not in general I'm well aware of that. > > The argument is that it makes no sense to *add* these, because > > they're already obsolete. So I was hoping for 4 or 5. > > If you have a server or a client which needs to interoperate with both very > old systems and new systems, you need both obsolete and modern ciphers at the > same time. Yes, but does anyone using OpenSSL need *these*? Clearly anyone who's been using OpenSSL with PSK has been doing fine without them. Are there any likely new users for these? > as long as OpenSSL ships support for single DES by default, giving those > ciphers the treatment 4 is... inconsistent... to put it mildly. I see no ongoing reason to keep single DES TLS ciphersuites enabled by default, and in fact export ciphers *and* single DES are both deprecated with TLS 1.2, and we should make sure that TLS 1.2 never negotiates either. But at least with single DES there could well be existing users of OpenSSL relying on it (at least as a block cipher in libcrypto if not as an SSL ciphersuite). So we can move it to COMPLEMENTOFALL or COMPLEMENTOFDEFAULT. Here we're discusing whether it is prudent to add *new* obsolete code points, not retain existing ones. > > For these, I'd like to suggest at least 2, but is there any need > > to actually support the underlying static (EC)DH key exchange > > methods? Who needs these? Why work so hard to defeat forward > > secrecy and enable the KCI attacks? > > > > We can lose a bunch of code and attack surface by not supporting > > fixed (EC)DH. Does this code have any users? > > I've heard that there are servers which support those exclusively, so yes, > they do have users. But I can't point at an example server as I haven't seen > them in Alexa top 1M. Perhaps the users who need these should make themselves heard. They'll need to stay with TLS <= 1.2 forever, since IIRC 1.3 is removing non PFS suites, perhaps they can also stay with older versions of OpenSSL while they're at it, and we can remove fixed (EC)DH key exchange in 1.1.0 (aka "master"). -- Viktor. From rsalz at akamai.com Wed Aug 19 14:23:57 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 19 Aug 2015 14:23:57 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <1497522.Jf6FAksxa1@pintsize.usersys.redhat.com> References: <12003083.r7icinPGqQ@pintsize.usersys.redhat.com> <20150818170224.GI24426@mournblade.imrryr.org> <1497522.Jf6FAksxa1@pintsize.usersys.redhat.com> Message-ID: > as long as OpenSSL ships support for single DES by default, giving those > ciphers the treatment 4 is... inconsistent... to put it mildly. It depends on how you look at it. We have to move very slowly (more slowly than I would like!!) to removing things that are in the shipped software. But we can more rapidly remove things that were never in an official release and are, by current evaluations, too weak. From rt at openssl.org Wed Aug 19 14:35:05 2015 From: rt at openssl.org (=?UTF-8?B?0J/QsNCy0LXQuyDQl9C10LPQtdC70YzQvNCw0L0=?= via RT) Date: Wed, 19 Aug 2015 14:35:05 +0000 Subject: [openssl-dev] [openssl.org #4011] OpenSSL: Hanging up with facebook protocol in MirandaNG In-Reply-To: References: Message-ID: Hi. Found a trouble with openssl - using openssl api module and facebook protocol in Miranda NG (Messanger) http://www.miranda-ng.org/en http://wiki.miranda-ng.org/index.php?title=Plugin:OpenSSL/en http://wiki.miranda-ng.org/index.php?title=Plugin:Facebook/en When I try start and connect to it - miranda and facebook protocol just goes to eternal cycle and uses all cpu. Also closing MirandaNG hangs too. Helps only If i remove OpenSSL api or Facebook protocol. Memory stack on exit (when it hanging): mir_core.mir!APCWndProc(HWND__ * hwnd, unsigned int msg, unsigned int wParam, long lParam) String 77 C++ user32.dll!_InternalCallWinProc at 20() + 0x28 byte user32.dll!_UserCallWinProcCheckWow at 32() + 0xb7 byte user32.dll!_DispatchMessageWorker at 8() + 0xdc byte user32.dll!_DispatchMessageW at 4() + 0xf byte mir_app.mir!mir_main(wchar_t * cmdLine) String 284 C++ Miranda32.exe!wWinMain(HINSTANCE * hInstance, HINSTANCE __formal, wchar_t cmdLine, HINSTANCE * formal) String 68 + 0x5 byte C++ Miranda32.exe!__tmainCRTStartup() String 547 + 0x1c byte C kernel32.dll!_BaseProcessStart at 4() + 0x23 byte And error: "?????????????? ?????????? ? "0x1224de34 (mir_core.mir)" ? "Miranda32.exe": 0xC0000005: ????????? ???? ??????? ??? ?????? "0x14f2a848"." screens: http://savepic.org/7539447.png http://savepic.org/7543543.png how can I analyze this closer and can you fix it somehow? OS: Windows XP SP3 32bit. Also there is another error with SkypeWeb (from it's developer) on page parsing: If we make an request through Miranda to web skype: http://web.skype.com/ it gets only headers and 2-3 parts of the page, but not full page. Such problem only under OpenSSL. Even in the latest version. http://wiki.miranda-ng.org/index.php?title=Plugin:SkypeWeb/en Any Windows OS. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rsalz at akamai.com Wed Aug 19 21:51:24 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 19 Aug 2015 21:51:24 +0000 Subject: [openssl-dev] The manpages are on the website now Message-ID: <76ec7205b8b641678049f593f2485c34@ustx2ex-dag1mb2.msg.corp.akamai.com> As a new feature, all releases are now online, including master. There is still some links broken. We could use some Perl hacking help. If you know how to add "-podpath" searching into Pod::XHTML, please get in touch. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Thu Aug 20 13:34:52 2015 From: kgoldman at us.ibm.com (Ken Goldman) Date: Thu, 20 Aug 2015 09:34:52 -0400 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On 8/14/2015 4:26 PM, Salz, Rich wrote: >If you notice any broken links, let us know. There used to be a very useful link at: https://www.openssl.org/docs/crypto/ This was a simple alphabetical listing of the API. It included functions that were hidden from the main page, so it was very useful. Similar hidden pages that were useful were: https://www.openssl.org/docs/ssl/ https://www.openssl.org/docs/apps/ From kgoldman at us.ibm.com Thu Aug 20 14:44:51 2015 From: kgoldman at us.ibm.com (Ken Goldman) Date: Thu, 20 Aug 2015 10:44:51 -0400 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On 8/14/2015 4:26 PM, Salz, Rich wrote: > If you notice any broken links, let us know. From the https://www.openssl.org/docs/manmaster/crypto/crypto.html page - the links to x509v3, asn1, stack and txt_db are broken. - it's unclear what "INTERNAL FUNCTIONS" means. A new reader could interpret that as a private API that is not intended to be called. However, I believe that the "bn" API is public. - The ec link is under internal functions. A more obvious place would be under PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT. It wold be nice to document the AES API: AES_set_encrypt_key AES_set_decrypt_key AES_cbc_encrypt etc. From rt at openssl.org Thu Aug 20 16:07:54 2015 From: rt at openssl.org (Hickman, Steve via RT) Date: Thu, 20 Aug 2015 16:07:54 +0000 Subject: [openssl-dev] [openssl.org #4012] bug /fix to INSTALL_W64 In-Reply-To: References: Message-ID: When running the set of commands described in INSTALL.W64, Perl fails because of a small typo in uplink-x86_64.pl: Line 5 is: open OUT,"| \"$^X\" ${dir}../crypto/perlasm/x86_64-xlate.pl $output"; And should be: open OUT,"| \"$^X\" ${dir}/../crypto/perlasm/x86_64-xlate.pl $output"; Once I fixed that, I found the following errors: D:\Freeware\openssl\openssl-1.0.2d>perl util\mk1mf.pl VC-WIN64A 1>ms\nt.mak no rule for apps\\ at util\mk1mf.pl line 1036. D:\Freeware\openssl\openssl-1.0.2d>perl util\mk1mf.pl dll VC-WIN64A 1>ms\ntdll.mak no rule for apps\\ at util\mk1mf.pl line 1036. D:\Freeware\openssl\openssl-1.0.2d>perl util\mkdef.pl 32 libeay 1>ms\libeay32.def File ssl/tls1.h: cannot parse: () #INFO::; File ssl/tls1.h: cannot parse: () #INFO::; Terminate batch job (Y/N)? y D:\Freeware\openssl\openssl-1.0.2d> Notice that I terminated the batch job - it was apparently infinite looping. Don't know if the prior errors caused that. I'm not familiar enough with Perl to be certain of what the fix for this is. Steve Hickman System Architect, Flight Deck of the Future 480-236-8367 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 20 16:07:57 2015 From: rt at openssl.org (Hickman, Steve via RT) Date: Thu, 20 Aug 2015 16:07:57 +0000 Subject: [openssl-dev] [openssl.org #4014] RE: bug /fix to INSTALL_W64 In-Reply-To: References: Message-ID: I'm running Windows 7 64 bit with Perl 5.22.0. Attempting to build (as should be obvious below) openssl-1.0.2.d, although the same bug is in version 1.0.1 --- Steve H. From: Hickman, Steve (AdvTech) Sent: Thursday, August 20, 2015 7:52 AM To: 'rt at openssl.org' Subject: bug /fix to INSTALL_W64 When running the set of commands described in INSTALL.W64, Perl fails because of a small typo in uplink-x86_64.pl: Line 5 is: open OUT,"| \"$^X\" ${dir}../crypto/perlasm/x86_64-xlate.pl $output"; And should be: open OUT,"| \"$^X\" ${dir}/../crypto/perlasm/x86_64-xlate.pl $output"; Once I fixed that, I found the following errors: D:\Freeware\openssl\openssl-1.0.2d>perl util\mk1mf.pl VC-WIN64A 1>ms\nt.mak no rule for apps\\ at util\mk1mf.pl line 1036. D:\Freeware\openssl\openssl-1.0.2d>perl util\mk1mf.pl dll VC-WIN64A 1>ms\ntdll.mak no rule for apps\\ at util\mk1mf.pl line 1036. D:\Freeware\openssl\openssl-1.0.2d>perl util\mkdef.pl 32 libeay 1>ms\libeay32.def File ssl/tls1.h: cannot parse: () #INFO::; File ssl/tls1.h: cannot parse: () #INFO::; Terminate batch job (Y/N)? y D:\Freeware\openssl\openssl-1.0.2d> Notice that I terminated the batch job - it was apparently infinite looping. Don't know if the prior errors caused that. I'm not familiar enough with Perl to be certain of what the fix for this is. Steve Hickman System Architect, Flight Deck of the Future 480-236-8367 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 20 16:07:56 2015 From: rt at openssl.org (Billy Brumley via RT) Date: Thu, 20 Aug 2015 16:07:56 +0000 Subject: [openssl-dev] [openssl.org #4013] [PATCH] Binary ECC: lambda projective coordinates In-Reply-To: References: Message-ID: This patch speeds up binary curve ECC, particularly ECDSA sign and verify -- up to 5x improvement. It also rolls in RT 3863. Before patch: $ apps/openssl speed ecdh; apps/openssl speed ecdsa op op/s 160 bit ecdh (secp160r1) 0.0002s 6071.7 192 bit ecdh (nistp192) 0.0002s 5274.3 224 bit ecdh (nistp224) 0.0003s 3765.9 256 bit ecdh (nistp256) 0.0001s 15110.3 384 bit ecdh (nistp384) 0.0006s 1623.6 521 bit ecdh (nistp521) 0.0013s 779.8 163 bit ecdh (nistk163) 0.0002s 5458.8 233 bit ecdh (nistk233) 0.0002s 4278.8 283 bit ecdh (nistk283) 0.0004s 2370.3 409 bit ecdh (nistk409) 0.0007s 1512.3 571 bit ecdh (nistk571) 0.0016s 634.6 163 bit ecdh (nistb163) 0.0002s 5226.9 233 bit ecdh (nistb233) 0.0002s 4102.0 283 bit ecdh (nistb283) 0.0005s 2214.0 409 bit ecdh (nistb409) 0.0007s 1403.5 571 bit ecdh (nistb571) 0.0017s 589.6 sign verify sign/s verify/s 160 bit ecdsa (secp160r1) 0.0001s 0.0002s 18743.2 5022.9 192 bit ecdsa (nistp192) 0.0001s 0.0002s 16058.0 4275.1 224 bit ecdsa (nistp224) 0.0001s 0.0003s 12243.6 3101.8 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25672.8 10551.7 384 bit ecdsa (nistp384) 0.0002s 0.0007s 5672.3 1337.2 521 bit ecdsa (nistp521) 0.0004s 0.0015s 2739.5 656.6 163 bit ecdsa (nistk163) 0.0002s 0.0004s 5926.5 2628.6 233 bit ecdsa (nistk233) 0.0003s 0.0005s 3005.7 2040.8 283 bit ecdsa (nistk283) 0.0005s 0.0009s 1986.0 1135.5 409 bit ecdsa (nistk409) 0.0011s 0.0014s 875.8 714.8 571 bit ecdsa (nistk571) 0.0025s 0.0033s 407.2 307.5 163 bit ecdsa (nistb163) 0.0002s 0.0004s 5955.7 2496.3 233 bit ecdsa (nistb233) 0.0003s 0.0005s 3027.2 1941.5 283 bit ecdsa (nistb283) 0.0005s 0.0009s 1979.3 1069.0 409 bit ecdsa (nistb409) 0.0011s 0.0015s 873.9 680.9 571 bit ecdsa (nistb571) 0.0025s 0.0035s 407.6 285.1 After patch: $ apps/openssl speed ecdh; apps/openssl speed ecdsa op op/s 160 bit ecdh (secp160r1) 0.0002s 6071.2 192 bit ecdh (nistp192) 0.0002s 5182.0 224 bit ecdh (nistp224) 0.0003s 3811.1 256 bit ecdh (nistp256) 0.0001s 15146.6 384 bit ecdh (nistp384) 0.0006s 1629.7 521 bit ecdh (nistp521) 0.0013s 787.5 163 bit ecdh (nistk163) 0.0002s 4953.6 233 bit ecdh (nistk233) 0.0003s 3875.9 283 bit ecdh (nistk283) 0.0005s 2163.5 409 bit ecdh (nistk409) 0.0008s 1292.3 571 bit ecdh (nistk571) 0.0017s 579.4 163 bit ecdh (nistb163) 0.0002s 4920.8 233 bit ecdh (nistb233) 0.0003s 3797.5 283 bit ecdh (nistb283) 0.0005s 2187.6 409 bit ecdh (nistb409) 0.0008s 1294.3 571 bit ecdh (nistb571) 0.0017s 573.1 sign verify sign/s verify/s 160 bit ecdsa (secp160r1) 0.0001s 0.0002s 18759.4 5074.0 192 bit ecdsa (nistp192) 0.0001s 0.0002s 16093.8 4261.2 224 bit ecdsa (nistp224) 0.0001s 0.0003s 12219.5 3194.9 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25561.8 10578.7 384 bit ecdsa (nistp384) 0.0002s 0.0007s 5665.2 1352.6 521 bit ecdsa (nistp521) 0.0004s 0.0015s 2714.5 647.4 163 bit ecdsa (nistk163) 0.0001s 0.0002s 17117.7 4026.1 233 bit ecdsa (nistk233) 0.0001s 0.0003s 12921.6 3108.2 283 bit ecdsa (nistk283) 0.0001s 0.0006s 7994.1 1784.6 409 bit ecdsa (nistk409) 0.0002s 0.0009s 4943.8 1074.2 571 bit ecdsa (nistk571) 0.0004s 0.0021s 2235.5 476.0 163 bit ecdsa (nistb163) 0.0001s 0.0002s 17119.8 4002.7 233 bit ecdsa (nistb233) 0.0001s 0.0003s 13129.5 3104.2 283 bit ecdsa (nistb283) 0.0001s 0.0006s 7977.2 1765.5 409 bit ecdsa (nistb409) 0.0002s 0.0009s 4927.0 1073.8 571 bit ecdsa (nistb571) 0.0004s 0.0021s 2263.0 478.2 $ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz stepping : 3 microcode : 0x17 cpu MHz : 3200.000 cache size : 6144 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm bogomips : 6384.88 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: -------------- next part -------------- A non-text attachment was scrubbed... Name: lambda.patch Type: text/x-patch Size: 20540 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 20 16:15:16 2015 From: rt at openssl.org (janpopan via RT) Date: Thu, 20 Aug 2015 16:15:16 +0000 Subject: [openssl-dev] [openssl.org #4015] Bug website changelog Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] In-Reply-To: <55D5DFE0.4070307@gmx.net> References: <55D5DFE0.4070307@gmx.net> Message-ID: Hi, I think tere is a small Bug in the CHANGES file Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] -> Changes between 1.0.2c and 1.0.2d [09 Jul 2015] ... Changes between 1.0.2d and 1.0.2e [xx XXX xxxx] * * * cheers Jan _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rsalz at akamai.com Thu Aug 20 18:57:39 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 20 Aug 2015 18:57:39 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: > This was a simple alphabetical listing of the API. It included functions that > were hidden from the main page, so it was very useful. The team felt that the top-level pages should point to everything (e.g., openssl.html for all the apps stuff). But there's no reason we can't have both. :) Fixed. There are still some href/link problems. I need a perl expert :) From alessandro at ghedini.me Thu Aug 20 19:26:52 2015 From: alessandro at ghedini.me (Alessandro Ghedini) Date: Thu, 20 Aug 2015 21:26:52 +0200 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <20150820192652.GA6425@kronk.local> On Thu, Aug 20, 2015 at 06:57:39PM +0000, Salz, Rich wrote: > There are still some href/link problems. I need a perl expert :) You can use the W3C link checker [0] for that, with an appripriate recursion depth. Cheers [0] https://validator.w3.org/checklink -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From rsalz at akamai.com Thu Aug 20 19:32:31 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 20 Aug 2015 19:32:31 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <20150820192652.GA6425@kronk.local> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150820192652.GA6425@kronk.local> Message-ID: <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> > You can use the W3C link checker [0] for that, with an appripriate recursion > depth. I know the links are broken :) I need script fixes -- see http://perlmonks.org/?node_id=1139219 From alessandro at ghedini.me Fri Aug 21 08:55:32 2015 From: alessandro at ghedini.me (Alessandro Ghedini) Date: Fri, 21 Aug 2015 10:55:32 +0200 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150820192652.GA6425@kronk.local> <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <20150821085532.GA16795@kronk.local> On Thu, Aug 20, 2015 at 07:32:31pm +0000, Salz, Rich wrote: > > > You can use the W3C link checker [0] for that, with an appripriate recursion > > depth. > > I know the links are broken :) > > I need script fixes -- see http://perlmonks.org/?node_id=1139219 I don't quite understand what you are trying to achieve then. The HTML man pages look good to me, there may be a few broken links, but that's just because the linked manpage don't actually exist. Actually maybe I understand now, are you trying to avoid adding links to these non-existent pages? On a related note, a bunch of other pages (that is, not man pages) on the website have broken links, see e.g.: https://www.openssl.org/docs/fipsvalidation.html (the UserGuide links lead to nowhere, and a few others as well). https://www.openssl.org/blog/blog/2014/12/23/the-new-release-strategy/ (which links to https://www.openssl.org/about/releasestrat.html) https://www.openssl.org/blog/blog/2015/01/05/source-code-reformat/ (which links to https://www.openssl.org/about/roadmap.html) etc... Also, all the pages refer to a "favincon.png" file but the file is actually called "favicon.ico", so the little browser icon is not shown. Also^2, the links in the top menu are missing a trailing "/", this causes a redirect every time they are clicked (this is not exactly "broken", but may be worth fixing as well). On a related note, can we get the new logo in image format (ideally svg)? So images on https://github.com/openssl and https://www.openhub.net/p/openssl can be replaced with something less ugly (and ideally the favicon on the main site as well). Cheers -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From hecht at hlrs.de Fri Aug 21 09:03:32 2015 From: hecht at hlrs.de (Martin Hecht) Date: Fri, 21 Aug 2015 11:03:32 +0200 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150820192652.GA6425@kronk.local> <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <55D6E964.1000206@hlrs.de> On 08/20/2015 09:32 PM, Salz, Rich wrote: >> You can use the W3C link checker [0] for that, with an appripriate recursion >> depth. > I know the links are broken :) > > I need script fixes -- see http://perlmonks.org/?node_id=1139219 you are creating the pages out of the pod files, but for instance there is no pod file for x509v3 - there is no man page either. The input is called x509v3_config.pod - so the link in crypto.pod should point to x509v3_config, asn1 should be asn1parse, etc. I guess the script is ok, but there are either some inputs missing or the links in the source are not correct. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2232 bytes Desc: S/MIME Cryptographic Signature URL: From alessandro at ghedini.me Fri Aug 21 11:13:44 2015 From: alessandro at ghedini.me (Alessandro Ghedini) Date: Fri, 21 Aug 2015 13:13:44 +0200 Subject: [openssl-dev] Continuous Integration for OpenSSL Message-ID: <20150821111344.GA23334@kronk.local> Hello, given the recent incident with [0] I think it would make a lot of sense for the OpenSSL project to have some kind of continuous integration system in place, in order to catch similar problems more quickly. The easiest way would probably be to enable Travis CI [1] for the GitHub repository, so that every time something is pushed to it, a test build is automatically started. I created a pull request with an initial travis configuration for the openssl repository at [2]. Among other things it supports building with both gcc and clang on Linux and OS X (but the latter needs to be enabled manually by the Travis team) and supports multiple build configurations ("vanilla", "--debug" and "shared", more can be easily added). You can see an example build run at [3]. Travis has some limitations though, like the fact that it only supports Linux and OS X, with fairly old compiler versions (e.g. gcc 4.6). So it might make sense to build an openssl-specific CI system (e.g. based on Jenkins [4]) but that would require a lot more work, so enabling Travis CI is IMO the way to go for now. Thoughts? Cheers [0] https://github.com/openssl/openssl/commit/25efcb44ac88ab34f60047e16a96c9462fad39c1 [1] https://travis-ci.org/ [2] https://github.com/openssl/openssl/pull/373 [3] https://travis-ci.org/ghedo/openssl/builds/76612407 [4] https://jenkins-ci.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From rsalz at akamai.com Fri Aug 21 14:09:54 2015 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 21 Aug 2015 14:09:54 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <55D6E964.1000206@hlrs.de> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150820192652.GA6425@kronk.local> <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> <55D6E964.1000206@hlrs.de> Message-ID: > I guess the script is ok, but there are either some inputs missing or the links in > the source are not correct. No, the links point to various places; it's like "man 2 open" compared with "man 3 open" We have to strip the (n) part from the POD file before formatting for the web, because otherwise the tool thinks they are standard manpages, and the generated links are wrong. It's further complicated because we have "ssl" and "crypto" which would both map into "man3" on Unix, for example. From brian at briansmith.org Fri Aug 21 16:38:05 2015 From: brian at briansmith.org (Brian Smith) Date: Fri, 21 Aug 2015 09:38:05 -0700 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: <20150821111344.GA23334@kronk.local> References: <20150821111344.GA23334@kronk.local> Message-ID: Alessandro Ghedini wrote: > Travis has some limitations though, like the fact that it only supports > Linux > and OS X, with fairly old compiler versions (e.g. gcc 4.6). > Take a look at .travis.yml and mk/update-travis-yml.py in https://github.com/briansmith/ring, which allows a project to be built/tested using many versions of GCC and Clang. Recently Clang-3.7 stopped working on Travis but I think it will start working again soon. On Windows, you can use Appveyor; see appveyor.yml in the repo linked above. Cheers, Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: From dcruette at qualitesys.com Fri Aug 21 19:45:48 2015 From: dcruette at qualitesys.com (dcruette at qualitesys.com) Date: Fri, 21 Aug 2015 21:45:48 +0200 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> Message-ID: <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Hello the OpenSsl team I managed to setup a Jenkins CI engine with this configuration: - Jenkins engine run on Windows7 - Jenkins slaves run on Windows7 for Amd with Mingw/gcc - Jenkins slave run on Ubuntu Linux for Intel with gcc - Jenkins slave run on Raspberry PI Linux for Arm with gcc - I run an "out of the box" build+test process - and also a special one : expand c code (gcc -E), regenerate the source code with source code injection (memory leak tests)+build+test process. The aim of this is to detect memory problems (cf heatblead vulnerability...), or souce code errors (switch error in particular, yes I did find one and alerted the team last year). The CI run uploading the daily snapshot from the source repo. I had proposed to run this CI, but I need from the openssl team some inputs : - what "config" must be tested - for each platform I might, in the future, install a publicly available Jenkins env for OpenSsl. How can we go one step forward ? Didier QualiteSys http://www.qualitesys.com/ [3] Le 21.08.2015 18:38, Brian Smith a ?crit : > Alessandro Ghedini wrote: > >> Travis has some limitations though, like the fact that it only supports Linux >> and OS X, with fairly old compiler versions (e.g. gcc 4.6). > > Take a look at .travis.yml and mk/update-travis-yml.py in https://github.com/briansmith/ring [1], which allows a project to be built/tested using many versions of GCC and Clang. Recently Clang-3.7 stopped working on Travis but I think it will start working again soon. > > On Windows, you can use Appveyor; see appveyor.yml in the repo linked above. > > Cheers, > Brian > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev [2] Links: ------ [1] https://github.com/briansmith/ring [2] https://mta.openssl.org/mailman/listinfo/openssl-dev [3] http://www.qualitesys.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Sat Aug 22 00:55:43 2015 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 22 Aug 2015 00:55:43 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: Thanks! We have several cross-compile builds running on Cisco's build farm. The more the merrier. I am sure ARM would be appreciated. From ben at links.org Sat Aug 22 09:15:49 2015 From: ben at links.org (Ben Laurie) Date: Sat, 22 Aug 2015 09:15:49 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: On Sat, 22 Aug 2015 at 01:56 Salz, Rich wrote: > Thanks! We have several cross-compile builds running on Cisco's build > farm. The more the merrier. I am sure ARM would be appreciated. > Are these linked from the website somewhere? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Sat Aug 22 10:12:55 2015 From: rt at openssl.org (Alessandro Ghedini via RT) Date: Sat, 22 Aug 2015 10:12:55 +0000 Subject: [openssl-dev] [openssl.org #4016] [PATCH] Print debug info for ALPN extension In-Reply-To: <20150822101235.GA14568@kronk.local> References: <20150822101235.GA14568@kronk.local> Message-ID: Hello, see GitHub pull request at https://github.com/openssl/openssl/pull/371 Which simply adds ALPN to the -tlsextdebug output, so that the extension is not shown as "unknown". Cheers _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Sat Aug 22 10:21:42 2015 From: rt at openssl.org (Alessandro Ghedini via RT) Date: Sat, 22 Aug 2015 10:21:42 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150822102131.GA15009@kronk.local> References: <20150822102131.GA15009@kronk.local> Message-ID: Hello, see GitHub pull request at https://github.com/openssl/openssl/pull/374 Which adds support for Camellia GCM and adds the correspondent TLS cipher suites. Most of the code comes from the AES GCM implementation, so maybe there's an opportunity for some refactoring there. This fixes issue #320 on GitHub https://github.com/openssl/openssl/issues/320 Cheers _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Sat Aug 22 13:17:36 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Sat, 22 Aug 2015 13:17:36 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150822102131.GA15009@kronk.local> References: <20150822102131.GA15009@kronk.local> Message-ID: On Sat Aug 22 10:21:42 2015, alessandro at ghedini.me wrote: > Hello, > > see GitHub pull request at > https://github.com/openssl/openssl/pull/374 > > Which adds support for Camellia GCM and adds the correspondent TLS cipher > suites. Most of the code comes from the AES GCM implementation, so maybe > there's an opportunity for some refactoring there. > Note that the AES-GCM IV generation is purely there to satisfy the FIPS requirements. Since Camellia doesn't have such requirements it could instead use the sequence number directly and remove the generation, simplifying the code in the process. The recently added AES-CCM code does this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Sat Aug 22 16:15:55 2015 From: rt at openssl.org (Alessandro Ghedini via RT) Date: Sat, 22 Aug 2015 16:15:55 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150822161536.GA21733@kronk.local> References: <20150822102131.GA15009@kronk.local> <20150822161536.GA21733@kronk.local> Message-ID: On Sat, Aug 22, 2015 at 01:17:36PM +0000, Stephen Henson via RT wrote: > On Sat Aug 22 10:21:42 2015, alessandro at ghedini.me wrote: > > Hello, > > > > see GitHub pull request at > > https://github.com/openssl/openssl/pull/374 > > > > Which adds support for Camellia GCM and adds the correspondent TLS cipher > > suites. Most of the code comes from the AES GCM implementation, so maybe > > there's an opportunity for some refactoring there. > > > > Note that the AES-GCM IV generation is purely there to satisfy the FIPS > requirements. Since Camellia doesn't have such requirements it could instead > use the sequence number directly and remove the generation, simplifying the > code in the process. The recently added AES-CCM code does this. Ok. I removed the IV generation now, and everything seems to work fine (I've also done some tests with gnutls as well), but more testing may be needed. Cheers From rsalz at akamai.com Mon Aug 24 02:55:46 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 24 Aug 2015 02:55:46 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: >On Sat, 22 Aug 2015 at 01:56 Salz, Rich wrote: >>Thanks!? We have several cross-compile builds running on Cisco's build farm.? The more the merrier.? I am sure ARM would be appreciated. >Are these linked from the website somewhere? No. John Foley @Cisco posted bout them, I think, and Matt has a login and is careful about failures. From alessandro at ghedini.me Mon Aug 24 08:53:35 2015 From: alessandro at ghedini.me (Alessandro Ghedini) Date: Mon, 24 Aug 2015 10:53:35 +0200 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: <20150824085334.GA595@kronk.local> On Sat, Aug 22, 2015 at 12:55:43am +0000, Salz, Rich wrote: > Thanks! We have several cross-compile builds running on Cisco's build farm. > The more the merrier. I am sure ARM would be appreciated. Does this mean that you are not oging to enable Travis CI? If anything this buildfarm didn't seem to catch the 25efcb44 build failure. Additionally Travis automatically builds pull requests submitted on GitHUb, in order to give immediate feedback to submitter and reviewer. So I think it still makes sense to have Travis alongside this Cisco buildfarm (as you said, the more the merrier), but if you don't agree then both #63 and #373 pull requests can be closed (if anything, two less open PRs...). Cheers -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From ben at links.org Mon Aug 24 09:08:00 2015 From: ben at links.org (Ben Laurie) Date: Mon, 24 Aug 2015 09:08:00 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: On Mon, 24 Aug 2015 at 03:56 Salz, Rich wrote: > > >On Sat, 22 Aug 2015 at 01:56 Salz, Rich wrote: > >>Thanks! We have several cross-compile builds running on Cisco's build > farm. The more the merrier. I am sure ARM would be appreciated. > > >Are these linked from the website somewhere? > > No. John Foley @Cisco posted bout them, I think, and Matt has a login and > is careful about failures. > Seems to me they should be on the website. BTW I tracked it down: http://openssl-sanity.cisco.com:8080/ However, doesn't appear to be up. :-( I believe it also (at least when working) sends email on failures - would be nice if those went to a list... -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at links.org Mon Aug 24 09:14:46 2015 From: ben at links.org (Ben Laurie) Date: Mon, 24 Aug 2015 09:14:46 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: <20150824085334.GA595@kronk.local> References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> <20150824085334.GA595@kronk.local> Message-ID: On Mon, 24 Aug 2015 at 09:53 Alessandro Ghedini wrote: > On Sat, Aug 22, 2015 at 12:55:43am +0000, Salz, Rich wrote: > > Thanks! We have several cross-compile builds running on Cisco's build > farm. > > The more the merrier. I am sure ARM would be appreciated. > > Does this mean that you are not oging to enable Travis CI? If anything this > buildfarm didn't seem to catch the 25efcb44 build failure. Additionally > Travis > automatically builds pull requests submitted on GitHUb, in order to give > immediate feedback to submitter and reviewer. > > So I think it still makes sense to have Travis alongside this Cisco > buildfarm > (as you said, the more the merrier), but if you don't agree then both #63 > and > #373 pull requests can be closed (if anything, two less open PRs...). > I've just +1'ed #373 - if another OpenSSL dev will also do that, I'll push it... -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Mon Aug 24 11:24:03 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 24 Aug 2015 11:24:03 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> <20150824085334.GA595@kronk.local> Message-ID: +1 -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From: Ben Laurie [mailto:ben at links.org] Sent: Monday, August 24, 2015 5:15 AM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Continuous Integration for OpenSSL On Mon, 24 Aug 2015 at 09:53 Alessandro Ghedini > wrote: On Sat, Aug 22, 2015 at 12:55:43am +0000, Salz, Rich wrote: > Thanks! We have several cross-compile builds running on Cisco's build farm. > The more the merrier. I am sure ARM would be appreciated. Does this mean that you are not oging to enable Travis CI? If anything this buildfarm didn't seem to catch the 25efcb44 build failure. Additionally Travis automatically builds pull requests submitted on GitHUb, in order to give immediate feedback to submitter and reviewer. So I think it still makes sense to have Travis alongside this Cisco buildfarm (as you said, the more the merrier), but if you don't agree then both #63 and #373 pull requests can be closed (if anything, two less open PRs...). I've just +1'ed #373 - if another OpenSSL dev will also do that, I'll push it... -------------- next part -------------- An HTML attachment was scrubbed... URL: From foleyj at cisco.com Mon Aug 24 12:10:17 2015 From: foleyj at cisco.com (John Foley) Date: Mon, 24 Aug 2015 08:10:17 -0400 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: <55DB09A9.7090604@cisco.com> The URL is https://openssl-sanity.cisco.com:8443/ On 08/24/2015 05:08 AM, Ben Laurie wrote: > > > On Mon, 24 Aug 2015 at 03:56 Salz, Rich > wrote: > > > >On Sat, 22 Aug 2015 at 01:56 Salz, Rich > wrote: > >>Thanks! We have several cross-compile builds running on Cisco's > build farm. The more the merrier. I am sure ARM would be > appreciated. > > >Are these linked from the website somewhere? > > No. John Foley @Cisco posted bout them, I think, and Matt has a > login and is careful about failures. > > > Seems to me they should be on the website. BTW I tracked it down: > > http://openssl-sanity.cisco.com:8080/ > > However, doesn't appear to be up. :-( > > I believe it also (at least when working) sends email on failures - > would be nice if those went to a list... > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Mon Aug 24 15:42:01 2015 From: rt at openssl.org (Tatsuhiro Tsujikawa via RT) Date: Mon, 24 Aug 2015 15:42:01 +0000 Subject: [openssl-dev] [openssl.org #4018] [BUG] openssl ocsp command returns exist code 0 even if responder returns error In-Reply-To: References: Message-ID: Hi, When doing ocsp query using openssl ocsp command bundled with openssl 1.0.2d, and ocsp responder returns non-successful status code (e.g., trylater(3)), openssl ocsp command still returns exit status code 0. I'm not sure this is intentional, but apparently ocsp query is failed because we didn't get the response back, so it should return non zero status code. The attached patch will fix this issue. BTW, I'm using Debian sid. Best regards, Tatsuhiro Tsujikawa -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl-ocsp-responder-error.patch Type: text/x-patch Size: 316 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Mon Aug 24 15:42:03 2015 From: rt at openssl.org (Markus Rinne via RT) Date: Mon, 24 Aug 2015 15:42:03 +0000 Subject: [openssl-dev] [openssl.org #4019] [PATCH] dgst.pod: Remove redundant documentation of -hmac In-Reply-To: <20150821103931.GA29247@tursas> References: <20150821103931.GA29247@tursas> Message-ID: Option -hmac was documented twice. The issue was reported here: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3930 --- doc/apps/dgst.pod | 5 ----- 1 file changed, 5 deletions(-) diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 236e1b7..b156097 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -13,7 +13,6 @@ B B [B<-hex>] [B<-binary>] [B<-r>] -[B<-hmac arg>] [B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] @@ -64,10 +63,6 @@ output the digest or signature in binary form. output the digest in the "coreutils" format used by programs like B. -=item B<-hmac arg> - -set the HMAC key to "arg". - =item B<-non-fips-allow> Allow use of non FIPS digest when in FIPS mode. This has no effect when not in -- 1.8.4 _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From hanno at hboeck.de Mon Aug 24 17:25:24 2015 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Mon, 24 Aug 2015 19:25:24 +0200 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: References: <20150822102131.GA15009@kronk.local> Message-ID: <20150824192524.68112c04@pc1> On Sat, 22 Aug 2015 10:21:42 +0000 Alessandro Ghedini via RT wrote: > Which adds support for Camellia GCM and adds the correspondent TLS > cipher suites. Most of the code comes from the AES GCM > implementation, so maybe there's an opportunity for some refactoring > there. May I ask one question: Why? From what I observed others are moving away from camellia [1]. So why should openssl add more camellia support? From what I'm aware camellia is a block cipher like aes, and there is no serious problem with AES. Does camellia offer any significant advantage in any situation that would justify increasing support? I think a large problem of TLS in general and OpenSSL in particular is feature bloat. In the past features got added not because there was a clear need for them, but "because we can". After all the whole heartbleed story can largely be explained by that. I'd propose that OpenSSL doesn't add any new features without a clear explanation what advantage they bring in which situation - and who is likely going to use that feature. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rt at openssl.org Mon Aug 24 17:30:34 2015 From: rt at openssl.org (Hanno Boeck via RT) Date: Mon, 24 Aug 2015 17:30:34 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150824192524.68112c04@pc1> References: <20150822102131.GA15009@kronk.local> <20150824192524.68112c04@pc1> Message-ID: On Sat, 22 Aug 2015 10:21:42 +0000 Alessandro Ghedini via RT wrote: > Which adds support for Camellia GCM and adds the correspondent TLS > cipher suites. Most of the code comes from the AES GCM > implementation, so maybe there's an opportunity for some refactoring > there. May I ask one question: Why? >From what I observed others are moving away from camellia [1]. So why should openssl add more camellia support? >From what I'm aware camellia is a block cipher like aes, and there is no serious problem with AES. Does camellia offer any significant advantage in any situation that would justify increasing support? I think a large problem of TLS in general and OpenSSL in particular is feature bloat. In the past features got added not because there was a clear need for them, but "because we can". After all the whole heartbleed story can largely be explained by that. I'd propose that OpenSSL doesn't add any new features without a clear explanation what advantage they bring in which situation - and who is likely going to use that feature. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From rt at openssl.org Mon Aug 24 17:41:19 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Mon, 24 Aug 2015 17:41:19 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: References: <20150822102131.GA15009@kronk.local> <20150824192524.68112c04@pc1> Message-ID: > May I ask one question: Why? Excellent question. "Because there is an RFC" is not a good enough reason any more, I think. > Does camellia offer any significant advantage in > any situation that would justify increasing support? Yes, I'd like to know who needs it. GOST is going to move to an externally-maintained ENGINE (thanks, Dimitry:). We should look at moving other ciphers out of the core the same way. The OID's will need to be maintained, since the run-time really wants to deal with NID's, and figuring out how to make them first-class citizens with an EVP interface would take some thought, but Blowfish, Cast, Camellia, SEED, and Whirlpool could all be pushed out, IMHO. From openssl-users at dukhovni.org Mon Aug 24 17:53:55 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 24 Aug 2015 17:53:55 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: References: <20150822102131.GA15009@kronk.local> <20150824192524.68112c04@pc1> Message-ID: <20150824175355.GK9021@mournblade.imrryr.org> On Mon, Aug 24, 2015 at 05:41:19PM +0000, Salz, Rich via RT wrote: > > Does camellia offer any significant advantage in > > any situation that would justify increasing support? > > Yes, I'd like to know who needs it. > > GOST is going to move to an externally-maintained ENGINE (thanks, Dimitry:). > We should look at moving other ciphers out of the core the same way. The > OID's will need to be maintained, since the run-time really wants to deal > with NID's, and figuring out how to make them first-class citizens with > an EVP interface would take some thought, but Blowfish, Cast, Camellia, > SEED, and Whirlpool could all be pushed out, IMHO. IIRC Camellia is more equal than the others. In particular its inclusion in NESSIE and broad adoption make it a plausible "backup" block cipher after AES. So while we can consider dropping many of the more obscure and obsolete algorithms, Camellia is probably best retained. It is not clear that Intel et. al. will devoide any chip real-estate to supporting it in hardware, so it will not be quite as attractive as AES for most users, but it seems to be a fine cipher in most other regards. -- Viktor. From matt at openssl.org Mon Aug 24 18:34:22 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 24 Aug 2015 19:34:22 +0100 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> Message-ID: <55DB63AE.7030805@openssl.org> On 24/08/2015 10:08, Ben Laurie wrote: > > > On Mon, 24 Aug 2015 at 03:56 Salz, Rich > wrote: > > > >On Sat, 22 Aug 2015 at 01:56 Salz, Rich > wrote: > >>Thanks! We have several cross-compile builds running on Cisco's > build farm. The more the merrier. I am sure ARM would be appreciated. > > >Are these linked from the website somewhere? > > No. John Foley @Cisco posted bout them, I think, and Matt has a > login and is careful about failures. > > > Seems to me they should be on the website. BTW I tracked it down: > > http://openssl-sanity.cisco.com:8080/ > > However, doesn't appear to be up. :-( It's up; link is wrong: https://openssl-sanity.cisco.com:8443/ Matt From rsalz at akamai.com Mon Aug 24 19:05:26 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 24 Aug 2015 19:05:26 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: <20150821085532.GA16795@kronk.local> References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150820192652.GA6425@kronk.local> <584881f1592c4447bd59887facfb5c62@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150821085532.GA16795@kronk.local> Message-ID: > https://www.openssl.org/docs/fipsvalidation.html (the UserGuide links lead > to nowhere, and a few others as well). I fixed the two that I found, thanks. > > https://www.openssl.org/blog/blog/2014/12/23/the-new-release-strategy/ > (which links to https://www.openssl.org/about/releasestrat.html) > > https://www.openssl.org/blog/blog/2015/01/05/source-code-reformat/ > (which links to https://www.openssl.org/about/roadmap.html) > > etc... Fixed all the ones I found. Thanks! > Also, all the pages refer to a "favincon.png" file but the file is actually called > "favicon.ico", so the little browser icon is not shown. Given the quality of that ICO, that's probably a feature not a bug :) Anyone want to build a make a better one? > Also^2, the links in the top menu are missing a trailing "/", this causes a > redirect every time they are clicked (this is not exactly "broken", but may be > worth fixing as well). Yeah, save the load on our server :) fixed. > On a related note, can we get the new logo in image format (ideally svg)? So Funny, others asked for a font/css solution. > images on https://github.com/openssl and > https://www.openhub.net/p/openssl can be replaced with something less > ugly (and ideally the favicon on the main site as well). Shrug, whatever people volunteer we'll look at. From rt at openssl.org Mon Aug 24 19:57:02 2015 From: rt at openssl.org (Rich Salz via RT) Date: Mon, 24 Aug 2015 19:57:02 +0000 Subject: [openssl-dev] [openssl.org #4015] Bug website changelog Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] In-Reply-To: <55D5DFE0.4070307@gmx.net> References: <55D5DFE0.4070307@gmx.net> Message-ID: Added the right date, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From hkario at redhat.com Mon Aug 24 20:32:24 2015 From: hkario at redhat.com (Hubert Kario) Date: Mon, 24 Aug 2015 22:32:24 +0200 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150824192524.68112c04@pc1> References: <20150824192524.68112c04@pc1> Message-ID: <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> On Monday 24 August 2015 19:25:24 Hanno B?ck wrote: > On Sat, 22 Aug 2015 10:21:42 +0000 > > Alessandro Ghedini via RT wrote: > > Which adds support for Camellia GCM and adds the correspondent TLS > > cipher suites. Most of the code comes from the AES GCM > > implementation, so maybe there's an opportunity for some refactoring > > there. > > May I ask one question: Why? because it's the only standardised, widely audited and recommended alternative to AES, having a different cryptographic construction (Feistel network) that has been studied even longer is also a good thing > After all the whole > heartbleed story can largely be explained by that. I'd propose that > OpenSSL doesn't add any new features without a clear explanation what > advantage they bring in which situation - and who is likely going to > use that feature. bugs happen, refusing to accept patches just because they can have bugs is short sighted at best or can I expect you to express the exact same concerns when ChaCha20 patches will be proposed? -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From rt at openssl.org Mon Aug 24 20:32:50 2015 From: rt at openssl.org (Hubert Kario via RT) Date: Mon, 24 Aug 2015 20:32:50 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> References: <20150824192524.68112c04@pc1> <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> Message-ID: On Monday 24 August 2015 19:25:24 Hanno B?ck wrote: > On Sat, 22 Aug 2015 10:21:42 +0000 > > Alessandro Ghedini via RT wrote: > > Which adds support for Camellia GCM and adds the correspondent TLS > > cipher suites. Most of the code comes from the AES GCM > > implementation, so maybe there's an opportunity for some refactoring > > there. > > May I ask one question: Why? because it's the only standardised, widely audited and recommended alternative to AES, having a different cryptographic construction (Feistel network) that has been studied even longer is also a good thing > After all the whole > heartbleed story can largely be explained by that. I'd propose that > OpenSSL doesn't add any new features without a clear explanation what > advantage they bring in which situation - and who is likely going to > use that feature. bugs happen, refusing to accept patches just because they can have bugs is short sighted at best or can I expect you to express the exact same concerns when ChaCha20 patches will be proposed? -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From rsalz at akamai.com Mon Aug 24 21:55:31 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 24 Aug 2015 21:55:31 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: > From the https://www.openssl.org/docs/manmaster/crypto/crypto.html > page > > - the links to x509v3, asn1, stack and txt_db are broken. Yes, cross-refs within the manpages are still often broke. We're working on that. > - it's unclear what "INTERNAL FUNCTIONS" means. UTILITY is a better word, I'll change that. > - The ec link is under internal functions. A more obvious place would be > under PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT. Yup, we'll fix. > It wold be nice to document the AES API: Moving forward, the EVP API is the only real public interface we want to expose. From michel.sales at free.fr Mon Aug 24 22:58:57 2015 From: michel.sales at free.fr (Michel) Date: Tue, 25 Aug 2015 00:58:57 +0200 Subject: [openssl-dev] [openssl.org #4019] [PATCH] dgst.pod: Remove redundant documentation of -hmac Message-ID: -------- Message d'origine -------- De : Markus Rinne via RT Date :24/08/2015 17:42 (GMT+01:00) A : Cc : openssl-dev at openssl.org Objet : [openssl-dev] [openssl.org #4019] [PATCH] dgst.pod: Remove redundant documentation of -hmac Option -hmac was documented twice. The issue was reported here: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3930 --- doc/apps/dgst.pod | 5 ----- 1 file changed, 5 deletions(-) diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 236e1b7..b156097 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -13,7 +13,6 @@ B B [B<-hex>] [B<-binary>] [B<-r>] -[B<-hmac arg>] [B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] @@ -64,10 +63,6 @@ output the digest or signature in binary form. output the digest in the "coreutils" format used by programs like B. -=item B<-hmac arg> - -set the HMAC key to "arg". - =item B<-non-fips-allow> Allow use of non FIPS digest when in FIPS mode. This has no effect when not in -- 1.8.4 _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From dcruette at qualitesys.com Mon Aug 24 21:56:24 2015 From: dcruette at qualitesys.com (dcruette at qualitesys.com) Date: Mon, 24 Aug 2015 23:56:24 +0200 Subject: [openssl-dev] Test failure for windows mingw Message-ID: Hello On the openssl-SNAP-20150824 daily snapshot on Windows Mingw config, I have a build failure : @@@ START test_ec -- private ec testing ec private conversions p -> d read EC key writing EC key p -> p read EC key writing EC key d -> d read EC key unable to load Key 4764:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:149: 4764:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1116: 4764:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:476:Field=parameters, Type=EC_PRIVATEKEY 4764:error:10092010:elliptic curve routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1001: Didier http://www.qualitesys.com/ From hanno at hboeck.de Tue Aug 25 06:58:57 2015 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Tue, 25 Aug 2015 08:58:57 +0200 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> References: <20150824192524.68112c04@pc1> <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> Message-ID: <20150825085857.36fe5adf@pc1> On Mon, 24 Aug 2015 22:32:24 +0200 Hubert Kario wrote: > > After all the whole > > heartbleed story can largely be explained by that. I'd propose that > > OpenSSL doesn't add any new features without a clear explanation > > what advantage they bring in which situation - and who is likely > > going to use that feature. > > bugs happen, refusing to accept patches just because they can have > bugs is short sighted at best > > or can I expect you to express the exact same concerns when ChaCha20 > patches will be proposed? I think the situation with chacha20 is very different. Its advantages seem convincing enough that some major players responsible for a large part of internet connections are already using it. I see nothing alike with camellia. If you can give me a convincing argument who would use camellia and for what I may reconsider my opinion. "It's standardized" doesn't mean anyone actually uses or wants to use it. Right now I only see people deprecating it. I think the thing that bite with heartbleed was: A very obscure feature, nobody used it, nobody cared for it, so nobody looked at it. Camellia looks very similar, I doubt it will gain any significant use even if openssl supported camellia-gcm modes. -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rt at openssl.org Tue Aug 25 06:59:01 2015 From: rt at openssl.org (Hanno Boeck via RT) Date: Tue, 25 Aug 2015 06:59:01 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150825085857.36fe5adf@pc1> References: <20150824192524.68112c04@pc1> <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> <20150825085857.36fe5adf@pc1> Message-ID: On Mon, 24 Aug 2015 22:32:24 +0200 Hubert Kario wrote: > > After all the whole > > heartbleed story can largely be explained by that. I'd propose that > > OpenSSL doesn't add any new features without a clear explanation > > what advantage they bring in which situation - and who is likely > > going to use that feature. > > bugs happen, refusing to accept patches just because they can have > bugs is short sighted at best > > or can I expect you to express the exact same concerns when ChaCha20 > patches will be proposed? I think the situation with chacha20 is very different. Its advantages seem convincing enough that some major players responsible for a large part of internet connections are already using it. I see nothing alike with camellia. If you can give me a convincing argument who would use camellia and for what I may reconsider my opinion. "It's standardized" doesn't mean anyone actually uses or wants to use it. Right now I only see people deprecating it. I think the thing that bite with heartbleed was: A very obscure feature, nobody used it, nobody cared for it, so nobody looked at it. Camellia looks very similar, I doubt it will gain any significant use even if openssl supported camellia-gcm modes. -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From ben at links.org Tue Aug 25 09:49:41 2015 From: ben at links.org (Ben Laurie) Date: Tue, 25 Aug 2015 09:49:41 +0000 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: <55DB63AE.7030805@openssl.org> References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> <55DB63AE.7030805@openssl.org> Message-ID: On Mon, 24 Aug 2015 at 19:35 Matt Caswell wrote: > On 24/08/2015 10:08, Ben Laurie wrote: > > > > > > On Mon, 24 Aug 2015 at 03:56 Salz, Rich > > wrote: > > > > > > >On Sat, 22 Aug 2015 at 01:56 Salz, Rich > > wrote: > > >>Thanks! We have several cross-compile builds running on Cisco's > > build farm. The more the merrier. I am sure ARM would be > appreciated. > > > > >Are these linked from the website somewhere? > > > > No. John Foley @Cisco posted bout them, I think, and Matt has a > > login and is careful about failures. > > > > > > Seems to me they should be on the website. BTW I tracked it down: > > > > http://openssl-sanity.cisco.com:8080/ > > > > However, doesn't appear to be up. :-( > > It's up; link is wrong: > > https://openssl-sanity.cisco.com:8443/ Ah, thanks. So, should we link to this (and any other CI sites) from the website? Also, next stupid question, if I look there, I see for example: https://openssl-sanity.cisco.com:8443/job/1_0_1_mips/ How do I find out how that's being built? > > > Matt > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hkario at redhat.com Tue Aug 25 10:40:09 2015 From: hkario at redhat.com (Hubert Kario) Date: Tue, 25 Aug 2015 12:40:09 +0200 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <20150825085857.36fe5adf@pc1> References: <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> <20150825085857.36fe5adf@pc1> Message-ID: <5185450.dCRjXoWBhx@pintsize.usersys.redhat.com> On Tuesday 25 August 2015 08:58:57 Hanno B?ck wrote: > On Mon, 24 Aug 2015 22:32:24 +0200 > > Hubert Kario wrote: > > > After all the whole > > > heartbleed story can largely be explained by that. I'd propose that > > > OpenSSL doesn't add any new features without a clear explanation > > > what advantage they bring in which situation - and who is likely > > > going to use that feature. > > > > bugs happen, refusing to accept patches just because they can have > > bugs is short sighted at best > > > > or can I expect you to express the exact same concerns when ChaCha20 > > patches will be proposed? > > I think the situation with chacha20 is very different. Its advantages > seem convincing enough that some major players responsible for a > large part of internet connections are already using it. > I see nothing alike with camellia. https://yourlogicalfallacyis.com/bandwagon > If you can give me a convincing argument who would use camellia and for > what I may reconsider my opinion. "It's standardized" doesn't mean > anyone actually uses or wants to use it. Right now I only see people > deprecating it. Some devices supported only RC4 since "everybody else does support it anyway so there is no need for fallback ciphers and it's fast", now it is biting us hard... And yes, servers do use it (44%) and prefer it. With Firefox 29 client hello close to 1% of connections to TLS enabled Alexa top 1 million servers ended up with some kind of Camellia cipher. > I think the thing that bite with heartbleed was: A very obscure > feature, nobody used it, nobody cared for it, so nobody looked at it. > Camellia looks very similar, I doubt it will gain any significant use > even if openssl supported camellia-gcm modes. Unlike heartbeat, disabling camellia ciphers does not require recompilation of openssl, application's that use openssl or both. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From rt at openssl.org Tue Aug 25 10:40:24 2015 From: rt at openssl.org (Hubert Kario via RT) Date: Tue, 25 Aug 2015 10:40:24 +0000 Subject: [openssl-dev] [openssl.org #4017] [PATCH] Implement Camellia GCM suites (RFC 6367) In-Reply-To: <5185450.dCRjXoWBhx@pintsize.usersys.redhat.com> References: <2254595.esPsoZmd7j@pintsize.usersys.redhat.com> <20150825085857.36fe5adf@pc1> <5185450.dCRjXoWBhx@pintsize.usersys.redhat.com> Message-ID: On Tuesday 25 August 2015 08:58:57 Hanno B?ck wrote: > On Mon, 24 Aug 2015 22:32:24 +0200 > > Hubert Kario wrote: > > > After all the whole > > > heartbleed story can largely be explained by that. I'd propose that > > > OpenSSL doesn't add any new features without a clear explanation > > > what advantage they bring in which situation - and who is likely > > > going to use that feature. > > > > bugs happen, refusing to accept patches just because they can have > > bugs is short sighted at best > > > > or can I expect you to express the exact same concerns when ChaCha20 > > patches will be proposed? > > I think the situation with chacha20 is very different. Its advantages > seem convincing enough that some major players responsible for a > large part of internet connections are already using it. > I see nothing alike with camellia. https://yourlogicalfallacyis.com/bandwagon > If you can give me a convincing argument who would use camellia and for > what I may reconsider my opinion. "It's standardized" doesn't mean > anyone actually uses or wants to use it. Right now I only see people > deprecating it. Some devices supported only RC4 since "everybody else does support it anyway so there is no need for fallback ciphers and it's fast", now it is biting us hard... And yes, servers do use it (44%) and prefer it. With Firefox 29 client hello close to 1% of connections to TLS enabled Alexa top 1 million servers ended up with some kind of Camellia cipher. > I think the thing that bite with heartbleed was: A very obscure > feature, nobody used it, nobody cared for it, so nobody looked at it. > Camellia looks very similar, I doubt it will gain any significant use > even if openssl supported camellia-gcm modes. Unlike heartbeat, disabling camellia ciphers does not require recompilation of openssl, application's that use openssl or both. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From foleyj at cisco.com Tue Aug 25 11:48:08 2015 From: foleyj at cisco.com (John Foley) Date: Tue, 25 Aug 2015 07:48:08 -0400 Subject: [openssl-dev] Continuous Integration for OpenSSL In-Reply-To: References: <20150821111344.GA23334@kronk.local> <6a3e80bc9279db841dcff5e194d8b815@qualitesys.com> <55DB63AE.7030805@openssl.org> Message-ID: <55DC55F8.1090308@cisco.com> If you click on one of the individual builds (left side), then click on the "Console Output" link, it'll show the full build log. You can find the commands issued for the build in this log. On 08/25/2015 05:49 AM, Ben Laurie wrote: > > > On Mon, 24 Aug 2015 at 19:35 Matt Caswell > wrote: > > On 24/08/2015 10:08, Ben Laurie wrote: > > > > > > On Mon, 24 Aug 2015 at 03:56 Salz, Rich > > >> wrote: > > > > > > >On Sat, 22 Aug 2015 at 01:56 Salz, Rich > > >> wrote: > > >>Thanks! We have several cross-compile builds running on > Cisco's > > build farm. The more the merrier. I am sure ARM would be > appreciated. > > > > >Are these linked from the website somewhere? > > > > No. John Foley @Cisco posted bout them, I think, and Matt has a > > login and is careful about failures. > > > > > > Seems to me they should be on the website. BTW I tracked it down: > > > > http://openssl-sanity.cisco.com:8080/ > > > > However, doesn't appear to be up. :-( > > It's up; link is wrong: > > https://openssl-sanity.cisco.com:8443/ > > > Ah, thanks. So, should we link to this (and any other CI sites) from > the website? > > Also, next stupid question, if I look there, I see for example: > > https://openssl-sanity.cisco.com:8443/job/1_0_1_mips/ > > How do I find out how that's being built? > > > > > Matt > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Tue Aug 25 12:56:22 2015 From: kgoldman at us.ibm.com (Ken Goldman) Date: Tue, 25 Aug 2015 08:56:22 -0400 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On 8/24/2015 5:55 PM, Salz, Rich wrote: > > Yes, cross-refs within the manpages are still often broke. We're working on that. Do you still want lists of broken links, or is this a general issue you're already aware of. If you do, from https://www.openssl.org/docs/manmaster/crypto/evp.html the links to everything I tried are broken. From rsalz at akamai.com Tue Aug 25 13:19:59 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 25 Aug 2015 13:19:59 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <70dd9dbff63f4ba58d52feb9b8771196@ustx2ex-dag1mb2.msg.corp.akamai.com> > Do you still want lists of broken links, or is this a general issue you're already > aware of. That's good enough. We're aware of a general problem with links in the manpages and are working on it. Other breaks would be good to know. From gmaheshwari24.6 at gmail.com Tue Aug 25 14:01:51 2015 From: gmaheshwari24.6 at gmail.com (gaurav maheshwari) Date: Tue, 25 Aug 2015 19:31:51 +0530 Subject: [openssl-dev] Intel function stichting support for DTLS Message-ID: Hello, Function stitching support (only for x86 processors) is there for some of the TLS ciphers but same support is not there for DTLS. So, What was the reason for not adding function stitching support for DTLS. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Tue Aug 25 16:18:05 2015 From: rt at openssl.org (Rich Salz via RT) Date: Tue, 25 Aug 2015 16:18:05 +0000 Subject: [openssl-dev] [openssl.org #3930] DOCUMENTATION: dgst.pod: duplicate -hmac In-Reply-To: References: Message-ID: Fixed in master, 1.0.2, 1.0.1; thanks. OpenSSL_1_0_1-stable 86de216 RT4019: Duplicate -hmac flag in dgst.pod OpenSSL_1_0_2-stable 8e0b56b RT4019: Duplicate -hmac flag in dgst.pod master fe50cd7 RT4019: Duplicate -hmac flag in dgst.pod Author: Markus Rinne Date: Mon Aug 24 16:20:13 2015 -0400 -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Tue Aug 25 16:42:43 2015 From: rt at openssl.org (Jean FONGANG DASSI via RT) Date: Tue, 25 Aug 2015 16:42:43 +0000 Subject: [openssl-dev] [openssl.org #4020] #3759: [PATCH] crypto: use bigint in x86-64 perl In-Reply-To: <2009466687.117374.1440520399030.JavaMail.zimbra@concurrent.co.za> References: <2009466687.117374.1440520399030.JavaMail.zimbra@concurrent.co.za> Message-ID: On Solaris 10u10 X86_64, I had to do the bellow instead: $ cat src/x86_64-xlate.pl_patch --- openssl-1.0.2d/crypto/modes/asm/../../perlasm/x86_64-xlate.pl Thu Jul 9 13:57:15 2015 +++ ./x86_64-xlate.pl_new Tue Aug 25 18:17:20 2015 @@ -194,17 +194,17 @@ } sub out { my $self = shift; - + use bigint; if ($gas) { # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{value} $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; - sprintf "\$%s",$self->{value}; + sprintf "\$%20.0f",$self->{value}; } else { $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig; $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); - sprintf "%s",$self->{value}; + sprintf "%20.0f",$self->{value}; } } } $ Not actually safe how it is: there seems to be some number truncation in $self->{value} ... Kind Regards, Jean Fongang Systems Integration Specialist m. +27 (0)XXXXXXXX e. jeanf [our domain is: } concurrent.co.za t. +27 (0)11 253 3660 f. +27 (0)11 656 3795 www.concurrent.co.za Block E, Morningside Close Office Park, 222 Rivonia Road Morningside, Sandton, South Africa PO Box 5224, Cresta 2118 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Concurrent-Logo-Horizontal_Web_2.jpg Type: image/jpeg Size: 7653 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Aug 25 17:03:51 2015 From: rt at openssl.org (Jean FONGANG DASSI via RT) Date: Tue, 25 Aug 2015 17:03:51 +0000 Subject: [openssl-dev] [openssl.org #3759] [PATCH] crypto: use bigint in x86-64 perl In-Reply-To: <1458893705.118503.1440522225432.JavaMail.zimbra@concurrent.co.za> References: <2009466687.117374.1440520399030.JavaMail.zimbra@concurrent.co.za> <1458893705.118503.1440522225432.JavaMail.zimbra@concurrent.co.za> Message-ID: On Solaris 10u10 X86_64, I had to do the bellow instead: $ cat src/x86_64-xlate.pl_patch --- openssl-1.0.2d/crypto/modes/asm/../../perlasm/x86_64-xlate.pl Thu Jul 9 13:57:15 2015 +++ ./x86_64-xlate.pl_new Tue Aug 25 18:17:20 2015 @@ -194,17 +194,17 @@ } sub out { my $self = shift; - + use bigint; if ($gas) { # Solaris /usr/ccs/bin/as can't handle multiplications # in $self->{value} $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; - sprintf "\$%s",$self->{value}; + sprintf "\$%20.0f",$self->{value}; } else { $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig; $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); - sprintf "%s",$self->{value}; + sprintf "%20.0f",$self->{value}; } } } $ Not actually sure how safe it is: there seems to be some number truncation in $self->{value} ... Kind Regards, Jean Fongang Systems Integration Specialist m. +27 (0)XXXXXXXX e. jeanf [our domain is: } concurrent.co.za t. +27 (0)11 253 3660 f. +27 (0)11 656 3795 www.concurrent.co.za Block E, Morningside Close Office Park, 222 Rivonia Road Morningside, Sandton, South Africa PO Box 5224, Cresta 2118 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Concurrent-Logo-Horizontal_Web_2.jpg Type: image/jpeg Size: 7653 bytes Desc: not available URL: From waywardgeek at google.com Tue Aug 25 17:26:33 2015 From: waywardgeek at google.com (Bill Cox) Date: Tue, 25 Aug 2015 10:26:33 -0700 Subject: [openssl-dev] Minor bug in custom TLS extensions Message-ID: This seems like a bug to me: /* * If this ClientHello extension was unhandled and this is a * nonresumed connection, check whether the extension is a custom * TLS Extension (has a custom_srv_ext_record), and if so call the * callback and record the extension number so that an appropriate * ServerHello may be later returned. */ else if (!s->hit) { if (custom_ext_parse(s, 1, type, data, size, al) <= 0) return 0; } This is in t1_lib.c, in function ssl_scan_clienthello_tlsext. It looks like the check for !s->hit will cause the server to ignore all custom extensions on resumed sessions. At the same time, we do not have a mechanism for saving custom extension state in the session. As a result, the server will lose all knowledge of the existence of a custom extension after resumption. Some extensions are only needed during the initial handshake, but others set state on the connection that should persist. Also, there seems to be no code to keep the client from sending custom extensions on resumption, so when OpenSSL talks to OpenSSL with identical custom extensions, we're sending TLS extensions on resumption which are ignored by the server. I think the one-line fix is to change the "else if (!s->hit) {" to "else {". Would you guys agree? Any existing custom extensions that depend on the old behavior need to check SSL_session_reused(ssl) to disable custom TLS extensions on resumption. On the positive side, this will reduce the current overhead caused by the client sending these extensions on resumption. Thanks, Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From foleyj at cisco.com Tue Aug 25 20:15:17 2015 From: foleyj at cisco.com (John Foley) Date: Tue, 25 Aug 2015 16:15:17 -0400 Subject: [openssl-dev] ECDSA side-channel attack mitigation Message-ID: <55DCCCD5.4000804@cisco.com> Is OpenSSL planning to implement side-channel resistance against the following attack: https://eprint.iacr.org/2014/161.pdf From rsalz at akamai.com Tue Aug 25 21:40:16 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 25 Aug 2015 21:40:16 +0000 Subject: [openssl-dev] FW: Website changing this weekend In-Reply-To: References: <68b20d461e3844cda6918348abf00dc8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <1515cbd9c0c14befa7e94a42fd431a81@ustx2ex-dag1mb2.msg.corp.akamai.com> > > Yes, cross-refs within the manpages are still often broke. We're working on > that. Thanks to the generous help of Phil Pearl, the links within the manpages are fixed! From bbrumley at gmail.com Wed Aug 26 06:15:14 2015 From: bbrumley at gmail.com (Billy Brumley) Date: Wed, 26 Aug 2015 09:15:14 +0300 Subject: [openssl-dev] ECDSA side-channel attack mitigation In-Reply-To: <55DCCCD5.4000804@cisco.com> References: <55DCCCD5.4000804@cisco.com> Message-ID: Seems doubtful -- some patches hit the list a while back, but never got picked up. See RT 3741 and RT 3667. BBB On Tue, Aug 25, 2015 at 11:15 PM, John Foley wrote: > Is OpenSSL planning to implement side-channel resistance against the > following attack: > > https://eprint.iacr.org/2014/161.pdf > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rt at openssl.org Wed Aug 26 10:42:12 2015 From: rt at openssl.org (johnny.bentley@gmail.com via RT) Date: Wed, 26 Aug 2015 10:42:12 +0000 Subject: [openssl-dev] [openssl.org #4021] Openssl. Responding to request tracker: "#502: TXT_DB error number 2" http://rt.openssl.org/Ticket/Display.html?id=502#txn-42752 In-Reply-To: <000e01d0dfc6$0cd24590$2676d0b0$@gmail.com> References: <000e01d0dfc6$0cd24590$2676d0b0$@gmail.com> Message-ID: I fixed this problem editing my openssl.cfg. In the [CA_default] section add: unique_subject = no Note there exists an example openssl.cfg in the bin directory of your openssl install. E.g. "C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.cfg". This error may well not arise, and thereby make unnecessary the need to set "unique_subject = no", if you properly revoke the user certificate (presumably the CA database will be properly updated when you do that). So, for example, a guest at http://rt.openssl.org/Ticket/Display.html?id=502#txn-8317 suggested you might be able to ... > properly revoke them using 'openssl ca -revoke xyz.crt' I haven't verified this. But there is also the scenario when you lose the user certificate (for whatever strange reason) but need to (re)create the user certificate with the same subject (but, of course, with a different public and private key), signed by the same certificate authority. In this case setting "unique_subject = no" in openssl.cfg will be the right solution. The text file "index.attr" gets continually overwritten, so adjusting the unique_subject value there only works once (and is therefore not recommended). But thanks for the tip off from the guest in 2004 at http://rt.openssl.org/Ticket/Display.html?id=502#txn-8322. I'm on OpenSSL 1.0.2d. _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Aug 26 11:11:46 2015 From: rt at openssl.org (Rich Salz via RT) Date: Wed, 26 Aug 2015 11:11:46 +0000 Subject: [openssl-dev] [openssl.org #4016] [PATCH] Print debug info for ALPN extension In-Reply-To: <20150822101235.GA14568@kronk.local> References: <20150822101235.GA14568@kronk.local> Message-ID: Done in master, backported to 1.0.2 Closing. From rt at openssl.org Wed Aug 26 11:12:34 2015 From: rt at openssl.org (Rich Salz via RT) Date: Wed, 26 Aug 2015 11:12:34 +0000 Subject: [openssl-dev] [openssl.org #3073] [Patch] ALPN Implementation for OpenSSL In-Reply-To: References: Message-ID: I hope that, if we picked up (some of) this patch, you got credit :) Before my time. From rt at openssl.org Wed Aug 26 11:13:14 2015 From: rt at openssl.org (Rich Salz via RT) Date: Wed, 26 Aug 2015 11:13:14 +0000 Subject: [openssl-dev] [openssl.org #3205] [PATCH] Bring TLS Extension Support Up To Date w/RFCs (ALPN, RFC6961, RFC6962) In-Reply-To: References: Message-ID: Done awhile ago. From rsalz at akamai.com Wed Aug 26 15:13:26 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 26 Aug 2015 15:13:26 +0000 Subject: [openssl-dev] ECDSA side-channel attack mitigation In-Reply-To: References: <55DCCCD5.4000804@cisco.com> Message-ID: <1f4afccf680042e3b9c7a30be145eb9d@ustx2ex-dag1mb2.msg.corp.akamai.com> > Seems doubtful -- some patches hit the list a while back, but never got > picked up. See RT 3741 and RT 3667. > > BBB We are not moving as fast as we would like on tickets. This is LIKELY to be picked up. From rt at openssl.org Wed Aug 26 16:24:54 2015 From: rt at openssl.org (Kaduk, Ben via RT) Date: Wed, 26 Aug 2015 16:24:54 +0000 Subject: [openssl-dev] [openssl.org #3984] [PATCH] Fix clang compiler warning where %ld is used for uint64_t on Mac OS X In-Reply-To: References: Message-ID: It would be nice to get this or some other fix in; I have to go back and cherry-pick this commit any time I want to build on OS X. -Ben Kaduk From rt at openssl.org Wed Aug 26 21:18:35 2015 From: rt at openssl.org (Shalom, Hai via RT) Date: Wed, 26 Aug 2015 21:18:35 +0000 Subject: [openssl-dev] [openssl.org #4022] Support for RFC 6066 in OpenSSL In-Reply-To: References: Message-ID: Hello, I'm contacting you in regards to official support of RFC 6066, specifically for the maximum fragment length negotiation feature. In the Internet-of-Things world, the devices are very limited in memory and may not be able to support secure connections with a fragment size of up to 16KB as mandated by the RFC. In reality, many devices violate this requirement and fail if a fragment size is above some lower value (4-6K). This extension would allow a thin client to negotiate a small fragment and improve overall memory requirements, and still be fully compliant. As the most popular TLS library for Linux, lacking this feature on the server side makes this great feature irrelevant, and it's not desirable moving forward. I found this patch in your web site, but it hasn't been integrated: http://rt.openssl.org/Ticket/Attachment/49354/28294/ What is your stand with regards to officially supporting this feature in the future? Thanks, Hai. ---- Hai Shalom [Description: QCA] hshalom at qca.qualcomm.com -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 4729 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 27 10:21:05 2015 From: rt at openssl.org (Nicholas Cooper via RT) Date: Thu, 27 Aug 2015 10:21:05 +0000 Subject: [openssl-dev] [openssl.org #4023] heap overflow in openssl-1.0.2d In-Reply-To: <55DEE3FD.6040107@gmail.com> References: <55DEE3FD.6040107@gmail.com> Message-ID: The callstack is as follow. level function filename (line number) 0 BN_bn2bin openssl-1.0.2d/crypto/bn/bn_lib.c (652) 1 RSA_eay_public_encrypt openssl-1.0.2d/crypto/rsa/rsa_eay.c (239) 2 RSA_public_encrypt openssl-1.0.2d/crypto/rsa/rsa_crpt.c (85) 3 EVP_PKEY_encrypt_old openssl-1.0.2d/crypto/evp/p_enc.c (81) 4 EVP_SealInit openssl-1.0.2d/crypto/evp/p_seal.c (94) 5 main my.cpp In the while-loop of BN_bn2bin(), the *(to++) statement falsely overwrites my dynamically-allocated object. Apparently, the return value of BN_num_bytes() is incorrect, so the while-loop goes out of control. _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From ray.kinsella at intel.com Thu Aug 27 12:06:07 2015 From: ray.kinsella at intel.com (Kinsella, Ray) Date: Thu, 27 Aug 2015 12:06:07 +0000 Subject: [openssl-dev] data_word hiding lock prefix from assembler Message-ID: <1440677165.3152.23.camel@intel.com> Hello OpenSSL Org: The use of data_word in x86cpuid.pl has the effect of hiding the lock prefix from the assembler. This is problematic on the Intel X1000 microprocessor which has a bug in the lock prefix. On the X1000 the workaround for the bug is to use the assembler option -momit-lock-prefix=yes to strip the lock prefix, however when data_word is used it makes this impossible for the assembler. I have developed the following patch which appears to work fine on GNU Linux x86 (32bit); it compiles fine, passes tests etc. Github link: https://github.com/mdr78/openssl/commit/01b1248e57c2f9a35838ae8dac3850a9d6bb5574 I am interested to understand the original rational for using data_word in place of the perlasm lock()? Ray K From rt at openssl.org Thu Aug 27 17:33:18 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 17:33:18 +0000 Subject: [openssl-dev] [openssl.org #3429] PATCH: Update to X509_check_host documentation In-Reply-To: References: Message-ID: already done. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 17:41:04 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 17:41:04 +0000 Subject: [openssl-dev] [openssl.org #3643] SSL_CTX_set_tmp_dh_callback doc misleading WRT "keylength" param In-Reply-To: <20141230160136.GA22775@tahina.priv.at> References: <20141230160136.GA22775@tahina.priv.at> Message-ID: fixed as part of logjam commit 1f302db3e70f50f9b5e0860581a18e117eafcf20 Author: Emilia Kasper Date: Tue May 12 16:10:05 2015 +0200 -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 18:31:42 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 18:31:42 +0000 Subject: [openssl-dev] [openssl.org #2071] Few more manual page (was: What does cache field in X509_STORE struct do?) In-Reply-To: <20091014185755.GA16939@cryptocom.ru> References: <20091012085758.GA8399@cryptocom.ru> <20091012124923.GA24615@openssl.org> <20091012133200.GB14914@cryptocom.ru> <20091012170030.GA70882@openssl.org> <20091013075246.GB17174@cryptocom.ru> <20091013121222.GA93208@openssl.org> <20091013131423.GE17174@cryptocom.ru> <20091013132519.GA11674@openssl.org> <20091014185755.GA16939@cryptocom.ru> Message-ID: fixed in master, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 18:32:14 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 18:32:14 +0000 Subject: [openssl-dev] [openssl.org #1600] Man page bugs In-Reply-To: References: Message-ID: fixed in master, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 18:33:05 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 18:33:05 +0000 Subject: [openssl-dev] [openssl.org #3634] Docfix: doc/apps/enc.pod says "aes-[128|192|256]" but means "aes[..]" In-Reply-To: <20141212181907.fQIM_ujl%sdaoden@yandex.com> References: <20141212181907.fQIM_ujl%sdaoden@yandex.com> Message-ID: fixed in master, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 18:33:29 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 18:33:29 +0000 Subject: [openssl-dev] [openssl.org #3678] [PATCH] Correct the BIO_new_bio_pair example in man page In-Reply-To: References: Message-ID: fixed in master, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 18:33:57 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 27 Aug 2015 18:33:57 +0000 Subject: [openssl-dev] [openssl.org #3787] [PATCH] Update the return value documentation for various EVP_* functions to match the code. In-Reply-To: References: Message-ID: fixed in master, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Thu Aug 27 19:06:50 2015 From: rt at openssl.org (Devchandra L Meetei via RT) Date: Thu, 27 Aug 2015 19:06:50 +0000 Subject: [openssl-dev] [openssl.org #3678] Resolved: [PATCH] Correct the BIO_new_bio_pair example in man page In-Reply-To: References: Message-ID: Thanks Rich On Fri, Aug 28, 2015 at 12:03 AM, Rich Salz via RT wrote: > According to our records, your request has been resolved. If you have any > further questions or concerns, please respond to this message. > -- Warm Regards --Dev OpenPegasus Developer "I'm one of those people that think Thomas Edison and the light bulb changed the world more than Karl Marx ever did,? Steve Jobs From emilia at openssl.org Fri Aug 28 00:00:03 2015 From: emilia at openssl.org (=?UTF-8?Q?Emilia_K=C3=A4sper?=) Date: Fri, 28 Aug 2015 02:00:03 +0200 Subject: [openssl-dev] Minor bug in custom TLS extensions In-Reply-To: References: Message-ID: It's not really a bug. The behaviour upon resumption is extension-specific. Most extensions are only needed for establishing the session; they're ignored during resumption, and aren't stored in the session state. So it's rather that the custom extensions API doesn't support stateful extensions. A client should (SHOULD) always repeat extensions on resumption though, as it can't know whether the resumption will be accepted. Do you have a specific example where you need to save custom extension state? We can think about extending the API, even though I imagine that anything that does need to keep state will be too complex and hairy to be handled by the generic extension mechanism. Cheers, Emilia On Tue, Aug 25, 2015 at 7:26 PM, Bill Cox wrote: > This seems like a bug to me: > > /* > * If this ClientHello extension was unhandled and this is a > * nonresumed connection, check whether the extension is a custom > * TLS Extension (has a custom_srv_ext_record), and if so call the > * callback and record the extension number so that an appropriate > * ServerHello may be later returned. > */ > else if (!s->hit) { > if (custom_ext_parse(s, 1, type, data, size, al) <= 0) > return 0; > } > > This is in t1_lib.c, in function ssl_scan_clienthello_tlsext. It looks > like the check for !s->hit will cause the server to ignore all custom > extensions on resumed sessions. At the same time, we do not have a > mechanism for saving custom extension state in the session. As a result, > the server will lose all knowledge of the existence of a custom extension > after resumption. Some extensions are only needed during the initial > handshake, but others set state on the connection that should persist. > Also, there seems to be no code to keep the client from sending custom > extensions on resumption, so when OpenSSL talks to OpenSSL with identical > custom extensions, we're sending TLS extensions on resumption which are > ignored by the server. > > I think the one-line fix is to change the "else if (!s->hit) {" to "else > {". Would you guys agree? > > Any existing custom extensions that depend on the old behavior need to > check SSL_session_reused(ssl) to disable custom TLS extensions on > resumption. On the positive side, this will reduce the current overhead > caused by the client sending these extensions on resumption. > > Thanks, > Bill > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From waywardgeek at google.com Fri Aug 28 00:21:34 2015 From: waywardgeek at google.com (Bill Cox) Date: Thu, 27 Aug 2015 17:21:34 -0700 Subject: [openssl-dev] Minor bug in custom TLS extensions In-Reply-To: References: Message-ID: On Thu, Aug 27, 2015 at 5:00 PM, Emilia K?sper wrote: > A client should (SHOULD) always repeat extensions on resumption though, as > it can't know whether the resumption will be accepted. > > Do you have a specific example where you need to save custom extension > state? We can think about extending the API, even though I imagine that > anything that does need to keep state will be too complex and hairy to be > handled by the generic extension mechanism. > > Cheers, > Emilia > > Yes, I need it for the Token Binding Negotiation extension. We negotiate acceptable Token Binding key parameters in this TLS extension. On resumption, the negotiation fails because the server does not include the custom extension in it's server hello. At this point, the client loses the ability to use channel bound tokens. Thanks, Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Fri Aug 28 06:13:14 2015 From: rt at openssl.org (Nicholas Cooper via RT) Date: Fri, 28 Aug 2015 06:13:14 +0000 Subject: [openssl-dev] [openssl.org #4023] Problem solved!!! In-Reply-To: <55DFFBE8.1060303@gmail.com> References: <55DEE3FD.6040107@gmail.com> <55DFFBE8.1060303@gmail.com> Message-ID: Sorry about my noise. The heap overflow was caused by my own code. I allocated wrong size of the buffers for EVP_SealInit() to write the encrypted symmetric-keys into. From a.ankudinov at drweb.com Fri Aug 28 11:05:59 2015 From: a.ankudinov at drweb.com (Arseniy Ankudinov) Date: Fri, 28 Aug 2015 14:05:59 +0300 Subject: [openssl-dev] [PATCH] GOST engine and custom paramsets In-Reply-To: <20150815192954.148e7b47@arkturus.local> References: <55C4521C.1020101@drweb.com> <20150815192954.148e7b47@arkturus.local> Message-ID: <55E04097.3000506@drweb.com> 15.08.2015 19:29, Victor Wagner: > On Sat, 15 Aug 2015 14:52:29 +0300 > Dmitry Belyavsky wrote: > >> Hello Arseniy, >> >> On Fri, Aug 7, 2015 at 9:37 AM, Arseniy Ankudinov >> wrote: >> >>> We strictly need use our custom paramsets for GOST algorithms (all >>> of cipher, hash and signature, >>> including X509 and TLS). If most of the functionality may be >>> implemented by "dirty" overriding >>> initialization methods, X509 requires ccgost engine sources >>> patching. >>> >>> Seems 2 ways: >>> 1. Put our paramsets into ccgost sources and simple support for >>> several paramsets in ASN1 hash >>> params serializing. >>> 2. Allow set any paramset from outside. >>> >>> First way seems the simplest, but second - more universal and >>> useful. >>> >> >> The 2nd way is not universal until the GOST algorithms become the >> 1st-class citizens. And becoming the 1st-class citizens is hardly >> possible. So the patch you suggest is engine-specific, and it means >> that it will be unsuitable for any other implementation. > > I think it would be nice to provide ability to set parameters from the > parameter file same way as dsa and ec keys do. I don't like the idea of > running separate command to create parameter file which contain just > curve OID, it is why currently GOST engine accept paramset name as key > generation parameter. But accepting either paramset name or parameter > file with actual curve parameters seems to be feasible. > > S-Blocks for algorithms, derived from GOST 28147-89 also can be handled > this way. > > For MAC it would look like > > openssl dgst -mac gost-mac -macopt paramfile:filename -macopt key:... > > Digest and encryption algorithms now do not have support for calling > control function with arbitrary command from the command line utility, > but control functions present in EVP_MD and EVP_CIPHER structures. > > ASN.1 structures for parameters are defined in the RFC 4357. So presence > of such feature in the reference implementation may influence authors > of other implementations. > > There are various legacy software packages which use non RFC 4357 > parameters for all algorithms, So support for explicitely specifying > parameters would greatly help people who need to interoperate with them, Hmm, your suggestion looks interesting. Yet seen an unsolved problem. Pkey, X509 and key exchange asn1 structures for GOST algorithms store paramsets as OIDs, without parameters embedding. So peers must "know" mapping from OID to parameters, but I don't see good way to set these mappings through high-level APIs. Or set it for s_client tool (non-authenticated), for example. Maybe make it through config? Add sections for 28147&3411/3410-94/3410-2001 paramsets, like this: [new_oids] id-Gost28147-89-My-Paramset = 1.3.6.1.4.1.29690.2.2.1 id-GostR3410-2001-My-Paramset = 1.3.6.1.4.1.29690.2.2.2 [gost_section] paramsets_28147 = my_gost_sblocks paramsets_3410_2001 = my_gost_curves ... [my_gost_sblocks] # similar to X509v3 extensions conf id-Gost28147-89-My-Paramset = ASN1:UTF8String:... [my_gost_curves] id-GostR3410-2001-My-Paramset = ASN1:UTF8String:... >> >> >>> Our current implementation for second way (see attached patch) >>> requires ccgost engine directly >>> using, not only through high-level APIs. >>> >>> Example of usage for X509 (GOST 28147-89, GOST R 34.10-2001 and >>> GOST R 34.11-94, with one paramset >>> for cipher and hash): >>> >>> 1. Add custom paramsets to chains: >>> >>> gost2001_paramset_append( gost2001_custom_paramset ); >>> gost_cipher_list_append( gost89_custom_paramset ); >>> >>> 2. Make private key for certificate: >>> >>> EC_KEY *ec( EC_KEY_new() ); >>> BN_CTX *ctx( BN_CTX_new() ); >>> BN_CTX_start( ctx ); >>> EC_GROUP >>> *grp( EC_GROUP_new_curve_GFp( gost2001_custom_paramset->p, >>> gost2001_custom_paramset->a, gost2001_custom_paramset->b, ctx ) ); >>> EC_GROUP_set_curve_name( grp, NID_id_GostR3410_2001_DrWebParamSet >>> ); EC_POINT *P( EC_POINT_new( grp ) ); >>> EC_POINT_set_affine_coordinates_GFp( grp, P, >>> gost2001_custom_paramset->x, gost2001_custom_paramset->y, ctx ); >>> EC_GROUP_set_generator( grp, P, gost2001_custom_paramset->q, 0 ); >>> EC_KEY_set_group( ec, grp ); >>> BN_CTX_end( ctx ); >>> >>> EVP_PKEY *pkey( EVP_PKEY_new() ); >>> EVP_PKEY_assign( pkey, NID_id_GostR3410_2001, ec ); >>> >>> GOST3410_EX_DATA *ex_data = GOST3410_get_ex_data( pkey ); >>> ex_data->hash_params_nid = NID_id_Gost28147_89_DrWebParamSet; >>> ex_data->cipher_params_nid = NID_id_Gost28147_89_DrWebParamSet; >>> >>> Can this feature be useful for the community? And which way seems >>> be more useful? >>> -- >>> With best regards, Arseniy Ankudinov >>> Software Engineer, Doctor Web Ltd >>> >>> >>> _______________________________________________ >>> openssl-dev mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >>> >>> >> >> > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- With best regards, Arseniy Ankudinov Software Engineer, Doctor Web Ltd From bkaduk at akamai.com Fri Aug 28 15:26:36 2015 From: bkaduk at akamai.com (Kaduk, Ben) Date: Fri, 28 Aug 2015 15:26:36 +0000 Subject: [openssl-dev] [openssl-commits] [openssl] master update In-Reply-To: <1440730637.861691.16364.nullmailer@dev.openssl.org> References: <1440730637.861691.16364.nullmailer@dev.openssl.org> Message-ID: Hi Rich, Ismo, I'm surprised this doesn't cause the compiler to warn/error out (inline) On 8/27/15, 21:57, "Rich Salz" wrote: >The branch master has been updated > via f00a10b89734e84fe80f98ad9e2e77b557c701ae (commit) > from 3c65047d30dacca345d30269b95af4a5c413e8d1 (commit) > > >- Log ----------------------------------------------------------------- >commit f00a10b89734e84fe80f98ad9e2e77b557c701ae >Author: Ismo Puustinen >Date: Fri Aug 7 22:14:47 2015 -0400 > > GH367: Fix dsa keygen for too-short seed > > If the seed value for dsa key generation is too short (< qsize), > return an error. Also update the documentation. > > Signed-off-by: Rich Salz > Reviewed-by: Emilia K?sper > >----------------------------------------------------------------------- > >diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c >index e030cfa..a4fae17 100644 >--- a/crypto/dsa/dsa_gen.c >+++ b/crypto/dsa/dsa_gen.c >@@ -132,18 +132,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, >size_t qbits, > > bits = (bits + 63) / 64 * 64; > >- /* >- * NB: seed_len == 0 is special case: copy generated seed to seed_in >if >- * it is not NULL. >- */ >- if (seed_len && (seed_len < (size_t)qsize)) >- seed_in = NULL; /* seed buffer too small -- ignore */ >- if (seed_len > (size_t)qsize) >- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger >- * SEED, but our internal buffers are >- * restricted to 160 bits */ >- if (seed_in != NULL) >+ if (seed_in != NULL) { >+ if (seed_len < (size_t)qsize) >+ return 0; >+ if (seed_len > (size_t)qsize) { >+ /* Don't overflow seed local variable. */ The comment and code here are a slight mismatch, since qsize is dynamically computed (but limited to three values, the largest of which is used to size the local variable). It's not clear that using SHA256_DIGEST_LENGTH for the check would actually be better, though. >+ seed_len = qsize; >+ } > memcpy(seed, seed_in, seed_len); >+ } > > if ((ctx = BN_CTX_new()) == NULL) > goto err; >@@ -166,20 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, >size_t qbits, > > for (;;) { > for (;;) { /* find q */ >- int seed_is_random; >+ int seed_is_random = seed_in == NULL; This part seems really bogus; seed_is_random is an int, but seed_in is const unsigned char *; the assignment makes no sense. > > /* step 1 */ > if (!BN_GENCB_call(cb, 0, m++)) > goto err; > >- if (!seed_len) { >+ if (seed_is_random) { and this chunk can never execute since seed_is_random was just set to 0 (er, NULL). I guess the intent is to declare the variable in the outer loop? > if (RAND_bytes(seed, qsize) <= 0) > goto err; >- seed_is_random = 1; > } else { >- seed_is_random = 0; >- seed_len = 0; /* use random seed if 'seed_in' turns >out to >- * be bad */ >+ /* If we come back through, use random seed next time. */ >+ seed_in = NULL; and seed_in is never read after this point. > } > memcpy(buf, seed, qsize); > memcpy(buf2, seed, qsize); >diff --git a/doc/crypto/DSA_generate_parameters.pod >b/doc/crypto/DSA_generate_parameters.pod >index d2a0418..92c89a0 100644 >--- a/doc/crypto/DSA_generate_parameters.pod >+++ b/doc/crypto/DSA_generate_parameters.pod >@@ -23,13 +23,12 @@ Deprecated: > DSA_generate_parameters_ex() generates primes p and q and a generator g > for use in the DSA and stores the result in B. > >-B is the length of the prime to be generated; the DSS allows a >-maximum of 1024 bits. >+B is the length of the prime p to be generated. >+For lengths under 2048 bits, the length of q is 160 bits; for lengths >+at least 2048, it is set to 256 bits. The grammar here is slightly unusual; "for lengths of at least 2048 bits" or "for lengths 2048 bits and larger" would feel more natural to me. -Ben > >-If B is B or B E 20, the primes will be >-generated at random. Otherwise, the seed is used to generate >-them. If the given seed does not yield a prime q, a new random >-seed is chosen and placed at B. >+If B is NULL, the primes will be generated at random. >+If B is less than the length of q, an error is returned. > > DSA_generate_parameters_ex() places the iteration count in > *B and a counter used for finding a generator in >_____ >openssl-commits mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits > From rsalz at akamai.com Fri Aug 28 15:34:55 2015 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 28 Aug 2015 15:34:55 +0000 Subject: [openssl-dev] [openssl-commits] [openssl] master update In-Reply-To: References: <1440730637.861691.16364.nullmailer@dev.openssl.org> Message-ID: <3bad7641f908454e951731bae01ee2a3@ustx2ex-dag1mb2.msg.corp.akamai.com> TL;DR -- Don't read the diff, look at the revised code. > The comment and code here are a slight mismatch, since qsize is dynamically > computed (but limited to three values, the largest of which is used to size the > local variable). It's not clear that using SHA256_DIGEST_LENGTH for the > check would actually be better, though. If you can think of a more-c lear comment, let me know. But checking against qsize is the right thing to do. > >+ int seed_is_random = seed_in == NULL; > > This part seems really bogus; seed_is_random is an int, but seed_in is const > unsigned char *; the assignment makes no sense. No, it's like "seed_in == NULL ? 1 : 0" > I guess the intent is to declare the variable in the outer loop? Nope. > and seed_in is never read after this point. It was set up before the loop. > The grammar here is slightly unusual; "for lengths of at least 2048 bits" > or "for lengths 2048 bits and larger" would feel more natural to me. Open a ticket :) From bkaduk at akamai.com Fri Aug 28 15:36:36 2015 From: bkaduk at akamai.com (Kaduk, Ben) Date: Fri, 28 Aug 2015 15:36:36 +0000 Subject: [openssl-dev] [openssl-commits] [openssl] master update In-Reply-To: <3bad7641f908454e951731bae01ee2a3@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <1440730637.861691.16364.nullmailer@dev.openssl.org> <3bad7641f908454e951731bae01ee2a3@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On 8/28/15, 10:34, "Salz, Rich" wrote: >TL;DR -- Don't read the diff, look at the revised code. > >> The comment and code here are a slight mismatch, since qsize is >>dynamically >> computed (but limited to three values, the largest of which is used to >>size the >> local variable). It's not clear that using SHA256_DIGEST_LENGTH for the >> check would actually be better, though. > >If you can think of a more-c lear comment, let me know. But checking >against qsize is the right thing to do. > >> >+ int seed_is_random = seed_in == NULL; >> >> This part seems really bogus; seed_is_random is an int, but seed_in is >>const >> unsigned char *; the assignment makes no sense. > >No, it's like "seed_in == NULL ? 1 : 0" Sigh, need more coffee. Sorry for the noise :( -Ben > >> I guess the intent is to declare the variable in the outer loop? > >Nope. > >> and seed_in is never read after this point. > >It was set up before the loop. > >> The grammar here is slightly unusual; "for lengths of at least 2048 >>bits" >> or "for lengths 2048 bits and larger" would feel more natural to me. > >Open a ticket :) > > From rt at openssl.org Fri Aug 28 15:42:17 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 28 Aug 2015 15:42:17 +0000 Subject: [openssl-dev] [openssl.org #3997] Two pull requests In-Reply-To: References: Message-ID: Both PR's have been committed to master, 1.0.2, 1.0.1; thanks! -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Aug 28 16:04:40 2015 From: rt at openssl.org (Kaduk, Ben via RT) Date: Fri, 28 Aug 2015 16:04:40 +0000 Subject: [openssl-dev] [openssl.org #4024] minor tweaks to dsa_gen In-Reply-To: References: Message-ID: Some tweaks in response to my review comments on f00a10b89734e84fe80 (after Rich pointed out where I was misreading the diff). Also available via https://github.com/kaduk/openssl/commits/dsa (no pull request since it's pretty minor) -Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: dsa.diff Type: application/octet-stream Size: 2608 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Aug 28 16:23:43 2015 From: rt at openssl.org (John Unsworth via RT) Date: Fri, 28 Aug 2015 16:23:43 +0000 Subject: [openssl-dev] [openssl-users] [openssl.org #3804] AutoReply: BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken In-Reply-To: References: Message-ID: I have now successfully built and tested 1.0.2c on Solaris 10 with gcc 4.7.2 from unixpackages.com. ./Configure solaris-sparcv9-gcc no-shared -m32 -fPIC -fvisibility=hidden ./Configure solaris64-sparcv9-gcc no-shared -m64 -fPIC -fvisibility=hidden Looks like Solaris Studio is buggy. This bug should be closed. From rt at openssl.org Fri Aug 28 16:37:22 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 28 Aug 2015 16:37:22 +0000 Subject: [openssl-dev] [openssl.org #3804] BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken In-Reply-To: References: Message-ID: apparently a Sun library bug, closing this report as requested by the original poster. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Aug 28 16:45:30 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 28 Aug 2015 16:45:30 +0000 Subject: [openssl-dev] [openssl.org #4023] heap overflow in openssl-1.0.2d In-Reply-To: <55DEE3FD.6040107@gmail.com> References: <55DEE3FD.6040107@gmail.com> Message-ID: submitted found the bug in his own code. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Aug 28 20:52:49 2015 From: rt at openssl.org (Ken Ballou via RT) Date: Fri, 28 Aug 2015 20:52:49 +0000 Subject: [openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost In-Reply-To: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> References: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> Message-ID: I originally found this in version 1.0.1e, but this also appears to be present in the latest master branch of the git repository. If a DTLS server has been configured to require a cookie exchange, it appears the server never retransmits the HelloVerifyRequest message if the client sends another ClientHello with sequence number zero and no cookie. But, this means that if the HelloVerifyRequest message from the server is lost (it's UDP, so anything can happen), the client will never be able to connect. Is this intentional behavior? I can imagine this may be an attempt to thwart a DoS attack, but it seems the attacker has to do as much work as the system under attack by resending the ClientHello again. I am attaching source code (in C) for a small (single source file) test program to reproduce this. The test program uses separate read and write datagram BIOs to simulate a lost UDP datagram. After the program sends the initial ClientHello and fails to read the HelloVerifyRequest, the user is prompted to press "enter." When the user does so, the program replaces the read BIO in the SSL object with the correct BIO and retries SSL_connect. In a wireshark trace, one can see that the server never resends the HelloVerifyRequest in reply. (Pass the server IP address and port as command line parameters.) I have tested this with "openssl s_server" running on localhost: % ./apps/openssl version OpenSSL 1.1.0-dev xx XXX xxxx % ./apps/openssl s_server -cert keycert.pem -accept 5555 -dtls1 Then: % test-lost-helloverifyrequest 127.0.0.1 5555 - Ken -------------- next part -------------- A non-text attachment was scrubbed... Name: test-lost-helloverifyrequest.c Type: application/octet-stream Size: 2272 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From Michael.Tuexen at lurchi.franken.de Sat Aug 29 08:37:05 2015 From: Michael.Tuexen at lurchi.franken.de (Michael Tuexen) Date: Sat, 29 Aug 2015 10:37:05 +0200 Subject: [openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost In-Reply-To: References: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> Message-ID: <78A7A016-FF52-436A-B105-C67E4DF48492@lurchi.franken.de> > On 28 Aug 2015, at 22:52, Ken Ballou via RT wrote: > > I originally found this in version 1.0.1e, but this also appears to be > present in the latest master branch of the git repository. > > If a DTLS server has been configured to require a cookie exchange, it > appears the server never retransmits the HelloVerifyRequest message if the > client sends another ClientHello with sequence number zero and no cookie. > But, this means that if the HelloVerifyRequest message from the server is > lost (it's UDP, so anything can happen), the client will never be able to > connect. > > Is this intentional behavior? I can imagine this may be an attempt to > thwart a DoS attack, but it seems the attacker has to do as much work as > the system under attack by resending the ClientHello again. The server isn't retransmitting the HelloVerifyRequest message, the client should retransmit the ClientHello. See https://tools.ietf.org/html/rfc6347#section-3.2.1 Best regards Michael > > I am attaching source code (in C) for a small (single source file) test > program to reproduce this. The test program uses separate read and write > datagram BIOs to simulate a lost UDP datagram. After the program sends > the initial ClientHello and fails to read the HelloVerifyRequest, the user > is prompted to press "enter." When the user does so, the program replaces > the read BIO in the SSL object with the correct BIO and retries > SSL_connect. In a wireshark trace, one can see that the server never > resends the HelloVerifyRequest in reply. (Pass the server IP address and > port as command line parameters.) > > I have tested this with "openssl s_server" running on localhost: > > % ./apps/openssl version > OpenSSL 1.1.0-dev xx XXX xxxx > > % ./apps/openssl s_server -cert keycert.pem -accept 5555 -dtls1 > > Then: > > % test-lost-helloverifyrequest 127.0.0.1 5555 > > - Ken > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod_______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rt at openssl.org Sat Aug 29 09:10:28 2015 From: rt at openssl.org (=?UTF-8?B?TWljaGFlbCBUw7x4ZW4=?= via RT) Date: Sat, 29 Aug 2015 09:10:28 +0000 Subject: [openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost In-Reply-To: <78A7A016-FF52-436A-B105-C67E4DF48492@lurchi.franken.de> References: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> <78A7A016-FF52-436A-B105-C67E4DF48492@lurchi.franken.de> Message-ID: > On 28 Aug 2015, at 22:52, Ken Ballou via RT wrote: > > I originally found this in version 1.0.1e, but this also appears to be > present in the latest master branch of the git repository. > > If a DTLS server has been configured to require a cookie exchange, it > appears the server never retransmits the HelloVerifyRequest message if the > client sends another ClientHello with sequence number zero and no cookie. > But, this means that if the HelloVerifyRequest message from the server is > lost (it's UDP, so anything can happen), the client will never be able to > connect. > > Is this intentional behavior? I can imagine this may be an attempt to > thwart a DoS attack, but it seems the attacker has to do as much work as > the system under attack by resending the ClientHello again. The server isn't retransmitting the HelloVerifyRequest message, the client should retransmit the ClientHello. See https://tools.ietf.org/html/rfc6347#section-3.2.1 Best regards Michael > > I am attaching source code (in C) for a small (single source file) test > program to reproduce this. The test program uses separate read and write > datagram BIOs to simulate a lost UDP datagram. After the program sends > the initial ClientHello and fails to read the HelloVerifyRequest, the user > is prompted to press "enter." When the user does so, the program replaces > the read BIO in the SSL object with the correct BIO and retries > SSL_connect. In a wireshark trace, one can see that the server never > resends the HelloVerifyRequest in reply. (Pass the server IP address and > port as command line parameters.) > > I have tested this with "openssl s_server" running on localhost: > > % ./apps/openssl version > OpenSSL 1.1.0-dev xx XXX xxxx > > % ./apps/openssl s_server -cert keycert.pem -accept 5555 -dtls1 > > Then: > > % test-lost-helloverifyrequest 127.0.0.1 5555 > > - Ken > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod_______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rt at openssl.org Sat Aug 29 12:11:32 2015 From: rt at openssl.org (Ken Ballou via RT) Date: Sat, 29 Aug 2015 12:11:32 +0000 Subject: [openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost In-Reply-To: <55E1A17A.3090408@crab.qozzy.com> References: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> <78A7A016-FF52-436A-B105-C67E4DF48492@lurchi.franken.de> <55E1A17A.3090408@crab.qozzy.com> Message-ID: I'm sorry if I did not explain myself well. The message flow I observed and am trying to describe is: ClientHello ----------------------> x----------------- HelloVerifyRequest ClientHello ----------------------> ClientHello ----------------------> ClientHello ----------------------> ClientHello ----------------------> (and the sound of crickets chirping on the server side is deafening). I do understand that the server does not RETRANSMIT the HelloVerifyRequest (and I do understand the reason for that). What I am describing is a failure to RESPOND to a retransmitted ClientHello. - Ken On 8/29/2015 5:10 AM, Michael T?xen via RT wrote: >> On 28 Aug 2015, at 22:52, Ken Ballou via RT wrote: >> >> I originally found this in version 1.0.1e, but this also appears to be >> present in the latest master branch of the git repository. >> >> If a DTLS server has been configured to require a cookie exchange, it >> appears the server never retransmits the HelloVerifyRequest message if the >> client sends another ClientHello with sequence number zero and no cookie. >> But, this means that if the HelloVerifyRequest message from the server is >> lost (it's UDP, so anything can happen), the client will never be able to >> connect. >> >> Is this intentional behavior? I can imagine this may be an attempt to >> thwart a DoS attack, but it seems the attacker has to do as much work as >> the system under attack by resending the ClientHello again. > The server isn't retransmitting the HelloVerifyRequest message, the client > should retransmit the ClientHello. See > https://tools.ietf.org/html/rfc6347#section-3.2.1 > > Best regards > Michael >> I am attaching source code (in C) for a small (single source file) test >> program to reproduce this. The test program uses separate read and write >> datagram BIOs to simulate a lost UDP datagram. After the program sends >> the initial ClientHello and fails to read the HelloVerifyRequest, the user >> is prompted to press "enter." When the user does so, the program replaces >> the read BIO in the SSL object with the correct BIO and retries >> SSL_connect. In a wireshark trace, one can see that the server never >> resends the HelloVerifyRequest in reply. (Pass the server IP address and >> port as command line parameters.) >> >> I have tested this with "openssl s_server" running on localhost: >> >> % ./apps/openssl version >> OpenSSL 1.1.0-dev xx XXX xxxx >> >> % ./apps/openssl s_server -cert keycert.pem -accept 5555 -dtls1 >> >> Then: >> >> % test-lost-helloverifyrequest 127.0.0.1 5555 >> >> - Ken >> _______________________________________________ >> openssl-bugs-mod mailing list >> openssl-bugs-mod at openssl.org >> https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod_______________________________________________ >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > From matt at openssl.org Sat Aug 29 12:38:02 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 29 Aug 2015 13:38:02 +0100 Subject: [openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost In-Reply-To: References: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> <78A7A016-FF52-436A-B105-C67E4DF48492@lurchi.franken.de> <55E1A17A.3090408@crab.qozzy.com> Message-ID: <55E1A7AA.5000203@openssl.org> On 29/08/15 13:11, Ken Ballou via RT wrote: > I'm sorry if I did not explain myself well. > > The message flow I observed and am trying to describe is: > > ClientHello ----------------------> > x----------------- HelloVerifyRequest > ClientHello ----------------------> > ClientHello ----------------------> > ClientHello ----------------------> > ClientHello ----------------------> > (and the sound of crickets chirping on the server side is deafening). > > I do understand that the server does not RETRANSMIT the > HelloVerifyRequest (and I do understand the reason for that). What I am > describing is a failure to RESPOND to a retransmitted ClientHello. The reasons for this are a little complicated I think. When DTLS was first integrated into OpenSSL it was (and still is) largely based on the TLS code. In particular the whole handshake is very connection oriented. Each message in the handshake is given a message sequence number (not to be confused with the record sequence number). So typically you get: ClientHello (no cookie, seq = 0) ----------> <---------- HelloVerifyRequest (seq 0) ClientHello (cookie, seq = 1) ----------> <---------- ServerHello (seq 1) etc In this very connection oriented way of looking at things the server receives the original ClientHello and responds with the HelloVerifyRequest. It then increments its counter to expect message sequence number 1 next from the client. Anything less than sequence number 1 is ignored as a retransmit of a message that the server has already dealt with. Normally (for other messages) a lost message isn't a problem because the server will retransmit the messages its already sent if it doesn't get the message its expecting from the client within a given timeout period. In this case however the RFC expressly prohibits the retransmission of the HelloVerifyRequest. Therefore where the original HelloVerifyRequest gets lost the server is stuck waiting for message sequence 1 to arrive, whilst the client is stuck waiting for the HelloVerifyRequest to be retransmitted (which is never going to happen), whilst retransmitting its original seq=0 ClientHello which the server is ignoring. This connection oriented perspective was never the way that a HelloVerifyRequest was intended to be used. The server is supposed to handle these in a completely stateless way, i.e. it waits for a ClientHello (seq=0) to arrive; sends back a HelloVerifyRequest; and then instantly forgets anything about that and waits for the next ClientHello (seq=0) to arrive. Only when it sees a ClientHello (seq=1) with a valid cookie does the server form a connection and the handshake proceeds as normal. To deal with this stateless way of handling the ClientHello/HelloVerifyRequest a new function was introduced (way back in OpenSSL 0.9.8) called DTLSv1_listen. In the original connection oriented way of doing things a server would just call SSL_accept (or some other function that ultimately calls that) and waits for the handshake to complete. In this stateless way of operating a server application is supposed to call DTLSv1_listen until a ClientHello with a valid cookie is received, and only *then* is it supposed to call SSL_accept. The bug here I think is that when DTLS support was originally added to s_server the DTLSv1_listen function had not been created yet. When DTLSv1_listen was later added, s_server was never updated. So, in summary, I believe this to be an s_server bug, not a libssl bug. We should update s_server to use DTLSv1_listen (and coincidentally I have a patch for the master branch knocking around somewhere to do just that...I'll dig it out). Matt From rt at openssl.org Sat Aug 29 12:38:04 2015 From: rt at openssl.org (Matt Caswell via RT) Date: Sat, 29 Aug 2015 12:38:04 +0000 Subject: [openssl-dev] [openssl.org #4025] Bug? DTLS server does not respond if HelloVerifyRequest message lost In-Reply-To: <55E1A7AA.5000203@openssl.org> References: <7281728eba68ed01c314d3e6e82fae30.squirrel@ebmail.qozzy.net> <78A7A016-FF52-436A-B105-C67E4DF48492@lurchi.franken.de> <55E1A17A.3090408@crab.qozzy.com> <55E1A7AA.5000203@openssl.org> Message-ID: On 29/08/15 13:11, Ken Ballou via RT wrote: > I'm sorry if I did not explain myself well. > > The message flow I observed and am trying to describe is: > > ClientHello ----------------------> > x----------------- HelloVerifyRequest > ClientHello ----------------------> > ClientHello ----------------------> > ClientHello ----------------------> > ClientHello ----------------------> > (and the sound of crickets chirping on the server side is deafening). > > I do understand that the server does not RETRANSMIT the > HelloVerifyRequest (and I do understand the reason for that). What I am > describing is a failure to RESPOND to a retransmitted ClientHello. The reasons for this are a little complicated I think. When DTLS was first integrated into OpenSSL it was (and still is) largely based on the TLS code. In particular the whole handshake is very connection oriented. Each message in the handshake is given a message sequence number (not to be confused with the record sequence number). So typically you get: ClientHello (no cookie, seq = 0) ----------> <---------- HelloVerifyRequest (seq 0) ClientHello (cookie, seq = 1) ----------> <---------- ServerHello (seq 1) etc In this very connection oriented way of looking at things the server receives the original ClientHello and responds with the HelloVerifyRequest. It then increments its counter to expect message sequence number 1 next from the client. Anything less than sequence number 1 is ignored as a retransmit of a message that the server has already dealt with. Normally (for other messages) a lost message isn't a problem because the server will retransmit the messages its already sent if it doesn't get the message its expecting from the client within a given timeout period. In this case however the RFC expressly prohibits the retransmission of the HelloVerifyRequest. Therefore where the original HelloVerifyRequest gets lost the server is stuck waiting for message sequence 1 to arrive, whilst the client is stuck waiting for the HelloVerifyRequest to be retransmitted (which is never going to happen), whilst retransmitting its original seq=0 ClientHello which the server is ignoring. This connection oriented perspective was never the way that a HelloVerifyRequest was intended to be used. The server is supposed to handle these in a completely stateless way, i.e. it waits for a ClientHello (seq=0) to arrive; sends back a HelloVerifyRequest; and then instantly forgets anything about that and waits for the next ClientHello (seq=0) to arrive. Only when it sees a ClientHello (seq=1) with a valid cookie does the server form a connection and the handshake proceeds as normal. To deal with this stateless way of handling the ClientHello/HelloVerifyRequest a new function was introduced (way back in OpenSSL 0.9.8) called DTLSv1_listen. In the original connection oriented way of doing things a server would just call SSL_accept (or some other function that ultimately calls that) and waits for the handshake to complete. In this stateless way of operating a server application is supposed to call DTLSv1_listen until a ClientHello with a valid cookie is received, and only *then* is it supposed to call SSL_accept. The bug here I think is that when DTLS support was originally added to s_server the DTLSv1_listen function had not been created yet. When DTLSv1_listen was later added, s_server was never updated. So, in summary, I believe this to be an s_server bug, not a libssl bug. We should update s_server to use DTLSv1_listen (and coincidentally I have a patch for the master branch knocking around somewhere to do just that...I'll dig it out). Matt From rt at openssl.org Mon Aug 31 17:49:23 2015 From: rt at openssl.org (Rich Salz via RT) Date: Mon, 31 Aug 2015 17:49:23 +0000 Subject: [openssl-dev] [openssl.org #4024] minor tweaks to dsa_gen In-Reply-To: References: Message-ID: Fixed in master, 1.0.2, 1.0.1 -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Wed Aug 5 01:20:35 2015 From: rt at openssl.org (John Chow via RT) Date: Wed, 05 Aug 2015 01:20:35 -0000 Subject: [openssl-dev] [openssl.org #3983] unresolved external (___iob_func) with 1.0.1p using VS2015 In-Reply-To: References: Message-ID: Hi, I've been using 3noch's instructions for building OpenSSL 1.0.1 using Visual Studio here : http://developer.covenanteyes.com/building-openssl-for-visual-studio/ These steps build fine for both VS2012 and VS2013 with 1.0.1p, but there is a link issue when using VS2015 (VC14). The last line of my output is: link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\John\AppData\Local\Temp\nmF77B.tmp constant_time_test.obj : error LNK2019: unresolved external symbol ___iob_func referenced in function _main out32\constant_time_test.exe : fatal error LNK1120: 1 unresolved externals I've attached my complete output of nmake -f ms\nt.mak Tested with 1.0.1p (and o). On Windows 8.1 64bit with VS2012, 2013 and 2015 (fail case). /John -------------- next part -------------- Building OpenSSL perl util/mkdir-p.pl "tmp32" created directory `tmp32' perl util/mkdir-p.pl "out32" created directory `out32' perl util/mkdir-p.pl "inc32" created directory `inc32' perl util/mkdir-p.pl "inc32\openssl" created directory `inc32/openssl' perl util/copy.pl ".\.\e_os.h" "tmp32\e_os.h" Copying: ././e_os.h to tmp32/e_os.h perl util/copy.pl ".\crypto\cryptlib.h" "tmp32\cryptlib.h" Copying: ./crypto/cryptlib.h to tmp32/cryptlib.h perl util/copy.pl ".\crypto\buildinf.h" "tmp32\buildinf.h" Copying: ./crypto/buildinf.h to tmp32/buildinf.h perl util/copy.pl ".\crypto\md32_common.h" "tmp32\md32_common.h" Copying: ./crypto/md32_common.h to tmp32/md32_common.h perl util/copy.pl ".\crypto\o_time.h" "tmp32\o_time.h" Copying: ./crypto/o_time.h to tmp32/o_time.h perl util/copy.pl ".\crypto\o_str.h" "tmp32\o_str.h" Copying: ./crypto/o_str.h to tmp32/o_str.h perl util/copy.pl ".\crypto\o_dir.h" "tmp32\o_dir.h" Copying: ./crypto/o_dir.h to tmp32/o_dir.h perl util/copy.pl ".\crypto\constant_time_locl.h" "tmp32\constant_time_locl.h" Copying: ./crypto/constant_time_locl.h to tmp32/constant_time_locl.h perl util/copy.pl ".\crypto\md4\md4_locl.h" "tmp32\md4_locl.h" Copying: ./crypto/md4/md4_locl.h to tmp32/md4_locl.h perl util/copy.pl ".\crypto\md5\md5_locl.h" "tmp32\md5_locl.h" Copying: ./crypto/md5/md5_locl.h to tmp32/md5_locl.h perl util/copy.pl ".\crypto\sha\sha_locl.h" "tmp32\sha_locl.h" Copying: ./crypto/sha/sha_locl.h to tmp32/sha_locl.h perl util/copy.pl ".\crypto\ripemd\rmd_locl.h" "tmp32\rmd_locl.h" Copying: ./crypto/ripemd/rmd_locl.h to tmp32/rmd_locl.h perl util/copy.pl ".\crypto\ripemd\rmdconst.h" "tmp32\rmdconst.h" Copying: ./crypto/ripemd/rmdconst.h to tmp32/rmdconst.h perl util/copy.pl ".\crypto\des\des_locl.h" "tmp32\des_locl.h" Copying: ./crypto/des/des_locl.h to tmp32/des_locl.h perl util/copy.pl ".\crypto\des\rpc_des.h" "tmp32\rpc_des.h" Copying: ./crypto/des/rpc_des.h to tmp32/rpc_des.h perl util/copy.pl ".\crypto\des\spr.h" "tmp32\spr.h" Copying: ./crypto/des/spr.h to tmp32/spr.h perl util/copy.pl ".\crypto\des\des_ver.h" "tmp32\des_ver.h" Copying: ./crypto/des/des_ver.h to tmp32/des_ver.h perl util/copy.pl ".\crypto\rc2\rc2_locl.h" "tmp32\rc2_locl.h" Copying: ./crypto/rc2/rc2_locl.h to tmp32/rc2_locl.h perl util/copy.pl ".\crypto\rc4\rc4_locl.h" "tmp32\rc4_locl.h" Copying: ./crypto/rc4/rc4_locl.h to tmp32/rc4_locl.h perl util/copy.pl ".\crypto\idea\idea_lcl.h" "tmp32\idea_lcl.h" Copying: ./crypto/idea/idea_lcl.h to tmp32/idea_lcl.h perl util/copy.pl ".\crypto\bf\bf_pi.h" "tmp32\bf_pi.h" Copying: ./crypto/bf/bf_pi.h to tmp32/bf_pi.h perl util/copy.pl ".\crypto\bf\bf_locl.h" "tmp32\bf_locl.h" Copying: ./crypto/bf/bf_locl.h to tmp32/bf_locl.h perl util/copy.pl ".\crypto\cast\cast_s.h" "tmp32\cast_s.h" Copying: ./crypto/cast/cast_s.h to tmp32/cast_s.h perl util/copy.pl ".\crypto\cast\cast_lcl.h" "tmp32\cast_lcl.h" Copying: ./crypto/cast/cast_lcl.h to tmp32/cast_lcl.h perl util/copy.pl ".\crypto\aes\aes_locl.h" "tmp32\aes_locl.h" Copying: ./crypto/aes/aes_locl.h to tmp32/aes_locl.h perl util/copy.pl ".\crypto\camellia\cmll_locl.h" "tmp32\cmll_locl.h" Copying: ./crypto/camellia/cmll_locl.h to tmp32/cmll_locl.h perl util/copy.pl ".\crypto\seed\seed_locl.h" "tmp32\seed_locl.h" Copying: ./crypto/seed/seed_locl.h to tmp32/seed_locl.h perl util/copy.pl ".\crypto\modes\modes_lcl.h" "tmp32\modes_lcl.h" Copying: ./crypto/modes/modes_lcl.h to tmp32/modes_lcl.h perl util/copy.pl ".\crypto\bn\bn_lcl.h" "tmp32\bn_lcl.h" Copying: ./crypto/bn/bn_lcl.h to tmp32/bn_lcl.h perl util/copy.pl ".\crypto\bn\bn_prime.h" "tmp32\bn_prime.h" Copying: ./crypto/bn/bn_prime.h to tmp32/bn_prime.h perl util/copy.pl ".\crypto\dsa\dsa_locl.h" "tmp32\dsa_locl.h" Copying: ./crypto/dsa/dsa_locl.h to tmp32/dsa_locl.h perl util/copy.pl ".\crypto\ec\ec_lcl.h" "tmp32\ec_lcl.h" Copying: ./crypto/ec/ec_lcl.h to tmp32/ec_lcl.h perl util/copy.pl ".\crypto\ecdh\ech_locl.h" "tmp32\ech_locl.h" Copying: ./crypto/ecdh/ech_locl.h to tmp32/ech_locl.h perl util/copy.pl ".\crypto\ecdsa\ecs_locl.h" "tmp32\ecs_locl.h" Copying: ./crypto/ecdsa/ecs_locl.h to tmp32/ecs_locl.h perl util/copy.pl ".\crypto\bio\bio_lcl.h" "tmp32\bio_lcl.h" Copying: ./crypto/bio/bio_lcl.h to tmp32/bio_lcl.h perl util/copy.pl ".\crypto\objects\obj_dat.h" "tmp32\obj_dat.h" Copying: ./crypto/objects/obj_dat.h to tmp32/obj_dat.h perl util/copy.pl ".\crypto\objects\obj_xref.h" "tmp32\obj_xref.h" Copying: ./crypto/objects/obj_xref.h to tmp32/obj_xref.h perl util/copy.pl ".\crypto\evp\evp_locl.h" "tmp32\evp_locl.h" Copying: ./crypto/evp/evp_locl.h to tmp32/evp_locl.h perl util/copy.pl ".\crypto\asn1\asn1_locl.h" "tmp32\asn1_locl.h" Copying: ./crypto/asn1/asn1_locl.h to tmp32/asn1_locl.h perl util/copy.pl ".\crypto\x509v3\pcy_int.h" "tmp32\pcy_int.h" Copying: ./crypto/x509v3/pcy_int.h to tmp32/pcy_int.h perl util/copy.pl ".\crypto\cms\cms_lcl.h" "tmp32\cms_lcl.h" Copying: ./crypto/cms/cms_lcl.h to tmp32/cms_lcl.h perl util/copy.pl ".\crypto\conf\conf_def.h" "tmp32\conf_def.h" Copying: ./crypto/conf/conf_def.h to tmp32/conf_def.h perl util/copy.pl ".\crypto\ui\ui_locl.h" "tmp32\ui_locl.h" Copying: ./crypto/ui/ui_locl.h to tmp32/ui_locl.h perl util/copy.pl ".\crypto\whrlpool\wp_locl.h" "tmp32\wp_locl.h" Copying: ./crypto/whrlpool/wp_locl.h to tmp32/wp_locl.h perl util/copy.pl ".\ssl\ssl_locl.h" "tmp32\ssl_locl.h" Copying: ./ssl/ssl_locl.h to tmp32/ssl_locl.h perl util/copy.pl ".\ssl\kssl_lcl.h" "tmp32\kssl_lcl.h" Copying: ./ssl/kssl_lcl.h to tmp32/kssl_lcl.h perl util/copy.pl ".\apps\apps.h" "tmp32\apps.h" Copying: ./apps/apps.h to tmp32/apps.h perl util/copy.pl ".\apps\progs.h" "tmp32\progs.h" Copying: ./apps/progs.h to tmp32/progs.h perl util/copy.pl ".\apps\s_apps.h" "tmp32\s_apps.h" Copying: ./apps/s_apps.h to tmp32/s_apps.h perl util/copy.pl ".\apps\testdsa.h" "tmp32\testdsa.h" Copying: ./apps/testdsa.h to tmp32/testdsa.h perl util/copy.pl ".\apps\testrsa.h" "tmp32\testrsa.h" Copying: ./apps/testrsa.h to tmp32/testrsa.h perl util/copy.pl ".\engines\e_4758cca_err.c" "tmp32\e_4758cca_err.c" Copying: ./engines/e_4758cca_err.c to tmp32/e_4758cca_err.c perl util/copy.pl ".\engines\e_4758cca_err.h" "tmp32\e_4758cca_err.h" Copying: ./engines/e_4758cca_err.h to tmp32/e_4758cca_err.h perl util/copy.pl ".\engines\e_aep_err.c" "tmp32\e_aep_err.c" Copying: ./engines/e_aep_err.c to tmp32/e_aep_err.c perl util/copy.pl ".\engines\e_aep_err.h" "tmp32\e_aep_err.h" Copying: ./engines/e_aep_err.h to tmp32/e_aep_err.h perl util/copy.pl ".\engines\e_atalla_err.c" "tmp32\e_atalla_err.c" Copying: ./engines/e_atalla_err.c to tmp32/e_atalla_err.c perl util/copy.pl ".\engines\e_atalla_err.h" "tmp32\e_atalla_err.h" Copying: ./engines/e_atalla_err.h to tmp32/e_atalla_err.h perl util/copy.pl ".\engines\e_cswift_err.c" "tmp32\e_cswift_err.c" Copying: ./engines/e_cswift_err.c to tmp32/e_cswift_err.c perl util/copy.pl ".\engines\e_cswift_err.h" "tmp32\e_cswift_err.h" Copying: ./engines/e_cswift_err.h to tmp32/e_cswift_err.h perl util/copy.pl ".\engines\e_gmp_err.c" "tmp32\e_gmp_err.c" Copying: ./engines/e_gmp_err.c to tmp32/e_gmp_err.c perl util/copy.pl ".\engines\e_gmp_err.h" "tmp32\e_gmp_err.h" Copying: ./engines/e_gmp_err.h to tmp32/e_gmp_err.h perl util/copy.pl ".\engines\e_chil_err.c" "tmp32\e_chil_err.c" Copying: ./engines/e_chil_err.c to tmp32/e_chil_err.c perl util/copy.pl ".\engines\e_chil_err.h" "tmp32\e_chil_err.h" Copying: ./engines/e_chil_err.h to tmp32/e_chil_err.h perl util/copy.pl ".\engines\e_nuron_err.c" "tmp32\e_nuron_err.c" Copying: ./engines/e_nuron_err.c to tmp32/e_nuron_err.c perl util/copy.pl ".\engines\e_nuron_err.h" "tmp32\e_nuron_err.h" Copying: ./engines/e_nuron_err.h to tmp32/e_nuron_err.h perl util/copy.pl ".\engines\e_sureware_err.c" "tmp32\e_sureware_err.c" Copying: ./engines/e_sureware_err.c to tmp32/e_sureware_err.c perl util/copy.pl ".\engines\e_sureware_err.h" "tmp32\e_sureware_err.h" Copying: ./engines/e_sureware_err.h to tmp32/e_sureware_err.h perl util/copy.pl ".\engines\e_ubsec_err.c" "tmp32\e_ubsec_err.c" Copying: ./engines/e_ubsec_err.c to tmp32/e_ubsec_err.c perl util/copy.pl ".\engines\e_ubsec_err.h" "tmp32\e_ubsec_err.h" Copying: ./engines/e_ubsec_err.h to tmp32/e_ubsec_err.h perl util/copy.pl ".\engines\e_capi_err.c" "tmp32\e_capi_err.c" Copying: ./engines/e_capi_err.c to tmp32/e_capi_err.c perl util/copy.pl ".\engines\e_capi_err.h" "tmp32\e_capi_err.h" Copying: ./engines/e_capi_err.h to tmp32/e_capi_err.h perl util/copy.pl ".\.\e_os2.h" "inc32\openssl\e_os2.h" Copying: ././e_os2.h to inc32/openssl/e_os2.h perl util/copy.pl ".\crypto\crypto.h" "inc32\openssl\crypto.h" Copying: ./crypto/crypto.h to inc32/openssl/crypto.h perl util/copy.pl ".\crypto\opensslv.h" "inc32\openssl\opensslv.h" Copying: ./crypto/opensslv.h to inc32/openssl/opensslv.h perl util/copy.pl ".\crypto\opensslconf.h" "inc32\openssl\opensslconf.h" Copying: ./crypto/opensslconf.h to inc32/openssl/opensslconf.h perl util/copy.pl ".\crypto\ebcdic.h" "inc32\openssl\ebcdic.h" Copying: ./crypto/ebcdic.h to inc32/openssl/ebcdic.h perl util/copy.pl ".\crypto\symhacks.h" "inc32\openssl\symhacks.h" Copying: ./crypto/symhacks.h to inc32/openssl/symhacks.h perl util/copy.pl ".\crypto\ossl_typ.h" "inc32\openssl\ossl_typ.h" Copying: ./crypto/ossl_typ.h to inc32/openssl/ossl_typ.h perl util/copy.pl ".\crypto\md4\md4.h" "inc32\openssl\md4.h" Copying: ./crypto/md4/md4.h to inc32/openssl/md4.h perl util/copy.pl ".\crypto\md5\md5.h" "inc32\openssl\md5.h" Copying: ./crypto/md5/md5.h to inc32/openssl/md5.h perl util/copy.pl ".\crypto\sha\sha.h" "inc32\openssl\sha.h" Copying: ./crypto/sha/sha.h to inc32/openssl/sha.h perl util/copy.pl ".\crypto\mdc2\mdc2.h" "inc32\openssl\mdc2.h" Copying: ./crypto/mdc2/mdc2.h to inc32/openssl/mdc2.h perl util/copy.pl ".\crypto\hmac\hmac.h" "inc32\openssl\hmac.h" Copying: ./crypto/hmac/hmac.h to inc32/openssl/hmac.h perl util/copy.pl ".\crypto\cmac\cmac.h" "inc32\openssl\cmac.h" Copying: ./crypto/cmac/cmac.h to inc32/openssl/cmac.h perl util/copy.pl ".\crypto\ripemd\ripemd.h" "inc32\openssl\ripemd.h" Copying: ./crypto/ripemd/ripemd.h to inc32/openssl/ripemd.h perl util/copy.pl ".\crypto\des\des.h" "inc32\openssl\des.h" Copying: ./crypto/des/des.h to inc32/openssl/des.h perl util/copy.pl ".\crypto\des\des_old.h" "inc32\openssl\des_old.h" Copying: ./crypto/des/des_old.h to inc32/openssl/des_old.h perl util/copy.pl ".\crypto\rc2\rc2.h" "inc32\openssl\rc2.h" Copying: ./crypto/rc2/rc2.h to inc32/openssl/rc2.h perl util/copy.pl ".\crypto\rc4\rc4.h" "inc32\openssl\rc4.h" Copying: ./crypto/rc4/rc4.h to inc32/openssl/rc4.h perl util/copy.pl ".\crypto\idea\idea.h" "inc32\openssl\idea.h" Copying: ./crypto/idea/idea.h to inc32/openssl/idea.h perl util/copy.pl ".\crypto\bf\blowfish.h" "inc32\openssl\blowfish.h" Copying: ./crypto/bf/blowfish.h to inc32/openssl/blowfish.h perl util/copy.pl ".\crypto\cast\cast.h" "inc32\openssl\cast.h" Copying: ./crypto/cast/cast.h to inc32/openssl/cast.h perl util/copy.pl ".\crypto\aes\aes.h" "inc32\openssl\aes.h" Copying: ./crypto/aes/aes.h to inc32/openssl/aes.h perl util/copy.pl ".\crypto\camellia\camellia.h" "inc32\openssl\camellia.h" Copying: ./crypto/camellia/camellia.h to inc32/openssl/camellia.h perl util/copy.pl ".\crypto\seed\seed.h" "inc32\openssl\seed.h" Copying: ./crypto/seed/seed.h to inc32/openssl/seed.h perl util/copy.pl ".\crypto\modes\modes.h" "inc32\openssl\modes.h" Copying: ./crypto/modes/modes.h to inc32/openssl/modes.h perl util/copy.pl ".\crypto\bn\bn.h" "inc32\openssl\bn.h" Copying: ./crypto/bn/bn.h to inc32/openssl/bn.h perl util/copy.pl ".\crypto\rsa\rsa.h" "inc32\openssl\rsa.h" Copying: ./crypto/rsa/rsa.h to inc32/openssl/rsa.h perl util/copy.pl ".\crypto\dsa\dsa.h" "inc32\openssl\dsa.h" Copying: ./crypto/dsa/dsa.h to inc32/openssl/dsa.h perl util/copy.pl ".\crypto\dso\dso.h" "inc32\openssl\dso.h" Copying: ./crypto/dso/dso.h to inc32/openssl/dso.h perl util/copy.pl ".\crypto\dh\dh.h" "inc32\openssl\dh.h" Copying: ./crypto/dh/dh.h to inc32/openssl/dh.h perl util/copy.pl ".\crypto\ec\ec.h" "inc32\openssl\ec.h" Copying: ./crypto/ec/ec.h to inc32/openssl/ec.h perl util/copy.pl ".\crypto\ecdh\ecdh.h" "inc32\openssl\ecdh.h" Copying: ./crypto/ecdh/ecdh.h to inc32/openssl/ecdh.h perl util/copy.pl ".\crypto\ecdsa\ecdsa.h" "inc32\openssl\ecdsa.h" Copying: ./crypto/ecdsa/ecdsa.h to inc32/openssl/ecdsa.h perl util/copy.pl ".\crypto\buffer\buffer.h" "inc32\openssl\buffer.h" Copying: ./crypto/buffer/buffer.h to inc32/openssl/buffer.h perl util/copy.pl ".\crypto\bio\bio.h" "inc32\openssl\bio.h" Copying: ./crypto/bio/bio.h to inc32/openssl/bio.h perl util/copy.pl ".\crypto\stack\stack.h" "inc32\openssl\stack.h" Copying: ./crypto/stack/stack.h to inc32/openssl/stack.h perl util/copy.pl ".\crypto\stack\safestack.h" "inc32\openssl\safestack.h" Copying: ./crypto/stack/safestack.h to inc32/openssl/safestack.h perl util/copy.pl ".\crypto\lhash\lhash.h" "inc32\openssl\lhash.h" Copying: ./crypto/lhash/lhash.h to inc32/openssl/lhash.h perl util/copy.pl ".\crypto\rand\rand.h" "inc32\openssl\rand.h" Copying: ./crypto/rand/rand.h to inc32/openssl/rand.h perl util/copy.pl ".\crypto\err\err.h" "inc32\openssl\err.h" Copying: ./crypto/err/err.h to inc32/openssl/err.h perl util/copy.pl ".\crypto\objects\objects.h" "inc32\openssl\objects.h" Copying: ./crypto/objects/objects.h to inc32/openssl/objects.h perl util/copy.pl ".\crypto\objects\obj_mac.h" "inc32\openssl\obj_mac.h" Copying: ./crypto/objects/obj_mac.h to inc32/openssl/obj_mac.h perl util/copy.pl ".\crypto\evp\evp.h" "inc32\openssl\evp.h" Copying: ./crypto/evp/evp.h to inc32/openssl/evp.h perl util/copy.pl ".\crypto\asn1\asn1.h" "inc32\openssl\asn1.h" Copying: ./crypto/asn1/asn1.h to inc32/openssl/asn1.h perl util/copy.pl ".\crypto\asn1\asn1_mac.h" "inc32\openssl\asn1_mac.h" Copying: ./crypto/asn1/asn1_mac.h to inc32/openssl/asn1_mac.h perl util/copy.pl ".\crypto\asn1\asn1t.h" "inc32\openssl\asn1t.h" Copying: ./crypto/asn1/asn1t.h to inc32/openssl/asn1t.h perl util/copy.pl ".\crypto\pem\pem.h" "inc32\openssl\pem.h" Copying: ./crypto/pem/pem.h to inc32/openssl/pem.h perl util/copy.pl ".\crypto\pem\pem2.h" "inc32\openssl\pem2.h" Copying: ./crypto/pem/pem2.h to inc32/openssl/pem2.h perl util/copy.pl ".\crypto\x509\x509.h" "inc32\openssl\x509.h" Copying: ./crypto/x509/x509.h to inc32/openssl/x509.h perl util/copy.pl ".\crypto\x509\x509_vfy.h" "inc32\openssl\x509_vfy.h" Copying: ./crypto/x509/x509_vfy.h to inc32/openssl/x509_vfy.h perl util/copy.pl ".\crypto\x509v3\x509v3.h" "inc32\openssl\x509v3.h" Copying: ./crypto/x509v3/x509v3.h to inc32/openssl/x509v3.h perl util/copy.pl ".\crypto\cms\cms.h" "inc32\openssl\cms.h" Copying: ./crypto/cms/cms.h to inc32/openssl/cms.h perl util/copy.pl ".\crypto\conf\conf.h" "inc32\openssl\conf.h" Copying: ./crypto/conf/conf.h to inc32/openssl/conf.h perl util/copy.pl ".\crypto\conf\conf_api.h" "inc32\openssl\conf_api.h" Copying: ./crypto/conf/conf_api.h to inc32/openssl/conf_api.h perl util/copy.pl ".\crypto\txt_db\txt_db.h" "inc32\openssl\txt_db.h" Copying: ./crypto/txt_db/txt_db.h to inc32/openssl/txt_db.h perl util/copy.pl ".\crypto\pkcs7\pkcs7.h" "inc32\openssl\pkcs7.h" Copying: ./crypto/pkcs7/pkcs7.h to inc32/openssl/pkcs7.h perl util/copy.pl ".\crypto\pkcs12\pkcs12.h" "inc32\openssl\pkcs12.h" Copying: ./crypto/pkcs12/pkcs12.h to inc32/openssl/pkcs12.h perl util/copy.pl ".\crypto\comp\comp.h" "inc32\openssl\comp.h" Copying: ./crypto/comp/comp.h to inc32/openssl/comp.h perl util/copy.pl ".\crypto\engine\engine.h" "inc32\openssl\engine.h" Copying: ./crypto/engine/engine.h to inc32/openssl/engine.h perl util/copy.pl ".\crypto\ocsp\ocsp.h" "inc32\openssl\ocsp.h" Copying: ./crypto/ocsp/ocsp.h to inc32/openssl/ocsp.h perl util/copy.pl ".\crypto\ui\ui.h" "inc32\openssl\ui.h" Copying: ./crypto/ui/ui.h to inc32/openssl/ui.h perl util/copy.pl ".\crypto\ui\ui_compat.h" "inc32\openssl\ui_compat.h" Copying: ./crypto/ui/ui_compat.h to inc32/openssl/ui_compat.h perl util/copy.pl ".\crypto\krb5\krb5_asn.h" "inc32\openssl\krb5_asn.h" Copying: ./crypto/krb5/krb5_asn.h to inc32/openssl/krb5_asn.h perl util/copy.pl ".\crypto\pqueue\pqueue.h" "inc32\openssl\pqueue.h" Copying: ./crypto/pqueue/pqueue.h to inc32/openssl/pqueue.h perl util/copy.pl ".\crypto\whrlpool\whrlpool.h" "inc32\openssl\whrlpool.h" Copying: ./crypto/whrlpool/whrlpool.h to inc32/openssl/whrlpool.h perl util/copy.pl ".\crypto\ts\ts.h" "inc32\openssl\ts.h" Copying: ./crypto/ts/ts.h to inc32/openssl/ts.h perl util/copy.pl ".\crypto\srp\srp.h" "inc32\openssl\srp.h" Copying: ./crypto/srp/srp.h to inc32/openssl/srp.h perl util/copy.pl ".\ssl\ssl.h" "inc32\openssl\ssl.h" Copying: ./ssl/ssl.h to inc32/openssl/ssl.h perl util/copy.pl ".\ssl\ssl2.h" "inc32\openssl\ssl2.h" Copying: ./ssl/ssl2.h to inc32/openssl/ssl2.h perl util/copy.pl ".\ssl\ssl3.h" "inc32\openssl\ssl3.h" Copying: ./ssl/ssl3.h to inc32/openssl/ssl3.h perl util/copy.pl ".\ssl\ssl23.h" "inc32\openssl\ssl23.h" Copying: ./ssl/ssl23.h to inc32/openssl/ssl23.h perl util/copy.pl ".\ssl\tls1.h" "inc32\openssl\tls1.h" Copying: ./ssl/tls1.h to inc32/openssl/tls1.h perl util/copy.pl ".\ssl\dtls1.h" "inc32\openssl\dtls1.h" Copying: ./ssl/dtls1.h to inc32/openssl/dtls1.h perl util/copy.pl ".\ssl\kssl.h" "inc32\openssl\kssl.h" Copying: ./ssl/kssl.h to inc32/openssl/kssl.h perl util/copy.pl ".\ssl\srtp.h" "inc32\openssl\srtp.h" Copying: ./ssl/srtp.h to inc32/openssl/srtp.h cl /Fotmp32\cryptlib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cryptlib.c cryptlib.c cl /Fotmp32\mem.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\mem.c mem.c cl /Fotmp32\mem_dbg.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\mem_dbg.c mem_dbg.c cl /Fotmp32\cversion.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -DMK1MF_BUILD -DMK1MF_PLATFORM_VC_WIN32 -c .\crypto\cversion.c cversion.c cl /Fotmp32\ex_data.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ex_data.c ex_data.c cl /Fotmp32\cpt_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cpt_err.c cpt_err.c cl /Fotmp32\ebcdic.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ebcdic.c ebcdic.c cl /Fotmp32\uid.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\uid.c uid.c cl /Fotmp32\o_time.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\o_time.c o_time.c cl /Fotmp32\o_str.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\o_str.c o_str.c cl /Fotmp32\o_dir.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\o_dir.c o_dir.c cl /Fotmp32\o_fips.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\o_fips.c o_fips.c cl /Fotmp32\o_init.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\o_init.c o_init.c cl /Fotmp32\fips_ers.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\fips_ers.c fips_ers.c perl crypto\x86cpuid.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\x86cpuid.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\x86cpuid.obj tmp32\x86cpuid.asm Assembling: tmp32\x86cpuid.asm cl /Fotmp32\md4_dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\md4\md4_dgst.c md4_dgst.c cl /Fotmp32\md4_one.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\md4\md4_one.c md4_one.c cl /Fotmp32\md5_dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\md5\md5_dgst.c md5_dgst.c cl /Fotmp32\md5_one.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\md5\md5_one.c md5_one.c perl crypto\md5\asm\md5-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\md5-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\md5-586.obj tmp32\md5-586.asm Assembling: tmp32\md5-586.asm cl /Fotmp32\sha_dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\sha\sha_dgst.c sha_dgst.c cl /Fotmp32\sha1dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\sha\sha1dgst.c sha1dgst.c cl /Fotmp32\sha_one.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\sha\sha_one.c sha_one.c cl /Fotmp32\sha1_one.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\sha\sha1_one.c sha1_one.c cl /Fotmp32\sha256.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\sha\sha256.c sha256.c cl /Fotmp32\sha512.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\sha\sha512.c sha512.c perl crypto\sha\asm\sha1-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\sha1-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\sha1-586.obj tmp32\sha1-586.asm Assembling: tmp32\sha1-586.asm perl crypto\sha\asm\sha256-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\sha256-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\sha256-586.obj tmp32\sha256-586.asm Assembling: tmp32\sha256-586.asm perl crypto\sha\asm\sha512-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\sha512-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\sha512-586.obj tmp32\sha512-586.asm Assembling: tmp32\sha512-586.asm cl /Fotmp32\mdc2dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\mdc2\mdc2dgst.c mdc2dgst.c cl /Fotmp32\mdc2_one.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\mdc2\mdc2_one.c mdc2_one.c cl /Fotmp32\hmac.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\hmac\hmac.c hmac.c cl /Fotmp32\hm_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\hmac\hm_ameth.c hm_ameth.c cl /Fotmp32\hm_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\hmac\hm_pmeth.c hm_pmeth.c cl /Fotmp32\cmac.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cmac\cmac.c cmac.c cl /Fotmp32\cm_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cmac\cm_ameth.c cm_ameth.c cl /Fotmp32\cm_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cmac\cm_pmeth.c cm_pmeth.c cl /Fotmp32\rmd_dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ripemd\rmd_dgst.c rmd_dgst.c cl /Fotmp32\rmd_one.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ripemd\rmd_one.c rmd_one.c perl crypto\ripemd\asm\rmd-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\rmd-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\rmd-586.obj tmp32\rmd-586.asm Assembling: tmp32\rmd-586.asm cl /Fotmp32\set_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\set_key.c set_key.c cl /Fotmp32\ecb_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\ecb_enc.c ecb_enc.c cl /Fotmp32\cbc_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\cbc_enc.c cbc_enc.c cl /Fotmp32\ecb3_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\ecb3_enc.c ecb3_enc.c cl /Fotmp32\cfb64enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\cfb64enc.c cfb64enc.c cl /Fotmp32\cfb64ede.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\cfb64ede.c cfb64ede.c cl /Fotmp32\cfb_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\cfb_enc.c cfb_enc.c cl /Fotmp32\ofb64ede.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\ofb64ede.c ofb64ede.c cl /Fotmp32\enc_read.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\enc_read.c enc_read.c cl /Fotmp32\enc_writ.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\enc_writ.c enc_writ.c cl /Fotmp32\ofb64enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\ofb64enc.c ofb64enc.c cl /Fotmp32\ofb_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\ofb_enc.c ofb_enc.c cl /Fotmp32\str2key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\str2key.c str2key.c cl /Fotmp32\pcbc_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\pcbc_enc.c pcbc_enc.c cl /Fotmp32\qud_cksm.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\qud_cksm.c qud_cksm.c cl /Fotmp32\rand_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\rand_key.c rand_key.c perl crypto\des\asm\des-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\des-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\des-586.obj tmp32\des-586.asm Assembling: tmp32\des-586.asm perl crypto\des\asm\crypt586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\crypt586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\crypt586.obj tmp32\crypt586.asm Assembling: tmp32\crypt586.asm cl /Fotmp32\fcrypt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\fcrypt.c fcrypt.c cl /Fotmp32\xcbc_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\xcbc_enc.c xcbc_enc.c cl /Fotmp32\rpc_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\rpc_enc.c rpc_enc.c cl /Fotmp32\cbc_cksm.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\cbc_cksm.c cbc_cksm.c cl /Fotmp32\ede_cbcm_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\ede_cbcm_enc.c ede_cbcm_enc.c cl /Fotmp32\des_old.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\des_old.c des_old.c cl /Fotmp32\des_old2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\des_old2.c des_old2.c cl /Fotmp32\read2pwd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\des\read2pwd.c read2pwd.c cl /Fotmp32\rc2_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rc2\rc2_ecb.c rc2_ecb.c cl /Fotmp32\rc2_skey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rc2\rc2_skey.c rc2_skey.c cl /Fotmp32\rc2_cbc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rc2\rc2_cbc.c rc2_cbc.c cl /Fotmp32\rc2cfb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rc2\rc2cfb64.c rc2cfb64.c cl /Fotmp32\rc2ofb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rc2\rc2ofb64.c rc2ofb64.c perl crypto\rc4\asm\rc4-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\rc4-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\rc4-586.obj tmp32\rc4-586.asm Assembling: tmp32\rc4-586.asm cl /Fotmp32\rc4_utl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rc4\rc4_utl.c rc4_utl.c cl /Fotmp32\i_cbc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\idea\i_cbc.c i_cbc.c cl /Fotmp32\i_cfb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\idea\i_cfb64.c i_cfb64.c cl /Fotmp32\i_ofb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\idea\i_ofb64.c i_ofb64.c cl /Fotmp32\i_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\idea\i_ecb.c i_ecb.c cl /Fotmp32\i_skey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\idea\i_skey.c i_skey.c cl /Fotmp32\bf_skey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bf\bf_skey.c bf_skey.c cl /Fotmp32\bf_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bf\bf_ecb.c bf_ecb.c perl crypto\bf\asm\bf-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\bf-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\bf-586.obj tmp32\bf-586.asm Assembling: tmp32\bf-586.asm cl /Fotmp32\bf_cfb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bf\bf_cfb64.c bf_cfb64.c cl /Fotmp32\bf_ofb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bf\bf_ofb64.c bf_ofb64.c cl /Fotmp32\c_skey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cast\c_skey.c c_skey.c cl /Fotmp32\c_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cast\c_ecb.c c_ecb.c perl crypto\cast\asm\cast-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\cast-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\cast-586.obj tmp32\cast-586.asm Assembling: tmp32\cast-586.asm cl /Fotmp32\c_cfb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cast\c_cfb64.c c_cfb64.c cl /Fotmp32\c_ofb64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cast\c_ofb64.c c_ofb64.c cl /Fotmp32\aes_misc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_misc.c aes_misc.c cl /Fotmp32\aes_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_ecb.c aes_ecb.c cl /Fotmp32\aes_cfb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_cfb.c aes_cfb.c cl /Fotmp32\aes_ofb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_ofb.c aes_ofb.c cl /Fotmp32\aes_ctr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_ctr.c aes_ctr.c cl /Fotmp32\aes_ige.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_ige.c aes_ige.c cl /Fotmp32\aes_wrap.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\aes\aes_wrap.c aes_wrap.c perl crypto\aes\asm\aes-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\aes-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\aes-586.obj tmp32\aes-586.asm Assembling: tmp32\aes-586.asm perl crypto\aes\asm\vpaes-x86.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\vpaes-x86.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\vpaes-x86.obj tmp32\vpaes-x86.asm Assembling: tmp32\vpaes-x86.asm perl crypto\aes\asm\aesni-x86.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\aesni-x86.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\aesni-x86.obj tmp32\aesni-x86.asm Assembling: tmp32\aesni-x86.asm cl /Fotmp32\cmll_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\camellia\cmll_ecb.c cmll_ecb.c cl /Fotmp32\cmll_ofb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\camellia\cmll_ofb.c cmll_ofb.c cl /Fotmp32\cmll_cfb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\camellia\cmll_cfb.c cmll_cfb.c cl /Fotmp32\cmll_ctr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\camellia\cmll_ctr.c cmll_ctr.c cl /Fotmp32\cmll_utl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\camellia\cmll_utl.c cmll_utl.c perl crypto\camellia\asm\cmll-x86.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\cmll-x86.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\cmll-x86.obj tmp32\cmll-x86.asm Assembling: tmp32\cmll-x86.asm cl /Fotmp32\seed.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\seed\seed.c seed.c cl /Fotmp32\seed_ecb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\seed\seed_ecb.c seed_ecb.c cl /Fotmp32\seed_cbc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\seed\seed_cbc.c seed_cbc.c cl /Fotmp32\seed_cfb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\seed\seed_cfb.c seed_cfb.c cl /Fotmp32\seed_ofb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\seed\seed_ofb.c seed_ofb.c cl /Fotmp32\cbc128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\cbc128.c cbc128.c cl /Fotmp32\ctr128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\ctr128.c ctr128.c cl /Fotmp32\cts128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\cts128.c cts128.c cl /Fotmp32\cfb128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\cfb128.c cfb128.c cl /Fotmp32\ofb128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\ofb128.c ofb128.c cl /Fotmp32\gcm128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\gcm128.c gcm128.c cl /Fotmp32\ccm128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\ccm128.c ccm128.c cl /Fotmp32\xts128.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\modes\xts128.c xts128.c perl crypto\modes\asm\ghash-x86.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\ghash-x86.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\ghash-x86.obj tmp32\ghash-x86.asm Assembling: tmp32\ghash-x86.asm cl /Fotmp32\bn_add.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_add.c bn_add.c cl /Fotmp32\bn_div.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_div.c bn_div.c cl /Fotmp32\bn_exp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_exp.c bn_exp.c cl /Fotmp32\bn_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_lib.c bn_lib.c cl /Fotmp32\bn_ctx.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_ctx.c bn_ctx.c cl /Fotmp32\bn_mul.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_mul.c bn_mul.c cl /Fotmp32\bn_mod.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_mod.c bn_mod.c cl /Fotmp32\bn_print.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_print.c bn_print.c cl /Fotmp32\bn_rand.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_rand.c bn_rand.c cl /Fotmp32\bn_shift.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_shift.c bn_shift.c cl /Fotmp32\bn_word.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_word.c bn_word.c cl /Fotmp32\bn_blind.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_blind.c bn_blind.c cl /Fotmp32\bn_kron.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_kron.c bn_kron.c cl /Fotmp32\bn_sqrt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_sqrt.c bn_sqrt.c cl /Fotmp32\bn_gcd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_gcd.c bn_gcd.c cl /Fotmp32\bn_prime.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_prime.c bn_prime.c cl /Fotmp32\bn_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_err.c bn_err.c cl /Fotmp32\bn_sqr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_sqr.c bn_sqr.c perl crypto\bn\asm\bn-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\bn-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\bn-586.obj tmp32\bn-586.asm Assembling: tmp32\bn-586.asm perl crypto\bn\asm\co-586.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\co-586.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\co-586.obj tmp32\co-586.asm Assembling: tmp32\co-586.asm perl crypto\bn\asm\x86-mont.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\x86-mont.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\x86-mont.obj tmp32\x86-mont.asm Assembling: tmp32\x86-mont.asm perl crypto\bn\asm\x86-gf2m.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\x86-gf2m.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\x86-gf2m.obj tmp32\x86-gf2m.asm Assembling: tmp32\x86-gf2m.asm cl /Fotmp32\bn_recp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_recp.c bn_recp.c cl /Fotmp32\bn_mont.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_mont.c bn_mont.c cl /Fotmp32\bn_mpi.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_mpi.c bn_mpi.c cl /Fotmp32\bn_exp2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_exp2.c bn_exp2.c cl /Fotmp32\bn_gf2m.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_gf2m.c bn_gf2m.c cl /Fotmp32\bn_nist.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_nist.c bn_nist.c cl /Fotmp32\bn_depr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_depr.c bn_depr.c cl /Fotmp32\bn_const.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_const.c bn_const.c cl /Fotmp32\bn_x931p.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bn\bn_x931p.c bn_x931p.c cl /Fotmp32\rsa_eay.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_eay.c rsa_eay.c cl /Fotmp32\rsa_gen.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_gen.c rsa_gen.c cl /Fotmp32\rsa_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_lib.c rsa_lib.c cl /Fotmp32\rsa_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_sign.c rsa_sign.c cl /Fotmp32\rsa_saos.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_saos.c rsa_saos.c cl /Fotmp32\rsa_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_err.c rsa_err.c cl /Fotmp32\rsa_pk1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_pk1.c rsa_pk1.c cl /Fotmp32\rsa_ssl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_ssl.c rsa_ssl.c cl /Fotmp32\rsa_none.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_none.c rsa_none.c cl /Fotmp32\rsa_oaep.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_oaep.c rsa_oaep.c cl /Fotmp32\rsa_chk.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_chk.c rsa_chk.c cl /Fotmp32\rsa_null.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_null.c rsa_null.c cl /Fotmp32\rsa_pss.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_pss.c rsa_pss.c cl /Fotmp32\rsa_x931.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_x931.c rsa_x931.c cl /Fotmp32\rsa_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_asn1.c rsa_asn1.c cl /Fotmp32\rsa_depr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_depr.c rsa_depr.c cl /Fotmp32\rsa_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_ameth.c rsa_ameth.c cl /Fotmp32\rsa_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_prn.c rsa_prn.c cl /Fotmp32\rsa_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_pmeth.c rsa_pmeth.c cl /Fotmp32\rsa_crpt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rsa\rsa_crpt.c rsa_crpt.c cl /Fotmp32\dsa_gen.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_gen.c dsa_gen.c cl /Fotmp32\dsa_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_key.c dsa_key.c cl /Fotmp32\dsa_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_lib.c dsa_lib.c cl /Fotmp32\dsa_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_asn1.c dsa_asn1.c cl /Fotmp32\dsa_vrf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_vrf.c dsa_vrf.c cl /Fotmp32\dsa_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_sign.c dsa_sign.c cl /Fotmp32\dsa_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_err.c dsa_err.c cl /Fotmp32\dsa_ossl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_ossl.c dsa_ossl.c cl /Fotmp32\dsa_depr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_depr.c dsa_depr.c cl /Fotmp32\dsa_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_ameth.c dsa_ameth.c cl /Fotmp32\dsa_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_pmeth.c dsa_pmeth.c cl /Fotmp32\dsa_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dsa\dsa_prn.c dsa_prn.c cl /Fotmp32\dso_dl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_dl.c dso_dl.c cl /Fotmp32\dso_dlfcn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_dlfcn.c dso_dlfcn.c cl /Fotmp32\dso_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_err.c dso_err.c cl /Fotmp32\dso_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_lib.c dso_lib.c cl /Fotmp32\dso_null.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_null.c dso_null.c cl /Fotmp32\dso_openssl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_openssl.c dso_openssl.c cl /Fotmp32\dso_win32.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_win32.c dso_win32.c cl /Fotmp32\dso_vms.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_vms.c dso_vms.c cl /Fotmp32\dso_beos.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dso\dso_beos.c dso_beos.c cl /Fotmp32\dh_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_asn1.c dh_asn1.c cl /Fotmp32\dh_gen.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_gen.c dh_gen.c cl /Fotmp32\dh_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_key.c dh_key.c cl /Fotmp32\dh_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_lib.c dh_lib.c cl /Fotmp32\dh_check.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_check.c dh_check.c cl /Fotmp32\dh_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_err.c dh_err.c cl /Fotmp32\dh_depr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_depr.c dh_depr.c cl /Fotmp32\dh_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_ameth.c dh_ameth.c cl /Fotmp32\dh_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_pmeth.c dh_pmeth.c cl /Fotmp32\dh_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\dh\dh_prn.c dh_prn.c cl /Fotmp32\ec_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_lib.c ec_lib.c cl /Fotmp32\ecp_smpl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_smpl.c ecp_smpl.c cl /Fotmp32\ecp_mont.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_mont.c ecp_mont.c cl /Fotmp32\ecp_nist.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_nist.c ecp_nist.c cl /Fotmp32\ec_cvt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_cvt.c ec_cvt.c cl /Fotmp32\ec_mult.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_mult.c ec_mult.c cl /Fotmp32\ec_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_err.c ec_err.c cl /Fotmp32\ec_curve.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_curve.c ec_curve.c cl /Fotmp32\ec_check.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_check.c ec_check.c cl /Fotmp32\ec_print.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_print.c ec_print.c cl /Fotmp32\ec_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_asn1.c ec_asn1.c cl /Fotmp32\ec_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_key.c ec_key.c cl /Fotmp32\ec2_smpl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec2_smpl.c ec2_smpl.c cl /Fotmp32\ec2_mult.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec2_mult.c ec2_mult.c cl /Fotmp32\ec_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_ameth.c ec_ameth.c cl /Fotmp32\ec_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_pmeth.c ec_pmeth.c cl /Fotmp32\eck_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\eck_prn.c eck_prn.c cl /Fotmp32\ecp_nistp224.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_nistp224.c ecp_nistp224.c cl /Fotmp32\ecp_nistp256.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_nistp256.c ecp_nistp256.c cl /Fotmp32\ecp_nistp521.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_nistp521.c ecp_nistp521.c cl /Fotmp32\ecp_nistputil.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_nistputil.c ecp_nistputil.c cl /Fotmp32\ecp_oct.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ecp_oct.c ecp_oct.c cl /Fotmp32\ec2_oct.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec2_oct.c ec2_oct.c cl /Fotmp32\ec_oct.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ec\ec_oct.c ec_oct.c cl /Fotmp32\ech_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdh\ech_lib.c ech_lib.c cl /Fotmp32\ech_ossl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdh\ech_ossl.c ech_ossl.c cl /Fotmp32\ech_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdh\ech_key.c ech_key.c cl /Fotmp32\ech_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdh\ech_err.c ech_err.c cl /Fotmp32\ecs_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdsa\ecs_lib.c ecs_lib.c cl /Fotmp32\ecs_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdsa\ecs_asn1.c ecs_asn1.c cl /Fotmp32\ecs_ossl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdsa\ecs_ossl.c ecs_ossl.c cl /Fotmp32\ecs_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdsa\ecs_sign.c ecs_sign.c cl /Fotmp32\ecs_vrf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdsa\ecs_vrf.c ecs_vrf.c cl /Fotmp32\ecs_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ecdsa\ecs_err.c ecs_err.c cl /Fotmp32\buffer.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\buffer\buffer.c buffer.c cl /Fotmp32\buf_str.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\buffer\buf_str.c buf_str.c cl /Fotmp32\buf_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\buffer\buf_err.c buf_err.c cl /Fotmp32\bio_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bio_lib.c bio_lib.c cl /Fotmp32\bio_cb.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bio_cb.c bio_cb.c cl /Fotmp32\bio_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bio_err.c bio_err.c cl /Fotmp32\bss_mem.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_mem.c bss_mem.c cl /Fotmp32\bss_null.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_null.c bss_null.c cl /Fotmp32\bss_fd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_fd.c bss_fd.c cl /Fotmp32\bss_file.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_file.c bss_file.c cl /Fotmp32\bss_sock.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_sock.c bss_sock.c cl /Fotmp32\bss_conn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_conn.c bss_conn.c cl /Fotmp32\bf_null.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bf_null.c bf_null.c cl /Fotmp32\bf_buff.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bf_buff.c bf_buff.c cl /Fotmp32\b_print.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\b_print.c b_print.c .\crypto\bio\b_print.c(381): warning C4267: '=': conversion from 'size_t' to 'short', possible loss of data cl /Fotmp32\b_dump.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\b_dump.c b_dump.c cl /Fotmp32\b_sock.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\b_sock.c b_sock.c .\crypto\bio\b_sock.c(373): warning C4996: 'gethostbyname': Use getaddrinfo() or GetAddrInfoW() instead or define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings C:\Program Files (x86)\Windows Kits\8.1\include\um\winsock2.h(2238): note: see declaration of 'gethostbyname' cl /Fotmp32\bss_acpt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_acpt.c bss_acpt.c cl /Fotmp32\bf_nbio.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bf_nbio.c bf_nbio.c cl /Fotmp32\bss_log.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_log.c bss_log.c cl /Fotmp32\bss_bio.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_bio.c bss_bio.c cl /Fotmp32\bss_dgram.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\bio\bss_dgram.c bss_dgram.c cl /Fotmp32\stack.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\stack\stack.c stack.c cl /Fotmp32\lhash.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\lhash\lhash.c lhash.c cl /Fotmp32\lh_stats.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\lhash\lh_stats.c lh_stats.c cl /Fotmp32\md_rand.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\md_rand.c md_rand.c cl /Fotmp32\randfile.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\randfile.c randfile.c cl /Fotmp32\rand_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_lib.c rand_lib.c cl /Fotmp32\rand_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_err.c rand_err.c cl /Fotmp32\rand_egd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_egd.c rand_egd.c cl /Fotmp32\rand_win.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_win.c rand_win.c cl /Fotmp32\rand_unix.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_unix.c rand_unix.c cl /Fotmp32\rand_os2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_os2.c rand_os2.c cl /Fotmp32\rand_nw.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_nw.c rand_nw.c cl /Fotmp32\err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\err\err.c err.c cl /Fotmp32\err_all.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\err\err_all.c err_all.c cl /Fotmp32\err_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\err\err_prn.c err_prn.c cl /Fotmp32\o_names.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\objects\o_names.c o_names.c cl /Fotmp32\obj_dat.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\objects\obj_dat.c obj_dat.c cl /Fotmp32\obj_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\objects\obj_lib.c obj_lib.c cl /Fotmp32\obj_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\objects\obj_err.c obj_err.c cl /Fotmp32\obj_xref.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\objects\obj_xref.c obj_xref.c cl /Fotmp32\encode.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\encode.c encode.c cl /Fotmp32\digest.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\digest.c digest.c cl /Fotmp32\evp_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_enc.c evp_enc.c cl /Fotmp32\evp_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_key.c evp_key.c cl /Fotmp32\evp_acnf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_acnf.c evp_acnf.c cl /Fotmp32\evp_cnf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_cnf.c evp_cnf.c cl /Fotmp32\e_des.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_des.c e_des.c cl /Fotmp32\e_bf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_bf.c e_bf.c cl /Fotmp32\e_idea.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_idea.c e_idea.c cl /Fotmp32\e_des3.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_des3.c e_des3.c cl /Fotmp32\e_camellia.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_camellia.c e_camellia.c cl /Fotmp32\e_rc4.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_rc4.c e_rc4.c cl /Fotmp32\e_aes.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_aes.c e_aes.c cl /Fotmp32\names.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\names.c names.c cl /Fotmp32\e_seed.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_seed.c e_seed.c cl /Fotmp32\e_xcbc_d.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_xcbc_d.c e_xcbc_d.c cl /Fotmp32\e_rc2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_rc2.c e_rc2.c cl /Fotmp32\e_cast.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_cast.c e_cast.c cl /Fotmp32\e_rc5.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_rc5.c e_rc5.c cl /Fotmp32\m_null.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_null.c m_null.c cl /Fotmp32\m_md4.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_md4.c m_md4.c cl /Fotmp32\m_md5.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_md5.c m_md5.c cl /Fotmp32\m_sha.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_sha.c m_sha.c cl /Fotmp32\m_sha1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_sha1.c m_sha1.c cl /Fotmp32\m_wp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_wp.c m_wp.c cl /Fotmp32\m_dss.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_dss.c m_dss.c cl /Fotmp32\m_dss1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_dss1.c m_dss1.c cl /Fotmp32\m_mdc2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_mdc2.c m_mdc2.c cl /Fotmp32\m_ripemd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_ripemd.c m_ripemd.c cl /Fotmp32\m_ecdsa.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_ecdsa.c m_ecdsa.c cl /Fotmp32\p_open.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_open.c p_open.c cl /Fotmp32\p_seal.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_seal.c p_seal.c cl /Fotmp32\p_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_sign.c p_sign.c cl /Fotmp32\p_verify.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_verify.c p_verify.c cl /Fotmp32\p_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_lib.c p_lib.c cl /Fotmp32\p_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_enc.c p_enc.c cl /Fotmp32\p_dec.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p_dec.c p_dec.c cl /Fotmp32\bio_md.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\bio_md.c bio_md.c cl /Fotmp32\bio_b64.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\bio_b64.c bio_b64.c cl /Fotmp32\bio_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\bio_enc.c bio_enc.c cl /Fotmp32\evp_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_err.c evp_err.c cl /Fotmp32\e_null.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_null.c e_null.c cl /Fotmp32\c_all.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\c_all.c c_all.c cl /Fotmp32\c_allc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\c_allc.c c_allc.c cl /Fotmp32\c_alld.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\c_alld.c c_alld.c cl /Fotmp32\evp_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_lib.c evp_lib.c cl /Fotmp32\bio_ok.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\bio_ok.c bio_ok.c cl /Fotmp32\evp_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_pkey.c evp_pkey.c cl /Fotmp32\evp_pbe.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_pbe.c evp_pbe.c cl /Fotmp32\p5_crpt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p5_crpt.c p5_crpt.c cl /Fotmp32\p5_crpt2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\p5_crpt2.c p5_crpt2.c cl /Fotmp32\e_old.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_old.c e_old.c cl /Fotmp32\pmeth_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\pmeth_lib.c pmeth_lib.c cl /Fotmp32\pmeth_fn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\pmeth_fn.c pmeth_fn.c cl /Fotmp32\pmeth_gn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\pmeth_gn.c pmeth_gn.c cl /Fotmp32\m_sigver.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\m_sigver.c m_sigver.c cl /Fotmp32\evp_fips.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\evp_fips.c evp_fips.c cl /Fotmp32\e_aes_cbc_hmac_sha1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha1.c cl /Fotmp32\e_rc4_hmac_md5.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\evp\e_rc4_hmac_md5.c e_rc4_hmac_md5.c cl /Fotmp32\a_object.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_object.c a_object.c cl /Fotmp32\a_bitstr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_bitstr.c a_bitstr.c cl /Fotmp32\a_utctm.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_utctm.c a_utctm.c cl /Fotmp32\a_gentm.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_gentm.c a_gentm.c cl /Fotmp32\a_time.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_time.c a_time.c cl /Fotmp32\a_int.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_int.c a_int.c cl /Fotmp32\a_octet.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_octet.c a_octet.c cl /Fotmp32\a_print.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_print.c a_print.c cl /Fotmp32\a_type.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_type.c a_type.c cl /Fotmp32\a_set.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_set.c a_set.c cl /Fotmp32\a_dup.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_dup.c a_dup.c cl /Fotmp32\a_d2i_fp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_d2i_fp.c a_d2i_fp.c cl /Fotmp32\a_i2d_fp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_i2d_fp.c a_i2d_fp.c cl /Fotmp32\a_enum.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_enum.c a_enum.c cl /Fotmp32\a_utf8.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_utf8.c a_utf8.c cl /Fotmp32\a_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_sign.c a_sign.c cl /Fotmp32\a_digest.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_digest.c a_digest.c cl /Fotmp32\a_verify.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_verify.c a_verify.c cl /Fotmp32\a_mbstr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_mbstr.c a_mbstr.c cl /Fotmp32\a_strex.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_strex.c a_strex.c cl /Fotmp32\x_algor.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_algor.c x_algor.c cl /Fotmp32\x_val.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_val.c x_val.c cl /Fotmp32\x_pubkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_pubkey.c x_pubkey.c cl /Fotmp32\x_sig.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_sig.c x_sig.c cl /Fotmp32\x_req.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_req.c x_req.c cl /Fotmp32\x_attrib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_attrib.c x_attrib.c cl /Fotmp32\x_bignum.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_bignum.c x_bignum.c cl /Fotmp32\x_long.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_long.c x_long.c cl /Fotmp32\x_name.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_name.c x_name.c cl /Fotmp32\x_x509.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_x509.c x_x509.c cl /Fotmp32\x_x509a.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_x509a.c x_x509a.c cl /Fotmp32\x_crl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_crl.c x_crl.c cl /Fotmp32\x_info.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_info.c x_info.c cl /Fotmp32\x_spki.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_spki.c x_spki.c cl /Fotmp32\nsseq.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\nsseq.c nsseq.c cl /Fotmp32\x_nx509.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_nx509.c x_nx509.c cl /Fotmp32\d2i_pu.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\d2i_pu.c d2i_pu.c cl /Fotmp32\d2i_pr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\d2i_pr.c d2i_pr.c cl /Fotmp32\i2d_pu.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\i2d_pu.c i2d_pu.c cl /Fotmp32\i2d_pr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\i2d_pr.c i2d_pr.c cl /Fotmp32\t_req.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_req.c t_req.c cl /Fotmp32\t_x509.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_x509.c t_x509.c cl /Fotmp32\t_x509a.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_x509a.c t_x509a.c cl /Fotmp32\t_crl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_crl.c t_crl.c cl /Fotmp32\t_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_pkey.c t_pkey.c cl /Fotmp32\t_spki.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_spki.c t_spki.c cl /Fotmp32\t_bitst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\t_bitst.c t_bitst.c cl /Fotmp32\tasn_new.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_new.c tasn_new.c cl /Fotmp32\tasn_fre.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_fre.c tasn_fre.c cl /Fotmp32\tasn_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_enc.c tasn_enc.c cl /Fotmp32\tasn_dec.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_dec.c tasn_dec.c cl /Fotmp32\tasn_utl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_utl.c tasn_utl.c cl /Fotmp32\tasn_typ.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_typ.c tasn_typ.c cl /Fotmp32\tasn_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\tasn_prn.c tasn_prn.c cl /Fotmp32\ameth_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\ameth_lib.c ameth_lib.c cl /Fotmp32\f_int.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\f_int.c f_int.c cl /Fotmp32\f_string.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\f_string.c f_string.c cl /Fotmp32\n_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\n_pkey.c n_pkey.c cl /Fotmp32\f_enum.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\f_enum.c f_enum.c cl /Fotmp32\x_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_pkey.c x_pkey.c cl /Fotmp32\a_bool.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_bool.c a_bool.c cl /Fotmp32\x_exten.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\x_exten.c x_exten.c cl /Fotmp32\bio_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\bio_asn1.c bio_asn1.c cl /Fotmp32\bio_ndef.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\bio_ndef.c bio_ndef.c cl /Fotmp32\asn_mime.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn_mime.c asn_mime.c cl /Fotmp32\asn1_gen.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn1_gen.c asn1_gen.c cl /Fotmp32\asn1_par.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn1_par.c asn1_par.c cl /Fotmp32\asn1_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn1_lib.c asn1_lib.c cl /Fotmp32\asn1_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn1_err.c asn1_err.c cl /Fotmp32\a_bytes.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_bytes.c a_bytes.c cl /Fotmp32\a_strnid.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\a_strnid.c a_strnid.c cl /Fotmp32\evp_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\evp_asn1.c evp_asn1.c cl /Fotmp32\asn_pack.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn_pack.c asn_pack.c cl /Fotmp32\p5_pbe.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\p5_pbe.c p5_pbe.c cl /Fotmp32\p5_pbev2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\p5_pbev2.c p5_pbev2.c cl /Fotmp32\p8_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\p8_pkey.c p8_pkey.c cl /Fotmp32\asn_moid.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\asn1\asn_moid.c asn_moid.c cl /Fotmp32\pem_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_sign.c pem_sign.c cl /Fotmp32\pem_seal.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_seal.c pem_seal.c cl /Fotmp32\pem_info.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_info.c pem_info.c cl /Fotmp32\pem_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_lib.c pem_lib.c cl /Fotmp32\pem_all.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_all.c pem_all.c cl /Fotmp32\pem_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_err.c pem_err.c cl /Fotmp32\pem_x509.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_x509.c pem_x509.c cl /Fotmp32\pem_xaux.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_xaux.c pem_xaux.c cl /Fotmp32\pem_oth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_oth.c pem_oth.c cl /Fotmp32\pem_pk8.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_pk8.c pem_pk8.c cl /Fotmp32\pem_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pem_pkey.c pem_pkey.c cl /Fotmp32\pvkfmt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pem\pvkfmt.c pvkfmt.c cl /Fotmp32\x509_def.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_def.c x509_def.c cl /Fotmp32\x509_d2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_d2.c x509_d2.c cl /Fotmp32\x509_r2x.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_r2x.c x509_r2x.c cl /Fotmp32\x509_cmp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_cmp.c x509_cmp.c cl /Fotmp32\x509_obj.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_obj.c x509_obj.c cl /Fotmp32\x509_req.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_req.c x509_req.c cl /Fotmp32\x509spki.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509spki.c x509spki.c cl /Fotmp32\x509_vfy.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_vfy.c x509_vfy.c cl /Fotmp32\x509_set.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_set.c x509_set.c cl /Fotmp32\x509cset.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509cset.c x509cset.c cl /Fotmp32\x509rset.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509rset.c x509rset.c cl /Fotmp32\x509_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_err.c x509_err.c cl /Fotmp32\x509name.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509name.c x509name.c cl /Fotmp32\x509_v3.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_v3.c x509_v3.c cl /Fotmp32\x509_ext.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_ext.c x509_ext.c cl /Fotmp32\x509_att.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_att.c x509_att.c cl /Fotmp32\x509type.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509type.c x509type.c cl /Fotmp32\x509_lu.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_lu.c x509_lu.c cl /Fotmp32\x_all.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x_all.c x_all.c cl /Fotmp32\x509_txt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_txt.c x509_txt.c cl /Fotmp32\x509_trs.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_trs.c x509_trs.c cl /Fotmp32\by_file.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\by_file.c by_file.c cl /Fotmp32\by_dir.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\by_dir.c by_dir.c cl /Fotmp32\x509_vpm.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509\x509_vpm.c x509_vpm.c cl /Fotmp32\v3_bcons.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_bcons.c v3_bcons.c cl /Fotmp32\v3_bitst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_bitst.c v3_bitst.c cl /Fotmp32\v3_conf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_conf.c v3_conf.c cl /Fotmp32\v3_extku.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_extku.c v3_extku.c cl /Fotmp32\v3_ia5.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_ia5.c v3_ia5.c cl /Fotmp32\v3_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_lib.c v3_lib.c cl /Fotmp32\v3_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_prn.c v3_prn.c cl /Fotmp32\v3_utl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_utl.c v3_utl.c cl /Fotmp32\v3err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3err.c v3err.c cl /Fotmp32\v3_genn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_genn.c v3_genn.c cl /Fotmp32\v3_alt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_alt.c v3_alt.c cl /Fotmp32\v3_skey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_skey.c v3_skey.c cl /Fotmp32\v3_akey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_akey.c v3_akey.c cl /Fotmp32\v3_pku.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_pku.c v3_pku.c cl /Fotmp32\v3_int.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_int.c v3_int.c cl /Fotmp32\v3_enum.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_enum.c v3_enum.c cl /Fotmp32\v3_sxnet.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_sxnet.c v3_sxnet.c cl /Fotmp32\v3_cpols.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_cpols.c v3_cpols.c cl /Fotmp32\v3_crld.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_crld.c v3_crld.c cl /Fotmp32\v3_purp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_purp.c v3_purp.c cl /Fotmp32\v3_info.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_info.c v3_info.c cl /Fotmp32\v3_ocsp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_ocsp.c v3_ocsp.c cl /Fotmp32\v3_akeya.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_akeya.c v3_akeya.c cl /Fotmp32\v3_pmaps.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_pmaps.c v3_pmaps.c cl /Fotmp32\v3_pcons.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_pcons.c v3_pcons.c cl /Fotmp32\v3_ncons.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_ncons.c v3_ncons.c cl /Fotmp32\v3_pcia.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_pcia.c v3_pcia.c cl /Fotmp32\v3_pci.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_pci.c v3_pci.c cl /Fotmp32\pcy_cache.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\pcy_cache.c pcy_cache.c cl /Fotmp32\pcy_node.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\pcy_node.c pcy_node.c cl /Fotmp32\pcy_data.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\pcy_data.c pcy_data.c cl /Fotmp32\pcy_map.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\pcy_map.c pcy_map.c cl /Fotmp32\pcy_tree.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\pcy_tree.c pcy_tree.c cl /Fotmp32\pcy_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\pcy_lib.c pcy_lib.c cl /Fotmp32\v3_asid.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_asid.c v3_asid.c cl /Fotmp32\v3_addr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\x509v3\v3_addr.c v3_addr.c cl /Fotmp32\cms_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_lib.c cms_lib.c cl /Fotmp32\cms_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_asn1.c cms_asn1.c cl /Fotmp32\cms_att.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_att.c cms_att.c cl /Fotmp32\cms_io.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_io.c cms_io.c cl /Fotmp32\cms_smime.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_smime.c cms_smime.c cl /Fotmp32\cms_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_err.c cms_err.c cl /Fotmp32\cms_sd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_sd.c cms_sd.c cl /Fotmp32\cms_dd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_dd.c cms_dd.c cl /Fotmp32\cms_cd.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_cd.c cms_cd.c cl /Fotmp32\cms_env.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_env.c cms_env.c cl /Fotmp32\cms_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_enc.c cms_enc.c cl /Fotmp32\cms_ess.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_ess.c cms_ess.c cl /Fotmp32\cms_pwri.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\cms\cms_pwri.c cms_pwri.c cl /Fotmp32\conf_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_err.c conf_err.c cl /Fotmp32\conf_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_lib.c conf_lib.c cl /Fotmp32\conf_api.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_api.c conf_api.c cl /Fotmp32\conf_def.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_def.c conf_def.c cl /Fotmp32\conf_mod.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_mod.c conf_mod.c cl /Fotmp32\conf_mall.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_mall.c conf_mall.c cl /Fotmp32\conf_sap.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\conf\conf_sap.c conf_sap.c cl /Fotmp32\txt_db.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\txt_db\txt_db.c txt_db.c cl /Fotmp32\pk7_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pk7_asn1.c pk7_asn1.c cl /Fotmp32\pk7_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pk7_lib.c pk7_lib.c cl /Fotmp32\pkcs7err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pkcs7err.c pkcs7err.c cl /Fotmp32\pk7_doit.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pk7_doit.c pk7_doit.c cl /Fotmp32\pk7_smime.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pk7_smime.c pk7_smime.c cl /Fotmp32\pk7_attr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pk7_attr.c pk7_attr.c cl /Fotmp32\pk7_mime.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\pk7_mime.c pk7_mime.c cl /Fotmp32\bio_pk7.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs7\bio_pk7.c bio_pk7.c cl /Fotmp32\p12_add.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_add.c p12_add.c cl /Fotmp32\p12_asn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_asn.c p12_asn.c cl /Fotmp32\p12_attr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_attr.c p12_attr.c cl /Fotmp32\p12_crpt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_crpt.c p12_crpt.c cl /Fotmp32\p12_crt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_crt.c p12_crt.c cl /Fotmp32\p12_decr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_decr.c p12_decr.c cl /Fotmp32\p12_init.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_init.c p12_init.c cl /Fotmp32\p12_key.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_key.c p12_key.c cl /Fotmp32\p12_kiss.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_kiss.c p12_kiss.c cl /Fotmp32\p12_mutl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_mutl.c p12_mutl.c cl /Fotmp32\p12_utl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_utl.c p12_utl.c cl /Fotmp32\p12_npas.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_npas.c p12_npas.c cl /Fotmp32\pk12err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\pk12err.c pk12err.c cl /Fotmp32\p12_p8d.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_p8d.c p12_p8d.c cl /Fotmp32\p12_p8e.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pkcs12\p12_p8e.c p12_p8e.c cl /Fotmp32\comp_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\comp\comp_lib.c comp_lib.c cl /Fotmp32\comp_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\comp\comp_err.c comp_err.c cl /Fotmp32\c_rle.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\comp\c_rle.c c_rle.c cl /Fotmp32\c_zlib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\comp\c_zlib.c c_zlib.c cl /Fotmp32\eng_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_err.c eng_err.c cl /Fotmp32\eng_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_lib.c eng_lib.c cl /Fotmp32\eng_list.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_list.c eng_list.c cl /Fotmp32\eng_init.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_init.c eng_init.c cl /Fotmp32\eng_ctrl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_ctrl.c eng_ctrl.c cl /Fotmp32\eng_table.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_table.c eng_table.c cl /Fotmp32\eng_pkey.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_pkey.c eng_pkey.c cl /Fotmp32\eng_fat.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_fat.c eng_fat.c cl /Fotmp32\eng_all.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_all.c eng_all.c cl /Fotmp32\tb_rsa.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_rsa.c tb_rsa.c cl /Fotmp32\tb_dsa.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_dsa.c tb_dsa.c cl /Fotmp32\tb_ecdsa.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_ecdsa.c tb_ecdsa.c cl /Fotmp32\tb_dh.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_dh.c tb_dh.c cl /Fotmp32\tb_ecdh.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_ecdh.c tb_ecdh.c cl /Fotmp32\tb_rand.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_rand.c tb_rand.c cl /Fotmp32\tb_store.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_store.c tb_store.c cl /Fotmp32\tb_cipher.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_cipher.c tb_cipher.c cl /Fotmp32\tb_digest.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_digest.c tb_digest.c cl /Fotmp32\tb_pkmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_pkmeth.c tb_pkmeth.c cl /Fotmp32\tb_asnmth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\tb_asnmth.c tb_asnmth.c cl /Fotmp32\eng_openssl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_openssl.c eng_openssl.c cl /Fotmp32\eng_cnf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_cnf.c eng_cnf.c cl /Fotmp32\eng_dyn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_dyn.c eng_dyn.c cl /Fotmp32\eng_cryptodev.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_cryptodev.c eng_cryptodev.c cl /Fotmp32\eng_rsax.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_rsax.c eng_rsax.c cl /Fotmp32\eng_rdrand.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\engine\eng_rdrand.c eng_rdrand.c cl /Fotmp32\ocsp_asn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_asn.c ocsp_asn.c cl /Fotmp32\ocsp_ext.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_ext.c ocsp_ext.c cl /Fotmp32\ocsp_ht.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_ht.c ocsp_ht.c cl /Fotmp32\ocsp_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_lib.c ocsp_lib.c cl /Fotmp32\ocsp_cl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_cl.c ocsp_cl.c cl /Fotmp32\ocsp_srv.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_srv.c ocsp_srv.c cl /Fotmp32\ocsp_prn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_prn.c ocsp_prn.c cl /Fotmp32\ocsp_vfy.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_vfy.c ocsp_vfy.c cl /Fotmp32\ocsp_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ocsp\ocsp_err.c ocsp_err.c cl /Fotmp32\ui_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ui\ui_err.c ui_err.c cl /Fotmp32\ui_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ui\ui_lib.c ui_lib.c cl /Fotmp32\ui_openssl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ui\ui_openssl.c ui_openssl.c cl /Fotmp32\ui_util.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ui\ui_util.c ui_util.c cl /Fotmp32\ui_compat.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ui\ui_compat.c ui_compat.c cl /Fotmp32\krb5_asn.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\krb5\krb5_asn.c krb5_asn.c cl /Fotmp32\pqueue.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\pqueue\pqueue.c pqueue.c cl /Fotmp32\wp_dgst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\whrlpool\wp_dgst.c wp_dgst.c cl /Fotmp32\wp_block.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\whrlpool\wp_block.c wp_block.c perl crypto\whrlpool\asm\wp-mmx.pl win32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE >tmp32\wp-mmx.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32\wp-mmx.obj tmp32\wp-mmx.asm Assembling: tmp32\wp-mmx.asm cl /Fotmp32\ts_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_err.c ts_err.c cl /Fotmp32\ts_req_utils.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_req_utils.c ts_req_utils.c cl /Fotmp32\ts_req_print.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_req_print.c ts_req_print.c cl /Fotmp32\ts_rsp_utils.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_rsp_utils.c ts_rsp_utils.c cl /Fotmp32\ts_rsp_print.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_rsp_print.c ts_rsp_print.c cl /Fotmp32\ts_rsp_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_rsp_sign.c ts_rsp_sign.c cl /Fotmp32\ts_rsp_verify.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_rsp_verify.c ts_rsp_verify.c cl /Fotmp32\ts_verify_ctx.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_verify_ctx.c ts_verify_ctx.c cl /Fotmp32\ts_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_lib.c ts_lib.c cl /Fotmp32\ts_conf.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_conf.c ts_conf.c cl /Fotmp32\ts_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\ts\ts_asn1.c ts_asn1.c cl /Fotmp32\srp_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\srp\srp_lib.c srp_lib.c cl /Fotmp32\srp_vfy.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\srp\srp_vfy.c srp_vfy.c cl /Fotmp32\e_4758cca.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_4758cca.c e_4758cca.c cl /Fotmp32\e_aep.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_aep.c e_aep.c cl /Fotmp32\e_atalla.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_atalla.c e_atalla.c cl /Fotmp32\e_cswift.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_cswift.c e_cswift.c cl /Fotmp32\e_gmp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_gmp.c e_gmp.c cl /Fotmp32\e_chil.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_chil.c e_chil.c cl /Fotmp32\e_nuron.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_nuron.c e_nuron.c cl /Fotmp32\e_sureware.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_sureware.c e_sureware.c cl /Fotmp32\e_ubsec.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_ubsec.c e_ubsec.c cl /Fotmp32\e_padlock.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_padlock.c e_padlock.c cl /Fotmp32\e_capi.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\e_capi.c e_capi.c cl /Fotmp32\e_gost_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\e_gost_err.c e_gost_err.c cl /Fotmp32\gost2001_keyx.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost2001_keyx.c gost2001_keyx.c cl /Fotmp32\gost2001.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost2001.c gost2001.c cl /Fotmp32\gost89.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost89.c gost89.c cl /Fotmp32\gost94_keyx.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost94_keyx.c gost94_keyx.c cl /Fotmp32\gost_ameth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_ameth.c gost_ameth.c cl /Fotmp32\gost_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_asn1.c gost_asn1.c cl /Fotmp32\gost_crypt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_crypt.c gost_crypt.c cl /Fotmp32\gost_ctl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_ctl.c gost_ctl.c cl /Fotmp32\gost_eng.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_eng.c gost_eng.c cl /Fotmp32\gosthash.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gosthash.c gosthash.c cl /Fotmp32\gost_keywrap.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_keywrap.c gost_keywrap.c cl /Fotmp32\gost_md.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_md.c gost_md.c cl /Fotmp32\gost_params.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_params.c gost_params.c cl /Fotmp32\gost_pmeth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_pmeth.c gost_pmeth.c cl /Fotmp32\gost_sign.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\engines\ccgost\gost_sign.c gost_sign.c lib /nologo /out:out32\libeay32.lib @C:\Users\John\AppData\Local\Temp\nmD5C8.tmp ecp_nistputil.obj : warning LNK4221: This object file does not define any previously undefined public symbols, so it will not be used by any link operation that consumes this library ecp_nistp521.obj : warning LNK4221: This object file does not define any previously undefined public symbols, so it will not be used by any link operation that consumes this library ecp_nistp256.obj : warning LNK4221: This object file does not define any previously undefined public symbols, so it will not be used by any link operation that consumes this library ecp_nistp224.obj : warning LNK4221: This object file does not define any previously undefined public symbols, so it will not be used by any link operation that consumes this library fips_ers.obj : warning LNK4221: This object file does not define any previously undefined public symbols, so it will not be used by any link operation that consumes this library cl /Fotmp32\s2_meth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s2_meth.c s2_meth.c cl /Fotmp32\s2_srvr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s2_srvr.c s2_srvr.c cl /Fotmp32\s2_clnt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s2_clnt.c s2_clnt.c cl /Fotmp32\s2_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s2_lib.c s2_lib.c cl /Fotmp32\s2_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s2_enc.c s2_enc.c cl /Fotmp32\s2_pkt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s2_pkt.c s2_pkt.c cl /Fotmp32\s3_meth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_meth.c s3_meth.c cl /Fotmp32\s3_srvr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_srvr.c s3_srvr.c cl /Fotmp32\s3_clnt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_clnt.c s3_clnt.c cl /Fotmp32\s3_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_lib.c s3_lib.c cl /Fotmp32\s3_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_enc.c s3_enc.c cl /Fotmp32\s3_pkt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_pkt.c s3_pkt.c cl /Fotmp32\s3_both.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_both.c s3_both.c cl /Fotmp32\s3_cbc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s3_cbc.c s3_cbc.c cl /Fotmp32\s23_meth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s23_meth.c s23_meth.c cl /Fotmp32\s23_srvr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s23_srvr.c s23_srvr.c cl /Fotmp32\s23_clnt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s23_clnt.c s23_clnt.c cl /Fotmp32\s23_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s23_lib.c s23_lib.c cl /Fotmp32\s23_pkt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\s23_pkt.c s23_pkt.c cl /Fotmp32\t1_meth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\t1_meth.c t1_meth.c cl /Fotmp32\t1_srvr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\t1_srvr.c t1_srvr.c cl /Fotmp32\t1_clnt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\t1_clnt.c t1_clnt.c cl /Fotmp32\t1_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\t1_lib.c t1_lib.c cl /Fotmp32\t1_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\t1_enc.c t1_enc.c cl /Fotmp32\d1_meth.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_meth.c d1_meth.c cl /Fotmp32\d1_srvr.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_srvr.c d1_srvr.c cl /Fotmp32\d1_clnt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_clnt.c d1_clnt.c cl /Fotmp32\d1_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_lib.c d1_lib.c cl /Fotmp32\d1_pkt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_pkt.c d1_pkt.c cl /Fotmp32\d1_both.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_both.c d1_both.c cl /Fotmp32\d1_enc.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_enc.c d1_enc.c cl /Fotmp32\d1_srtp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\d1_srtp.c d1_srtp.c cl /Fotmp32\ssl_lib.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_lib.c ssl_lib.c cl /Fotmp32\ssl_err2.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_err2.c ssl_err2.c cl /Fotmp32\ssl_cert.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_cert.c ssl_cert.c cl /Fotmp32\ssl_sess.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_sess.c ssl_sess.c cl /Fotmp32\ssl_ciph.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_ciph.c ssl_ciph.c cl /Fotmp32\ssl_stat.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_stat.c ssl_stat.c cl /Fotmp32\ssl_rsa.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_rsa.c ssl_rsa.c cl /Fotmp32\ssl_asn1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_asn1.c ssl_asn1.c cl /Fotmp32\ssl_txt.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_txt.c ssl_txt.c cl /Fotmp32\ssl_algs.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_algs.c ssl_algs.c cl /Fotmp32\bio_ssl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\bio_ssl.c bio_ssl.c cl /Fotmp32\ssl_err.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_err.c ssl_err.c cl /Fotmp32\kssl.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\kssl.c kssl.c cl /Fotmp32\tls_srp.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\tls_srp.c tls_srp.c cl /Fotmp32\t1_reneg.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\t1_reneg.c t1_reneg.c cl /Fotmp32\ssl_utst.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\ssl\ssl_utst.c ssl_utst.c lib /nologo /out:out32\ssleay32.lib @C:\Users\John\AppData\Local\Temp\nmF6BF.tmp cl /Fotmp32\constant_time_test.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zi /Fdtmp32/app -c .\crypto\constant_time_test.c constant_time_test.c link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\John\AppData\Local\Temp\nmF77B.tmp constant_time_test.obj : error LNK2019: unresolved external symbol ___iob_func referenced in function _main out32\constant_time_test.exe : fatal error LNK1120: 1 unresolved externals -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kurt at openssl.org Sat Aug 8 09:31:46 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 08 Aug 2015 09:31:46 -0000 Subject: [openssl-dev] [openssl-announce] 1.0.2 long term support Message-ID: <20150808071104.GA4311@roeckx.be> 1.0.2 long term support ======================= The OpenSSL project team would like to announce that the 1.0.2 version will be supported until 2019-12-31. Further details about the OpenSSL Release Strategy can be found here: https://www.openssl.org/about/releasestrat.html The OpenSSL Project Team _______________________________________________ openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce From rt at openssl.org Thu Aug 13 19:44:15 2015 From: rt at openssl.org (Mouse . via RT) Date: Thu, 13 Aug 2015 19:44:15 -0000 Subject: [openssl-dev] [openssl.org #4004] OpenSSL vs SCTP In-Reply-To: References: Message-ID: We have a protocol that runs over SCTP. We have a customer desire to stick TLS in there. I'm trying to do this on an Ubuntu 12.04 LTS system. Someone else set up SCTP in its kernel; I didn't do that, but, if details matter, tell me what to look at and I can probably dig them up. The short version: At first I just tried to use the system OpenSSL. But it appears to have been configured without SCTP support. So then I picked up openssl via git and tried to build it, but didn't exist. On advice from someone else, I installed libsctp-dev (according to dpkg --list, I've got version 1.0.11+dfsg-2). That provided , but it proved to be lacking SCTP_SENDER_DRY_EVENT and the corresponding sctp_sender_dry_event structure element. A colleague managed to find me an sctp.h which did have them; with that, OpenSSL built. I wasn't sure whether to expect it to work with this kernel, since I don't know how well the sctp.h my colleague found corresponds to the SCTP in the kernel. But I tried "make test", to see what happened, and it coredumped in what appears to be the first DTLS test. I would not have been surprised by errors from the kernel, but a coredump seems a bit excessive, especially given where (according to gdb) it happened. So, I'm wondering if this is a case of PEBKAC, or a bug in OpenSSL, or a bug in something else, or what. Specifically: The OpenSSL source I'm using corresponds to git commit 33dd08320648ac71d7d9d732be774ed3818dccc5, obtained by checking out refs/tags/OpenSSL_1_0_2d (oddly, git show-ref shows that as corresponding to 8d5882ee027abc7e271b20f8868bd76569814b6c, though git diff shows no differences between the two, so I haven't worried about the difference). I also tried 9ea70e5b4097a1319d90fca289c2a3940e846f6b (refs/remotes/origin/OpenSSL_1_0_2-stable), which crashes in what looks like the same way at the same place. The system is, according to uname -a, Linux peter-acer 3.8.0-34-generic #49~precise1-Ubuntu SMP Wed Nov 13 18:05:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux I'm not sure what more about the system might be of use; if someone can tell me how to dig info up, I can dig and report back. I am trying to build this entirely under my homedir (figuring there's no point trying it elsewhere unless I can make that work). I configured with ./config --prefix=/home/mouse/openssl.prefix --openssldir=/home/mouse/openssl.openssldir no-threads no-shared enable-sctp -I/home/mouse/openssl-build (where the directory named in the -I option has nothing in it but netinet/sctp.h, holding the sctp.h I mentioned above) and built with "make depend" and "make". (The crash seems to be entirely repeatable; I can excerpt (or even quote in its entirety) a typescript of the config/depend/make if anyone wants.) INSTALL suggests trying removing optimization from CFLAG in Makefile.ssl, but I find no such file anywhere, and ssl/Makefile's CFLAG line has just -g. I did find a -O3 in Makefile and a -O in Makefile.org; I removed them, did make clean and make, and retried make test. It ran visibly slower (no surprise) but still crashed, apparently in the same way at the same place. The tail of output from make test looks like ... depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test dtlsv1 Available compression methods: NONE Segmentation fault (core dumped) make[1]: *** [test_ssl] Error 1 make: *** [tests] Error 2 I dug around until I found the relevant binary, turned on -x in the calling script to see what the arguments to it were, and ran it manually under gdb. It crashed, apparently the same way, and gdb tells me the call stack is #0 0x0000000000475910 in BIO_method_type () #1 0x000000000047d8d9 in BIO_dgram_is_sctp () #2 0x0000000000433a66 in dtls1_shutdown () #3 0x0000000000446b82 in ssl_free () #4 0x0000000000476330 in BIO_free_all () #5 0x0000000000406b2b in doit () #6 0x00000000004035d9 in main () Looking at the source for the deepest two calls there, I see int BIO_dgram_is_sctp(BIO *bio) { return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); } and int BIO_method_type(const BIO *b) { return b->method->type; } which makes me think something is wrong pretty deep inside the library (how could it be that bad at shutdown without falling over earlier?). make report produces a rather large testlog (182384 bytes). But it compresses passably well, with bzip2 output being only 33861 bytes ("only", heh). The latter is appended below, base64 encoded, from where the base64 text starts below to the end of this mail. I'm not sure what's with the relocation complaints near the beginning; they don't _look_ obviously related to the coredump, but who knows. Any hints would be appreciated. I'm even open to "you idiot, you missed..." or "any fool knows..." provided they tell me what I missed or what any fool supposedly knows - I'm a longtime user of other Unix variants but have not gone near Linux much before this gig, so I will probably know things that are common to many Unices but am less likelky to know Linux-specific things. QlpoOTFBWSZTWV8EXK8A2tz/tP/8UoB6//////////////EQAAAIBAAACGCq/vb3 i3rwAceAFd3Rkpm9xGu2CTjvvq2zRjbTzXYFCnBq7jrlW1qGwYpKyKbWbWo1kjZR aKatVrJhYtVW2NbLKGmlbNIpkrLLKzVNs1sInvS+qb76n1plEE++z3jVUfbKj0aT zZUVQ+duxAapaMaaMWHt7vclmjYT7r76SkprFsMwo31ca5aNKRe++qrVAlmxjZan D3BufZVz6niGtla98Xzltz57W5J9oFo2Pvj5l0ZM++U1o1Vp8fb5p7bd8NsAAXz2 B92fX2qGsg3H3vvG3d96BbK0pvkvan2++etaxBNnzfQX33faVLVsDfPse+u2+9aa DVCvvvB77p6cB41vqe+fefYZm9ffb2Zvt29wz59x9BTplQWb3j4rQZo23j75AC93 vp1NbMumn3T5aa8PvlLVgb55vsdIBur30Emaoe+k+TQ1z4H0edyC++1k9GgAoD2v fAAthtz3zYaaNAxBiAkNtoGgCiigBuwMVKU7aShprbNK1gSSEAEMCAJkAExDQBMm RponoQT0FPRqHlP1TRo9IEpGgyYiVIqeoAAAAAaAAAAAAAAABKRggCSSNMgCo9lN ppTT9QnpAAAAADQANAAEmlIEmmmgTCNTEyTyEyntJoZJ+qep6jRmoeUA0aAB6QAB EoQCARoCGIExGEGTSNGJpppo0aIZTTTR6TQANBJEAASIQgSniUeU9TR6mjGk0yaa A0DQaAAADTQ7AVBfAoHdHlGQfZECivaAQCgUEkJ5pMFGKSAMkUAUKBQshOgzD3H0 D+vJ0N2e3+Y/ySyf49Tkd7IJs3fbV/Jv6fx/kOc6c8r4fsu/8D/wfyfkVV09pXV7 W+qYzSLPLxXV1VXeGq18NpuMqrK2i/YmFVe3nV4rk3wtKqmv0qxI3qM46qrdr+wV mXpVWJx7EabKqs7ctyG1Fr2u1tbOSty987y9l22ldVUt11v2CI7qqrl4pVU5hTXZ 3bWN4vjsWtGV3WsKueajraiP7/7P/Hu/h+jEfTT7f5W9Hzp7fOQFAYZKvY5IcaJX kuGiLREA2hxd8HHxncpInfHaFNDT4d+6tsq/6OW2XcWvVLS1al0B7S92NcmHJfXp Ld1ZQ/eYgQ21vJWVUiBEfL9zJfUlw+x3sbN+uUdwO7m87OFSL8tM7X5CmBGmLnP8 /gm7Hq5cHl/w/WweXkv3/G9jvQv3Ur/o/L38PIgLKh6905X9JBowZ8VhQMCMoUEk YIwsklCJGUBiy2yRiBRbVPZi1JTEhYjaASlHGKBDBhqxQUS2FLZQZMDhwxgxC0lL ZWoW0qXABLCsUMCIwCKA4w4IiLMCIkoBEliTCpQYIrUtpSKCVCBhrJhQUEhkkKIj iwLUKMEahDDMQQTFCmSFiwUKMKwgVClTKBQlEjDF1CfgifDZCU5G0AlezrMyKU/L cDIfmAJ+k/ckWyLDVxcmEEbGF/dYW1CKWQHi/qdKEfmv5yX/bfSZrm7xhR4olMFQ GQ5q2roJeEoiDDQg7L3GFU0UXZUxzclEkft9WQZCx1FJwWAZytruayWnpVtwgl9q OPEewl+lGtAX565tk5VULo0Y9jiI5QpnNtTxiRso3OaRM9uNJuxxHq9xsb92TZzK JW9kqbPRXpg2QiYjOyVjJOZk9ixviIuybWXKMz+PRvZk5nVsomBh3hYFObRL2MQb mLCi+Y5n1n8auiVu1YXNHEgl0Tsi6KvtNTs0erKJdslGKN9fvScwwiLZt390ii9h uC6RNCwYFOKZxjdaMokEHj3o5fuKpdXc4iWxQ3kcvw2iPwwe6748aGt0d7mESibE b0cub550THbunuGxpGXYGjlUML3vdY6jV0MHpRKzuC3jNqrp3KJHc5FY0o7s/eCo ko+cGTdVFhEjdLzsllvlsvRk5ssiMYdTerG3djou0TEjmmeHHfVkSooigTk7TwK6 iaJ7kpjN+/sQjbDf0ds999lF+auSOS2GX5vv+ffpzdjvb8lVFUVfDj1Hr7/dO2GX QaTpZOXHuUb6UKsPU96g1EYqyke+qjIOO6uTWEV3qQ1aZNwYZrlkYhYmqUjrkUxK FulmDA3nS4M3QyMs7Y48LmuV0RcE010yMw0jDRC57ZEyDOoibdOMt2e8TG5cJ1B9 4KCeLcPq6ksskpKNHTSUZJJ9DOtLmhDc58KuHU7FK43F1fN0mN7oP5L9FPLnoOSf 9sqRtxbPijOwMzAOEQzarI4pBy8SbTgXPDKIWwQo7mGBMHlMbwTDMgQaCSzIUUpg wGlkNjQxUqfvSe76ohCX+/k/pyQ2aElwNwsA/93Z49z/MKPMTEyM9pcMk4Ye5GTd ZTzZAMcYLi3DTHeeQ13+PIy8hgOGx5DQytcCUrtRTeFF3k0QUz0oVglaNFCj3KlK FDEz9NBzYpQb8qfgcuWxJ0xmUvWlKVRi71LZM1K2FGgfFznBypcuQ+A598lXXoML cWD0DAMtV5wDZq1RyJsrmYzZotDQuZWQkfwurfWx0dbwukOCiLWLSgkgV858F1Bq vfnLp93w+v8mkm7s7ZOb3Hzta1vPZ3OTkq8CTmQDGTk1rWujhXCrkeHwy+Qh4U4H 4DsIeOfBGTrCFDvBBZOHe8Xir0OHCvocOFVw+r/3rm/ZdP3aEJJIkN/i3EJ4d+vv atOyb5vkk2ng4rpoeXyaG6J29QB22DTzGVOXADw1mqpUICMgIwEYQBcI63vPS7vz uPRq6M8hOpNkDRq6NGiTkrLOelyWnDPW2hmZm0MzMy5q76aq+rrrEj1E8TUtqkk8 acieJ5nXTa6BVJGViyLIIebT0nyUv/f9vsq0Xf6Pn8W9J/hvmYH99MU8r2jxVOUB B2cun6nRmgoqTF7uvndplqtMrn1R0f56r8C8g94+d+Dwyf8U8XG3B2jw9nspWvj/ r5MetU9x9JCfGqeGCwgRgCh/5g9yO/cVAQGoxBOsQ9vfooBZgpIBPESijQjGIB0l aCnwH1C/APo7F2ZRNAk+Bnz7euHpfVivxbq6+UuVITlJW4xMvbLp2d11a0kkK93c Wt6OJ/fS6bjTPrEs9LFojGjQQoLkwOR2tn5djMNkdHfBz63Gr9TdJV6cMgAwBYVR QAMcMFi4cnRSSNUASKUZIA7Ta76/BsLRwgPMCeJNwJK6YomDJhyAaocE59BDfFCn PQADhBSEUUQ/YQZAZFQSRRJmCdfZZOwYSpAmcWMqBQQklSACgALM+nHDfoE0gRRA VVFBCaPtz5fizuekYEZCIDCA7XM204aZhHIuzmH+9Kfh1+yPb550KzqbwKc1iy14 i5CxrBzQhEm4hBNukSKYZmSGFlyNSfeDRhExeNYHbRlxlzl9wD3hs3gYQQNc7dJV TPBRs30u3fA+WiOQgB06RGpqA9zRdZEIM4kHc5j5TdvG47bPen2tcDwpLnoHIQQO 6sUdRgwYOlJaC5IggeHlhTUFrF5tRdFfF8J67xHIkCsuc1wu+d2EILjNbYVJEXjF bvFm4XBnhCe6G9rt845zB3HjJf0CCBiVeOKRmDVtkMTWMtY5bpT7HeFAJyXLi6Jx gBAY4V64AlOnbUITeW7zentNh0R20PtWN8CrDwBawHeOAgZ948ZcwMyhXJtGeg2M HcfQ5zZacACQSFyTVW5igEDZsATi1iuahwno6CKF87nDIXyxkaiQsaj5EDEgC69d 0obcbTvVzFwEDFKOHTgIMNEjzURntMvwk0zpB1V3JTjqCisuVGWogIIlIlRp0Jct 2hI6XHrinDL8m8iyvZPGzan2Ey7OcMYLtXA/gCBxHZs+FK9mYLLwPC1iOF0EXRr4 92bfXIqhGPOsgIG+4zhvYKZ9AvLCO53VJFOGDBIiagoxOi6ksXrg4Ag2hctw9EAC MYt4c9dttucJ5b6vc6Rs7xdOiCaFugiC/bsyn3ynjhD4Pr8o7dds4dJdFu7uVdoc 6O+Egg9nOkCS45c438egquBhN546AtTuNhyCzVRSkkUg8+vgdHOYCBYKACf1FnrM +qUC1H+JWnZyHuHyAJsROC+5AL/YmbG7o0zQHVz1eBhxw0LrZxsGnAqq8gRZcgHs MjqIkWp7uqdJB6Ysop5EU1XzgIDEtgoqyPZmEIGveAlOhnRgEFZtlj16BSOsjmq7 hmYAfvX6oxvuyC+PNemo24kZFXYn6MwjZtkffk7/GjyFsluEomT4j325aCSXoX+l 00rBOfqBoLG68KHNcxVvWq5v6zkndzNs+etcL74spJSJFoHC4NnMj3G1Dw7FZYps tmZF+wqV81yMx+WAFkw85GDPBSMb88t5nxJLgAvNlkLjSPCVC5q+QBLnpV1Jgc1Z hASlfS1W0STEsHoc5+q1FteejsUksvEIAC6Db8nCQvJy9eTewWOVNNgdronSyM3v OPqJ4x6MkcnriyJkWmHhfMBJRDpPhUEEchHPSRHt7+Z5M2dzwEEmqvDMDU4V8xrl FqmjCEtMkXSJlYwIls+Hg82phBkewVV0U7YuYkXzLkGO5wE++4pHo6CDAJbMPp+1 MVJhOBePjnMnbWNK5Js1lGFyR3+mm6eXH3ywwIGIukL1vQNQloKNwjFoG2v2LJwV x+YkWQdfnMX7yCH0ylnPx1yI2dMsbFPIgl/E23UXNvhOmm0YfhyX/P0pB0bZ3kBu iLFF7aRBI8KkVdBOiggTqxHtQevnIBgsHj6myQ2+YyUHagSDBpqDnpa6kIgivu1p YODxvdo6dXsHc3Uc6rj/BkzAwVqj7BAlS1hpRBGL8mDKKMPIzX7QMGS/EjSRy4zN BbGonxJcUzq3XYNv7Cog8VRGogKHBemjBLk1yAJjMT3i3CNrrZLhfYv3Z312lZgZ mm7Lp6XiEKQUhG46zmi4WV32Qc9qA/Nr2OSEE/Uz0ehW8WyvtMMnV16XzH4THyZ2 sSL8mQuORZ556Hv+3JeJkyP7iEUD14RVmvvIg3U90rg9p4B4evVsYtY2ewasrT9l zMFoxEsYtcm8njg64yWgMgiXNGRAfTiUGI0ay6PBNk7MtK1zSg1nKVHyQ4XJ7Ij4 JLzTCMHbGxztYAKVPHcsIJKIa21jm/EQy7cNhmo/gxeZGGnBJWrumjUeaBeGJRSW m0bYfoIJIXBqkRpokM8+c25O+X4UMFc8kg6gkHkdALmx10+x3863UfB4W3WXz2T7 JVhcGeejXXOkKcI5JlYoVkIjzInZB9dyqQYKNIiWOfb18M1Ig1+ZCA8xmNSgkZy7 CyTTqDGRqQmUQ4DDEIiYWC7DFXPo3oLohxyxs4KdqJGY4bIG46dtMIhuu1CaScqZ okRsPW2Uhpl7wOYITUQBUC7mhpDoeWBxTuks1B8vS+az3wAvtvb5+sZ+LncFhyPB xjseMVkRcra335v94xeZzoIKnGyQKJKHmifXr6JnBjBm5E3gmTnnq9TPWifSJc3J +ZT4Ml5x6YDjl7zY3skQKJK8jQIHJcvOkGcIgC10AVgBSL645mXdxkKE9rQ5plrt umugCa2bnZWERIy44tMwQVAEbWy5oqoF+78eZxfOaxycdbdNxSERIrXK2Nlg7j3L +7FJRAIDGhj2QBPIZUURTljyaU3I2l7dxvHHaBfgj3sV8iJ9IIFZNIJPjNjJow5O YwiZs3Cs1p3LzcCSyJaPhufK/xqhnQtXvWtHzEE6PZvYlpbmNoiOQXNWYNmJdtcr E/L7n2ZL78tm7N68f4mGWU0lJ/EKJs8uN8X8DPhi3rYBTCmZmtbsYjQ+OAgkcKcr kuRcsOfGh5ITJXZJYzuCFk08ULOSeeltisXml2bhUOlxM/DMfZPp4OiGwz0Xalro W8jpI1xNhrYhyUtHbPbRDtBlHpIqcdg6LB05TBezmJBsvOREwOLZYCrJJhc5uIiV m0RgWplEM09329ZtmLkdvL33Ca1uxu/wXnjqWREIi4lhwadY0cM0alx83wzj8AUu YaSFW/ZjJGWoALl9lAKMkpj5JjFzhHj2cps2cGh+zOnquZLfNFjLfCobsOiIZW0z 5XD1XRGYDjU7vRQbxmkwtDhTd6dHBAduLJADUREZ71wg6veuVpdjJQevILihtKDX Yg0mcPqqH+6gxc3EXSqM/HUM6zJlURDDhuLInbhOiRrdb2T2D72Cfggz2mk9fh84 /rmUB2uH32con3CsJhESCoYjdoKF58KDMTqxtY64w5YY1KKCybwYtrs447j4oiJc sSE1GRppKuasWydk+fp4wWNHDz8mbvO3JaYyG+bRE0QJ3qS1VQAm8HNnPtfdr0dU 6QuZrGiI7oVEC6PjaFfTSHmZn0xbU7j2STFdE4UxsN5lqjW1A/DOZGOvsv2Eqwka ShvmOSBi6S5wqPhx4ZM8uDBYEE0J9uRTL5yLka1WiQo4AI5RcbyVY5Narpc2iJ6+ ueSCmKI8Zjh3RWCwPYwxcINFthaQMUAkKnHU1t8FXNUJpTiUos6GeS7PJSqbfYwU cUumiGjfr2yO8Uu4tuw/pUkkpFCu8qy9B6KCBRvceiwbqaLaQYvEesx7QsnAD2y6 IYUFEoEDfXnkoQqrHrGs6GfKKjqWY1jDvv3bvCnTR6ycmjnABnyXoZFIKJk5Xwu6 UQkBJ2e5iPP9pRXSt/DgHD4g7zBeO9TMOscUnhyt86+9tRPxczmekyKY0AidNnHA LetvmBEtY4fLQfbJ4dyunrTDPq+/iiOE2CyFeBvuOBy9agFaduIJs9kjVEZIjHAQ NZLI1m3FgQLLBy4kbiIjr/evS7y2wC5L1am2sMSuAQJ8FKCNwoPoObskeGsRme3b TqSAKQ06daPjhocjZjkuptqUh8dzq6hzVPyGLayQYSgC2tp9gvwbtpK1geHMs54n dF+pPgwZC4BIqRshaQtziGDOh7dzCq6CV2Vh2fCuzVEoYDpoKnTd+GIodZWJMgEh 3BoY49mwTvuKpfNdNoqSdSSTN2GFqdtWoBTVBfITrlySVYTaYCk6eTNDw3xPLHLv 2Qwa0RI0nrLjY00soWCcQDD76ZMaNKnJ8bdOqFlkYNRjkePT0uE4Kq/DZk9txgCv qPg98xw7c0ZHMcXZ0wZzcp+HLgG92KEJjF00esRo0tVZsHdXlChbuiUkqsB8Z7Pe aMACPXsdeNOnS20HBAuVI2UVfN9ZZ549+f5oSvbtQX+UvOo+LG2ls0feHAIt+Wy7 Tu2iB3Udj4tkx2KysGhaq9fkXzAc8JA8keiQs2GNkSDRLJJlHe5dscLxrUlJqwaG qXLUuZF84x3JPKkgCR0aPOjoidTPdC2mcnENSKF26YAFDRQqTrcEGg5w5cjlCpjG MZqOSiWqhYG4OpJK6R1ItHKsZoNEfuCmDanK2a9c3K4bHearp412W73XCeUhrt2t oGuiJUVhxZqaxoTwNY2KZ7TpwnkxEE6qqlDeKRLnEl0LjiU12Wuurj2JwrOaiRfp Qez0kaOWu8pVWAuGCsAqMSSTDiuE14OhhLp4OQY26eJN6XPiwwIDc86CsXwaeKIu kp5gbe2inInSN9LIXfKFlngOGtGol+wjtX2/EXcxi3x9IL4XiIjdfM4n0G9ohaTY +MbrDFRy3ct1rIJ4JQbKT1IRBumFNkBLGzHyGeIiOr5PiSe09r5RPXPqM8UNF4a+ jK+ch33RVenDVIMXK+ZiswSiJKtVYL0zbAp9T7t8RX30ya7q7yw9jek2xupdTuTi +7QlJhmuTrzhM3mTMdycmZgdidMQwDM2aFDBvo1XU9kwInnacRGL+g7MHi/0enuN QMCA9t5raYwt44d6nd5KDCT1mWOHiOIkj5k2pPXc2FVThsIoIxGH29GzIdKWrpY8 ESPDh1+808yfWr4+FBnUXYqP8ImTtXDlvbLHfh7fB8YOt9JQ/PGxsPRIY6jt9R7O y8/l+QUGMWIDHj+eNY63UjIb4ALDkyLjw6JUhElcsSO1NVXqqiF7DL1EgN/QeYrM 3FxXAEz90bgZo0u1PDZEy2KnlhJ3sZNVzqcjsRY0dbHhqywdK5vecjWqXuuQInaY mLsXmIMpFTeEUKPmweMnTUzqihVr77wzGe7iwAkljE+bFoN3ZUa0CaOcYrsVGgKt gAymaYlBMG0Y1LIVWCenQw9lgq83gkZ0QmUgx5UATOH0J0NgCxjVmLDGoxIQzmqE FLJlyR8Gesna4p8a69JbABuLAhNahpscKORyfjj7z84ne8qdH1bO+3AIzHEumMFU YpvA5Kw7cunMHg6pmd/O28+7gfKeNzgtcA5449jrzWKjJ+cSWtq8rxF4bED46dBy AXZybbhgJDK5lXsnLhaZMKIm1+JH++WIjx1oHANzWLcpVOUu630rotUqVY2TmNuH QZ24AMdV20FZPqxTIb9jN8DBuPE/Ga6uCNfSWm5qDgyOKuFgAsitWgAz3smThzeA wOULnTytEKTEHMYfmFp7bTxk6fUeEUBKJVAJzSIsrVk+BA8VA81vZyH3zhrNaG3L Age0a563zI/sgGkq85EnW1jvF8qX+jbd9tJ6DjDHA8OD3OmD58AGbADok2IjZZzd Z+NraCGwy0rLvOTzze8OlgCz3vh/My455bF8i32dHXGUTX10TbHUiFUzcZLPjBRw hT3Mb9caEEEjdCYqByma7r8fCffanC4SuzRODjHSUCsd8hTECJvmPPEIrB6pR6kv g3YelQYhWUuXO0MQgm67sAOMzmmv7FcoPAAi9nzXmjNRmQplu7i/aK5UgX7DF+6T sAQvRy5uI5UnJqS5srg1Nz44vzr0EFPuVO8cDnhanSPAwB8mu7cEDyeGbQAmABG4 pJ85MptQc1sIGygTIvo3EuUM3a3XwcJGGwHUjhoAynVdCcNP1XGKMmTfr0YOrt4J 7Ji+Qq/eOMOxgb4QL6yno8KMaIxn2q3b7evvNbh1BXwjCmVYt0kVEH2lkA4Oe6Hd mGaZtEzN+jnmKshv553z5Ncc4WmsGD18ZSsIajhh6CI9iM2AEdBLFGuONaxyo43E 2QScFXqVN1oIx0vuk+56H2XNe+5rokz3dElRhQCR8jzZMApcyNXYljF37bTZ2qQJ azRfNaW7R7m4BnrFjS0XluZK7UAFVVn0j2PYnTGm15OGDLnzPN6wb9bY14CTgibx uc7HIwnB+dMY9oc5BsKf0V7ck3QELlkSq+vQtHVQRuxc1qJQS4DYDAzaK9LUYg9z euwBAxs2w58QNnOjxJ2mfdunj7XxrzCJ71uZeqk1E+WpObJyqLOUciw9EvbAxYjG YqQbAElG0JMLFDMSRldFg6+zjHFuWablM5zEQQSuALeCx1ypS79pyCzMSl0W9UOb iUDYrkRGHIJXR93QiYNXnODGRrHx5K8jZKO8pygp0aapqoqc1XeKkubuvXqUO6aw 8XGNkSBzLmXqPAwLfXiJeHgUECceylG3THk47NTiEyXXnyoAnssbjAUMnDp34XVS JoRHufIQbSism8MXo4VlppL/DHULTW+YQsxbjGpMY+CwiWVMxe7YNClEZ2ZngkB3 fsO4XJuAYaDNMmkXvByjHBtGy8KlBJ6jPl/R2mjmCV45yac4cPi+jlawoBFsaryZ I4a85ZEPHB4ciDzCI4mLZ8ofJn1wUT728t5zHTnx9XZsMYaGe5yqWoXGAEvYRGrn A4zsda5cuSD6qTnQ9eCbr3ErpdC0vtkRuAhVo7i7iJNcEuMyCWu4Ljxc0xDrnJc+ C9fYLWKUqBRqp4tfA7CXPhEhcxcG0vB9wbNHuF8YyiYwAIwmQjlTGGJRTcCoNaiv rDQbPNEzmRE13KoJwyFh98BpLjHbdzUcHJ1vH1Z7h7FSOnZ9kxKJpnJiDWtLXQco MRCT67bNk7zniuwbJMj0ayFEnAxgNzQg3fFEKlayESDWlMfU24l6GvFi1rFzQePj RVyiMDpFqndKeZXXQnHDNGFl27LCJoeR2xxc40mzHbmyUV8Ycq7UYuQtne+RaCJO 8nmBOI9iLhz7QvphIyI9FzhJRODWLposMGj66i7gz7USIlrlNkSzdcmZg2amQaKj 2G2bvMQKdGN62yqCCByfC3elgBb7FmmJaiSvktymylClobT+9bcjIlWRIUpzle+i Lz8dVXTR6+Od4AR3KJrVDMmrsyep+SpyutGvMskQ8qHcgC8IqIkVTcd4UPRgbGF1 63trllUpGjg3L+F1Es2nPFfoeKWGsIlzviuRUo+dHi6co9fBuodbPA9QXMm0jdNe ZM9QQp9GBE7QfHTeOGdClpHDjhutTXiOCA1yMIhicTw5ZuyiSY6Zu8cxm4wib2hB 5dcRvh/uXTKV3UxmX4KZUxmFKNXg7IYjc8AL1aWKilQURFOMP5kqNTFSTlEZ+muj q69GN9Qg0VE4VoKtjqZMQctfQyFVRhA3DnZoURKV0bpLcYm5cOUM9y+xHH+uN60+ ldIduPeRE8asYmq4TEqHQQFG8Wo5nCHTY6kGieJRb3Dw42mUSpgkZjqIOIj9flB4 wYOmIwdIBwbxaGyTEIU4UAFp4G77x1QFyXK0ykUHOytgS4pjNQL1KkMePGzJQcoc l/HIjWaIdemNOlUNnudxgPSSZ9ZhEiHVBOX0e1JYsWt2lqdltxQtMx3Du0KRFzuT b7MqPYhmkiuqjiVrdTQraxDCrDUep6cLTBA52D4r1jvGGRy/YhiIaqFunRLeGMhD hTo7lxy3cQOp54OlCRcoZ0Fy/OEDlB1zpg6N2VhLIILXJnMXZbkHM0N7Jxyw5cyb KXuSPKePo2GbGGncjTUL9wILiJSmy17aN8Nvm/LTI/TxOOtrXgbvoL3YnQicgHK6 MCB29SsnTHcYo5Qx1LbJWeINBygIOaMaWiHMEMzyEFIkRN7pefCAIHLWGsR5YucH qfKgl1L88fnQgOMMYwVxagqjIqifqpT7rUT9V8oH9k/0AiesY82E3bVQfgE8/gb+ Bd2F0kehsJ4HVA22VVVRFVVVVURVVVVVVVWmcxOBD35vJpJJNwCQlc/UHO6xUPFv /V5UC43Hc6OKHe3rG4otk7jU8ETTR5Ukl/5Ny48GcJzpv7n5AGoDEXbO7IslQlbn VzS16q1X1XL1K+oUsvoFkW2XKsxAWm1aRDyht2WdSpGQnNyJ07wWnZGoeRMDl0QF dAFoBeFPklQKm8enXk8G69Gr6Nl5u/1hhox8mpXqniP0KvJ9p/Y7x/yP2msVWvIA vPsd8Cq+Bd+uejJUCpRPpO2c/rPJn5qlzp5tDPsvzacMHzHgfjSp+OfxNBVxE/kf rqPIUxfXiRrpE6wqwQ5Wxror69RgYNeOWn4wRbxdXkGOIBJW3Op32B1t2B8XdzGY K9LpbhXRUeLUEThDps8HY6w3mUARnIGr4dKYt62UWasKfHwIFiM6qww5g2G91AiN VYkOT5dysd2NO8OdyEZLk71v2byIvOMSLcuobEt4KOrc2DEHODhs0uC5oeCLVcgy Rggc30NyOIlG8b3EEFCJ272eLFDdDJRR8kEubBuWJaNQndeBVQewNXp59QB0ARTy CaHCr2MjHzEEFyoFZdHt4byVNNJZ9GCfEnDD4+ChWfx4LRSF1WaUgYxiBmFNsabs DNSk8DCpBouPU0dnKxa5axonSeBJ1kcbtypPMet2tKQidr3gfHTpAiYx8YOdc+o1 BDephEVirjE6LCvI2U+Jqvi8rc8GghOYsVjiBOc3Hd+xFMmQvQ1AjWasJdUB0Kgb z0lmOt7bUHzapNNN/CIt3N2L1V+OYMk/OQxbvOOXEroM1ioYcQZaE5ooARgDq6mS /Pn02na6dLuCB3B8ZCSMjBPfJ7RwwHXgwmgQGLXqx1xEabbJDAvZ9V8ox0aTSJ7W bggdjMcWCh7FjalqJcKZzIeETiIGGOIBcx7Tfn45F2nxuO8yT+AQGMv+NGY4ybtb bMRAwB+PFQMMHTyDgCa/FrUSdw8AEypjEJCW5NS1qub1ZrQDLwcd7sdyCCPDu+YC 7cIipsshWMaPoElaawDDZORxIiHhoOQScBpBksgEYnihCEJBiwM0Oo4X9HOctAhb iTYcvE6cgyFKmw+w9iS+h4q33+xOhVGmEsGGljMz8VAFKbg5Upsmcc4F9hprccbG EKAyN3JkakGJksFgCt9CX3FgIxmC5j4ljHYwSkbbj63zy/THxzviSfY00Crbdo+6 ooX8AVRrEmOwr4tYYG4syExpQ+ridUo0pk8Cpy2IDQfCI/iM3b2bjYM9J+0duQdr K1NTVLg+FSQnnsCrcGBhLJSqxyxBTxImUGpcihWHqbDFzRoz4W4knh2DDiJEHimK 8VYjRex1ZlLvjrT1K7ydKRXiLxWMMYqEigk+i8XxMOrH0YsxDXIe9CVrd/G7w+wQ K1u5c3chSO9NHN5GCAlwGpo100WGnlil4X6SE/YvLpJG9WyaFhj7zbgN/CJqNPwa Cnmdcic5OmyzDvllvqn4d9bxAasYacFeKrewo6InSnTJzuSixFDTwTWRs9zEOG9n S6CKnQ2rFJB4BzUKSbpDfZrqbbaqvHfjEVV66Wdtph3KO6dv63IwXjp1ffIxOHIk IUOCah1U8PW7KpxHIe8uHk7cKEx+RVvDmakkOIgi+6Y0XPfo60bkvPGMQGKOsqmD g6z9xrb3r4kt8F3KCWclzabBOCk5anVMJxF8MRrkhEIdLV35pxwG13AxFgyIjlhY FvzGTFZlrXQBO62Ob2tDMWLcyESdhh/4pbKmfzSnsKJKMSeRjQVeICUgQbnH1mwg x6xRB684JfW2tW1xLve5Rw4FfYu0MR881SHl45KwIWCGtuGqyC8L+TWWAscjfQqb Tl5sUS0YQjqXkW4fQiCmls2hF/j1enmoeHwfFPj2RI5MWLWiQpH40kvjdeV4pKVY 2jg3VnuPwEHDUTjfDDjDzrmpiex9dzsqUaNLjYOOWcwCCdUlMKX7SpVQLlJee3lx isnbbmi+zQnG8urlr/EwblIsMOjrGElJ2J2Dmry9myaZTN5KmZPanTeLbl5mh3w6 U5qLl6jJ0lcpqWyI5APJ6wctggVLkKffKcIi0Ki+vy5tiUU5tc146WFMIibE2tzn zHIOr0mFJ59i23L4N9GfejJhsWsLCCVK+OiJZp7jC6zV3ITmelBpKWN6N4hQYpsY LkTJzVjpdRoaneWK8FZETWrbkxw21iXZ7X4aaey7UkSpy5To53tMD5qzwMD9SUOP ZhafpvwmlAEtZklgQM8U2FCYnteLec5Jaem6HMnz0HcG34aREuRjXrBmdCxcqOjy pBsh1lzJQuYkt9kXLaFsYtqRCaSu45HUQZM/MkZK11ivkYUxrUkopa7YN9LKPYsA K8s7m5ChSUxx2OySVjRbCWJoPSX5JdnrtjUb6R5OHGf0tsXdVuHoad2C5GnUlCMS Hv75/OBo1tpGvmVpGTdTzvG8O1q1Q+SudMPAw3zGKRPzwdN4QTDFLqYGKLDa3qiY 43iLCWJzvPd76Kyz2Bl5ZcNrEWaNtirNJQYKUgGeCLMB07J8Kd0bm2L62/i7ZXgZ lKB7TRILX0DBQrbXKUVJbybSUMpC7I6t7Ma4fIfaPiZv5SOX/Y/Xsfo+JEojuzJW m8LzjActAcD0wGPeyKFiJiB08+F9PKB7gAL4eWLH0K8DJNWyvn6KSwNF+kyNjlYF y2uj4xJ/tf6p8uCQL+KEMkldLa+GoRnSe8DFphIeYq6//jFtrpJZtuUoawELpSWb TQbD8kAX316dI66Iz4XD8DVBpzYxGSxSZFLOD2uImBYfNfosVyUg9WG4YIvGfqYe xQpoOuv1hGWduktqWG7wvQqg5YuY4Rne27ACmG2M8vLexspkYAR1vaPkRM58XiTJ v5Ten0aZIPDqLE9fBg2pHkNmuS3OmhE4TqjuYw8YcuuLjwRiH87Js0cjKWOFndtq +hS78wVJqluDL1ER535wfwokw9ip0qa22CDupGfMVO+FOTiryC30ekRGmh/sX47Y kwdw5fT5m3tfb8R4yGxhq1N+iI54+1TnHyxScJt0SwcMACWPFvunGXW/G2+L9Ig4 U7kWM5LSQImTrCvZhbnDYx1pVe4DmWK8XNn2bFxc20ZW1CIvvdNGKbFLvtCT8gls 9wTGYNfb4oxyUgOGxRhIPEsaPuiJ3QrH1uKW8eDYaAE82ReJBgrCCReS2w+4zJwT Tiuc4FqQPHVColOeyuPo6OMT2aNvWWQsbzA6Vc2Ug8ED9PxJIiT0njos3zYHh86M UXXeNkoxe+RunktiaJeMEh1Tm7urCUzlS/J9wWcg1OPcUnbB85wHatLs94J7PmKK 1UHsCJyiVQTQj14gMrge/eOd2SUMPPqLIzbS5k4WvbNtiDtsKHBYhmAlAyspTX7A HTIvvFWLOlK1URhl9BnBHfUG7jah/Yugge1PW0mA0Z086KK3g05Zm5grW3GfDVqA KWMfR4JAH8Jz5380IuAl9NGS57M2+uRozyOFT1oc+IwuXBiMbR9W+HLp4h8RoPet cFaYifOhK9SNjBnRZ5kNmIqTbnbaMrxmgkHNx0xE9BaG+Iwx66IjVnh804uCBfGt p3p87EQbN8JVfHeWK8sFHiV16ySiJOSdg1+Dp3e/W8b8b1zrl1emb6/dHSdr4oYf JPURJtjFiKR5pxTgIHhQx504NG6JN7nh9CbtrdCl02cHNv1ESo9QAlJJjukucyFB k6NnqhTJJhn0OFydoJw+VO5c7BAYLll3IIGNS1mPAvQoidNvp7mzCFhgQPqPuNOm BTXdMsfQeG7LDfWREzFx/veNA2J0qfHuRn3dlFUbuvD5o9VBsTJ3Zm1GenkRLKZ5 4jxZ4PXKzZrALtMB4Y7qjJpIIYWaP0zqrgG7wbFK1tcEBsJwYskTuddVTQIVwWDr SLpuabqIm+Kjcjor4DHSgd6Dlks3KiOVUwxJSpuxiCRgBLZcpgAe8148AJuL6npP sFOYHz8x8NchVkd0oOkqJLMzbRh0Z7XU+m4TMDWwFMtmZIvlnaeuYu8nLQhOaSxX JOpOl/j/H+fwepLPowYD4GQ08tFm+Pb+clDBSxQ769Vkw1HKDyPcBklAr8EkKAg+ D6by3PLtgbcMeDeihnuFg2NOOSB6LJLyV4C5qYxcSLgIWIgSQNZGBqKhvudSXNNb OyJhL006U/IpvfSE8kVSK5bZHCtMPE4WRAx0XX7OK0XSKKVIjORKQSk0mok0OE+1 XXGJofp4TkO8vn58ixX7x+zWAF+HUzN19o6L2jVifijSiJQFpW/Bj4DsxmKZNfHV yTGQUR2uWuVRy5rZo3I4pwaC6QzxYxDxg4W+QURPqNPJYNEUeQg2xq/OvyC+5G3f mcmI3szodkI6Imkys3dppcLEgCbVwlwwYN3GednXsdcqi5KvghgpOU29/LIVESl2 iQBIXqdfhAZnWR/Mym4TtvjuSX05bIKYLwbQ+ESZbHW1guVOiVbUk48I5HaG49Ij 4uUhxUuhd7k6Yzl2oN06LiLCWJcc6omKXJ7YiR1VQPHngIGrkM1XGMnnEKiI3H1c JUARRM1wNCYyrrYsB0yqtEdiPcalTVQBVQqUiUNo2JaVcv2fI2N1fJSERqMERqYh lcQoQ2KdIFB2LCYATIsJSgady8GVy6MXOzlpyOzs9rzMazZrdZbYQwbET3SznxPu znL44Yo9y+xgfFK8NK3aEhgogOICtBe+toMIklvm1Ui1c1t6jeKqSbIMvTwRlOHB 4NmyuDMeZxx+OCBfmCB8F0LkiI7Pws6E+udmI5ae3JKtfRTOmPQpwnyebUNshAiN gsXlm4SeGFokbGc/bv32E6Od98lMpVlQ7dhi3RGETm/tbPnckY1113dDINbvcbQO DNTiaJvY3dAsBk4kmQYAUVXIDiaR57JxQNmAioRJE2OHb4GDeZHdvBWWzUhqtqpv jFNhw5dt8y01cxMCEEMy7oUiwWIiglXgsU5SArqDkOWVLWkoUO+rIAcpxRIohW1t AsyQkuutshCE0JZZKN4GKSVGGI/acYwIZDi0KPBYicpctfBK3olKLE40gULlqtBL lYDcHxc61XeswktQ6kKuWgHmND1TiRXkytRGWHGCtSt/3EtZelSvjj9VO2nO7U+B py5mHEKXIeyENSNBBG+Jm+7+OAl+7jhv4N91tlfA5fPlMqTV0HjoLz8BW2JwLgDK 5FyDyGC611J2JoFisdWUmRqwCpLkKwNQBYG15l4kAetBlXiP1bbNV/NlybtHkcPO mQAeIJkoNAs60uP8s/qeb43Q0oacy2r1on/yl+vAwZFC1L6iGF5S52Z6d1n0sIZ3 GBXM5muZhR9VKATauFTXeiemJ+VDw7MlI3RqdVnfSQjB/bc7ZoyTgGXkayd05GlU +lP4586W3OF5rPYRcjBZquWx0ALTbLLF1XoaHRcapsvoYJh4x9ZVeN3XzYHP5zMa 711UXNcllCN0k11FUVRfw5T0gCfPwLuX1GvtOuEzJOqPfXZX3L9B9J58zo4NkT28 zjIb38z1Jz3eS7ZWSSQozZpNmmSaXhK7hHNG9980sUOWPQ66cksf30anyunZpOWb D5X4aL44JpZrX1x3x2ZZ55y3BnYWVy25rcz5ZJa8b75ampxJ7IT33U1Y4xyGOfGn ck4BLSBEwh/48Txas5zUoR9CJIf7iH7QRgDAPpIIECAEZ9IfjFy5iZWfnLDPNkMA YgICBigUDGRcgmEOkSu3HJtd6+GGLJCEtsrlslbQogMcXAMkwv/ARdz5dCEdC1Tn 5HyC4gIT9x6npB9GCITCBRiF5nJLf/z/Wj+n+urwh/2/w775fl1O/T/GX/D65j6F giOBBTjJEDVq/26ur+Pq0eWHq/l1xnbLz86XjPUL4Dk4cKU8Z2LvHOVaT2Vf8zJg Ht0F7+SPzAVwgHTPj1Rk+tf2Xn03/gsL/6cmXNKUr6rE9v5CB8xBCAEEO1dhAlJi B+Z+Z8npRiKiKqIwRVERUVFRVJPDcqr9XpX+Y00RFWMVjEFREVUREREdNFVcsOmi 3C6KIqMRRjBUVFREVURUl98kkl98nDDCdp1l15LritSWN2gqF6M6+7+YGYGgGgFw AgYAoFApC20p9JD0AdsMzIuYnQZZZYEBoGALEpgChQoMOub/3WB6AMwMwNAKBQKB 3QlA+tFC0yyARIYXz7OCSUVT2G+DtPzlrn+5738/Huy6Z932X9ZrnSquta1rWtX0 w5q97s8zMzMzMt+Xt7djulV9NNEKI3RyPe+SSSEnOlAAs0eLNV8AERZpvF0pRliG xcBCPi70F0hgPd618r+3taZmZeZtWmDFqp6b5tRd04FNuZxea3612LzOdj5UBD71 uafu1UKs/qvLvW1l9bARgIyS0XyxEarpR9xPWEKMJFRD/aEigH3xBahAhEBC7DHb Oanc85dEe/i2y75dErt0c0b34zSxQ3x7nbpyTg/yUanyunZpNs3J5eb93l436+sf F3gRo9r4CqgShdACbMZcWGKAOZbKMozzxMGL7n2dV2L5Ofp1MuQ+jl0zOYhPRJOA YCxABhjAwlGElrSemwliIQAJE858G17mJWD13RTo6Ki/lOnZ+9Eqcs12twkPj3/s 6NUfB69sDjGl0gBe672z+A51A5znudWvDk5Afw8RpU9ZIkXwkTyP+APi9fTn3Ckh J7KURNYLwBYqcEocvICNEebe2DaUGfAKUEpBmrJoNR4QdypQhgAjwRMgSTYJsTba P6JZWCMBYjNQtIzUJZT8tv+Q/8eBQBW9vj+fr1olW2kJv0iASCmm+69kZGR6FAD+ vae4A624eW9ZBFaI+VmzFiMWKRDgAFiXxwxMB8yWZRHl9SJv3IkCUiVrrRLwAvZB 5yntBlESP8/SCoL8+6nEw91Df7MDhUnpv8JkDCX65nho4DbSG+Kk1pZyJqmMrPgE 3u515M9DUcs8XlEvs4as0BIqwFgiiAxERZ7GyGwUoERnJClDcR2Q5G+Y08QQyICJ thIuMBATOIrSBIgiBEqFVMmWOb3uE67uFzAOwusAnGSYGVWBCNj9fFk9TRjhCGHK ecEEmy5yxYjafdKLE90V4MMc49XteIu52HqpXZas6tEXFq57zwEDMNvAIGBEefcN wbly4UVgfudDniUsbmEATVXKJzOAymZPJFXpmhQhy5zou1xDHCGyKgi6fLlo5Uc4 dL2LvnQAioIRsxvAgM1S2MPYhWs05W+6YGH6c6tyGIwTTZqOFkQu5w0Ke7xJHWic LJsYuX1jPslA51EUbPQZJG0VExhh94JRSxG+JjWqXI3Uo4s/dS8nKnPumbauXMQP isIJwuAJsxgronaJO65dJVZJQ0MUvzZLhWJcwPAykR0Yq0M5OemhbFtK45bHTLV4 pcm8s4pYWzUYXo2MkV6vFhEZrj16+cCJy+3fBYxehzlQZSzTzhuTLnqlir+4QPzv rrRw4uNGuxcnAN1NCI3Sb6wImw15B5Txu05AEk3w4w5o5WODOO9exsUYdUgSIBb8 q6ZiNHq7tbAxclNK1m4LNUJ5a0Omg73NLmV1bjjzlXGvkRPHPZIjsJcJl+DF3puQ 5Bi7bMDsOxw3rlmmVZ2pZSYo+d23sAUdFBx8g5EzQvyxU29LHeEFElD10RILCJVM YU4MsdCwA9oLsnSvN7GAEYal6IJyRUauISM6yO3EwOQSr1ujpG34KXYk2EjG9lBj GtSFCaTw1YAXBKnINASdX3HjMZRhbIX0W3o3uPBlW2XnLzLkHfuxm2ywNxFNkSRN rN7I5KYfYbYUo2Dw69xwnyggP3hdhE2adGTCIimlvRsASTs3ORmSe+9o9aw3cwGB ce5atyc1ud1omBpM2IQOVfVmeTStpzOUqNpxblAsUHIFMEXETppBJgGERiDT85cl iug5vDl6yNSI2HGvHEw1+o3cHcC3lRaLebxZntQHMtiBKXBirllEAy1LPJrq8jeM NomTxlp5LvCZs5ZQQM3yclzRoTlzhbrjhWV7h9jERRs3rO0zpNX8IkE8FREWBo8N CLsq2cVWJ8SbrJxqbuZLzGmYwb08M33Fc6LRvpQ69uCUERpURNJY743ZRb56UqxB biiqYkIH2mLzBqkybvYz3W+z5R7stFnsaNTirZw64JPBqGeSEjZLLQARzFaFBtsU 2adKuAJbm+8GbjbDlMW1JqDJJdkIWlwW4g7bPGeprxfcMh+yvhHYCoLZEQUxWKqS CwiEISIQhIQh5o0ixIJUFQXpBUFrSgqAb+WiAhywQPzxF2RFwrRF4QEe9fp+0JD+ WGWAIhrFBNaqAUAHQgEvRQJ4kCcDECgT6rKARECbcKBOCP7/I3/vRmAIJ6ZgEBJC QetbFa96o7vmABIwCA9b/4pa3O6S/+t7lzIhJUEBC566f4HtNxC9xyHfs3+LICA0 WQl20Lx9fU5YPJU16wHphABhCXO+3wRzL1Ch8MMySQh0JfHeyofNwPklWfx/PXAg BSELPx523wtBmZGNgmDCVeEBVjBIJmI7Jw0xz0LsjFUxJ15bN0/XP1b+S8Fvsn7c KQe0nKX3uGNkVzBrje6u2+ffz0+T2eXp5/o+X5teU14zf115tt0mlO75meP65Zmz a+S3/mv96d5n3VUkbVPkfJ/fN4tmXYAhFIhbETcUEkgICF1uSUCgDcdsOFlBCwDV PuqgKVAc7JVVWoDTD3+Pm/xh1Rnh8p9OgEis+mgKUePTgxWTOu1vgc46brJdpNbE 6LiOaMATpGdz1D6exisqiO6ctLymB5ChSGRljry7dHGIl8QoR3JhLDYZU8InkqjC n1n+eOeu43XOG7gRS69o3iEFxh2RFwhG3v4kyPxQ++X+RVnKCAWPmhUxjMLjljJV khEGQA9Swvg3mBuNyYbclcEES9yw+JKxwRyogtj9BRkaEyFuiBYRHKKJYQTEMQYT DqxArN6a4X6oDE8k4qpN+W2hBlowRBzpcxjFtwxzTB822LJJmM4HsEMMe2mrEmTI SM4vXIQpEHyed7gEQP73U6OibzzCtaSGVNFhWQuMY7i49S65d0RMHXxcnnNkUC6a LBZ2u8ohS9WbDaraW5BQW5FLWIrLdIRAmLdyHFe5izqKZ1hBHMTa9Tg1XMdANGwQ GJE6P06RgYtHiEvaDVs+1rKmiAQFa8ZIc8JY91CF6xh3YRNGdwmzm6e2RO+DZi2c x6w6CcrIriMaxUHengafL6wiPD+7qSxaxRYPRpCinHHJNc0PZc8z0pvFykYRzmsH Ln9jzcTaa3nL85ypZhJzNSXim5Ukd+CT44Y7kMp+DdSekrJa089TA2jl1ETQodjV ypZOkTUbNxrHIRQiwQ2bCojETN8VqAKZUEDUK1ju2yexiSSvpwgaYzHiJSeNNBeL g/CxFlclfN3mTaf3PK6hvFHzthLocNSvRur67kYcn0cO0G0pQyvPRUsEHd9y08Ma 34VluHFc6TJGTFklfRo3RTRcEFyzcqQWzoc6QTQ+7kb1vk9ug7JzWBE9yNmZE69Z W1Ww/JM0NPDsy/P2QjsWPlMlD/5F6/tF5Cofobrus+Qv6FKgP8AqK1RiKYQcgZGQ ylGQLIwLCAoVAJYQiMtpLErBFFIgSKLBZSywBVERWllrAJYRlLSMrJRggxlKpYSQ kWKDFZAGpz96z3PL3yY/Hb3+F8PPkjiwgSVJUAu2KKvQtPFsonqqN9NJ3yV3NlAK 2SEKdPAVMlat8HU8v0EgmBMJA1LZf9fCrCnKF2ZCSJOwC39Sp8fG30L4zXUKzxrT CARVQAX17zqHzuG6He4BAiCBhAhgFaEFeNdQzq9ECAkTAcrADgF8TYw0ldtmAbVO suuSqaoSzGWTl66XKqHDgAzS7Vy7+OrhqroqhoQUIA7OLPinPOaxat5kvPtFHjAJ KYC+3oPkBH4EwETn7u490O3vOfm5svF3Ts44XrOT1ecOX1Kqqql/GxUtPlqK20VF Xwuxr7nj7+E76+UObM49ZhT9VF/VjmY2s1Jq71PnWYbd8qST+mCrfWPr7Pmn4ss9 5P27+gsNV61l3h3xXZ9y1czF3XW2r9V7rStc+1J57aYsKKn5oS5Yqt3jnq/HrsX/ dGIkgJwFxuQCHAKywIQoEsoSQoEp+NMSSAYAlsQgHAJxX7mst4rg4Q37lIPiZ+6F Jr3PugZGcgYolIH+5MfdZBO/PowPU2fXklJLE/UaMitBqszGlj1EvTjUIFcaLfx5 0ux0hRH+ce5AGEHtxHvvL/5Cl/5f6NQ+nDjbt9GIeyZEm4hBX3P4k9Kyo5u6C1HJ X3seZeubogtSUUJUiuae+sgBOz2ME5YkkC1LZkojGAdoaYk2US5GjkhYljFiGh4k kgIskpBMpyPCqFbW7PkaynwAUWCVwQYcxLWCfswbMG1snBJFxKJO8wzszt7nW973 xWvjuR7FCpojYsHZu0YekwwBm49XehPmmV5TR00QhfuZm9jEHHiky2bVey11hrvd 9ACdG9KImW22ExXsHAo57POWoTCQp3vM2NmJRmTkR2+A5p0Y1XmLuMWANVSogzEn j1GjO/axtzs+TDKMUQlcRHzFnIWUcwxcVjuWAJyYlWL1LwR07vBe2hqQ9aNHNUSX dOGTxg5R1vUkyiJrhGnU6CDhmL8dKQo6571vFPT8ojGrbsaTPum2nh6ziJZ6Lwvp ipWh0mXOFkuMxiS2YHXhvvu/d+YD364FangeOes0XBJ/Z7oqkwBMVJcl4p+4NViN jA5lZMR7YuHIKoiXRQkzm4VnNY2UC46VsRInFFSfdlp1uB3Zy4pFRURH32+iKjqN QUARe5qNchGLwpXG9RqLjmO79fh6m/LYK+4ImKPbe+j5WEU5y5w7A/0jIN7B9Afk pIqU5f0dSV+11o5wpyRqXYGSTwtQarVm7tgmAiu8lrIur6LA8eG3Euco++ac48i4 4AtBvgQHrOVBlULSsW7/oJZ9QA/h8JRVaMzH4xwLwOhLg4irIRhIRhMJ0+MMEwSD zkZohWCIwlGSMlIFEUYJS0lGVojRtSCyVlSIsYxtKVqiI2yiMtqy0oLyMkx22BN+ PfZ07o88XM8lsbEZIEYXykcrRyYTgXRRGqgVDCAB3k6cvapTxYs1dSOeyi2pIrGE JLdSGkjr0SYOaLHa0kk2B6+vZxz2dG52sVBhF2DFN+HQ0xu1J1dBkGQqNOrHi2RI B64KwflSgBAIi5cDXrHNhZTWtd/yqNbCQLWX55LdM5dpkmEgWzXXpyPZbnezZc8b CQhExCR+PuEvz/Uj7Oee+alW2QQD3R7GyPhHlszUAxmll45ob0d6tlRBsrsLiXRQ SFgNAyccZgnsONkQrw5SgkLHE02E02UiCmXFDuBg6mjNiFBqMg6yS+eE7aJmh53R x0OmowilfW+KiLD+8sMufLtO9fXPb0/snb1esQ8fSKrqioASAIlmj7ioqJQIIr6K J99QQaB+HV1CHN2AbONzJt0ATg253a4sXhugat+sovqY1G8pIOcOdK9/PExlJJ1J JVJKT8o9zEaiTjIxR04m43jojtLpyYc5nO7saV/XpfIhBQ5K8SyA+nCoArN7mM4e VJWPq8fg+bXvIrN4S2YVHokkw5eyFltymKgIFxt9gZOT3hRzeNPqA1QAsQTewuFn FU5wgMjwMmdchIRCwbREvj3rkDq9Pcxnb0iDISpc8bTbGABNzOTWkjvjGFlowgni KrRwg3kJceXFFKCdHKVrRBEqYvrnORyAUcXljj770oINdOkC+kwAKIlirDmwQ1UG 6tkS2uQX3JcjqGFTHmhLulMbL7hEOjJKN5FjU6uVajQqkPYmNokhyZIiCCsb69k4 iF9+5cfygG4Yj0Ok7UXSXQcs6XLs2TCMxuk6fmh3yYtVAO9qUrpuYs9aPlcqQkIJ BB3a8Je5jppEGLqiDCJ44cJOdwHpR9HLuwMWCoY82HDq+LT1VaydBgQMTCeS3PMI ljaPspiDxx62UqF+ot3d0a2ukUHefoQj0y0W87DXIrU9ne5Epmu18O2pQkF5FzUK zQYCnBAp9/jpcATt0zwwAJAc0L7kt0K1MkBKXJyK0w9miG98+ezqMPxNThGJWTHe FOkEwO3CyL3hvzoiTXvmyOps17pc5Gs1rmAelmRXF14DaOkJ0MEcXXI7x0SZMtal yQuQjERpRnpekOe2Bl7W9LsiJg0Y8eG0RHAzi2Gd9mKZ8JtNr+Ld8b0TsipoPICV JkDN5UsHk3LrlcNti0OxJWjE6SOZrLZBtj+AeJDwKVA9HMUQc5oCyJmi2FtliAyU CNskRBSW2CMQaNLQhZSkqKWwiUqMYQERYoKLUvb28O/K7rTfTE5oijsyqcfHMshe elc8ZkhhBRdUB8/zjazobN7vo/qDH4tlwYAS5huTNzJpSYSBdLp2hU3Nqltn2v1U pJJRykMBo4YSl8tNTgEimqnxeEsVVE1CxtilpT2AREJkALG2rB9m26aYGyW4126x C8CCCcOdidJ5Jtrly5ZPPpu1AF0VEyEWfRlhS011CJ4PQQI79SOLbJmaOqQxiEpo ycHcUUe6dxJCfiIFZBpI455qXtqkLY6q72nuu2D4n3hRB+LsTN/bMUbOij4w9sR9 eltyzPr6vVZpblM/3Lfl/9/EREQO+IJxIirEgih7aeuVBFIPsoiiW6M32n4Qxiie /7nJ95vYdey4mZbrs+hpm0kxxT1b3KKrJDQfR0iApR80bIrXIt9JJ4VW8Ft0M7EL 0ERRGGGTDFhpJITsL+TM8Rdxt9LkCE/L5aYIgLpoLgEnowc16V+Ptm4cVhTe2O6p MHR9UGmdjKCBJGUM9YeEREvuhugwuB9YPekjJn2T2zVFlSXMne4OAxTIs58ZLzWT mERLb9BHtjj7nmz15ye5HWNIh5RjezCIQRV2RELwU4QpIPkslhsBPClFbD7axNi1 ecINMgrR3mYJKrIDiI6BA9zMmucNFqoRccAmcj8tzGy9lyy2WKhAEx7iImhE1IeF 3B2CnNzbWL9ohbLZcpbloI29jualhMUiFwsSUKAdzozddgFiTEbYcktfq2FsPyNb sCoQLzCCUM3qghttBZESTE3NTRRd57w8YJrvKzoecp7VR5RzLQWxmx5casIkauJz o5jx0Onry7MC8DGTCY7FySpKfmecsXmw0LYTGRErvTmoPbsZPEzXSG1b0h65K8nQ 1tjuTPrOqY3gxJy3JETncEuRtSjuLHbenkLhyxKszWwPJFJbTgrhcRM+fLpxWMYn PCjz3OkdUsFihhRPDiafGKzosqiYzkxPEjWyBmNdJ3hETR4LXNXgzSpkHH2UXxN+ KjuRZix3WSxKNIyURjy8AOlsHtp44GcAxfzCuakWAgseUAT9GYFOW9qpFMkGr6RE 4Vt1+VS4V41z1GoO53eBTkUlSXGw/HQwyGnwIiiiXKKQRSTGmKIfNs32t77qDPb1 Jw7WQ6HTnODOfvF4iJA6yBEof4QUCv83RKpyNEKyiKMlkbJFESp7xSwEUwVKtCBU UDJqGLKBYNUeMRWvDiNZDLHjx53TgkllofyehqALck0d//NCQIndap9V48TLNLKP 4ME/8v58LaSSV7/nLHuto+rAJBW3aQz8QhjYtvYSSRL8s+nW6ix6huUfi6SBZ8xa nd9fSL3EAclmNTyiZ5dqkJcEJg9MIeEpeo93nAd8wkgXTG6zsQqLyNP9bp+RYO4K gztvy3qv7bv6gnr+p+sTsDBF3OV275atN8+vt+6L8k6+X87vy/+GdIfDfj2/y2vs U9/HN/hz156prkv8EKG8dpfNpecnLSlt39x+fzuXfEQ4kBRgQFSDBFh4KSAVJCAh r4+rnVV78dhkdOOm+91IBOnbpPyiOK5dCn+xfB4frgYiYLPct+HOQJV1BSmyKmOi sM37/vmRs6QN0/cSgkIHNkvDR7l0xJhh/YUGPRCnoslTeKaMFkRECr2Zw9lO8hZ1 zZps9qs5M0YBuCmxXGNpDm0LZxIqknQRjQ8imtBgvwrpsregBLM+ioncSr3MNY6Z MC0mFLbxXNSkF0E2PJACPc4PUHOpXkqLFi6TDjt45ou4+A8aN3Bbvtq95ilDgput VruvCMgC6aWwuIDgzdcoXNE7SrYS5kN5T2doyY9PDyImGOvZBNniND15R3nKmYCR u1RI3DRRocqbIiXESLHsFCBbpKCT0fdDLrOfHKY2IhnpAOa7ZAL6nxyeWiWtjbbw xIAk4en607Es1k1GJT2RNrsRO23QATMRJhx8kWLFnbc8X0Cirjoub00LIIxx1ETl eNume3b3L3DR0jFEdbDVCBTZTjivtGnpWDCCW0dNjiJc0dMOMbIW6CYcum+Z7whz Ly7HOAgUQSw2VKoOU4HStVe4ie1MxHcd7geeWLmD1zVbPEnBcPeAiCl1Dk76KVCT 2pREo7hy+zW3LUAI7XonVjVZZpFO8O+6majynL8s9saFYRGN6kojFefVi+lzBg3e x0fZxeAgYd42ZqIamnCmC4XtYybVYREUsRoSYwZ4MWhRNDfpCYgY+vc4WLPrRpDk lEgJVqhW7e8HQg0u2MHPre/4wR58upewDtNAMsvTqQ7N5Ys3qMWFZVEoFksIUYiS oUSCNbLUtko0aUsWsOvkOO/oftiEZBBjPH39m/Xdt17wElYuXvMGjkm0ZtGQMllS JGEkCpMnDxuU1Lp3ZFNMAAeo7DrQxr78BEzNxBEKx52/6LLgjD3RBEKchG+c9+Nr ZZJppXZx1NmCiREjBFOWuMsRXpvJ4pqPlwMISA+A/M7z3buVHzSuhCIV7Tx1ey8v XePX9OosJJKPvGYYs/P0H/brf1vm/7qO8zwh7tbsp+/wdIFxpjlxvCrM5Yvyprby K2nAyM0Y+NP/R351rjzWvPmZ/7Ga+r1/tRozz3zPz7qzzube/DvVYluzpOG66mX3 d7b3gROdgKGT9dEQaJ+igCI4ZABW7pY5Pr0/Zv6Mc/E9my2rdG97nv1wfhATmF08 Spav1X+DwrRtfxaN6QL3+TlH1fkuEuM387GmL4am2vP2DZXrPsxIggd4L4Vg+u1y ouQWEuKC1jT1tJideaMKNex0gbkFLFwYoiCUnR1U5S62F9nT0sYWOUjUZwGjvC5t HCeoOgFwd7UKAJRUN7Jd+KdTvbyOoccwlvceQtGIwHSxd+2MIiFsOSlw3eTBiz+b uNxKjSktyGgp1MwEcV5ANe1JgcqxrGRIbBcizc0drpKrrYJslEGswOE7saN+WERM IJ5hTsk9EuXmFXmxDm4HZg53pIKyCEoZREep3laTKS+gQGvaL8eynHDRnun7QMPw p0MujZlkkyE9KWrBTKRcqFdw5iqvKmDMxpp6hjbGzSRS3WRLiJG7DWKn3qvcblsH ud4ut6zfhvGx6WuGtoj6bKGZTZQieG6JfO6YhYQUq3YM3OPWJC9HBBFW0cckCC4W gO988FaGwImkEXhdn6/YtSZJzAAjiOGbyaIDpEV6pfYdcq2S5bpM3pclBMXDBFRx XFES+IArUmMml4XFIs4WwggpRx3al8b0P3GADRGXTWbHD2TDLEV6i8ItWWEY2nN5 jzUGqwiZdjBUXvZKqG8HVINtUuhcfRzTpJ2+TmZ3xGpF9bfPGACxEDMYXYQiI5kU EB18DEHjs4LYGN6MYLU11KtKzikMJYRM5ngM21Jm5DRPA2R6WHtiEvsh/P2LehCR BIzCb4xdYrIFtqQkZLJSRLQqlJQWIxRLRRFEFokWHn8vV6HbxeeMf32/Re7byc2J xJAfw9pqTl9WVc7uJCDSx78feJal7z/dGSuU94lCImBhIF3PxjjG8LRSwvxc+uj5 AkjiASKXFIJgT4CwIN6ejl6O3nu35TElpqSEh7BM2gyxyQ0MkkjNkqvluVMgCAoO Xj3D/Hzs1cBBm9p+/e+5fQa+oXygSGt6VRKYjTxUNIWEk4lsLXasgNrmKLDROQ2X upKYVVZypQrzh81L91EpMvyMWizfr6zKTZ9kvvrtMfd/w+y7YwF6+rk8Z+cSxcLb rKB1JI/AkhTGEJAwQRGEUUiQUCEQFgdPzZXplOjktnnajNnwus0UktiHSmdshPiQ qYgV5I2U5LJLoa0lsHrT2DM5ErLo5w1V0UbXTZ2nXdldgEC2jXTkIxGfcNWTXR8X BA1dwfeGxBuePkASPDi+Q50gsiCMiGCwdKEkbOnwRTmthsNIQUJFuYvNrLZdieBY W9Bs3fAnmRnbjXVfIiPt3BA8byagmJFAEuJfVJ6MIBk3wxyDCaXMQWcLFiGuNSiI gwp0UyAJPJ1vUy1HCi96n26u+hqMMYnOKbWzJurmwCjOEO8Y3WK8pWdCyKmeMbCQ zYpGG3wcRnmklWr268R126r144GbG+znNx2cTJj182mwAuRSuOlrSnb5JYyCA+0i 0mG2ZGyMWlZdcwSAQUYqucK5GXEfMQQJGqKAJhRHHOdwRZNazPTtcDrUnFudzCkQ HADqCUocEBTJ3F44Ybd5OEUYtzg3NArT0eoRB6HRDym0pnwMImcPehucvFpSTZY6 /jJ6B+GjZc2MMHS/nwimw9u5y+wYnh3KSFgoL4I3swIkj3QRl2WTGVUgKgECxf0Q qkiSj9jA2y7GV1gezQEQ4Xi4iV6fXGwgl1GEydp2pDWBjsOuTFy2BkkbUayunREy pt7DD7vJ06biELD6VCE4b/E2VNnKHnnhVUzOiVqcAMwAFtkK50ib5cbrm4xa0zLk XLWkWmako5YnRjiIj2TQWdkVwyUZkjina3zLg1/HIOpY2WwQ7A+0TY4u5MiJE2xl 60HiuHDM3dgdBxw8nWZZ9ibCGpaSpCjKyoqNpRAsjQClopKlsoFsSiI7O5r8sP9f c3Z6xo8Swx7BwAD8c+Kcor6bNy7riimzLCnL1ZhboMBVG2OVt+AFKSt4gueO+V/X cvyqAg3n0csFOKiEC5nmJ4v78hDAqQ3hIEGH/z/XqHb6160eRpTIALzxWqfqNnUb 1QhLsr3p8c+ML3ufca9/XdfgkSgfpiv6fl9QmFJFCFivsIxv6P0Gp+VcG8/P1iBH 6ebfLeRhtmGnClcSkaxZ6WfGDE5fMa48u7Rz87twrHWLa3fPP5f5PwCBfg/uOgEl O9RUaQVAhABSO5oIJR8f8Ovb+rf7OuGh2bNxw2RmcGigxJlI+PTCE5pUwDplqhtc cTSPrOIqtfqdiphTvyXSfTZ3YBjSif1X1ptRlnjpyShj00Ay/bKCBBfaFoAV3ryI sTNS0DkNdEx0vfJ3AAmABJ6YUqw48S2W1aZM+OGIRChi20QTDcCTvKLkeAQInnKM xcyBtH0Xppu/TeemeOFLsmhEPYAGMaexY2dHOY8I2tdOG7GvURzebmzHie3ENzh2 GZ18vBouL3WGRlpxEQ3kYgg1vZeBOaOD2oD7dh0sJgV5fLog/iN7GCgDApGyjuaf PuD28Ww9LnNkYJSMkKdGB+WUzWWqNrIybREh4KuLcTJXknYjYnGLFjRibC9xqCGD A69ycGlxb5iSxaNdkArVssF9F9vYfs1T8NndJEHy0MFUiZi92cQUuZyjXJ7NDjG9 Etl1KjmC2dAGKIF8N5UTknjAw4iULfGsLDXzHRolXQOb3LfJ5ZOrEzaRGFbiWEJ1 KtOGasHTp9ZwbXFTpxJcGS5WKNnvTQiNm69D12U5kgATHKY8ZCQchbn3jGDdY85V aHsdDzxRkzmwiMEm8yrXC4eg5DwIJ20EBVEBB2YOltr2DFJm3G0WQDBzanOE3M64 SQZmYstjc73JnhGE72OeJAE5nOREc2DXIta9knxd7X9rQ5jqZF5I4XzzAS0FCR5E SFAEuxzt3xtbWyZPGhi6ct42Uuxz0NppGnVCjlzE9IwwlovB5b5h3pKBSv5YZkCR /NZM3JgVAQbEaNIKyWRkpIBRFgisVYiNpFUnXycDL0eB4uTF6fFmciKvSZaeGmXh 5rueGRstfmqpNxlpg82rA3BAVGt33TdNbwEPGMAupkAkyJE4vY/064M1CwgSeEJ/ 3u+8yks9NXU71hletCAD9Hz61u1RfHD4ukkYQgL7pXXxGaAEd5RE65tKcGrVACaV katvN5J8Ik+RPifN8X4OMMSfEek/R7Y779xcvmTqSd808kIph5DCPNKWXy2GLZPT zRR56bMCXJB77qWy3RxXy2H1abZ741Irb0tm18wWrnmI4xe5WOr3d5+79H6/oEEN 1KIiUCKoQIqhD9MPXUQEcMAIY6fXrsz3D9ZuIs4zGl1xHo3RrkjmlG0aCWefGdjm hYxep81BBxnMnxf6Z4Haeb+30cKU6S1d+4iBwBA+pR9fhaehU/Cj4ggyds2SDIAs QUgsLyWbbOZSSXArZs25iuy0shW7SGd9nr9KrxB1MwnjGEQhZrxxESDnbdaVI43j OaSJ2uk2AzVKoJvo7dte1njLKQiMF56Ny0oBydyvTrjggW9oXJbrBYfmcGrjXbzi qQ2enQDhfAqET2gxoF4a9i0HHISQ4azRaoQQooWVC3GLVkRmHFyMWFmoSRpjm5pE ntpO2FLF8Q5Rzlm5ne54+I7PfJpfWxKHZbqd0YMAHSZZ7Bk4WSirF2hINT7Ac2nO IWLeSDCZQa5ov2oqxVAERrRrxuRybF9FRifDHBjnlRzhXC3O9vYYrK5IkO7roiaL DZ3wWXozOUSOsCGKFY9ws2jeXlR7rMxdDFN8oJhhEl60sYBeauUI4w28lqqYdrEg pL+G2eHQSW6WVkNuImkEjItHRAt2jo5QKWirXG6ZfjjBWhNbCbVH7uowTOTJGdEF hEaDY1j1b5SzcPdcvJ5rrmTZs2ddBMud4psqXhxHNWOHbJiNoiQSckxnmTOhfbYE EjuF7afGaFjqpvQ0eeREvF+hh9Jvka2YqT2yMNuzKz5NwAJn2rdaDRBU+gv5ES/B zNzGYJzYYvx8HRFUqXFd+FOzYVF7wSUKIcUAtPDmU9HYH8YH8k0cDX6OcEP4K3tg trRsYNaSWWWFayBLJZLJKgkIwCjSjGhR7/ZXZjp0FOPgzur2dWpcSIIc2N9U+9A9 a2FxDDAkhhIB7tn1W0bf1St2SukCBp1j+XxImJAo+K+vdo1lkOPDz2+ASE7KOs3J WES3rFgqwCF6XmNlz9bV1NywkhNWu/zWqt2ohAeptj7rvpvPPe6xq87iEKvN91T5 0ke5zx+9r3eQ1rHv0NE4V/Pdj6/K7V98hNnKfoNP6jbkU2clMQ2ajZVK/i9jXvsv wb4U87XcZi8e6c/Ffkmo13z3zx1NUR5fPlyRyTTQp2/dVbhrASFrTCSEyZCERYoj CAqEHt9W3j3/xPj8XPdX3+6picYFERiXL+skZlOBqOBtITmcpOYLNp6ABxyxcsnL RCKcjOXJl7qFYNlj32TS73Og6uBCh0wkfwwdLaUs9OqHrynceMz/QZ66/e/f3nPD lZI+KUKig220qAqgZ87iFuFGCEX1qqvlWZSGsIR5UkloZJCURFmtjTIQ9NFLXq2V 61Y8zEjiNJOcbWlHylQSXmwma9MmXvWx9R8CLt8B8/NxRerTNz4U1nea6xt6wZ0W xN9WKSOXuaLDn7Qd4WH4bl216KGuBDlXpRdW6cc9DxJocvqhhDo1iPDt1nuZgzsT mDxQIw/nayeBQww4vclRjC0Kwuc1cJ6Wfoa6tTvV6x+kh8Vy9pHMv+I/WJvrtfRz xfTjlOA1j0+euN2SFW1jezhS7mNMZ5t1ZecrY9g5B6t39DMUxs9eGg0DU5OOSOW9 bkkpjk+4I9DawaqUc9kVK/Rs0PfHMNWvRsa6dJkJR/nNZlkrOuc4c9hTdMeHIv34 CNvKWYYiTJFuyho6Pvjl8X0TqS7r47H3Lsu8KXmd507IZT0avmG8lmaMuMEpUyCs a8JTz3hAC0KgiDsL4mBxGRCKh6wT+WmdfR7mqdMj/Vj5mYJfVLK1T50QhAuTOBbm vl971BixTi808d7CmLNFMbg3rrbN7qZX2Z4cI1jzGNqovrsO/XOGW90lzJo6SxNM ZqMRw+8SgvlDNvLeFI5MZYt4cxe1u9PJm13WDu+NfT0OOPuOy1tmHJvuT8tF/ak3 2jp+MT43C4U6bvvhyPoSi5ueO5bA1qXePrWu5ar/g8Z+I6T9j6uz0knp91VsAD/o QNEUn6RKyBlel/v8H5fgAliHH3dd6I8z7RFutqPYiNgHCLk4fj8X2CoZNtvq479o fgiRQOcoJSlKe4D7wQmGEJh6F2gQRdz9fJxlPJL0tJ86Xw7JuyaiE20X95K6oX/N ZpT8yTyV4h8HtG9533e12W/bsz2p/M69GaIb3PJnNKbivDVvbWWctarzvnjT7vB9 E2FTS1vjtftWjfYF/vatj1C3s+PXf7PFCfvF6X+KeqU8BTn+573zVCnI1dfGLkSQ LiQtZXJmJcIPyWSd2z2frmMP27BJBXPq/hH1x64tsnTkn9kpnOJJj5jCZIF9Euuf ApLmkDqUXy5I4l/ZquTg6RoIrTCoEiEx87NE+rq4cZUoADMADIGAGYAGEB6fbWI4 9tdUr+KEXRU6p0lbpJCPwt34TT8Lrib61tilClB3af0w2I1fGmVbzBFLc9vBsrt7 0x+WSSmvVJw99+THaxTxm5nbTAcKhsNBMzW1TPfIK1p0/q/4u/j+imd2ffnO/xP7 Lc9WPX8ziA1X6+h4fVM/x9Zrm32++de9SvH4nveWp9f81fluUu9Pry9d+Xp/16kH hZ4uiqIQlr0/nugB0rj8nvd3WRiKZrf2SRLjZgY6oSVtKpIUYMkk18/o7Nx8eh1I pwITRgbtfLsoz8TuLhNujlySulaZzt/jik5JZpooqoU8c/K0ro65oykSfYpeYz8k ySy4x+KqPha49s485x4pvuX/Gxr6/FNXQZlM6ZcMyF1Ax5D71Bij8ZCEDmj3e8nX kLc1g2S++LqVtIkg7+gs88MABTNRLe+uqUQGj98nf0bC/p/qavSV6/tN9U10f9P1 nT6qkDuPyVIezVNAC04T+Xs5FKwQxF7AWQFkFf39n9LeQb9ENhq9NujlxMzwQa40 RReq4orGL46OghUzw/Hn8pSCr7HlQGiCi43P3kTT7W2jbel7oZNs+6fZPCLAGjGI V5HwjsaWM4s2+EvlnrSWJfJVfe63K658eaiyO+99sIrH3b0PuPxn4zd9Z+VUr0sG NS/XPmSPP5L8GhI0FYbryzPjWPb3C+L4k5JirPz9da/Iz276A27/SgfgfL7+Svzj kAPwclTTx+6CjTl74th8Ov+MpddGg54JcOxxvExtRGkpCkRL0fN4/IeVU+exwR8H ZoTx+Pv+Dt7ZWtW+mt/4jKvuCWn73vSt6/ff7tfhObzHLxejlBatqldkVEfsf13M Sxhh/fNj57MGMkxL5HbN7fbI3H96PB+AKap4ejKRNsxJKa5Z4Szwy3UR+6yttOWX DJgdgAnvkzgGxizH0GFIGhtNr7a8+fGWx1wEUuOS6gqyzX4VRR130t11S6RJBL/n 256sBej7NZvgkgWADIX5u7odOdp+HNw+qgmyJJLiY26+3wm5Px8Vrm6LeP7yzhzV 4SZSHJCK9/iie0sjz4ataGxZXg+4+QQJX8LT+1fDcafap8Q3LVxTeSYq1r/g/dPH FnLKx5P24z9PEvllzvhrOG9W5ni4XEFg1NtS8vHj18uNuk4afhViIiiqoiMRVUYg xViIiiqoiMRVUYgxuFypGnkO7Mf3VvjZ2L4nH3i7eqt7yareN98lLrqppyaWZ8JG plln4jww8m7i83r5fFm+7/aiZJw/ij2HyjM+vnl/TyoS3VeSAgkyejsSXx0+j5aq PZYiUYEwAyM32nh7cMvQjx919W31iDhIhWfw4H1XTc9d3fD/TiD7feJIIde9uwv2 AVz+rnI9O/0FyH69XkFeCqJbb16xsv206NMKj/bPso4TW16Sfmlhrxy/fs6tfec9 /rR9bIMRHs2/AVezmypCEpELl7fVZvPKyiQZf4dV/dWAI7em8iEkHdvOtIPJ5P9J MPpikkujt/v5dMckiUmdJBl9nZ8ewSWc59tE+fGoDaA6NhJB3N+Mvrfz9dtujw8w lHRZS5sPJWfLhd9ePm8DSha9yVHn9/4+72yoEjybNWoSKXb0lekunGUgJGvWHHgI sOojcqH5ez+xt+zftLDgCvx7aAcEPJv22xHiSBTi6adh0gCjIgYDOfVPyiRdLIRC XHh4/T5+gkSI7BViOGwaoM7njPQrpVGFDhY30T56I5AkmxJ+c+uopWrJ4PPn9W+j 3J76e36Pyd2PYac3l4vhDq+cv4ZPZ7qNXowX7viJWIOe3l9MgFS4u/CPX0SAl2IX 7yIq+HhxXVkPR1+/Z6Pu81Xp13iwMyQfVGkkLn7uZ6Fd0IlWLIrzUPu2/Qc/WB1g RImG8FK6acCsIhgB9CNKAQewVv/bb4372+s/iUX6Aq9PltuUFID8yQbOP7eQSuBB jydHTJ18ukmzej8eItsQyFZRxQ9/nUNPzfmo3GSjkwFAPRFDwMN+9D5tzhGbYze5 6QL6u/3T4day+yx3eJW93xqS5uvt+2QKyPzeX6d6SQjDn/Dpf1e5x7HedSVO8YRa vPn9rq5tPf7/VN+H02cepWJZ3B+I72WfpH72/Z+dJ7OSlfNI1La/4dHA6qc3k923 OkDZ7uj29+SXk6vw46iiHLd6ovzoEvb3ejq/c7d6NHIlNHkTvj8NJ9Obf+yr5+nd LufyRebHR2+774WnqASQwCLNm7q+v36GHUs9IEzMDx1alFBkiwEafh5VipmY8/cQ 68vt9yqfD2+wgP4/jwvi/Lt12DksFRZt05SfXCGRcwNlWKxiqCqmhlUXXae0yDB8 WcwqG39rzKTEcpsAD8v2gYgJIyn2McvpeNiSO25n2ttmI/w/bJz2RkEzWhQjJrVT 3vR4n6Dv70Xt0xm1Zyz3nAnYBmEiOyrlOHGCWW/vqsNnTrXGYyZLmjZyc++EyPh4 Le3DQPoEFnGKJyxzACCBQnMxtkLhgAV+GWsn9KXOBLuTc9LEZLzuBaaOVA6IJMIW NGc18yo2A8X0/mWrXHpuGsjGfj4cVdn2kWN8LDoickOfJpbTIib9XVdenKsXmyCS ZX4Mk+O6j3ReWS8GjlnRFy1G42DRM5FhXiYuxkGbjTpFjNyNQCxINkAuDZPugt2N AzmE6bNhUggZX3TnZKEqCA6Vhho7CKoiKbyLw43AazVNLsg8Z8/GILGaQSvHYlJt XTrd3hMgFvbL5DOPN22wBOHEEuty9ZKzQbNLdHPXY1FBQ7CLRxkjqRZXET0a8uHE tPMaTwpy+S1sG8emwmskuqMVHspuMDdGUdLFl6IisQcTRknOzNACrRYwaYmza3nS 8RTDydCJVEML6uAGsE3yVvC43CUyTn+qekH5HsS877ZU0ZMNno7HYkzt35gi1V0Y SrefrJIciN70RiTKlyVm4D74Y495fIy5mT3F4rXsxoIMb4wiaQSulxPAJKmjFUG7 g1aFZjtkiQHCY21oyXKb1ocrpzkTSSsOZGK45LOgykLoZ4SXx2fLbLiKgCZYlTXj DETkNXueTnSUS4XHcS1mH/Bm58iYmS2nNd5m3Zc2DtDC8fV/xBTz6DW5fdDqRCIn rdeHUEwNQc21HMHM9tJ268gjMUIMil634RrMSYM6cc3gQ/QKZV8FlInUj0mH7LZc cmZ68BM9DMSXCV0yNJ/Fup1ojAqpVKUS0apURSoKUpSsjJZKAUZRC0pJ9rCQE0sk kZSioJ/dSgCkD/GiKltjYKoCEIAC97nAIQ2m3NRjlNDyGJAhERM5+ZzSX4FkRGRG jPPRHNHoI/Lnp55yn6c9/slcIEsAZCSBgwO1JLssAqecbhw+zAPwuv90SQAQ9Bi1 +9xl22KqNx+8/SDL1Wyoth2HxoO7V3j0qu5P31twBPLkoK0eCFnCNKFAFS5E8P5q qL8LztCliRA1In6XeVICvygLRaCFl1fKKGQEWAFKFytFqXVXGiGUbjYyakSnkpr+ YS4W/p3riP2rAA1HRTPA6QhDIAxWopYOg4m/GCWUbgyT8TWblVuCrcupxNF1nj6K AF4GJCLIIfS+Y4lwPQEzTdQOcitgThQE5YHCrapkYoXRZKuNe9qhNzlgh2mKLUAI qeJaWCbFsNVbNs+kAghDhD/PagtBIprEgJGyHR2N0nb29R2qEh7btf+MN+wZT7T9 yB8H5lChch1ND2cpfZZmyLsCGhqbGANt8prNVYqKRRRe/r6zywjYn77uB4cMz8Go MU8948o7ESvr1ORO5jYCCn4Ja/MnW1s6AI+k3tyfzGihXMpYY5Ujd5YqcyYBBvRG 5aY9zPudir3SE+pyjtTwu5yzyHJFKEjLVg9DZOhXZ2ttdB69bZ2bPfSSKL08ea+D dOTA5LVvW4mhycp5zpcXOEEsTybIBciktXYIJ3gW6OKG9EdAgdjeoTONJRcnWzzO ZNQNTtiaqmqoinaRm0AE5Csu1rcpeeGDk5qji3KFeWysve/XTCnYZ8nNR1ETMaG9 ILTZO72XpRrgCXPGjWLsGvUqUVpzNBcV5L0LTAoBmhPL2rULwxor040ACuRM7ctJ i1J5J8q7EEAtjyHyJbwAKsCRxH9ORuW6cAE5OlLDAtyk4tRCHshUUUXESCyWfJfe 6yHtBBbL+kNT4Sjkdv4O6fE2gqKboIjDTaqyP++NKzsWlBrGzfV425fsdthRuVV1 qW7w5I+lAHLpfGiCEBxMuTPOEhwnoR8KY3rG7I9RGl6bv65CZuFJi1mKiyKKLzbs HC5knNg5XLbjuCBTlCBSZud0PkodTJ54imllzFwCkEthEBw5GWgXtaiCu2J2Jlou XO2IKOCJBgLedyo3YekWuOPzGG4b42FM7y/AvIIDMcFJobLD1jzPZScHTfkROzwG OHpLUZB8jviMgvRu6KPJiDR7wAjbTuB7IRY0R4FES4/jxprL9rw/4bz7DqtXjQRe YTgcaFKJRpGkCEUstoySIFkpJUsaWli2yjAJT1NFFdMQKlQRKDSv2+u5BC60Puy+ m5AS12IVUU74UCgKFQL6lVRYn40AAgwJ4ulwgQ71szVRas2vTtGImj05zWSGqTVN QO2QKZjZBhypijNtM0ZPGUlDur4y8+IAXpCFcl01HtsMgIyKo2jsRIgkQIiEKDDS 4CEFISAI+t2BgGjJCKST4ygS4J4jVdUUl5RoAFhbNBcwAq0Hxem9wRLJ24L+ki2+ bUN8CQkNnimT4BE+Mut9ciUjJItKG2b9u3c7ZezmeJ0m2Z0xJB0uWU3uiGiaQtpU yxwO+XQwsFhNUVyikYlAi1QN1x8PsiCep9useHTmvuJaZUr5GdyAJZVGjEQb2KUs gjgIEeipixA7MpnRaR8LjUzxQdFW01S74MI2bxB6pYVEEe7NGzd1VEwYOTYwcrvY ujlGkvDIiT0tge5QVBG1x4OXel73Yk2+63BA7SNQOTNEchZ2tmbIVSRBJUmSLjje PNbHeKTgECzggTsquczLzs4pfPOF9e6ZxYm8AHiZO5MZ7xIOj8I4cPYzoILHWzJn kouZ0RbTKORK62bM1L8nA2HJksTBzZgJfvkyaN13bWMi2luXw6MZ6AJzxux4kA0A cxXvZRn93Vswxf18bg7NyiRm97qhh4wHeg3BJyYpyMFS5jPCLxSsYIY0aeIzENJ2 ddkqIlzfJ0+6PuMGBLoq7FQRad4xxOsPIgFbToWoCDnBK1HBBYj4K1FUepCeylcw c5onWrGHkVyvOxYRyxKImsESykpuarNRj1HXpFuXGw2b83WCVRCUA+sDFnsawuMC Ipyg2nTo0ZwZUd0y768voNF/SdNeIQY9Vse1L9XNi4BQXCF3o39lLzafbJutaMxR lNffYxg4eW54fECl6OLtOFEQImUEvcoJ1wnMW5zleBAsW2woQr/RarwRw30TgtiG k9zVkRO2riSEphtvd8DvxOYSsYCEjKw3JChZHFslASrz/I3i0RYZ07tMF7Sqeh2c HKlGS0rSxSoyhStUbJZLISslPNLIBBiHqSBFkk41YRcE7gLW1WRIgJruCgF0VCRB IlHupVQSVQlFFPHVoABSh4qgClFiinQ01j/O/npH4b5Y89fFGrcufakPsZ+ay+NE jErkpZjHZcihFJnHFOn92ji8veQ/b8cKrXGgSQH9fPyty7B/UW7gB0WK3HiBlFuK lSErQCk5AVL0SDY1CwEJEgMZESOSGdXIQMKCY+0oAJAf64Ufiubj/MgCtzmJRBfT FAOqllp7eUUz5VVUhmRkgbia9XPkBIGc1AKGE+qF7z0PZ8JsD0xbKABhKTbQjCp2 FgMxIdX47xy/MePTBeF+XJCx/Js0QsQU2ChV5sHESGo40kpg1NQmIx1kI2SZoiKq owFiwiqoqirFFUWIqKqkFVVWCoiqKqqqrIIIKqqoKsRFVVUVQFiwikZISIRCYMc1 Kiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiij9gHJNAA30NcAA GxlokSDz5nFvbz9svXqi7ewf3SaJL5SaeLuaD3J3cSqp8yoXYkf0R3syW0MECZeS yWc+WkwfukTVwYsERJMkhzpcfGznjOcdOxJGL1gNb1S5jDMZMuD9PnCPkMVqs3+x XD7PsS3rbkZGYMAg0ezmoGk2rZBhzfs4FsfaFUe6fFnKGIMHTJZ/XUJBElw3rNRK 3RoakjN3JGGuZKniY7UXKqaS4W6PyigUEDeTbJoIREsaay9YSjmiHCta7gzcrxJA i+HFqLV7jGMhbWUROyLHrJQvHI0FekjyGfPRsuUXIKOU2eweAK1oez2DA/c3DRaO kHK1QnnYvY2Pu0W4LhzXiHwIk7FxJV+FyNHDxd2rCP71j1yxjGbxYxWADtKpycPf WWsAO9xHdRpYfilQlJtSOlEFsZ7UQElCICLYg2a1aX5YyLGAQNqIihu4na4UUpRQ wjKtzXd6Ne4lIJAIHaybszPCnChE2cMjtkoydrikdviCTF8mQmXCoAtVYoWY5AqR mDpJ+Bk9pdR9mSXlZ24mPIyk5rPOp5EGO4HMCp4U8G8jkTKhdriJI8HD5SbHeTSp 7W2Q5gt0uR0lpTM7k8nrJWI0Ygrlw5cqXPiQljogxrjqRQxx9JCzm71WbMb6MXay JF/WBqDHcAQRkvVJUXo0e5muGyXpi+JXOxDMSNYjT9TC28GUEeya54EhUEss5is7 ZlLLzCmvELQWyXhgpDcgBNLV88L2ukmQqTEcfAQQQMESQonIQoTC4OtGXQrxzR1K 9xyd6iD0dv19d3WHMb6SbYDTknR0l5UraQosbZQMQhgpyN9yNbLH2VpKR6Bq0cFW DcX0KrGQmWmOzPbPunM9NooWssFlKUKFqiiKNiCwrZLJYBWtGbvX8rMTqQkmWKgV gihqs2aVFQqVKIoVaPspVQCBAEKxVWBBEIwAH7mjicdyJzGS0bDSXEWqzToc0eiI gNCO65TaZ6pIyfLXVllg6aoYachXIV+fynuxll05dYkaEJIM6GPGMAg6U82PEUzC tAMGKqa6FWUqnRkFEFpFJFCRotBcL6HSgfAiehEgvoiSIMZBVVRFSMBggwWRJEFR EUkCCJYerJbQ2xAuX6BoB5AE8QJC2uSgDSlCkLB66uCJVVE163ARTwXwhJP3XiZ+ IoKrg8QPpotf2xNlKAofBwxXni7BTXshAhDciR+btr1aYTlPR4/JTs7aMlTy+hbp hIZS3nuHg+FD6Do6ZYi0mmG6Zhw0CF001Dx9IvAVL9zQOMKSEBKhVemIBbxAFyZ0 xd/JF9evbAgnDnfLTvGR6aKjQcxRWrCGLN69gIJrZNCDRO9YRY+FR2IACjyWWGq+ fZTatzhXEC858EJbqIJy7bOk42YFexuXF38gnW92r3i7HjOr5DZG0ATW5jqCB1OC oiTkG3BKk6zJBvtR7LRFFL21WDm82wpTXREXI+HgEC3CykW3Y9N9xPj19TdYTzGK WlMIJB6coiSWut+ZOCIDOaWb6YxUZLEEYPBa3rKcL9Ucil8ewIkI8VAjp5NWMgCY tkwkaSQjNoxKMXMRh8SYETNDRgzcp3WiDBRKACQx29iqY8eCy1w2Vp7OcGMPosIm MhaCC0a8aF2vguJmz5cGu/b9czzZ0eY8audKdETZOY0WHypYbpZy7ZoairElG0pM GnOiJbJYlcdIjoLzB4hwXOjYQ/tKO5knpOYYvrgS3WWjszMF0khdLjLOoyee4ujp LhKqiMlJRBLNhiJbhE54vPk2BFKn2Cxn1z15zsvfTD4F7rly4mBAyexqmYGpYugM ahz3HZO4MwOFDVCVERfeie9PFzdY0x5s6W5QtDVIlunjK7lScNwfxhXLPgyKBOPk vCjnswaskrHz+wke57kGPQe/IQk4AoHjMb9yia8wV9YgUHKkzGSshzFQqZMIKKaK l6U9JGj3uFxBPh8+lMSpsaYCUunuAIGJm9eEk8DyY51xrwpLbE8jdieSxKRAfMIF yWPR6EG4RQcSTlYIPaD4MLAAnp/FN0MN6NC9ZjXeehaTSQlA+VS/oqPaLwzhjaUB VEUFXfqXl2MwheeTfJ12JOkBaUCDmtqViwgJVec6SlNOfpg34rQqiUCxQA+IBUo4 wooEkMsKThAUHXElfXJboXAAqtWilQ56UOm8rL61MTCigBYAB4SB2DO5CiLKILLb bGpaLWUEqSopCsslkpAtCySBWweVqoLRI5xRkBCDUooCEO6LQQAuRXnav+BYAEow FWOW40mfcb1z9eg1uyTFRqkdo2Yve4nhCIYgQJBpzXsMKY4ZFjZP+PV7vL4AFTQ8 B1NIokgAkF6l+rX1bCjdRfqVW/BAXsuESiKHwNk8tSA+aAwo2CQKBVcvGbygAeJ/ uhQiOYIp8v4hVOLBQpDfboSSRnKFO7zDQZLmbiZw3orcmpf0aLZvhjAwIEMqKLk5 WLUClHjzLzlziefcW6SwGaTi8prILCo6gCiIHa+YvTBXaPk84YAgmV6cAM4EPuHl X5FTMAzOrAA285wRNps8Cs1inFOZYrszX33XnUXXhWluXeqKWB76Ez+lPSQgxZIg QJACb7luQ7CEZCSl70BqRAOAJvDmnJMhTeoHINDi8CoAxal9E5YId/Sa1wAKZAIe izRUHjBFewEzCy1VYL05VcpdLg9BMKbx6cnPJjgnAVckDHe6W0UAvVW8i8XiBUqE RWx+EE2ENwtlEWfSRYMFhAGRXME6cb+XEm7kQc5IbdcIbzj8GgNQlAltLLJJTTkN 0NiCmqzqAinJJFJBBPvqsK0qrQiwgrEkYkWCY2aQIyKQFFkAkVgjWlAq2zbywQwb Uuf0nP1O6BkQU/WWXwJnrcg1c6d7M6gIDcie23zgRb8FVFo15wPyVRZEIgEimBz+ DT191Pk+Xrvx9t78qjKYifNQgPtmgGfzgWXE+ddZa5fYtVz16LtXQzsu1cNq7cli 7Zgu2q5LsXZZdq5VA4k+EsHAOJb4lQdKFEmmlrP2IdGG647KZjMHHIwKCiMRIoKL FMuJyY0IjMMM8mICSuQjn7QS3yQVSWCRoL4gUTPQVSp5Ev616pchejydhBKsuyOw wW3n1TI/lIW9/Ee72LjQvw4uhiAn6y91k74uW61U5u0GQYEBi0dPE97PyCGQgk8Z 77OmHydLJrpYo7C3Omc8wPjNDqeKH58LkxdrACObBw86qlg72x4ATxp76LcatmG1 V18c63rIxUuuCOGN5uOGqGnzVLsLguoAlwQJvFslrYYlKNU/SjHaTWSt51C5Yj0X udxGe38av04+44NUKJfl/FjHE3czxzcDDhwcXZjbHLJAdUXu341mL+Y6sikNxTPR 8h7KmGbsbPMZY68EnQuLk9fZjJELvR05pFk6SHbKeuD7GetJ7fTBv3fX9bLKPFVH u39kVuBOLNYa+kbgIEbvZl4bN7NnQ83Bp6AOXQtwED0EswLpLR3NwQIUcv0veJlD xbhR8H3mNHrRec4PE6lqbtVBRlIGZ3UvfFaknqPTlnOKE9Uo4ILPHp4XT1Fa858m nnRyZMuN7N0fh44k+hoLPoObfhL2ozEqt9A+1OZnanGaDUwZ6sOGObtfEIJsrtuq OqeDxHhxxyMFsFNBAmCiGElcUeFN0JzB7rb0HlC8r3mShyyQSPaCugh32tjSXDiZ NgrhchuatwbvcFRlKsZYATkIJ25m9l6TjUEhzEHwWG3KFUlYiCjO2JkgR4g/RiH9 tLXwzMBm3uCbjrlglFsoglKVBUYBLEgpLS20WoMlkoQR9h89kgSighCIoEIKrD5C NEUGMEAYMAgGTIQFVGGbNiYWEY8kxvjjzXkJ8CBTHIS5rJHUTUQKCFQ1MVEdNJ8r vVxc/fowBAsUy7mzAMHhwVRUVVsgS1UViq0IA+pMMG8Dy3CgeX32qAJGlFRaDyOV RUSqbH/oeIACyJB4NLwoUT5xqe0qee4UogthiUXx+2riG8L1oP1D38+jC5EDvGkQ Z5+ii71IIABdERJs1ClSQyWIFyEePk/H8+Ty/V+6708fd7QzXVZEI3iLQDlPAF4O OjTjqA64IdmfeAIfP8fTsyFZ8jq5a55onGj/WIh9e9+J8mIBvAPIbF0NXe2qKePy wQICESJFJSo/RyXA+X2c2oEOAnP2/tbAaMIaQhWgRR4HJMT0LFPqW+t/99sccFfh JEiQhwMloij9KgAQsJFoRVYoi3lhM7ALc4w/n5/lLsAAj5AyCgpRQAjVIAbWnWA/ K7yHGc5IzeGNPVxdmfn9yFqSVK3tyMPQAfsiIU4tCm2+rSnv4IrVFsQeziswsiVV d68T0r976S56ygEO1xc19OsBqCQfMazE2CgfYJUQKEQDlv6wNwH28SQkIhNC49mR CABFXsNLeXwily0v1gRiHKiBbftVPiE297rwBb9sRNZiSgFjpRIvbwXY90VIou2i Foh6mEgKLwvKVgGyaAqqqqqqqIqqqqqqqqqqqqqqqqqqqqqqqqqqqqiIiOAxJBiZ gCVh1ALYKAanZr4AnPMTYUUFYVWj8peCm4uFN7mCDtFICkgMIEEkZqfAiAHoURam PDRDidXBoKr0LTkfVDapWLIh+jZsuHrW/ldgjqXYcAX9cCnXiuhrXpVDtKtACLf1 MORq6t1QKoPEQ3myGAns83o9nhk6Nlt4lxMunnxOX6e+QAMyTJAkY52B6TVZPT4n /YYM3wbnz7fl8euM+zqA6xAC1pZix6EZwOxkhcw/k6SH0ZmZm/mrzskBJfnLdv8F UZDcB+nda/nXBM53udjVlUT1ULFVFsiRvsQKxkqAtaNbygfLABbF4AUA+j5fNdt9 tM0D7MclX5D4lBWoesXAA2fNzdR3Z3J2Q9613CmhUXQALfR4zFedCLTS4pVcHUHo dHFWJ8hFFyADBv0O+TM3gNQSF1wif/aUzop3iB5UL+ATciRRaSkAXoIu8AhSAFvx LIl4BgBkbBiBmF2bm+JaHhGmiHKc1Hl2rgPgIUo+SjGFEtsz2aDDFjkLOkz6rM3Z ontCVGdfZ7peTwEEpGMx6f0qDUMkCSpPa8clLcFhlQjv8nB5u+h8EDPv9SoZxYgR YwAoBRpRooARChrivWbT4dLLcKcmNT/9hVEvXuf2kVMQ1t6BUKlVAC4zwE5JrgjY gAdDiOLUMIJfVorEIm85kKAoYkuQZzJZ9OJKSGIxQl2wpiS1sIXyGMLccO10ATIR yLL5oFH2ycDtt80iPvlDi7qR8W0diJGiQ3qXSconm9IcQkCEkwvyJQi0VFOxgTHv 984GMiFxAVElcaQhSQytaEjIgLBfZQ1VNRHvjuALslVsN7DcJ357pzGD+mN6p2QD bFAUKgG3QVqv1eQt4fTje2AZ0ZchW7kdqs6bqpwHLBExUpSibAUCDEoRApGEQcjn VWxuYoK2QSxRChRCjMkE4udgB64KZA5r8XUvs8vVR+YsKJcxcfKUpLkTtRPt6gC0 JdeFM4IMwhMMCEzIEte+WY+O343zeLq4fly879S8xGyEdHCz3g0ADBY/MIp0in9O m9UPIATzT7g1Yo9JSygj2gaoHsRICUOuj3zDBuaomTsUANdvsJBYjIIvYgpvFgqk ZQfeiJkZ1HiAbbwDFsYhAbgLwHi1x/LmUAO3msaoJOQBYuIfNO5YAaL1hcCc2u7b kP8ycva8zUKkXBdHEVXtyxfIOLpB603gIbK0VW4BZ+K+pE2psMbUOlYXiF68hrUA NHIAyAPVpvvMupBgD2dOaL5DZKBM1U4/E5/EgT6vFqpK1+JGlq2yNLwAYDIxnmEW ef4fLP8c2So3utLkH0uScJea53NzO85iZDHqAwJInnf3h0IgHVnihLgBVxtwXJuI wsXH1gfs/oXYd3wMYgcF0O7wcHsIJtf9tAA5ebHgg9JxL6MgRQxjqIB/IhQDmBBS zVOALGCQp87kJIKSki2XwACUX5N6qdns8Dbr8GH6/MB7jm1KPM0X5KnIh/FoB88F OiKsGAsiEIIAyKBFAIqdqwC6tFWRUix7QCHhkjMNQqG319XR/D+PNWUrWlfiHvPE EsIPPPkAK0BlZDert3VmpdSAcvRoxS6AlVC+80TUsUOkgodfgDyGRAYQhCHnmDvY KYhqFyAlSo0WpWLWg9XyPagHcYogGIcADZcRUzgfqDhRU1F3hiDo22+ddpJqLzQI T9XHiVUA/EC5DCqq2Dlej7C53rHFMQTbkcvM3o52Dkj8eL1PUeSp8Am5UAp1CG0W ilzz610eMGREDvB07mSveCA8gw+7zZEanXA51SFoBQiiLzFKCAWpQerVcCFQSNVv FVvBtUvABT84QBU8uHMF8Ieug0ORYpVCnU03GbaAHcX3dy8FKXFLIl5sG1miJAvu KhBTLKmUlgZhjd2rfkTUxS4tcfEfl5gyIBvgmtUhdrsXI4eyQKKcUSZ4ooTsCGHQ 3jbLUM3fuFLZNqaBy/o+u/DYkJJEj76Orl6wC87/ExgbVADCiK3pqkAjBZrEoHeI BKm2YJ/Cg3CQT24eVfnVbmaDoGgYkNyJsq1uXjtjJJKgBZMHJ71XaOvkIqYg8zpk vguQQLBEWrsdroaCGqHS1A1ioc21wA45lA90ChViRB1hcQOTSj6IArvTPIkVVFF/ MdM2iICkU3IWRCLJCdLIQwx5hoHUJAzBqBFgJbmmVaIgNYFgc+6b+jeZgG0BJCAR ZsprdC5LhTOxfiXGK8ieYqc33/Ho6rkTPEwxPkgAVgEiwgRQIpCRYQVggkgdEpAk gx93urWboqX7vUVakNmqxULxjCCpxYixnFi8sbgrUFqXuNLzdJsyTGHaRJ2CEziy JBQupSUAQqRExsHjxLVMrzAAsmi1WlzGxCq0WiF2OKiLHDVc1gmWZgH3Ygi1CoDr Tm/E/P0YuWaTyJvgJ/BlTlOlodSHGkzOtDiCZYG9ouU5UgUTmaH0BOYAMGmP8cT7 1iBsWADCCpnFot2jivM+ZaC4MkKsQA0DJ4S8iEMnefNdk0+Tgo31TOaTTi/2TQhD LndmccYoCgKQk56WHM1GR87ZbWEH3gSv+S/43CPyXCHG28NXOiPSLAisjIsRBESR QRgIMIrEghAYsFAESCyEQgIIyQFIhEhEIEZIkfP/Kx3kHuSJkBBvI0ASGYodqgXC IUWKi32eApc0AN3JllhqUCoACRE1ADx7xDwBZDSRgaIFGCAGawbQSpixRTbBoDAW lAaBDMpWAFuX0r0ZZ94TUBsIoJF1GqKKG/Mu1ImrWqrNvk7eFk1ESIbWgJhnJJTa NzTkQjEpoJfWl7xjiB71m4mWhtQx0DjvBJyEHbl9nk8Xh9/T9JPWjLYMuxJkrk7R nNaTVBLIiKPxfK/MpBE62H0rcu36B29C39D8J1oXvj2F34Nf349hlnSdvNQqRC6A FIe8DQou87hOiSYPe+lVVVVVVVVVIhjLKQANpDmFQ+8qoHE1LAA4qB0N4AXX8RU8 XRsfzDNH9btMShdym8WYTITjw6/Y/1wdBn4ciBkmAYaaZ6OQkzhGAssglA2LppdH 7eno9vl4b+Ac4p0IYImxbIP0fcdwJWIyEAJeBx5CVBObH3ABIAHv0rAbmiN+Kq/u xH5PCD0Bhj9XsbZ9nP09PppiND3N8Vkkk9Pn8uhKwrvAwS7m7FBSqBFRuOXTrsS/ uxGoATDNaC/Xynr9Oz/Xw5In7kWxdsiidSDIifI/Um9uGNlNiywUAEf2pjS6mRoY p8e6L2yb7aSOZWxjPe5JObm2uFUXkkYGzw7/w7AHnvwSL6IAK/PmjtOoRiigqqqL 0Z5wk9JCQsmxD4ZHKV75YVWucJmhQAuVgBEvusSlVtT4VgIjaIPgMuxjfh6IyAeX 4OOfbcd/jz9G8jlVtHIhGr2F+sEuuRIsBJAFuBtn1oR02fPu003e7PykXm/HN1CI fP6sh7Of1faC//i7kinChIL4IuV4 _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Aug 13 22:02:47 2015 From: rt at openssl.org (Matt Caswell via RT) Date: Thu, 13 Aug 2015 22:02:47 -0000 Subject: [openssl-dev] [openssl.org #4004] OpenSSL vs SCTP In-Reply-To: References: Message-ID: On Thu Aug 13 19:44:10 2015, mouse at mojatatu.com wrote: > We have a protocol that runs over SCTP. We have a customer desire to > stick TLS in there. > > I'm trying to do this on an Ubuntu 12.04 LTS system. Someone else set > up SCTP in its kernel; I didn't do that, but, if details matter, tell > me what to look at and I can probably dig them up. > > The short version: > > At first I just tried to use the system OpenSSL. But it appears to > have been configured without SCTP support. So then I picked up openssl > via git and tried to build it, but didn't exist. On > advice from someone else, I installed libsctp-dev (according to dpkg > --list, I've got version 1.0.11+dfsg-2). That provided > , but it proved to be lacking SCTP_SENDER_DRY_EVENT and > the corresponding sctp_sender_dry_event structure element. A colleague > managed to find me an sctp.h which did have them; with that, OpenSSL > built. I wasn't sure whether to expect it to work with this kernel, > since I don't know how well the sctp.h my colleague found corresponds > to the SCTP in the kernel. But I tried "make test", to see what > happened, and it coredumped in what appears to be the first DTLS test. > I would not have been surprised by errors from the kernel, but a > coredump seems a bit excessive, especially given where (according to > gdb) it happened. So, I'm wondering if this is a case of PEBKAC, or a > bug in OpenSSL, or a bug in something else, or what. > > Specifically: > > The OpenSSL source I'm using corresponds to git commit > 33dd08320648ac71d7d9d732be774ed3818dccc5, obtained by checking out > refs/tags/OpenSSL_1_0_2d (oddly, git show-ref shows that as > corresponding to 8d5882ee027abc7e271b20f8868bd76569814b6c, though git > diff shows no differences between the two, so I haven't worried about > the difference). I also tried 9ea70e5b4097a1319d90fca289c2a3940e846f6b > (refs/remotes/origin/OpenSSL_1_0_2-stable), which crashes in what looks > like the same way at the same place. > > The system is, according to uname -a, > > Linux peter-acer 3.8.0-34-generic #49~precise1-Ubuntu SMP Wed Nov 13 > 18:05:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux > > I'm not sure what more about the system might be of use; if someone can > tell me how to dig info up, I can dig and report back. > > I am trying to build this entirely under my homedir (figuring there's > no point trying it elsewhere unless I can make that work). I > configured with > ./config --prefix=/home/mouse/openssl.prefix > --openssldir=/home/mouse/openssl.openssldir no-threads no-shared > enable-sctp -I/home/mouse/openssl-build > (where the directory named in the -I option has nothing in it but > netinet/sctp.h, holding the sctp.h I mentioned above) and built with > "make depend" and "make". (The crash seems to be entirely repeatable; > I can excerpt (or even quote in its entirety) a typescript of the > config/depend/make if anyone wants.) INSTALL suggests trying removing > optimization from CFLAG in Makefile.ssl, but I find no such file > anywhere, and ssl/Makefile's CFLAG line has just -g. I did find a -O3 > in Makefile and a -O in Makefile.org; I removed them, did make clean > and make, and retried make test. It ran visibly slower (no surprise) > but still crashed, apparently in the same way at the same place. > > The tail of output from make test looks like > > ... > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA > 1 handshakes of 256 bytes done > test sslv2/sslv3 via BIO pair > Available compression methods: > NONE > TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA > 1 handshakes of 256 bytes done > test dtlsv1 > Available compression methods: > NONE > Segmentation fault (core dumped) > make[1]: *** [test_ssl] Error 1 > make: *** [tests] Error 2 > > I dug around until I found the relevant binary, turned on -x in the > calling script to see what the arguments to it were, and ran it > manually under gdb. It crashed, apparently the same way, and gdb tells > me the call stack is > > #0 0x0000000000475910 in BIO_method_type () > #1 0x000000000047d8d9 in BIO_dgram_is_sctp () > #2 0x0000000000433a66 in dtls1_shutdown () > #3 0x0000000000446b82 in ssl_free () > #4 0x0000000000476330 in BIO_free_all () > #5 0x0000000000406b2b in doit () > #6 0x00000000004035d9 in main () > > Looking at the source for the deepest two calls there, I see > > int BIO_dgram_is_sctp(BIO *bio) > { > return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); > } > > and > > int BIO_method_type(const BIO *b) > { > return b->method->type; > } > > which makes me think something is wrong pretty deep inside the library > (how could it be that bad at shutdown without falling over earlier?). > > make report produces a rather large testlog (182384 bytes). But it > compresses passably well, with bzip2 output being only 33861 bytes > ("only", heh). The latter is appended below, base64 encoded, from > where the base64 text starts below to the end of this mail. I'm not > sure what's with the relocation complaints near the beginning; they > don't _look_ obviously related to the coredump, but who knows. > > Any hints would be appreciated. I'm even open to "you idiot, you > missed..." or "any fool knows..." provided they tell me what I missed > or what any fool supposedly knows - I'm a longtime user of other Unix > variants but have not gone near Linux much before this gig, so I will > probably know things that are common to many Unices but am less likelky > to know Linux-specific things. > > QlpoOTFBWSZTWV8EXK8A2tz/tP/8UoB6//////////////EQAAAIBAAACGCq/vb3 > i3rwAceAFd3Rkpm9xGu2CTjvvq2zRjbTzXYFCnBq7jrlW1qGwYpKyKbWbWo1kjZR > aKatVrJhYtVW2NbLKGmlbNIpkrLLKzVNs1sInvS+qb76n1plEE++z3jVUfbKj0aT > zZUVQ+duxAapaMaaMWHt7vclmjYT7r76SkprFsMwo31ca5aNKRe++qrVAlmxjZan > D3BufZVz6niGtla98Xzltz57W5J9oFo2Pvj5l0ZM++U1o1Vp8fb5p7bd8NsAAXz2 > B92fX2qGsg3H3vvG3d96BbK0pvkvan2++etaxBNnzfQX33faVLVsDfPse+u2+9aa > DVCvvvB77p6cB41vqe+fefYZm9ffb2Zvt29wz59x9BTplQWb3j4rQZo23j75AC93 > vp1NbMumn3T5aa8PvlLVgb55vsdIBur30Emaoe+k+TQ1z4H0edyC++1k9GgAoD2v > fAAthtz3zYaaNAxBiAkNtoGgCiigBuwMVKU7aShprbNK1gSSEAEMCAJkAExDQBMm > RponoQT0FPRqHlP1TRo9IEpGgyYiVIqeoAAAAAaAAAAAAAAABKRggCSSNMgCo9lN > ppTT9QnpAAAAADQANAAEmlIEmmmgTCNTEyTyEyntJoZJ+qep6jRmoeUA0aAB6QAB > EoQCARoCGIExGEGTSNGJpppo0aIZTTTR6TQANBJEAASIQgSniUeU9TR6mjGk0yaa > A0DQaAAADTQ7AVBfAoHdHlGQfZECivaAQCgUEkJ5pMFGKSAMkUAUKBQshOgzD3H0 > D+vJ0N2e3+Y/ySyf49Tkd7IJs3fbV/Jv6fx/kOc6c8r4fsu/8D/wfyfkVV09pXV7 > W+qYzSLPLxXV1VXeGq18NpuMqrK2i/YmFVe3nV4rk3wtKqmv0qxI3qM46qrdr+wV > mXpVWJx7EabKqs7ctyG1Fr2u1tbOSty987y9l22ldVUt11v2CI7qqrl4pVU5hTXZ > 3bWN4vjsWtGV3WsKueajraiP7/7P/Hu/h+jEfTT7f5W9Hzp7fOQFAYZKvY5IcaJX > kuGiLREA2hxd8HHxncpInfHaFNDT4d+6tsq/6OW2XcWvVLS1al0B7S92NcmHJfXp > Ld1ZQ/eYgQ21vJWVUiBEfL9zJfUlw+x3sbN+uUdwO7m87OFSL8tM7X5CmBGmLnP8 > /gm7Hq5cHl/w/WweXkv3/G9jvQv3Ur/o/L38PIgLKh6905X9JBowZ8VhQMCMoUEk > YIwsklCJGUBiy2yRiBRbVPZi1JTEhYjaASlHGKBDBhqxQUS2FLZQZMDhwxgxC0lL > ZWoW0qXABLCsUMCIwCKA4w4IiLMCIkoBEliTCpQYIrUtpSKCVCBhrJhQUEhkkKIj > iwLUKMEahDDMQQTFCmSFiwUKMKwgVClTKBQlEjDF1CfgifDZCU5G0AlezrMyKU/L > cDIfmAJ+k/ckWyLDVxcmEEbGF/dYW1CKWQHi/qdKEfmv5yX/bfSZrm7xhR4olMFQ > GQ5q2roJeEoiDDQg7L3GFU0UXZUxzclEkft9WQZCx1FJwWAZytruayWnpVtwgl9q > OPEewl+lGtAX565tk5VULo0Y9jiI5QpnNtTxiRso3OaRM9uNJuxxHq9xsb92TZzK > JW9kqbPRXpg2QiYjOyVjJOZk9ixviIuybWXKMz+PRvZk5nVsomBh3hYFObRL2MQb > mLCi+Y5n1n8auiVu1YXNHEgl0Tsi6KvtNTs0erKJdslGKN9fvScwwiLZt390ii9h > uC6RNCwYFOKZxjdaMokEHj3o5fuKpdXc4iWxQ3kcvw2iPwwe6748aGt0d7mESibE > b0cub550THbunuGxpGXYGjlUML3vdY6jV0MHpRKzuC3jNqrp3KJHc5FY0o7s/eCo > ko+cGTdVFhEjdLzsllvlsvRk5ssiMYdTerG3djou0TEjmmeHHfVkSooigTk7TwK6 > iaJ7kpjN+/sQjbDf0ds999lF+auSOS2GX5vv+ffpzdjvb8lVFUVfDj1Hr7/dO2GX > QaTpZOXHuUb6UKsPU96g1EYqyke+qjIOO6uTWEV3qQ1aZNwYZrlkYhYmqUjrkUxK > FulmDA3nS4M3QyMs7Y48LmuV0RcE010yMw0jDRC57ZEyDOoibdOMt2e8TG5cJ1B9 > 4KCeLcPq6ksskpKNHTSUZJJ9DOtLmhDc58KuHU7FK43F1fN0mN7oP5L9FPLnoOSf > 9sqRtxbPijOwMzAOEQzarI4pBy8SbTgXPDKIWwQo7mGBMHlMbwTDMgQaCSzIUUpg > wGlkNjQxUqfvSe76ohCX+/k/pyQ2aElwNwsA/93Z49z/MKPMTEyM9pcMk4Ye5GTd > ZTzZAMcYLi3DTHeeQ13+PIy8hgOGx5DQytcCUrtRTeFF3k0QUz0oVglaNFCj3KlK > FDEz9NBzYpQb8qfgcuWxJ0xmUvWlKVRi71LZM1K2FGgfFznBypcuQ+A598lXXoML > cWD0DAMtV5wDZq1RyJsrmYzZotDQuZWQkfwurfWx0dbwukOCiLWLSgkgV858F1Bq > vfnLp93w+v8mkm7s7ZOb3Hzta1vPZ3OTkq8CTmQDGTk1rWujhXCrkeHwy+Qh4U4H > 4DsIeOfBGTrCFDvBBZOHe8Xir0OHCvocOFVw+r/3rm/ZdP3aEJJIkN/i3EJ4d+vv > atOyb5vkk2ng4rpoeXyaG6J29QB22DTzGVOXADw1mqpUICMgIwEYQBcI63vPS7vz > uPRq6M8hOpNkDRq6NGiTkrLOelyWnDPW2hmZm0MzMy5q76aq+rrrEj1E8TUtqkk8 > acieJ5nXTa6BVJGViyLIIebT0nyUv/f9vsq0Xf6Pn8W9J/hvmYH99MU8r2jxVOUB > B2cun6nRmgoqTF7uvndplqtMrn1R0f56r8C8g94+d+Dwyf8U8XG3B2jw9nspWvj/ > r5MetU9x9JCfGqeGCwgRgCh/5g9yO/cVAQGoxBOsQ9vfooBZgpIBPESijQjGIB0l > aCnwH1C/APo7F2ZRNAk+Bnz7euHpfVivxbq6+UuVITlJW4xMvbLp2d11a0kkK93c > Wt6OJ/fS6bjTPrEs9LFojGjQQoLkwOR2tn5djMNkdHfBz63Gr9TdJV6cMgAwBYVR > QAMcMFi4cnRSSNUASKUZIA7Ta76/BsLRwgPMCeJNwJK6YomDJhyAaocE59BDfFCn > PQADhBSEUUQ/YQZAZFQSRRJmCdfZZOwYSpAmcWMqBQQklSACgALM+nHDfoE0gRRA > VVFBCaPtz5fizuekYEZCIDCA7XM204aZhHIuzmH+9Kfh1+yPb550KzqbwKc1iy14 > i5CxrBzQhEm4hBNukSKYZmSGFlyNSfeDRhExeNYHbRlxlzl9wD3hs3gYQQNc7dJV > TPBRs30u3fA+WiOQgB06RGpqA9zRdZEIM4kHc5j5TdvG47bPen2tcDwpLnoHIQQO > 6sUdRgwYOlJaC5IggeHlhTUFrF5tRdFfF8J67xHIkCsuc1wu+d2EILjNbYVJEXjF > bvFm4XBnhCe6G9rt845zB3HjJf0CCBiVeOKRmDVtkMTWMtY5bpT7HeFAJyXLi6Jx > gBAY4V64AlOnbUITeW7zentNh0R20PtWN8CrDwBawHeOAgZ948ZcwMyhXJtGeg2M > HcfQ5zZacACQSFyTVW5igEDZsATi1iuahwno6CKF87nDIXyxkaiQsaj5EDEgC69d > 0obcbTvVzFwEDFKOHTgIMNEjzURntMvwk0zpB1V3JTjqCisuVGWogIIlIlRp0Jct > 2hI6XHrinDL8m8iyvZPGzan2Ey7OcMYLtXA/gCBxHZs+FK9mYLLwPC1iOF0EXRr4 > 92bfXIqhGPOsgIG+4zhvYKZ9AvLCO53VJFOGDBIiagoxOi6ksXrg4Ag2hctw9EAC > MYt4c9dttucJ5b6vc6Rs7xdOiCaFugiC/bsyn3ynjhD4Pr8o7dds4dJdFu7uVdoc > 6O+Egg9nOkCS45c438egquBhN546AtTuNhyCzVRSkkUg8+vgdHOYCBYKACf1FnrM > +qUC1H+JWnZyHuHyAJsROC+5AL/YmbG7o0zQHVz1eBhxw0LrZxsGnAqq8gRZcgHs > MjqIkWp7uqdJB6Ysop5EU1XzgIDEtgoqyPZmEIGveAlOhnRgEFZtlj16BSOsjmq7 > hmYAfvX6oxvuyC+PNemo24kZFXYn6MwjZtkffk7/GjyFsluEomT4j325aCSXoX+l > 00rBOfqBoLG68KHNcxVvWq5v6zkndzNs+etcL74spJSJFoHC4NnMj3G1Dw7FZYps > tmZF+wqV81yMx+WAFkw85GDPBSMb88t5nxJLgAvNlkLjSPCVC5q+QBLnpV1Jgc1Z > hASlfS1W0STEsHoc5+q1FteejsUksvEIAC6Db8nCQvJy9eTewWOVNNgdronSyM3v > OPqJ4x6MkcnriyJkWmHhfMBJRDpPhUEEchHPSRHt7+Z5M2dzwEEmqvDMDU4V8xrl > FqmjCEtMkXSJlYwIls+Hg82phBkewVV0U7YuYkXzLkGO5wE++4pHo6CDAJbMPp+1 > MVJhOBePjnMnbWNK5Js1lGFyR3+mm6eXH3ywwIGIukL1vQNQloKNwjFoG2v2LJwV > x+YkWQdfnMX7yCH0ylnPx1yI2dMsbFPIgl/E23UXNvhOmm0YfhyX/P0pB0bZ3kBu > iLFF7aRBI8KkVdBOiggTqxHtQevnIBgsHj6myQ2+YyUHagSDBpqDnpa6kIgivu1p > YODxvdo6dXsHc3Uc6rj/BkzAwVqj7BAlS1hpRBGL8mDKKMPIzX7QMGS/EjSRy4zN > BbGonxJcUzq3XYNv7Cog8VRGogKHBemjBLk1yAJjMT3i3CNrrZLhfYv3Z312lZgZ > mm7Lp6XiEKQUhG46zmi4WV32Qc9qA/Nr2OSEE/Uz0ehW8WyvtMMnV16XzH4THyZ2 > sSL8mQuORZ556Hv+3JeJkyP7iEUD14RVmvvIg3U90rg9p4B4evVsYtY2ewasrT9l > zMFoxEsYtcm8njg64yWgMgiXNGRAfTiUGI0ay6PBNk7MtK1zSg1nKVHyQ4XJ7Ij4 > JLzTCMHbGxztYAKVPHcsIJKIa21jm/EQy7cNhmo/gxeZGGnBJWrumjUeaBeGJRSW > m0bYfoIJIXBqkRpokM8+c25O+X4UMFc8kg6gkHkdALmx10+x3863UfB4W3WXz2T7 > JVhcGeejXXOkKcI5JlYoVkIjzInZB9dyqQYKNIiWOfb18M1Ig1+ZCA8xmNSgkZy7 > CyTTqDGRqQmUQ4DDEIiYWC7DFXPo3oLohxyxs4KdqJGY4bIG46dtMIhuu1CaScqZ > okRsPW2Uhpl7wOYITUQBUC7mhpDoeWBxTuks1B8vS+az3wAvtvb5+sZ+LncFhyPB > xjseMVkRcra335v94xeZzoIKnGyQKJKHmifXr6JnBjBm5E3gmTnnq9TPWifSJc3J > +ZT4Ml5x6YDjl7zY3skQKJK8jQIHJcvOkGcIgC10AVgBSL645mXdxkKE9rQ5plrt > umugCa2bnZWERIy44tMwQVAEbWy5oqoF+78eZxfOaxycdbdNxSERIrXK2Nlg7j3L > +7FJRAIDGhj2QBPIZUURTljyaU3I2l7dxvHHaBfgj3sV8iJ9IIFZNIJPjNjJow5O > YwiZs3Cs1p3LzcCSyJaPhufK/xqhnQtXvWtHzEE6PZvYlpbmNoiOQXNWYNmJdtcr > E/L7n2ZL78tm7N68f4mGWU0lJ/EKJs8uN8X8DPhi3rYBTCmZmtbsYjQ+OAgkcKcr > kuRcsOfGh5ITJXZJYzuCFk08ULOSeeltisXml2bhUOlxM/DMfZPp4OiGwz0Xalro > W8jpI1xNhrYhyUtHbPbRDtBlHpIqcdg6LB05TBezmJBsvOREwOLZYCrJJhc5uIiV > m0RgWplEM09329ZtmLkdvL33Ca1uxu/wXnjqWREIi4lhwadY0cM0alx83wzj8AUu > YaSFW/ZjJGWoALl9lAKMkpj5JjFzhHj2cps2cGh+zOnquZLfNFjLfCobsOiIZW0z > 5XD1XRGYDjU7vRQbxmkwtDhTd6dHBAduLJADUREZ71wg6veuVpdjJQevILihtKDX > Yg0mcPqqH+6gxc3EXSqM/HUM6zJlURDDhuLInbhOiRrdb2T2D72Cfggz2mk9fh84 > /rmUB2uH32con3CsJhESCoYjdoKF58KDMTqxtY64w5YY1KKCybwYtrs447j4oiJc > sSE1GRppKuasWydk+fp4wWNHDz8mbvO3JaYyG+bRE0QJ3qS1VQAm8HNnPtfdr0dU > 6QuZrGiI7oVEC6PjaFfTSHmZn0xbU7j2STFdE4UxsN5lqjW1A/DOZGOvsv2Eqwka > ShvmOSBi6S5wqPhx4ZM8uDBYEE0J9uRTL5yLka1WiQo4AI5RcbyVY5Narpc2iJ6+ > ueSCmKI8Zjh3RWCwPYwxcINFthaQMUAkKnHU1t8FXNUJpTiUos6GeS7PJSqbfYwU > cUumiGjfr2yO8Uu4tuw/pUkkpFCu8qy9B6KCBRvceiwbqaLaQYvEesx7QsnAD2y6 > IYUFEoEDfXnkoQqrHrGs6GfKKjqWY1jDvv3bvCnTR6ycmjnABnyXoZFIKJk5Xwu6 > UQkBJ2e5iPP9pRXSt/DgHD4g7zBeO9TMOscUnhyt86+9tRPxczmekyKY0AidNnHA > LetvmBEtY4fLQfbJ4dyunrTDPq+/iiOE2CyFeBvuOBy9agFaduIJs9kjVEZIjHAQ > NZLI1m3FgQLLBy4kbiIjr/evS7y2wC5L1am2sMSuAQJ8FKCNwoPoObskeGsRme3b > TqSAKQ06daPjhocjZjkuptqUh8dzq6hzVPyGLayQYSgC2tp9gvwbtpK1geHMs54n > dF+pPgwZC4BIqRshaQtziGDOh7dzCq6CV2Vh2fCuzVEoYDpoKnTd+GIodZWJMgEh > 3BoY49mwTvuKpfNdNoqSdSSTN2GFqdtWoBTVBfITrlySVYTaYCk6eTNDw3xPLHLv > 2Qwa0RI0nrLjY00soWCcQDD76ZMaNKnJ8bdOqFlkYNRjkePT0uE4Kq/DZk9txgCv > qPg98xw7c0ZHMcXZ0wZzcp+HLgG92KEJjF00esRo0tVZsHdXlChbuiUkqsB8Z7Pe > aMACPXsdeNOnS20HBAuVI2UVfN9ZZ549+f5oSvbtQX+UvOo+LG2ls0feHAIt+Wy7 > Tu2iB3Udj4tkx2KysGhaq9fkXzAc8JA8keiQs2GNkSDRLJJlHe5dscLxrUlJqwaG > qXLUuZF84x3JPKkgCR0aPOjoidTPdC2mcnENSKF26YAFDRQqTrcEGg5w5cjlCpjG > MZqOSiWqhYG4OpJK6R1ItHKsZoNEfuCmDanK2a9c3K4bHearp412W73XCeUhrt2t > oGuiJUVhxZqaxoTwNY2KZ7TpwnkxEE6qqlDeKRLnEl0LjiU12Wuurj2JwrOaiRfp > Qez0kaOWu8pVWAuGCsAqMSSTDiuE14OhhLp4OQY26eJN6XPiwwIDc86CsXwaeKIu > kp5gbe2inInSN9LIXfKFlngOGtGol+wjtX2/EXcxi3x9IL4XiIjdfM4n0G9ohaTY > +MbrDFRy3ct1rIJ4JQbKT1IRBumFNkBLGzHyGeIiOr5PiSe09r5RPXPqM8UNF4a+ > jK+ch33RVenDVIMXK+ZiswSiJKtVYL0zbAp9T7t8RX30ya7q7yw9jek2xupdTuTi > +7QlJhmuTrzhM3mTMdycmZgdidMQwDM2aFDBvo1XU9kwInnacRGL+g7MHi/0enuN > QMCA9t5raYwt44d6nd5KDCT1mWOHiOIkj5k2pPXc2FVThsIoIxGH29GzIdKWrpY8 > ESPDh1+808yfWr4+FBnUXYqP8ImTtXDlvbLHfh7fB8YOt9JQ/PGxsPRIY6jt9R7O > y8/l+QUGMWIDHj+eNY63UjIb4ALDkyLjw6JUhElcsSO1NVXqqiF7DL1EgN/QeYrM > 3FxXAEz90bgZo0u1PDZEy2KnlhJ3sZNVzqcjsRY0dbHhqywdK5vecjWqXuuQInaY > mLsXmIMpFTeEUKPmweMnTUzqihVr77wzGe7iwAkljE+bFoN3ZUa0CaOcYrsVGgKt > gAymaYlBMG0Y1LIVWCenQw9lgq83gkZ0QmUgx5UATOH0J0NgCxjVmLDGoxIQzmqE > FLJlyR8Gesna4p8a69JbABuLAhNahpscKORyfjj7z84ne8qdH1bO+3AIzHEumMFU > YpvA5Kw7cunMHg6pmd/O28+7gfKeNzgtcA5449jrzWKjJ+cSWtq8rxF4bED46dBy > AXZybbhgJDK5lXsnLhaZMKIm1+JH++WIjx1oHANzWLcpVOUu630rotUqVY2TmNuH > QZ24AMdV20FZPqxTIb9jN8DBuPE/Ga6uCNfSWm5qDgyOKuFgAsitWgAz3smThzeA > wOULnTytEKTEHMYfmFp7bTxk6fUeEUBKJVAJzSIsrVk+BA8VA81vZyH3zhrNaG3L > Age0a563zI/sgGkq85EnW1jvF8qX+jbd9tJ6DjDHA8OD3OmD58AGbADok2IjZZzd > Z+NraCGwy0rLvOTzze8OlgCz3vh/My455bF8i32dHXGUTX10TbHUiFUzcZLPjBRw > hT3Mb9caEEEjdCYqByma7r8fCffanC4SuzRODjHSUCsd8hTECJvmPPEIrB6pR6kv > g3YelQYhWUuXO0MQgm67sAOMzmmv7FcoPAAi9nzXmjNRmQplu7i/aK5UgX7DF+6T > sAQvRy5uI5UnJqS5srg1Nz44vzr0EFPuVO8cDnhanSPAwB8mu7cEDyeGbQAmABG4 > pJ85MptQc1sIGygTIvo3EuUM3a3XwcJGGwHUjhoAynVdCcNP1XGKMmTfr0YOrt4J > 7Ji+Qq/eOMOxgb4QL6yno8KMaIxn2q3b7evvNbh1BXwjCmVYt0kVEH2lkA4Oe6Hd > mGaZtEzN+jnmKshv553z5Ncc4WmsGD18ZSsIajhh6CI9iM2AEdBLFGuONaxyo43E > 2QScFXqVN1oIx0vuk+56H2XNe+5rokz3dElRhQCR8jzZMApcyNXYljF37bTZ2qQJ > azRfNaW7R7m4BnrFjS0XluZK7UAFVVn0j2PYnTGm15OGDLnzPN6wb9bY14CTgibx > uc7HIwnB+dMY9oc5BsKf0V7ck3QELlkSq+vQtHVQRuxc1qJQS4DYDAzaK9LUYg9z > euwBAxs2w58QNnOjxJ2mfdunj7XxrzCJ71uZeqk1E+WpObJyqLOUciw9EvbAxYjG > YqQbAElG0JMLFDMSRldFg6+zjHFuWablM5zEQQSuALeCx1ypS79pyCzMSl0W9UOb > iUDYrkRGHIJXR93QiYNXnODGRrHx5K8jZKO8pygp0aapqoqc1XeKkubuvXqUO6aw > 8XGNkSBzLmXqPAwLfXiJeHgUECceylG3THk47NTiEyXXnyoAnssbjAUMnDp34XVS > JoRHufIQbSism8MXo4VlppL/DHULTW+YQsxbjGpMY+CwiWVMxe7YNClEZ2ZngkB3 > fsO4XJuAYaDNMmkXvByjHBtGy8KlBJ6jPl/R2mjmCV45yac4cPi+jlawoBFsaryZ > I4a85ZEPHB4ciDzCI4mLZ8ofJn1wUT728t5zHTnx9XZsMYaGe5yqWoXGAEvYRGrn > A4zsda5cuSD6qTnQ9eCbr3ErpdC0vtkRuAhVo7i7iJNcEuMyCWu4Ljxc0xDrnJc+ > C9fYLWKUqBRqp4tfA7CXPhEhcxcG0vB9wbNHuF8YyiYwAIwmQjlTGGJRTcCoNaiv > rDQbPNEzmRE13KoJwyFh98BpLjHbdzUcHJ1vH1Z7h7FSOnZ9kxKJpnJiDWtLXQco > MRCT67bNk7zniuwbJMj0ayFEnAxgNzQg3fFEKlayESDWlMfU24l6GvFi1rFzQePj > RVyiMDpFqndKeZXXQnHDNGFl27LCJoeR2xxc40mzHbmyUV8Ycq7UYuQtne+RaCJO > 8nmBOI9iLhz7QvphIyI9FzhJRODWLposMGj66i7gz7USIlrlNkSzdcmZg2amQaKj > 2G2bvMQKdGN62yqCCByfC3elgBb7FmmJaiSvktymylClobT+9bcjIlWRIUpzle+i > Lz8dVXTR6+Od4AR3KJrVDMmrsyep+SpyutGvMskQ8qHcgC8IqIkVTcd4UPRgbGF1 > 63trllUpGjg3L+F1Es2nPFfoeKWGsIlzviuRUo+dHi6co9fBuodbPA9QXMm0jdNe > ZM9QQp9GBE7QfHTeOGdClpHDjhutTXiOCA1yMIhicTw5ZuyiSY6Zu8cxm4wib2hB > 5dcRvh/uXTKV3UxmX4KZUxmFKNXg7IYjc8AL1aWKilQURFOMP5kqNTFSTlEZ+muj > q69GN9Qg0VE4VoKtjqZMQctfQyFVRhA3DnZoURKV0bpLcYm5cOUM9y+xHH+uN60+ > ldIduPeRE8asYmq4TEqHQQFG8Wo5nCHTY6kGieJRb3Dw42mUSpgkZjqIOIj9flB4 > wYOmIwdIBwbxaGyTEIU4UAFp4G77x1QFyXK0ykUHOytgS4pjNQL1KkMePGzJQcoc > l/HIjWaIdemNOlUNnudxgPSSZ9ZhEiHVBOX0e1JYsWt2lqdltxQtMx3Du0KRFzuT > b7MqPYhmkiuqjiVrdTQraxDCrDUep6cLTBA52D4r1jvGGRy/YhiIaqFunRLeGMhD > hTo7lxy3cQOp54OlCRcoZ0Fy/OEDlB1zpg6N2VhLIILXJnMXZbkHM0N7Jxyw5cyb > KXuSPKePo2GbGGncjTUL9wILiJSmy17aN8Nvm/LTI/TxOOtrXgbvoL3YnQicgHK6 > MCB29SsnTHcYo5Qx1LbJWeINBygIOaMaWiHMEMzyEFIkRN7pefCAIHLWGsR5YucH > qfKgl1L88fnQgOMMYwVxagqjIqifqpT7rUT9V8oH9k/0AiesY82E3bVQfgE8/gb+ > Bd2F0kehsJ4HVA22VVVRFVVVVURVVVVVVVWmcxOBD35vJpJJNwCQlc/UHO6xUPFv > /V5UC43Hc6OKHe3rG4otk7jU8ETTR5Ukl/5Ny48GcJzpv7n5AGoDEXbO7IslQlbn > VzS16q1X1XL1K+oUsvoFkW2XKsxAWm1aRDyht2WdSpGQnNyJ07wWnZGoeRMDl0QF > dAFoBeFPklQKm8enXk8G69Gr6Nl5u/1hhox8mpXqniP0KvJ9p/Y7x/yP2msVWvIA > vPsd8Cq+Bd+uejJUCpRPpO2c/rPJn5qlzp5tDPsvzacMHzHgfjSp+OfxNBVxE/kf > rqPIUxfXiRrpE6wqwQ5Wxror69RgYNeOWn4wRbxdXkGOIBJW3Op32B1t2B8XdzGY > K9LpbhXRUeLUEThDps8HY6w3mUARnIGr4dKYt62UWasKfHwIFiM6qww5g2G91AiN > VYkOT5dysd2NO8OdyEZLk71v2byIvOMSLcuobEt4KOrc2DEHODhs0uC5oeCLVcgy > Rggc30NyOIlG8b3EEFCJ272eLFDdDJRR8kEubBuWJaNQndeBVQewNXp59QB0ARTy > CaHCr2MjHzEEFyoFZdHt4byVNNJZ9GCfEnDD4+ChWfx4LRSF1WaUgYxiBmFNsabs > DNSk8DCpBouPU0dnKxa5axonSeBJ1kcbtypPMet2tKQidr3gfHTpAiYx8YOdc+o1 > BDephEVirjE6LCvI2U+Jqvi8rc8GghOYsVjiBOc3Hd+xFMmQvQ1AjWasJdUB0Kgb > z0lmOt7bUHzapNNN/CIt3N2L1V+OYMk/OQxbvOOXEroM1ioYcQZaE5ooARgDq6mS > /Pn02na6dLuCB3B8ZCSMjBPfJ7RwwHXgwmgQGLXqx1xEabbJDAvZ9V8ox0aTSJ7W > bggdjMcWCh7FjalqJcKZzIeETiIGGOIBcx7Tfn45F2nxuO8yT+AQGMv+NGY4ybtb > bMRAwB+PFQMMHTyDgCa/FrUSdw8AEypjEJCW5NS1qub1ZrQDLwcd7sdyCCPDu+YC > 7cIipsshWMaPoElaawDDZORxIiHhoOQScBpBksgEYnihCEJBiwM0Oo4X9HOctAhb > iTYcvE6cgyFKmw+w9iS+h4q33+xOhVGmEsGGljMz8VAFKbg5Upsmcc4F9hprccbG > EKAyN3JkakGJksFgCt9CX3FgIxmC5j4ljHYwSkbbj63zy/THxzviSfY00Crbdo+6 > ooX8AVRrEmOwr4tYYG4syExpQ+ridUo0pk8Cpy2IDQfCI/iM3b2bjYM9J+0duQdr > K1NTVLg+FSQnnsCrcGBhLJSqxyxBTxImUGpcihWHqbDFzRoz4W4knh2DDiJEHimK > 8VYjRex1ZlLvjrT1K7ydKRXiLxWMMYqEigk+i8XxMOrH0YsxDXIe9CVrd/G7w+wQ > K1u5c3chSO9NHN5GCAlwGpo100WGnlil4X6SE/YvLpJG9WyaFhj7zbgN/CJqNPwa > Cnmdcic5OmyzDvllvqn4d9bxAasYacFeKrewo6InSnTJzuSixFDTwTWRs9zEOG9n > S6CKnQ2rFJB4BzUKSbpDfZrqbbaqvHfjEVV66Wdtph3KO6dv63IwXjp1ffIxOHIk > IUOCah1U8PW7KpxHIe8uHk7cKEx+RVvDmakkOIgi+6Y0XPfo60bkvPGMQGKOsqmD > g6z9xrb3r4kt8F3KCWclzabBOCk5anVMJxF8MRrkhEIdLV35pxwG13AxFgyIjlhY > FvzGTFZlrXQBO62Ob2tDMWLcyESdhh/4pbKmfzSnsKJKMSeRjQVeICUgQbnH1mwg > x6xRB684JfW2tW1xLve5Rw4FfYu0MR881SHl45KwIWCGtuGqyC8L+TWWAscjfQqb > Tl5sUS0YQjqXkW4fQiCmls2hF/j1enmoeHwfFPj2RI5MWLWiQpH40kvjdeV4pKVY > 2jg3VnuPwEHDUTjfDDjDzrmpiex9dzsqUaNLjYOOWcwCCdUlMKX7SpVQLlJee3lx > isnbbmi+zQnG8urlr/EwblIsMOjrGElJ2J2Dmry9myaZTN5KmZPanTeLbl5mh3w6 > U5qLl6jJ0lcpqWyI5APJ6wctggVLkKffKcIi0Ki+vy5tiUU5tc146WFMIibE2tzn > zHIOr0mFJ59i23L4N9GfejJhsWsLCCVK+OiJZp7jC6zV3ITmelBpKWN6N4hQYpsY > LkTJzVjpdRoaneWK8FZETWrbkxw21iXZ7X4aaey7UkSpy5To53tMD5qzwMD9SUOP > ZhafpvwmlAEtZklgQM8U2FCYnteLec5Jaem6HMnz0HcG34aREuRjXrBmdCxcqOjy > pBsh1lzJQuYkt9kXLaFsYtqRCaSu45HUQZM/MkZK11ivkYUxrUkopa7YN9LKPYsA > K8s7m5ChSUxx2OySVjRbCWJoPSX5JdnrtjUb6R5OHGf0tsXdVuHoad2C5GnUlCMS > Hv75/OBo1tpGvmVpGTdTzvG8O1q1Q+SudMPAw3zGKRPzwdN4QTDFLqYGKLDa3qiY > 43iLCWJzvPd76Kyz2Bl5ZcNrEWaNtirNJQYKUgGeCLMB07J8Kd0bm2L62/i7ZXgZ > lKB7TRILX0DBQrbXKUVJbybSUMpC7I6t7Ma4fIfaPiZv5SOX/Y/Xsfo+JEojuzJW > m8LzjActAcD0wGPeyKFiJiB08+F9PKB7gAL4eWLH0K8DJNWyvn6KSwNF+kyNjlYF > y2uj4xJ/tf6p8uCQL+KEMkldLa+GoRnSe8DFphIeYq6//jFtrpJZtuUoawELpSWb > TQbD8kAX316dI66Iz4XD8DVBpzYxGSxSZFLOD2uImBYfNfosVyUg9WG4YIvGfqYe > xQpoOuv1hGWduktqWG7wvQqg5YuY4Rne27ACmG2M8vLexspkYAR1vaPkRM58XiTJ > v5Ten0aZIPDqLE9fBg2pHkNmuS3OmhE4TqjuYw8YcuuLjwRiH87Js0cjKWOFndtq > +hS78wVJqluDL1ER535wfwokw9ip0qa22CDupGfMVO+FOTiryC30ekRGmh/sX47Y > kwdw5fT5m3tfb8R4yGxhq1N+iI54+1TnHyxScJt0SwcMACWPFvunGXW/G2+L9Ig4 > U7kWM5LSQImTrCvZhbnDYx1pVe4DmWK8XNn2bFxc20ZW1CIvvdNGKbFLvtCT8gls > 9wTGYNfb4oxyUgOGxRhIPEsaPuiJ3QrH1uKW8eDYaAE82ReJBgrCCReS2w+4zJwT > Tiuc4FqQPHVColOeyuPo6OMT2aNvWWQsbzA6Vc2Ug8ED9PxJIiT0njos3zYHh86M > UXXeNkoxe+RunktiaJeMEh1Tm7urCUzlS/J9wWcg1OPcUnbB85wHatLs94J7PmKK > 1UHsCJyiVQTQj14gMrge/eOd2SUMPPqLIzbS5k4WvbNtiDtsKHBYhmAlAyspTX7A > HTIvvFWLOlK1URhl9BnBHfUG7jah/Yugge1PW0mA0Z086KK3g05Zm5grW3GfDVqA > KWMfR4JAH8Jz5380IuAl9NGS57M2+uRozyOFT1oc+IwuXBiMbR9W+HLp4h8RoPet > cFaYifOhK9SNjBnRZ5kNmIqTbnbaMrxmgkHNx0xE9BaG+Iwx66IjVnh804uCBfGt > p3p87EQbN8JVfHeWK8sFHiV16ySiJOSdg1+Dp3e/W8b8b1zrl1emb6/dHSdr4oYf > JPURJtjFiKR5pxTgIHhQx504NG6JN7nh9CbtrdCl02cHNv1ESo9QAlJJjukucyFB > k6NnqhTJJhn0OFydoJw+VO5c7BAYLll3IIGNS1mPAvQoidNvp7mzCFhgQPqPuNOm > BTXdMsfQeG7LDfWREzFx/veNA2J0qfHuRn3dlFUbuvD5o9VBsTJ3Zm1GenkRLKZ5 > 4jxZ4PXKzZrALtMB4Y7qjJpIIYWaP0zqrgG7wbFK1tcEBsJwYskTuddVTQIVwWDr > SLpuabqIm+Kjcjor4DHSgd6Dlks3KiOVUwxJSpuxiCRgBLZcpgAe8148AJuL6npP > sFOYHz8x8NchVkd0oOkqJLMzbRh0Z7XU+m4TMDWwFMtmZIvlnaeuYu8nLQhOaSxX > JOpOl/j/H+fwepLPowYD4GQ08tFm+Pb+clDBSxQ769Vkw1HKDyPcBklAr8EkKAg+ > D6by3PLtgbcMeDeihnuFg2NOOSB6LJLyV4C5qYxcSLgIWIgSQNZGBqKhvudSXNNb > OyJhL006U/IpvfSE8kVSK5bZHCtMPE4WRAx0XX7OK0XSKKVIjORKQSk0mok0OE+1 > XXGJofp4TkO8vn58ixX7x+zWAF+HUzN19o6L2jVifijSiJQFpW/Bj4DsxmKZNfHV > yTGQUR2uWuVRy5rZo3I4pwaC6QzxYxDxg4W+QURPqNPJYNEUeQg2xq/OvyC+5G3f > mcmI3szodkI6Imkys3dppcLEgCbVwlwwYN3GednXsdcqi5KvghgpOU29/LIVESl2 > iQBIXqdfhAZnWR/Mym4TtvjuSX05bIKYLwbQ+ESZbHW1guVOiVbUk48I5HaG49Ij > 4uUhxUuhd7k6Yzl2oN06LiLCWJcc6omKXJ7YiR1VQPHngIGrkM1XGMnnEKiI3H1c > JUARRM1wNCYyrrYsB0yqtEdiPcalTVQBVQqUiUNo2JaVcv2fI2N1fJSERqMERqYh > lcQoQ2KdIFB2LCYATIsJSgady8GVy6MXOzlpyOzs9rzMazZrdZbYQwbET3SznxPu > znL44Yo9y+xgfFK8NK3aEhgogOICtBe+toMIklvm1Ui1c1t6jeKqSbIMvTwRlOHB > 4NmyuDMeZxx+OCBfmCB8F0LkiI7Pws6E+udmI5ae3JKtfRTOmPQpwnyebUNshAiN > gsXlm4SeGFokbGc/bv32E6Od98lMpVlQ7dhi3RGETm/tbPnckY1113dDINbvcbQO > DNTiaJvY3dAsBk4kmQYAUVXIDiaR57JxQNmAioRJE2OHb4GDeZHdvBWWzUhqtqpv > jFNhw5dt8y01cxMCEEMy7oUiwWIiglXgsU5SArqDkOWVLWkoUO+rIAcpxRIohW1t > AsyQkuutshCE0JZZKN4GKSVGGI/acYwIZDi0KPBYicpctfBK3olKLE40gULlqtBL > lYDcHxc61XeswktQ6kKuWgHmND1TiRXkytRGWHGCtSt/3EtZelSvjj9VO2nO7U+B > py5mHEKXIeyENSNBBG+Jm+7+OAl+7jhv4N91tlfA5fPlMqTV0HjoLz8BW2JwLgDK > 5FyDyGC611J2JoFisdWUmRqwCpLkKwNQBYG15l4kAetBlXiP1bbNV/NlybtHkcPO > mQAeIJkoNAs60uP8s/qeb43Q0oacy2r1on/yl+vAwZFC1L6iGF5S52Z6d1n0sIZ3 > GBXM5muZhR9VKATauFTXeiemJ+VDw7MlI3RqdVnfSQjB/bc7ZoyTgGXkayd05GlU > +lP4586W3OF5rPYRcjBZquWx0ALTbLLF1XoaHRcapsvoYJh4x9ZVeN3XzYHP5zMa > 711UXNcllCN0k11FUVRfw5T0gCfPwLuX1GvtOuEzJOqPfXZX3L9B9J58zo4NkT28 > zjIb38z1Jz3eS7ZWSSQozZpNmmSaXhK7hHNG9980sUOWPQ66cksf30anyunZpOWb > D5X4aL44JpZrX1x3x2ZZ55y3BnYWVy25rcz5ZJa8b75ampxJ7IT33U1Y4xyGOfGn > ck4BLSBEwh/48Txas5zUoR9CJIf7iH7QRgDAPpIIECAEZ9IfjFy5iZWfnLDPNkMA > YgICBigUDGRcgmEOkSu3HJtd6+GGLJCEtsrlslbQogMcXAMkwv/ARdz5dCEdC1Tn > 5HyC4gIT9x6npB9GCITCBRiF5nJLf/z/Wj+n+urwh/2/w775fl1O/T/GX/D65j6F > giOBBTjJEDVq/26ur+Pq0eWHq/l1xnbLz86XjPUL4Dk4cKU8Z2LvHOVaT2Vf8zJg > Ht0F7+SPzAVwgHTPj1Rk+tf2Xn03/gsL/6cmXNKUr6rE9v5CB8xBCAEEO1dhAlJi > B+Z+Z8npRiKiKqIwRVERUVFRVJPDcqr9XpX+Y00RFWMVjEFREVUREREdNFVcsOmi > 3C6KIqMRRjBUVFREVURUl98kkl98nDDCdp1l15LritSWN2gqF6M6+7+YGYGgGgFw > AgYAoFApC20p9JD0AdsMzIuYnQZZZYEBoGALEpgChQoMOub/3WB6AMwMwNAKBQKB > 3QlA+tFC0yyARIYXz7OCSUVT2G+DtPzlrn+5738/Huy6Z932X9ZrnSquta1rWtX0 > w5q97s8zMzMzMt+Xt7djulV9NNEKI3RyPe+SSSEnOlAAs0eLNV8AERZpvF0pRliG > xcBCPi70F0hgPd618r+3taZmZeZtWmDFqp6b5tRd04FNuZxea3612LzOdj5UBD71 > uafu1UKs/qvLvW1l9bARgIyS0XyxEarpR9xPWEKMJFRD/aEigH3xBahAhEBC7DHb > Oanc85dEe/i2y75dErt0c0b34zSxQ3x7nbpyTg/yUanyunZpNs3J5eb93l436+sf > F3gRo9r4CqgShdACbMZcWGKAOZbKMozzxMGL7n2dV2L5Ofp1MuQ+jl0zOYhPRJOA > YCxABhjAwlGElrSemwliIQAJE858G17mJWD13RTo6Ki/lOnZ+9Eqcs12twkPj3/s > 6NUfB69sDjGl0gBe672z+A51A5znudWvDk5Afw8RpU9ZIkXwkTyP+APi9fTn3Ckh > J7KURNYLwBYqcEocvICNEebe2DaUGfAKUEpBmrJoNR4QdypQhgAjwRMgSTYJsTba > P6JZWCMBYjNQtIzUJZT8tv+Q/8eBQBW9vj+fr1olW2kJv0iASCmm+69kZGR6FAD+ > vae4A624eW9ZBFaI+VmzFiMWKRDgAFiXxwxMB8yWZRHl9SJv3IkCUiVrrRLwAvZB > 5yntBlESP8/SCoL8+6nEw91Df7MDhUnpv8JkDCX65nho4DbSG+Kk1pZyJqmMrPgE > 3u515M9DUcs8XlEvs4as0BIqwFgiiAxERZ7GyGwUoERnJClDcR2Q5G+Y08QQyICJ > thIuMBATOIrSBIgiBEqFVMmWOb3uE67uFzAOwusAnGSYGVWBCNj9fFk9TRjhCGHK > ecEEmy5yxYjafdKLE90V4MMc49XteIu52HqpXZas6tEXFq57zwEDMNvAIGBEefcN > wbly4UVgfudDniUsbmEATVXKJzOAymZPJFXpmhQhy5zou1xDHCGyKgi6fLlo5Uc4 > dL2LvnQAioIRsxvAgM1S2MPYhWs05W+6YGH6c6tyGIwTTZqOFkQu5w0Ke7xJHWic > LJsYuX1jPslA51EUbPQZJG0VExhh94JRSxG+JjWqXI3Uo4s/dS8nKnPumbauXMQP > isIJwuAJsxgronaJO65dJVZJQ0MUvzZLhWJcwPAykR0Yq0M5OemhbFtK45bHTLV4 > pcm8s4pYWzUYXo2MkV6vFhEZrj16+cCJy+3fBYxehzlQZSzTzhuTLnqlir+4QPzv > rrRw4uNGuxcnAN1NCI3Sb6wImw15B5Txu05AEk3w4w5o5WODOO9exsUYdUgSIBb8 > q6ZiNHq7tbAxclNK1m4LNUJ5a0Omg73NLmV1bjjzlXGvkRPHPZIjsJcJl+DF3puQ > 5Bi7bMDsOxw3rlmmVZ2pZSYo+d23sAUdFBx8g5EzQvyxU29LHeEFElD10RILCJVM > YU4MsdCwA9oLsnSvN7GAEYal6IJyRUauISM6yO3EwOQSr1ujpG34KXYk2EjG9lBj > GtSFCaTw1YAXBKnINASdX3HjMZRhbIX0W3o3uPBlW2XnLzLkHfuxm2ywNxFNkSRN > rN7I5KYfYbYUo2Dw69xwnyggP3hdhE2adGTCIimlvRsASTs3ORmSe+9o9aw3cwGB > ce5atyc1ud1omBpM2IQOVfVmeTStpzOUqNpxblAsUHIFMEXETppBJgGERiDT85cl > iug5vDl6yNSI2HGvHEw1+o3cHcC3lRaLebxZntQHMtiBKXBirllEAy1LPJrq8jeM > NomTxlp5LvCZs5ZQQM3yclzRoTlzhbrjhWV7h9jERRs3rO0zpNX8IkE8FREWBo8N > CLsq2cVWJ8SbrJxqbuZLzGmYwb08M33Fc6LRvpQ69uCUERpURNJY743ZRb56UqxB > biiqYkIH2mLzBqkybvYz3W+z5R7stFnsaNTirZw64JPBqGeSEjZLLQARzFaFBtsU > 2adKuAJbm+8GbjbDlMW1JqDJJdkIWlwW4g7bPGeprxfcMh+yvhHYCoLZEQUxWKqS > CwiEISIQhIQh5o0ixIJUFQXpBUFrSgqAb+WiAhywQPzxF2RFwrRF4QEe9fp+0JD+ > WGWAIhrFBNaqAUAHQgEvRQJ4kCcDECgT6rKARECbcKBOCP7/I3/vRmAIJ6ZgEBJC > QetbFa96o7vmABIwCA9b/4pa3O6S/+t7lzIhJUEBC566f4HtNxC9xyHfs3+LICA0 > WQl20Lx9fU5YPJU16wHphABhCXO+3wRzL1Ch8MMySQh0JfHeyofNwPklWfx/PXAg > BSELPx523wtBmZGNgmDCVeEBVjBIJmI7Jw0xz0LsjFUxJ15bN0/XP1b+S8Fvsn7c > KQe0nKX3uGNkVzBrje6u2+ffz0+T2eXp5/o+X5teU14zf115tt0mlO75meP65Zmz > a+S3/mv96d5n3VUkbVPkfJ/fN4tmXYAhFIhbETcUEkgICF1uSUCgDcdsOFlBCwDV > PuqgKVAc7JVVWoDTD3+Pm/xh1Rnh8p9OgEis+mgKUePTgxWTOu1vgc46brJdpNbE > 6LiOaMATpGdz1D6exisqiO6ctLymB5ChSGRljry7dHGIl8QoR3JhLDYZU8InkqjC > n1n+eOeu43XOG7gRS69o3iEFxh2RFwhG3v4kyPxQ++X+RVnKCAWPmhUxjMLjljJV > khEGQA9Swvg3mBuNyYbclcEES9yw+JKxwRyogtj9BRkaEyFuiBYRHKKJYQTEMQYT > DqxArN6a4X6oDE8k4qpN+W2hBlowRBzpcxjFtwxzTB822LJJmM4HsEMMe2mrEmTI > SM4vXIQpEHyed7gEQP73U6OibzzCtaSGVNFhWQuMY7i49S65d0RMHXxcnnNkUC6a > LBZ2u8ohS9WbDaraW5BQW5FLWIrLdIRAmLdyHFe5izqKZ1hBHMTa9Tg1XMdANGwQ > GJE6P06RgYtHiEvaDVs+1rKmiAQFa8ZIc8JY91CF6xh3YRNGdwmzm6e2RO+DZi2c > x6w6CcrIriMaxUHengafL6wiPD+7qSxaxRYPRpCinHHJNc0PZc8z0pvFykYRzmsH > Ln9jzcTaa3nL85ypZhJzNSXim5Ukd+CT44Y7kMp+DdSekrJa089TA2jl1ETQodjV > ypZOkTUbNxrHIRQiwQ2bCojETN8VqAKZUEDUK1ju2yexiSSvpwgaYzHiJSeNNBeL > g/CxFlclfN3mTaf3PK6hvFHzthLocNSvRur67kYcn0cO0G0pQyvPRUsEHd9y08Ma > 34VluHFc6TJGTFklfRo3RTRcEFyzcqQWzoc6QTQ+7kb1vk9ug7JzWBE9yNmZE69Z > W1Ww/JM0NPDsy/P2QjsWPlMlD/5F6/tF5Cofobrus+Qv6FKgP8AqK1RiKYQcgZGQ > ylGQLIwLCAoVAJYQiMtpLErBFFIgSKLBZSywBVERWllrAJYRlLSMrJRggxlKpYSQ > kWKDFZAGpz96z3PL3yY/Hb3+F8PPkjiwgSVJUAu2KKvQtPFsonqqN9NJ3yV3NlAK > 2SEKdPAVMlat8HU8v0EgmBMJA1LZf9fCrCnKF2ZCSJOwC39Sp8fG30L4zXUKzxrT > CARVQAX17zqHzuG6He4BAiCBhAhgFaEFeNdQzq9ECAkTAcrADgF8TYw0ldtmAbVO > suuSqaoSzGWTl66XKqHDgAzS7Vy7+OrhqroqhoQUIA7OLPinPOaxat5kvPtFHjAJ > KYC+3oPkBH4EwETn7u490O3vOfm5svF3Ts44XrOT1ecOX1Kqqql/GxUtPlqK20VF > Xwuxr7nj7+E76+UObM49ZhT9VF/VjmY2s1Jq71PnWYbd8qST+mCrfWPr7Pmn4ss9 > 5P27+gsNV61l3h3xXZ9y1czF3XW2r9V7rStc+1J57aYsKKn5oS5Yqt3jnq/HrsX/ > dGIkgJwFxuQCHAKywIQoEsoSQoEp+NMSSAYAlsQgHAJxX7mst4rg4Q37lIPiZ+6F > Jr3PugZGcgYolIH+5MfdZBO/PowPU2fXklJLE/UaMitBqszGlj1EvTjUIFcaLfx5 > 0ux0hRH+ce5AGEHtxHvvL/5Cl/5f6NQ+nDjbt9GIeyZEm4hBX3P4k9Kyo5u6C1HJ > X3seZeubogtSUUJUiuae+sgBOz2ME5YkkC1LZkojGAdoaYk2US5GjkhYljFiGh4k > kgIskpBMpyPCqFbW7PkaynwAUWCVwQYcxLWCfswbMG1snBJFxKJO8wzszt7nW973 > xWvjuR7FCpojYsHZu0YekwwBm49XehPmmV5TR00QhfuZm9jEHHiky2bVey11hrvd > 9ACdG9KImW22ExXsHAo57POWoTCQp3vM2NmJRmTkR2+A5p0Y1XmLuMWANVSogzEn > j1GjO/axtzs+TDKMUQlcRHzFnIWUcwxcVjuWAJyYlWL1LwR07vBe2hqQ9aNHNUSX > dOGTxg5R1vUkyiJrhGnU6CDhmL8dKQo6571vFPT8ojGrbsaTPum2nh6ziJZ6Lwvp > ipWh0mXOFkuMxiS2YHXhvvu/d+YD364FangeOes0XBJ/Z7oqkwBMVJcl4p+4NViN > jA5lZMR7YuHIKoiXRQkzm4VnNY2UC46VsRInFFSfdlp1uB3Zy4pFRURH32+iKjqN > QUARe5qNchGLwpXG9RqLjmO79fh6m/LYK+4ImKPbe+j5WEU5y5w7A/0jIN7B9Afk > pIqU5f0dSV+11o5wpyRqXYGSTwtQarVm7tgmAiu8lrIur6LA8eG3Euco++ac48i4 > 4AtBvgQHrOVBlULSsW7/oJZ9QA/h8JRVaMzH4xwLwOhLg4irIRhIRhMJ0+MMEwSD > zkZohWCIwlGSMlIFEUYJS0lGVojRtSCyVlSIsYxtKVqiI2yiMtqy0oLyMkx22BN+ > PfZ07o88XM8lsbEZIEYXykcrRyYTgXRRGqgVDCAB3k6cvapTxYs1dSOeyi2pIrGE > JLdSGkjr0SYOaLHa0kk2B6+vZxz2dG52sVBhF2DFN+HQ0xu1J1dBkGQqNOrHi2RI > B64KwflSgBAIi5cDXrHNhZTWtd/yqNbCQLWX55LdM5dpkmEgWzXXpyPZbnezZc8b > CQhExCR+PuEvz/Uj7Oee+alW2QQD3R7GyPhHlszUAxmll45ob0d6tlRBsrsLiXRQ > SFgNAyccZgnsONkQrw5SgkLHE02E02UiCmXFDuBg6mjNiFBqMg6yS+eE7aJmh53R > x0OmowilfW+KiLD+8sMufLtO9fXPb0/snb1esQ8fSKrqioASAIlmj7ioqJQIIr6K > J99QQaB+HV1CHN2AbONzJt0ATg253a4sXhugat+sovqY1G8pIOcOdK9/PExlJJ1J > JVJKT8o9zEaiTjIxR04m43jojtLpyYc5nO7saV/XpfIhBQ5K8SyA+nCoArN7mM4e > VJWPq8fg+bXvIrN4S2YVHokkw5eyFltymKgIFxt9gZOT3hRzeNPqA1QAsQTewuFn > FU5wgMjwMmdchIRCwbREvj3rkDq9Pcxnb0iDISpc8bTbGABNzOTWkjvjGFlowgni > KrRwg3kJceXFFKCdHKVrRBEqYvrnORyAUcXljj770oINdOkC+kwAKIlirDmwQ1UG > 6tkS2uQX3JcjqGFTHmhLulMbL7hEOjJKN5FjU6uVajQqkPYmNokhyZIiCCsb69k4 > iF9+5cfygG4Yj0Ok7UXSXQcs6XLs2TCMxuk6fmh3yYtVAO9qUrpuYs9aPlcqQkIJ > BB3a8Je5jppEGLqiDCJ44cJOdwHpR9HLuwMWCoY82HDq+LT1VaydBgQMTCeS3PMI > ljaPspiDxx62UqF+ot3d0a2ukUHefoQj0y0W87DXIrU9ne5Epmu18O2pQkF5FzUK > zQYCnBAp9/jpcATt0zwwAJAc0L7kt0K1MkBKXJyK0w9miG98+ezqMPxNThGJWTHe > FOkEwO3CyL3hvzoiTXvmyOps17pc5Gs1rmAelmRXF14DaOkJ0MEcXXI7x0SZMtal > yQuQjERpRnpekOe2Bl7W9LsiJg0Y8eG0RHAzi2Gd9mKZ8JtNr+Ld8b0TsipoPICV > JkDN5UsHk3LrlcNti0OxJWjE6SOZrLZBtj+AeJDwKVA9HMUQc5oCyJmi2FtliAyU > CNskRBSW2CMQaNLQhZSkqKWwiUqMYQERYoKLUvb28O/K7rTfTE5oijsyqcfHMshe > elc8ZkhhBRdUB8/zjazobN7vo/qDH4tlwYAS5huTNzJpSYSBdLp2hU3Nqltn2v1U > pJJRykMBo4YSl8tNTgEimqnxeEsVVE1CxtilpT2AREJkALG2rB9m26aYGyW4126x > C8CCCcOdidJ5Jtrly5ZPPpu1AF0VEyEWfRlhS011CJ4PQQI79SOLbJmaOqQxiEpo > ycHcUUe6dxJCfiIFZBpI455qXtqkLY6q72nuu2D4n3hRB+LsTN/bMUbOij4w9sR9 > eltyzPr6vVZpblM/3Lfl/9/EREQO+IJxIirEgih7aeuVBFIPsoiiW6M32n4Qxiie > /7nJ95vYdey4mZbrs+hpm0kxxT1b3KKrJDQfR0iApR80bIrXIt9JJ4VW8Ft0M7EL > 0ERRGGGTDFhpJITsL+TM8Rdxt9LkCE/L5aYIgLpoLgEnowc16V+Ptm4cVhTe2O6p > MHR9UGmdjKCBJGUM9YeEREvuhugwuB9YPekjJn2T2zVFlSXMne4OAxTIs58ZLzWT > mERLb9BHtjj7nmz15ye5HWNIh5RjezCIQRV2RELwU4QpIPkslhsBPClFbD7axNi1 > ecINMgrR3mYJKrIDiI6BA9zMmucNFqoRccAmcj8tzGy9lyy2WKhAEx7iImhE1IeF > 3B2CnNzbWL9ohbLZcpbloI29jualhMUiFwsSUKAdzozddgFiTEbYcktfq2FsPyNb > sCoQLzCCUM3qghttBZESTE3NTRRd57w8YJrvKzoecp7VR5RzLQWxmx5casIkauJz > o5jx0Onry7MC8DGTCY7FySpKfmecsXmw0LYTGRErvTmoPbsZPEzXSG1b0h65K8nQ > 1tjuTPrOqY3gxJy3JETncEuRtSjuLHbenkLhyxKszWwPJFJbTgrhcRM+fLpxWMYn > PCjz3OkdUsFihhRPDiafGKzosqiYzkxPEjWyBmNdJ3hETR4LXNXgzSpkHH2UXxN+ > KjuRZix3WSxKNIyURjy8AOlsHtp44GcAxfzCuakWAgseUAT9GYFOW9qpFMkGr6RE > 4Vt1+VS4V41z1GoO53eBTkUlSXGw/HQwyGnwIiiiXKKQRSTGmKIfNs32t77qDPb1 > Jw7WQ6HTnODOfvF4iJA6yBEof4QUCv83RKpyNEKyiKMlkbJFESp7xSwEUwVKtCBU > UDJqGLKBYNUeMRWvDiNZDLHjx53TgkllofyehqALck0d//NCQIndap9V48TLNLKP > 4ME/8v58LaSSV7/nLHuto+rAJBW3aQz8QhjYtvYSSRL8s+nW6ix6huUfi6SBZ8xa > nd9fSL3EAclmNTyiZ5dqkJcEJg9MIeEpeo93nAd8wkgXTG6zsQqLyNP9bp+RYO4K > gztvy3qv7bv6gnr+p+sTsDBF3OV275atN8+vt+6L8k6+X87vy/+GdIfDfj2/y2vs > U9/HN/hz156prkv8EKG8dpfNpecnLSlt39x+fzuXfEQ4kBRgQFSDBFh4KSAVJCAh > r4+rnVV78dhkdOOm+91IBOnbpPyiOK5dCn+xfB4frgYiYLPct+HOQJV1BSmyKmOi > sM37/vmRs6QN0/cSgkIHNkvDR7l0xJhh/YUGPRCnoslTeKaMFkRECr2Zw9lO8hZ1 > zZps9qs5M0YBuCmxXGNpDm0LZxIqknQRjQ8imtBgvwrpsregBLM+ioncSr3MNY6Z > MC0mFLbxXNSkF0E2PJACPc4PUHOpXkqLFi6TDjt45ou4+A8aN3Bbvtq95ilDgput > VruvCMgC6aWwuIDgzdcoXNE7SrYS5kN5T2doyY9PDyImGOvZBNniND15R3nKmYCR > u1RI3DRRocqbIiXESLHsFCBbpKCT0fdDLrOfHKY2IhnpAOa7ZAL6nxyeWiWtjbbw > xIAk4en607Es1k1GJT2RNrsRO23QATMRJhx8kWLFnbc8X0Cirjoub00LIIxx1ETl > eNume3b3L3DR0jFEdbDVCBTZTjivtGnpWDCCW0dNjiJc0dMOMbIW6CYcum+Z7whz > Ly7HOAgUQSw2VKoOU4HStVe4ie1MxHcd7geeWLmD1zVbPEnBcPeAiCl1Dk76KVCT > 2pREo7hy+zW3LUAI7XonVjVZZpFO8O+6majynL8s9saFYRGN6kojFefVi+lzBg3e > x0fZxeAgYd42ZqIamnCmC4XtYybVYREUsRoSYwZ4MWhRNDfpCYgY+vc4WLPrRpDk > lEgJVqhW7e8HQg0u2MHPre/4wR58upewDtNAMsvTqQ7N5Ys3qMWFZVEoFksIUYiS > oUSCNbLUtko0aUsWsOvkOO/oftiEZBBjPH39m/Xdt17wElYuXvMGjkm0ZtGQMllS > JGEkCpMnDxuU1Lp3ZFNMAAeo7DrQxr78BEzNxBEKx52/6LLgjD3RBEKchG+c9+Nr > ZZJppXZx1NmCiREjBFOWuMsRXpvJ4pqPlwMISA+A/M7z3buVHzSuhCIV7Tx1ey8v > XePX9OosJJKPvGYYs/P0H/brf1vm/7qO8zwh7tbsp+/wdIFxpjlxvCrM5Yvyprby > K2nAyM0Y+NP/R351rjzWvPmZ/7Ga+r1/tRozz3zPz7qzzube/DvVYluzpOG66mX3 > d7b3gROdgKGT9dEQaJ+igCI4ZABW7pY5Pr0/Zv6Mc/E9my2rdG97nv1wfhATmF08 > Spav1X+DwrRtfxaN6QL3+TlH1fkuEuM387GmL4am2vP2DZXrPsxIggd4L4Vg+u1y > ouQWEuKC1jT1tJideaMKNex0gbkFLFwYoiCUnR1U5S62F9nT0sYWOUjUZwGjvC5t > HCeoOgFwd7UKAJRUN7Jd+KdTvbyOoccwlvceQtGIwHSxd+2MIiFsOSlw3eTBiz+b > uNxKjSktyGgp1MwEcV5ANe1JgcqxrGRIbBcizc0drpKrrYJslEGswOE7saN+WERM > IJ5hTsk9EuXmFXmxDm4HZg53pIKyCEoZREep3laTKS+gQGvaL8eynHDRnun7QMPw > p0MujZlkkyE9KWrBTKRcqFdw5iqvKmDMxpp6hjbGzSRS3WRLiJG7DWKn3qvcblsH > ud4ut6zfhvGx6WuGtoj6bKGZTZQieG6JfO6YhYQUq3YM3OPWJC9HBBFW0cckCC4W > gO988FaGwImkEXhdn6/YtSZJzAAjiOGbyaIDpEV6pfYdcq2S5bpM3pclBMXDBFRx > XFES+IArUmMml4XFIs4WwggpRx3al8b0P3GADRGXTWbHD2TDLEV6i8ItWWEY2nN5 > jzUGqwiZdjBUXvZKqG8HVINtUuhcfRzTpJ2+TmZ3xGpF9bfPGACxEDMYXYQiI5kU > EB18DEHjs4LYGN6MYLU11KtKzikMJYRM5ngM21Jm5DRPA2R6WHtiEvsh/P2LehCR > BIzCb4xdYrIFtqQkZLJSRLQqlJQWIxRLRRFEFokWHn8vV6HbxeeMf32/Re7byc2J > xJAfw9pqTl9WVc7uJCDSx78feJal7z/dGSuU94lCImBhIF3PxjjG8LRSwvxc+uj5 > AkjiASKXFIJgT4CwIN6ejl6O3nu35TElpqSEh7BM2gyxyQ0MkkjNkqvluVMgCAoO > Xj3D/Hzs1cBBm9p+/e+5fQa+oXygSGt6VRKYjTxUNIWEk4lsLXasgNrmKLDROQ2X > upKYVVZypQrzh81L91EpMvyMWizfr6zKTZ9kvvrtMfd/w+y7YwF6+rk8Z+cSxcLb > rKB1JI/AkhTGEJAwQRGEUUiQUCEQFgdPzZXplOjktnnajNnwus0UktiHSmdshPiQ > qYgV5I2U5LJLoa0lsHrT2DM5ErLo5w1V0UbXTZ2nXdldgEC2jXTkIxGfcNWTXR8X > BA1dwfeGxBuePkASPDi+Q50gsiCMiGCwdKEkbOnwRTmthsNIQUJFuYvNrLZdieBY > W9Bs3fAnmRnbjXVfIiPt3BA8byagmJFAEuJfVJ6MIBk3wxyDCaXMQWcLFiGuNSiI > gwp0UyAJPJ1vUy1HCi96n26u+hqMMYnOKbWzJurmwCjOEO8Y3WK8pWdCyKmeMbCQ > zYpGG3wcRnmklWr268R126r144GbG+znNx2cTJj182mwAuRSuOlrSnb5JYyCA+0i > 0mG2ZGyMWlZdcwSAQUYqucK5GXEfMQQJGqKAJhRHHOdwRZNazPTtcDrUnFudzCkQ > HADqCUocEBTJ3F44Ybd5OEUYtzg3NArT0eoRB6HRDym0pnwMImcPehucvFpSTZY6 > /jJ6B+GjZc2MMHS/nwimw9u5y+wYnh3KSFgoL4I3swIkj3QRl2WTGVUgKgECxf0Q > qkiSj9jA2y7GV1gezQEQ4Xi4iV6fXGwgl1GEydp2pDWBjsOuTFy2BkkbUayunREy > pt7DD7vJ06biELD6VCE4b/E2VNnKHnnhVUzOiVqcAMwAFtkK50ib5cbrm4xa0zLk > XLWkWmako5YnRjiIj2TQWdkVwyUZkjina3zLg1/HIOpY2WwQ7A+0TY4u5MiJE2xl > 60HiuHDM3dgdBxw8nWZZ9ibCGpaSpCjKyoqNpRAsjQClopKlsoFsSiI7O5r8sP9f > c3Z6xo8Swx7BwAD8c+Kcor6bNy7riimzLCnL1ZhboMBVG2OVt+AFKSt4gueO+V/X > cvyqAg3n0csFOKiEC5nmJ4v78hDAqQ3hIEGH/z/XqHb6160eRpTIALzxWqfqNnUb > 1QhLsr3p8c+ML3ufca9/XdfgkSgfpiv6fl9QmFJFCFivsIxv6P0Gp+VcG8/P1iBH > 6ebfLeRhtmGnClcSkaxZ6WfGDE5fMa48u7Rz87twrHWLa3fPP5f5PwCBfg/uOgEl > O9RUaQVAhABSO5oIJR8f8Ovb+rf7OuGh2bNxw2RmcGigxJlI+PTCE5pUwDplqhtc > cTSPrOIqtfqdiphTvyXSfTZ3YBjSif1X1ptRlnjpyShj00Ay/bKCBBfaFoAV3ryI > sTNS0DkNdEx0vfJ3AAmABJ6YUqw48S2W1aZM+OGIRChi20QTDcCTvKLkeAQInnKM > xcyBtH0Xppu/TeemeOFLsmhEPYAGMaexY2dHOY8I2tdOG7GvURzebmzHie3ENzh2 > GZ18vBouL3WGRlpxEQ3kYgg1vZeBOaOD2oD7dh0sJgV5fLog/iN7GCgDApGyjuaf > PuD28Ww9LnNkYJSMkKdGB+WUzWWqNrIybREh4KuLcTJXknYjYnGLFjRibC9xqCGD > A69ycGlxb5iSxaNdkArVssF9F9vYfs1T8NndJEHy0MFUiZi92cQUuZyjXJ7NDjG9 > Etl1KjmC2dAGKIF8N5UTknjAw4iULfGsLDXzHRolXQOb3LfJ5ZOrEzaRGFbiWEJ1 > KtOGasHTp9ZwbXFTpxJcGS5WKNnvTQiNm69D12U5kgATHKY8ZCQchbn3jGDdY85V > aHsdDzxRkzmwiMEm8yrXC4eg5DwIJ20EBVEBB2YOltr2DFJm3G0WQDBzanOE3M64 > SQZmYstjc73JnhGE72OeJAE5nOREc2DXIta9knxd7X9rQ5jqZF5I4XzzAS0FCR5E > SFAEuxzt3xtbWyZPGhi6ct42Uuxz0NppGnVCjlzE9IwwlovB5b5h3pKBSv5YZkCR > /NZM3JgVAQbEaNIKyWRkpIBRFgisVYiNpFUnXycDL0eB4uTF6fFmciKvSZaeGmXh > 5rueGRstfmqpNxlpg82rA3BAVGt33TdNbwEPGMAupkAkyJE4vY/064M1CwgSeEJ/ > 3u+8yks9NXU71hletCAD9Hz61u1RfHD4ukkYQgL7pXXxGaAEd5RE65tKcGrVACaV > katvN5J8Ik+RPifN8X4OMMSfEek/R7Y779xcvmTqSd808kIph5DCPNKWXy2GLZPT > zRR56bMCXJB77qWy3RxXy2H1abZ741Irb0tm18wWrnmI4xe5WOr3d5+79H6/oEEN > 1KIiUCKoQIqhD9MPXUQEcMAIY6fXrsz3D9ZuIs4zGl1xHo3RrkjmlG0aCWefGdjm > hYxep81BBxnMnxf6Z4Haeb+30cKU6S1d+4iBwBA+pR9fhaehU/Cj4ggyds2SDIAs > QUgsLyWbbOZSSXArZs25iuy0shW7SGd9nr9KrxB1MwnjGEQhZrxxESDnbdaVI43j > OaSJ2uk2AzVKoJvo7dte1njLKQiMF56Ny0oBydyvTrjggW9oXJbrBYfmcGrjXbzi > qQ2enQDhfAqET2gxoF4a9i0HHISQ4azRaoQQooWVC3GLVkRmHFyMWFmoSRpjm5pE > ntpO2FLF8Q5Rzlm5ne54+I7PfJpfWxKHZbqd0YMAHSZZ7Bk4WSirF2hINT7Ac2nO > IWLeSDCZQa5ov2oqxVAERrRrxuRybF9FRifDHBjnlRzhXC3O9vYYrK5IkO7roiaL > DZ3wWXozOUSOsCGKFY9ws2jeXlR7rMxdDFN8oJhhEl60sYBeauUI4w28lqqYdrEg > pL+G2eHQSW6WVkNuImkEjItHRAt2jo5QKWirXG6ZfjjBWhNbCbVH7uowTOTJGdEF > hEaDY1j1b5SzcPdcvJ5rrmTZs2ddBMud4psqXhxHNWOHbJiNoiQSckxnmTOhfbYE > EjuF7afGaFjqpvQ0eeREvF+hh9Jvka2YqT2yMNuzKz5NwAJn2rdaDRBU+gv5ES/B > zNzGYJzYYvx8HRFUqXFd+FOzYVF7wSUKIcUAtPDmU9HYH8YH8k0cDX6OcEP4K3tg > trRsYNaSWWWFayBLJZLJKgkIwCjSjGhR7/ZXZjp0FOPgzur2dWpcSIIc2N9U+9A9 > a2FxDDAkhhIB7tn1W0bf1St2SukCBp1j+XxImJAo+K+vdo1lkOPDz2+ASE7KOs3J > WES3rFgqwCF6XmNlz9bV1NywkhNWu/zWqt2ohAeptj7rvpvPPe6xq87iEKvN91T5 > 0ke5zx+9r3eQ1rHv0NE4V/Pdj6/K7V98hNnKfoNP6jbkU2clMQ2ajZVK/i9jXvsv > wb4U87XcZi8e6c/Ffkmo13z3zx1NUR5fPlyRyTTQp2/dVbhrASFrTCSEyZCERYoj > CAqEHt9W3j3/xPj8XPdX3+6picYFERiXL+skZlOBqOBtITmcpOYLNp6ABxyxcsnL > RCKcjOXJl7qFYNlj32TS73Og6uBCh0wkfwwdLaUs9OqHrynceMz/QZ66/e/f3nPD > lZI+KUKig220qAqgZ87iFuFGCEX1qqvlWZSGsIR5UkloZJCURFmtjTIQ9NFLXq2V > 61Y8zEjiNJOcbWlHylQSXmwma9MmXvWx9R8CLt8B8/NxRerTNz4U1nea6xt6wZ0W > xN9WKSOXuaLDn7Qd4WH4bl216KGuBDlXpRdW6cc9DxJocvqhhDo1iPDt1nuZgzsT > mDxQIw/nayeBQww4vclRjC0Kwuc1cJ6Wfoa6tTvV6x+kh8Vy9pHMv+I/WJvrtfRz > xfTjlOA1j0+euN2SFW1jezhS7mNMZ5t1ZecrY9g5B6t39DMUxs9eGg0DU5OOSOW9 > bkkpjk+4I9DawaqUc9kVK/Rs0PfHMNWvRsa6dJkJR/nNZlkrOuc4c9hTdMeHIv34 > CNvKWYYiTJFuyho6Pvjl8X0TqS7r47H3Lsu8KXmd507IZT0avmG8lmaMuMEpUyCs > a8JTz3hAC0KgiDsL4mBxGRCKh6wT+WmdfR7mqdMj/Vj5mYJfVLK1T50QhAuTOBbm > vl971BixTi808d7CmLNFMbg3rrbN7qZX2Z4cI1jzGNqovrsO/XOGW90lzJo6SxNM > ZqMRw+8SgvlDNvLeFI5MZYt4cxe1u9PJm13WDu+NfT0OOPuOy1tmHJvuT8tF/ak3 > 2jp+MT43C4U6bvvhyPoSi5ueO5bA1qXePrWu5ar/g8Z+I6T9j6uz0knp91VsAD/o > QNEUn6RKyBlel/v8H5fgAliHH3dd6I8z7RFutqPYiNgHCLk4fj8X2CoZNtvq479o > fgiRQOcoJSlKe4D7wQmGEJh6F2gQRdz9fJxlPJL0tJ86Xw7JuyaiE20X95K6oX/N > ZpT8yTyV4h8HtG9533e12W/bsz2p/M69GaIb3PJnNKbivDVvbWWctarzvnjT7vB9 > E2FTS1vjtftWjfYF/vatj1C3s+PXf7PFCfvF6X+KeqU8BTn+573zVCnI1dfGLkSQ > LiQtZXJmJcIPyWSd2z2frmMP27BJBXPq/hH1x64tsnTkn9kpnOJJj5jCZIF9Euuf > ApLmkDqUXy5I4l/ZquTg6RoIrTCoEiEx87NE+rq4cZUoADMADIGAGYAGEB6fbWI4 > 9tdUr+KEXRU6p0lbpJCPwt34TT8Lrib61tilClB3af0w2I1fGmVbzBFLc9vBsrt7 > 0x+WSSmvVJw99+THaxTxm5nbTAcKhsNBMzW1TPfIK1p0/q/4u/j+imd2ffnO/xP7 > Lc9WPX8ziA1X6+h4fVM/x9Zrm32++de9SvH4nveWp9f81fluUu9Pry9d+Xp/16kH > hZ4uiqIQlr0/nugB0rj8nvd3WRiKZrf2SRLjZgY6oSVtKpIUYMkk18/o7Nx8eh1I > pwITRgbtfLsoz8TuLhNujlySulaZzt/jik5JZpooqoU8c/K0ro65oykSfYpeYz8k > ySy4x+KqPha49s485x4pvuX/Gxr6/FNXQZlM6ZcMyF1Ax5D71Bij8ZCEDmj3e8nX > kLc1g2S++LqVtIkg7+gs88MABTNRLe+uqUQGj98nf0bC/p/qavSV6/tN9U10f9P1 > nT6qkDuPyVIezVNAC04T+Xs5FKwQxF7AWQFkFf39n9LeQb9ENhq9NujlxMzwQa40 > RReq4orGL46OghUzw/Hn8pSCr7HlQGiCi43P3kTT7W2jbel7oZNs+6fZPCLAGjGI > V5HwjsaWM4s2+EvlnrSWJfJVfe63K658eaiyO+99sIrH3b0PuPxn4zd9Z+VUr0sG > NS/XPmSPP5L8GhI0FYbryzPjWPb3C+L4k5JirPz9da/Iz276A27/SgfgfL7+Svzj > kAPwclTTx+6CjTl74th8Ov+MpddGg54JcOxxvExtRGkpCkRL0fN4/IeVU+exwR8H > ZoTx+Pv+Dt7ZWtW+mt/4jKvuCWn73vSt6/ff7tfhObzHLxejlBatqldkVEfsf13M > Sxhh/fNj57MGMkxL5HbN7fbI3H96PB+AKap4ejKRNsxJKa5Z4Szwy3UR+6yttOWX > DJgdgAnvkzgGxizH0GFIGhtNr7a8+fGWx1wEUuOS6gqyzX4VRR130t11S6RJBL/n > 256sBej7NZvgkgWADIX5u7odOdp+HNw+qgmyJJLiY26+3wm5Px8Vrm6LeP7yzhzV > 4SZSHJCK9/iie0sjz4ataGxZXg+4+QQJX8LT+1fDcafap8Q3LVxTeSYq1r/g/dPH > FnLKx5P24z9PEvllzvhrOG9W5ni4XEFg1NtS8vHj18uNuk4afhViIiiqoiMRVUYg > xViIiiqoiMRVUYgxuFypGnkO7Mf3VvjZ2L4nH3i7eqt7yareN98lLrqppyaWZ8JG > plln4jww8m7i83r5fFm+7/aiZJw/ij2HyjM+vnl/TyoS3VeSAgkyejsSXx0+j5aq > PZYiUYEwAyM32nh7cMvQjx919W31iDhIhWfw4H1XTc9d3fD/TiD7feJIIde9uwv2 > AVz+rnI9O/0FyH69XkFeCqJbb16xsv206NMKj/bPso4TW16Sfmlhrxy/fs6tfec9 > /rR9bIMRHs2/AVezmypCEpELl7fVZvPKyiQZf4dV/dWAI7em8iEkHdvOtIPJ5P9J > MPpikkujt/v5dMckiUmdJBl9nZ8ewSWc59tE+fGoDaA6NhJB3N+Mvrfz9dtujw8w > lHRZS5sPJWfLhd9ePm8DSha9yVHn9/4+72yoEjybNWoSKXb0lekunGUgJGvWHHgI > sOojcqH5ez+xt+zftLDgCvx7aAcEPJv22xHiSBTi6adh0gCjIgYDOfVPyiRdLIRC > XHh4/T5+gkSI7BViOGwaoM7njPQrpVGFDhY30T56I5AkmxJ+c+uopWrJ4PPn9W+j > 3J76e36Pyd2PYac3l4vhDq+cv4ZPZ7qNXowX7viJWIOe3l9MgFS4u/CPX0SAl2IX > 7yIq+HhxXVkPR1+/Z6Pu81Xp13iwMyQfVGkkLn7uZ6Fd0IlWLIrzUPu2/Qc/WB1g > RImG8FK6acCsIhgB9CNKAQewVv/bb4372+s/iUX6Aq9PltuUFID8yQbOP7eQSuBB > jydHTJ18ukmzej8eItsQyFZRxQ9/nUNPzfmo3GSjkwFAPRFDwMN+9D5tzhGbYze5 > 6QL6u/3T4day+yx3eJW93xqS5uvt+2QKyPzeX6d6SQjDn/Dpf1e5x7HedSVO8YRa > vPn9rq5tPf7/VN+H02cepWJZ3B+I72WfpH72/Z+dJ7OSlfNI1La/4dHA6qc3k923 > OkDZ7uj29+SXk6vw46iiHLd6ovzoEvb3ejq/c7d6NHIlNHkTvj8NJ9Obf+yr5+nd > LufyRebHR2+774WnqASQwCLNm7q+v36GHUs9IEzMDx1alFBkiwEafh5VipmY8/cQ > 68vt9yqfD2+wgP4/jwvi/Lt12DksFRZt05SfXCGRcwNlWKxiqCqmhlUXXae0yDB8 > WcwqG39rzKTEcpsAD8v2gYgJIyn2McvpeNiSO25n2ttmI/w/bJz2RkEzWhQjJrVT > 3vR4n6Dv70Xt0xm1Zyz3nAnYBmEiOyrlOHGCWW/vqsNnTrXGYyZLmjZyc++EyPh4 > Le3DQPoEFnGKJyxzACCBQnMxtkLhgAV+GWsn9KXOBLuTc9LEZLzuBaaOVA6IJMIW > NGc18yo2A8X0/mWrXHpuGsjGfj4cVdn2kWN8LDoickOfJpbTIib9XVdenKsXmyCS > ZX4Mk+O6j3ReWS8GjlnRFy1G42DRM5FhXiYuxkGbjTpFjNyNQCxINkAuDZPugt2N > AzmE6bNhUggZX3TnZKEqCA6Vhho7CKoiKbyLw43AazVNLsg8Z8/GILGaQSvHYlJt > XTrd3hMgFvbL5DOPN22wBOHEEuty9ZKzQbNLdHPXY1FBQ7CLRxkjqRZXET0a8uHE > tPMaTwpy+S1sG8emwmskuqMVHspuMDdGUdLFl6IisQcTRknOzNACrRYwaYmza3nS > 8RTDydCJVEML6uAGsE3yVvC43CUyTn+qekH5HsS877ZU0ZMNno7HYkzt35gi1V0Y > SrefrJIciN70RiTKlyVm4D74Y495fIy5mT3F4rXsxoIMb4wiaQSulxPAJKmjFUG7 > g1aFZjtkiQHCY21oyXKb1ocrpzkTSSsOZGK45LOgykLoZ4SXx2fLbLiKgCZYlTXj > DETkNXueTnSUS4XHcS1mH/Bm58iYmS2nNd5m3Zc2DtDC8fV/xBTz6DW5fdDqRCIn > rdeHUEwNQc21HMHM9tJ268gjMUIMil634RrMSYM6cc3gQ/QKZV8FlInUj0mH7LZc > cmZ68BM9DMSXCV0yNJ/Fup1ojAqpVKUS0apURSoKUpSsjJZKAUZRC0pJ9rCQE0sk > kZSioJ/dSgCkD/GiKltjYKoCEIAC97nAIQ2m3NRjlNDyGJAhERM5+ZzSX4FkRGRG > jPPRHNHoI/Lnp55yn6c9/slcIEsAZCSBgwO1JLssAqecbhw+zAPwuv90SQAQ9Bi1 > +9xl22KqNx+8/SDL1Wyoth2HxoO7V3j0qu5P31twBPLkoK0eCFnCNKFAFS5E8P5q > qL8LztCliRA1In6XeVICvygLRaCFl1fKKGQEWAFKFytFqXVXGiGUbjYyakSnkpr+ > YS4W/p3riP2rAA1HRTPA6QhDIAxWopYOg4m/GCWUbgyT8TWblVuCrcupxNF1nj6K > AF4GJCLIIfS+Y4lwPQEzTdQOcitgThQE5YHCrapkYoXRZKuNe9qhNzlgh2mKLUAI > qeJaWCbFsNVbNs+kAghDhD/PagtBIprEgJGyHR2N0nb29R2qEh7btf+MN+wZT7T9 > yB8H5lChch1ND2cpfZZmyLsCGhqbGANt8prNVYqKRRRe/r6zywjYn77uB4cMz8Go > MU8948o7ESvr1ORO5jYCCn4Ja/MnW1s6AI+k3tyfzGihXMpYY5Ujd5YqcyYBBvRG > 5aY9zPudir3SE+pyjtTwu5yzyHJFKEjLVg9DZOhXZ2ttdB69bZ2bPfSSKL08ea+D > dOTA5LVvW4mhycp5zpcXOEEsTybIBciktXYIJ3gW6OKG9EdAgdjeoTONJRcnWzzO > ZNQNTtiaqmqoinaRm0AE5Csu1rcpeeGDk5qji3KFeWysve/XTCnYZ8nNR1ETMaG9 > ILTZO72XpRrgCXPGjWLsGvUqUVpzNBcV5L0LTAoBmhPL2rULwxor040ACuRM7ctJ > i1J5J8q7EEAtjyHyJbwAKsCRxH9ORuW6cAE5OlLDAtyk4tRCHshUUUXESCyWfJfe > 6yHtBBbL+kNT4Sjkdv4O6fE2gqKboIjDTaqyP++NKzsWlBrGzfV425fsdthRuVV1 > qW7w5I+lAHLpfGiCEBxMuTPOEhwnoR8KY3rG7I9RGl6bv65CZuFJi1mKiyKKLzbs > HC5knNg5XLbjuCBTlCBSZud0PkodTJ54imllzFwCkEthEBw5GWgXtaiCu2J2Jlou > XO2IKOCJBgLedyo3YekWuOPzGG4b42FM7y/AvIIDMcFJobLD1jzPZScHTfkROzwG > OHpLUZB8jviMgvRu6KPJiDR7wAjbTuB7IRY0R4FES4/jxprL9rw/4bz7DqtXjQRe > YTgcaFKJRpGkCEUstoySIFkpJUsaWli2yjAJT1NFFdMQKlQRKDSv2+u5BC60Puy+ > m5AS12IVUU74UCgKFQL6lVRYn40AAgwJ4ulwgQ71szVRas2vTtGImj05zWSGqTVN > QO2QKZjZBhypijNtM0ZPGUlDur4y8+IAXpCFcl01HtsMgIyKo2jsRIgkQIiEKDDS > 4CEFISAI+t2BgGjJCKST4ygS4J4jVdUUl5RoAFhbNBcwAq0Hxem9wRLJ24L+ki2+ > bUN8CQkNnimT4BE+Mut9ciUjJItKG2b9u3c7ZezmeJ0m2Z0xJB0uWU3uiGiaQtpU > yxwO+XQwsFhNUVyikYlAi1QN1x8PsiCep9useHTmvuJaZUr5GdyAJZVGjEQb2KUs > gjgIEeipixA7MpnRaR8LjUzxQdFW01S74MI2bxB6pYVEEe7NGzd1VEwYOTYwcrvY > ujlGkvDIiT0tge5QVBG1x4OXel73Yk2+63BA7SNQOTNEchZ2tmbIVSRBJUmSLjje > PNbHeKTgECzggTsquczLzs4pfPOF9e6ZxYm8AHiZO5MZ7xIOj8I4cPYzoILHWzJn > kouZ0RbTKORK62bM1L8nA2HJksTBzZgJfvkyaN13bWMi2luXw6MZ6AJzxux4kA0A > cxXvZRn93Vswxf18bg7NyiRm97qhh4wHeg3BJyYpyMFS5jPCLxSsYIY0aeIzENJ2 > ddkqIlzfJ0+6PuMGBLoq7FQRad4xxOsPIgFbToWoCDnBK1HBBYj4K1FUepCeylcw > c5onWrGHkVyvOxYRyxKImsESykpuarNRj1HXpFuXGw2b83WCVRCUA+sDFnsawuMC > Ipyg2nTo0ZwZUd0y768voNF/SdNeIQY9Vse1L9XNi4BQXCF3o39lLzafbJutaMxR > lNffYxg4eW54fECl6OLtOFEQImUEvcoJ1wnMW5zleBAsW2woQr/RarwRw30TgtiG > k9zVkRO2riSEphtvd8DvxOYSsYCEjKw3JChZHFslASrz/I3i0RYZ07tMF7Sqeh2c > HKlGS0rSxSoyhStUbJZLISslPNLIBBiHqSBFkk41YRcE7gLW1WRIgJruCgF0VCRB > IlHupVQSVQlFFPHVoABSh4qgClFiinQ01j/O/npH4b5Y89fFGrcufakPsZ+ay+NE > jErkpZjHZcihFJnHFOn92ji8veQ/b8cKrXGgSQH9fPyty7B/UW7gB0WK3HiBlFuK > lSErQCk5AVL0SDY1CwEJEgMZESOSGdXIQMKCY+0oAJAf64Ufiubj/MgCtzmJRBfT > FAOqllp7eUUz5VVUhmRkgbia9XPkBIGc1AKGE+qF7z0PZ8JsD0xbKABhKTbQjCp2 > FgMxIdX47xy/MePTBeF+XJCx/Js0QsQU2ChV5sHESGo40kpg1NQmIx1kI2SZoiKq > owFiwiqoqirFFUWIqKqkFVVWCoiqKqqqrIIIKqqoKsRFVVUVQFiwikZISIRCYMc1 > Kiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiij9gHJNAA30NcAA > GxlokSDz5nFvbz9svXqi7ewf3SaJL5SaeLuaD3J3cSqp8yoXYkf0R3syW0MECZeS > yWc+WkwfukTVwYsERJMkhzpcfGznjOcdOxJGL1gNb1S5jDMZMuD9PnCPkMVqs3+x > XD7PsS3rbkZGYMAg0ezmoGk2rZBhzfs4FsfaFUe6fFnKGIMHTJZ/XUJBElw3rNRK > 3RoakjN3JGGuZKniY7UXKqaS4W6PyigUEDeTbJoIREsaay9YSjmiHCta7gzcrxJA > i+HFqLV7jGMhbWUROyLHrJQvHI0FekjyGfPRsuUXIKOU2eweAK1oez2DA/c3DRaO > kHK1QnnYvY2Pu0W4LhzXiHwIk7FxJV+FyNHDxd2rCP71j1yxjGbxYxWADtKpycPf > WWsAO9xHdRpYfilQlJtSOlEFsZ7UQElCICLYg2a1aX5YyLGAQNqIihu4na4UUpRQ > wjKtzXd6Ne4lIJAIHaybszPCnChE2cMjtkoydrikdviCTF8mQmXCoAtVYoWY5AqR > mDpJ+Bk9pdR9mSXlZ24mPIyk5rPOp5EGO4HMCp4U8G8jkTKhdriJI8HD5SbHeTSp > 7W2Q5gt0uR0lpTM7k8nrJWI0Ygrlw5cqXPiQljogxrjqRQxx9JCzm71WbMb6MXay > JF/WBqDHcAQRkvVJUXo0e5muGyXpi+JXOxDMSNYjT9TC28GUEeya54EhUEss5is7 > ZlLLzCmvELQWyXhgpDcgBNLV88L2ukmQqTEcfAQQQMESQonIQoTC4OtGXQrxzR1K > 9xyd6iD0dv19d3WHMb6SbYDTknR0l5UraQosbZQMQhgpyN9yNbLH2VpKR6Bq0cFW > DcX0KrGQmWmOzPbPunM9NooWssFlKUKFqiiKNiCwrZLJYBWtGbvX8rMTqQkmWKgV > gihqs2aVFQqVKIoVaPspVQCBAEKxVWBBEIwAH7mjicdyJzGS0bDSXEWqzToc0eiI > gNCO65TaZ6pIyfLXVllg6aoYachXIV+fynuxll05dYkaEJIM6GPGMAg6U82PEUzC > tAMGKqa6FWUqnRkFEFpFJFCRotBcL6HSgfAiehEgvoiSIMZBVVRFSMBggwWRJEFR > EUkCCJYerJbQ2xAuX6BoB5AE8QJC2uSgDSlCkLB66uCJVVE163ARTwXwhJP3XiZ+ > IoKrg8QPpotf2xNlKAofBwxXni7BTXshAhDciR+btr1aYTlPR4/JTs7aMlTy+hbp > hIZS3nuHg+FD6Do6ZYi0mmG6Zhw0CF001Dx9IvAVL9zQOMKSEBKhVemIBbxAFyZ0 > xd/JF9evbAgnDnfLTvGR6aKjQcxRWrCGLN69gIJrZNCDRO9YRY+FR2IACjyWWGq+ > fZTatzhXEC858EJbqIJy7bOk42YFexuXF38gnW92r3i7HjOr5DZG0ATW5jqCB1OC > oiTkG3BKk6zJBvtR7LRFFL21WDm82wpTXREXI+HgEC3CykW3Y9N9xPj19TdYTzGK > WlMIJB6coiSWut+ZOCIDOaWb6YxUZLEEYPBa3rKcL9Ucil8ewIkI8VAjp5NWMgCY > tkwkaSQjNoxKMXMRh8SYETNDRgzcp3WiDBRKACQx29iqY8eCy1w2Vp7OcGMPosIm > MhaCC0a8aF2vguJmz5cGu/b9czzZ0eY8audKdETZOY0WHypYbpZy7ZoairElG0pM > GnOiJbJYlcdIjoLzB4hwXOjYQ/tKO5knpOYYvrgS3WWjszMF0khdLjLOoyee4ujp > LhKqiMlJRBLNhiJbhE54vPk2BFKn2Cxn1z15zsvfTD4F7rly4mBAyexqmYGpYugM > ahz3HZO4MwOFDVCVERfeie9PFzdY0x5s6W5QtDVIlunjK7lScNwfxhXLPgyKBOPk > vCjnswaskrHz+wke57kGPQe/IQk4AoHjMb9yia8wV9YgUHKkzGSshzFQqZMIKKaK > l6U9JGj3uFxBPh8+lMSpsaYCUunuAIGJm9eEk8DyY51xrwpLbE8jdieSxKRAfMIF > yWPR6EG4RQcSTlYIPaD4MLAAnp/FN0MN6NC9ZjXeehaTSQlA+VS/oqPaLwzhjaUB > VEUFXfqXl2MwheeTfJ12JOkBaUCDmtqViwgJVec6SlNOfpg34rQqiUCxQA+IBUo4 > wooEkMsKThAUHXElfXJboXAAqtWilQ56UOm8rL61MTCigBYAB4SB2DO5CiLKILLb > bGpaLWUEqSopCsslkpAtCySBWweVqoLRI5xRkBCDUooCEO6LQQAuRXnav+BYAEow > FWOW40mfcb1z9eg1uyTFRqkdo2Yve4nhCIYgQJBpzXsMKY4ZFjZP+PV7vL4AFTQ8 > B1NIokgAkF6l+rX1bCjdRfqVW/BAXsuESiKHwNk8tSA+aAwo2CQKBVcvGbygAeJ/ > uhQiOYIp8v4hVOLBQpDfboSSRnKFO7zDQZLmbiZw3orcmpf0aLZvhjAwIEMqKLk5 > WLUClHjzLzlziefcW6SwGaTi8prILCo6gCiIHa+YvTBXaPk84YAgmV6cAM4EPuHl > X5FTMAzOrAA285wRNps8Cs1inFOZYrszX33XnUXXhWluXeqKWB76Ez+lPSQgxZIg > QJACb7luQ7CEZCSl70BqRAOAJvDmnJMhTeoHINDi8CoAxal9E5YId/Sa1wAKZAIe > izRUHjBFewEzCy1VYL05VcpdLg9BMKbx6cnPJjgnAVckDHe6W0UAvVW8i8XiBUqE > RWx+EE2ENwtlEWfSRYMFhAGRXME6cb+XEm7kQc5IbdcIbzj8GgNQlAltLLJJTTkN > 0NiCmqzqAinJJFJBBPvqsK0qrQiwgrEkYkWCY2aQIyKQFFkAkVgjWlAq2zbywQwb > Uuf0nP1O6BkQU/WWXwJnrcg1c6d7M6gIDcie23zgRb8FVFo15wPyVRZEIgEimBz+ > DT191Pk+Xrvx9t78qjKYifNQgPtmgGfzgWXE+ddZa5fYtVz16LtXQzsu1cNq7cli > 7Zgu2q5LsXZZdq5VA4k+EsHAOJb4lQdKFEmmlrP2IdGG647KZjMHHIwKCiMRIoKL > FMuJyY0IjMMM8mICSuQjn7QS3yQVSWCRoL4gUTPQVSp5Ev616pchejydhBKsuyOw > wW3n1TI/lIW9/Ee72LjQvw4uhiAn6y91k74uW61U5u0GQYEBi0dPE97PyCGQgk8Z > 77OmHydLJrpYo7C3Omc8wPjNDqeKH58LkxdrACObBw86qlg72x4ATxp76LcatmG1 > V18c63rIxUuuCOGN5uOGqGnzVLsLguoAlwQJvFslrYYlKNU/SjHaTWSt51C5Yj0X > udxGe38av04+44NUKJfl/FjHE3czxzcDDhwcXZjbHLJAdUXu341mL+Y6sikNxTPR > 8h7KmGbsbPMZY68EnQuLk9fZjJELvR05pFk6SHbKeuD7GetJ7fTBv3fX9bLKPFVH > u39kVuBOLNYa+kbgIEbvZl4bN7NnQ83Bp6AOXQtwED0EswLpLR3NwQIUcv0veJlD > xbhR8H3mNHrRec4PE6lqbtVBRlIGZ3UvfFaknqPTlnOKE9Uo4ILPHp4XT1Fa858m > nnRyZMuN7N0fh44k+hoLPoObfhL2ozEqt9A+1OZnanGaDUwZ6sOGObtfEIJsrtuq > OqeDxHhxxyMFsFNBAmCiGElcUeFN0JzB7rb0HlC8r3mShyyQSPaCugh32tjSXDiZ > NgrhchuatwbvcFRlKsZYATkIJ25m9l6TjUEhzEHwWG3KFUlYiCjO2JkgR4g/RiH9 > tLXwzMBm3uCbjrlglFsoglKVBUYBLEgpLS20WoMlkoQR9h89kgSighCIoEIKrD5C > NEUGMEAYMAgGTIQFVGGbNiYWEY8kxvjjzXkJ8CBTHIS5rJHUTUQKCFQ1MVEdNJ8r > vVxc/fowBAsUy7mzAMHhwVRUVVsgS1UViq0IA+pMMG8Dy3CgeX32qAJGlFRaDyOV > RUSqbH/oeIACyJB4NLwoUT5xqe0qee4UogthiUXx+2riG8L1oP1D38+jC5EDvGkQ > Z5+ii71IIABdERJs1ClSQyWIFyEePk/H8+Ty/V+6708fd7QzXVZEI3iLQDlPAF4O > OjTjqA64IdmfeAIfP8fTsyFZ8jq5a55onGj/WIh9e9+J8mIBvAPIbF0NXe2qKePy > wQICESJFJSo/RyXA+X2c2oEOAnP2/tbAaMIaQhWgRR4HJMT0LFPqW+t/99sccFfh > JEiQhwMloij9KgAQsJFoRVYoi3lhM7ALc4w/n5/lLsAAj5AyCgpRQAjVIAbWnWA/ > K7yHGc5IzeGNPVxdmfn9yFqSVK3tyMPQAfsiIU4tCm2+rSnv4IrVFsQeziswsiVV > d68T0r976S56ygEO1xc19OsBqCQfMazE2CgfYJUQKEQDlv6wNwH28SQkIhNC49mR > CABFXsNLeXwily0v1gRiHKiBbftVPiE297rwBb9sRNZiSgFjpRIvbwXY90VIou2i > Foh6mEgKLwvKVgGyaAqqqqqqqIqqqqqqqqqqqqqqqqqqqqqqqqqqqqiIiOAxJBiZ > gCVh1ALYKAanZr4AnPMTYUUFYVWj8peCm4uFN7mCDtFICkgMIEEkZqfAiAHoURam > PDRDidXBoKr0LTkfVDapWLIh+jZsuHrW/ldgjqXYcAX9cCnXiuhrXpVDtKtACLf1 > MORq6t1QKoPEQ3myGAns83o9nhk6Nlt4lxMunnxOX6e+QAMyTJAkY52B6TVZPT4n > /YYM3wbnz7fl8euM+zqA6xAC1pZix6EZwOxkhcw/k6SH0ZmZm/mrzskBJfnLdv8F > UZDcB+nda/nXBM53udjVlUT1ULFVFsiRvsQKxkqAtaNbygfLABbF4AUA+j5fNdt9 > tM0D7MclX5D4lBWoesXAA2fNzdR3Z3J2Q9613CmhUXQALfR4zFedCLTS4pVcHUHo > dHFWJ8hFFyADBv0O+TM3gNQSF1wif/aUzop3iB5UL+ATciRRaSkAXoIu8AhSAFvx > LIl4BgBkbBiBmF2bm+JaHhGmiHKc1Hl2rgPgIUo+SjGFEtsz2aDDFjkLOkz6rM3Z > ontCVGdfZ7peTwEEpGMx6f0qDUMkCSpPa8clLcFhlQjv8nB5u+h8EDPv9SoZxYgR > YwAoBRpRooARChrivWbT4dLLcKcmNT/9hVEvXuf2kVMQ1t6BUKlVAC4zwE5JrgjY > gAdDiOLUMIJfVorEIm85kKAoYkuQZzJZ9OJKSGIxQl2wpiS1sIXyGMLccO10ATIR > yLL5oFH2ycDtt80iPvlDi7qR8W0diJGiQ3qXSconm9IcQkCEkwvyJQi0VFOxgTHv > 984GMiFxAVElcaQhSQytaEjIgLBfZQ1VNRHvjuALslVsN7DcJ357pzGD+mN6p2QD > bFAUKgG3QVqv1eQt4fTje2AZ0ZchW7kdqs6bqpwHLBExUpSibAUCDEoRApGEQcjn > VWxuYoK2QSxRChRCjMkE4udgB64KZA5r8XUvs8vVR+YsKJcxcfKUpLkTtRPt6gC0 > JdeFM4IMwhMMCEzIEte+WY+O343zeLq4fly879S8xGyEdHCz3g0ADBY/MIp0in9O > m9UPIATzT7g1Yo9JSygj2gaoHsRICUOuj3zDBuaomTsUANdvsJBYjIIvYgpvFgqk > ZQfeiJkZ1HiAbbwDFsYhAbgLwHi1x/LmUAO3msaoJOQBYuIfNO5YAaL1hcCc2u7b > kP8ycva8zUKkXBdHEVXtyxfIOLpB603gIbK0VW4BZ+K+pE2psMbUOlYXiF68hrUA > NHIAyAPVpvvMupBgD2dOaL5DZKBM1U4/E5/EgT6vFqpK1+JGlq2yNLwAYDIxnmEW > ef4fLP8c2So3utLkH0uScJea53NzO85iZDHqAwJInnf3h0IgHVnihLgBVxtwXJuI > wsXH1gfs/oXYd3wMYgcF0O7wcHsIJtf9tAA5ebHgg9JxL6MgRQxjqIB/IhQDmBBS > zVOALGCQp87kJIKSki2XwACUX5N6qdns8Dbr8GH6/MB7jm1KPM0X5KnIh/FoB88F > OiKsGAsiEIIAyKBFAIqdqwC6tFWRUix7QCHhkjMNQqG319XR/D+PNWUrWlfiHvPE > EsIPPPkAK0BlZDert3VmpdSAcvRoxS6AlVC+80TUsUOkgodfgDyGRAYQhCHnmDvY > KYhqFyAlSo0WpWLWg9XyPagHcYogGIcADZcRUzgfqDhRU1F3hiDo22+ddpJqLzQI > T9XHiVUA/EC5DCqq2Dlej7C53rHFMQTbkcvM3o52Dkj8eL1PUeSp8Am5UAp1CG0W > ilzz610eMGREDvB07mSveCA8gw+7zZEanXA51SFoBQiiLzFKCAWpQerVcCFQSNVv > FVvBtUvABT84QBU8uHMF8Ieug0ORYpVCnU03GbaAHcX3dy8FKXFLIl5sG1miJAvu > KhBTLKmUlgZhjd2rfkTUxS4tcfEfl5gyIBvgmtUhdrsXI4eyQKKcUSZ4ooTsCGHQ > 3jbLUM3fuFLZNqaBy/o+u/DYkJJEj76Orl6wC87/ExgbVADCiK3pqkAjBZrEoHeI > BKm2YJ/Cg3CQT24eVfnVbmaDoGgYkNyJsq1uXjtjJJKgBZMHJ71XaOvkIqYg8zpk > vguQQLBEWrsdroaCGqHS1A1ioc21wA45lA90ChViRB1hcQOTSj6IArvTPIkVVFF/ > MdM2iICkU3IWRCLJCdLIQwx5hoHUJAzBqBFgJbmmVaIgNYFgc+6b+jeZgG0BJCAR > ZsprdC5LhTOxfiXGK8ieYqc33/Ho6rkTPEwxPkgAVgEiwgRQIpCRYQVggkgdEpAk > gx93urWboqX7vUVakNmqxULxjCCpxYixnFi8sbgrUFqXuNLzdJsyTGHaRJ2CEziy > JBQupSUAQqRExsHjxLVMrzAAsmi1WlzGxCq0WiF2OKiLHDVc1gmWZgH3Ygi1CoDr > Tm/E/P0YuWaTyJvgJ/BlTlOlodSHGkzOtDiCZYG9ouU5UgUTmaH0BOYAMGmP8cT7 > 1iBsWADCCpnFot2jivM+ZaC4MkKsQA0DJ4S8iEMnefNdk0+Tgo31TOaTTi/2TQhD > LndmccYoCgKQk56WHM1GR87ZbWEH3gSv+S/43CPyXCHG28NXOiPSLAisjIsRBESR > QRgIMIrEghAYsFAESCyEQgIIyQFIhEhEIEZIkfP/Kx3kHuSJkBBvI0ASGYodqgXC > IUWKi32eApc0AN3JllhqUCoACRE1ADx7xDwBZDSRgaIFGCAGawbQSpixRTbBoDAW > lAaBDMpWAFuX0r0ZZ94TUBsIoJF1GqKKG/Mu1ImrWqrNvk7eFk1ESIbWgJhnJJTa > NzTkQjEpoJfWl7xjiB71m4mWhtQx0DjvBJyEHbl9nk8Xh9/T9JPWjLYMuxJkrk7R > nNaTVBLIiKPxfK/MpBE62H0rcu36B29C39D8J1oXvj2F34Nf349hlnSdvNQqRC6A > FIe8DQou87hOiSYPe+lVVVVVVVVVIhjLKQANpDmFQ+8qoHE1LAA4qB0N4AXX8RU8 > XRsfzDNH9btMShdym8WYTITjw6/Y/1wdBn4ciBkmAYaaZ6OQkzhGAssglA2LppdH > 7eno9vl4b+Ac4p0IYImxbIP0fcdwJWIyEAJeBx5CVBObH3ABIAHv0rAbmiN+Kq/u > xH5PCD0Bhj9XsbZ9nP09PppiND3N8Vkkk9Pn8uhKwrvAwS7m7FBSqBFRuOXTrsS/ > uxGoATDNaC/Xynr9Oz/Xw5In7kWxdsiidSDIifI/Um9uGNlNiywUAEf2pjS6mRoY > p8e6L2yb7aSOZWxjPe5JObm2uFUXkkYGzw7/w7AHnvwSL6IAK/PmjtOoRiigqqqL > 0Z5wk9JCQsmxD4ZHKV75YVWucJmhQAuVgBEvusSlVtT4VgIjaIPgMuxjfh6IyAeX > 4OOfbcd/jz9G8jlVtHIhGr2F+sEuuRIsBJAFuBtn1oR02fPu003e7PykXm/HN1CI > fP6sh7Of1faC//i7kinChIL4IuV4 > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod Hi Coincidentally, this bug was fixed a couple of days ago. In master the fix is here: https://github.com/openssl/openssl/commit/f75d5171be0b3b5419c8974133e1573cf976a8bb In 1.0.2 the fix is here: https://github.com/openssl/openssl/commit/0b12fa75c9df5c2c9c2f5094514323360c0af981 Closing this ticket. Matt From rt at openssl.org Mon Aug 31 16:06:36 2015 From: rt at openssl.org (Kaduk, Ben via RT) Date: Mon, 31 Aug 2015 16:06:36 +0000 Subject: [openssl-dev] [openssl.org #4026] patches to eliminate some warnings from clang In-Reply-To: References: Message-ID: I ran a build using clang's -Weverything to activate all warnings (setting CFLAG in the top-level Makefile and removing all other warning-related flags, especially -Werror). With the system clang on my mac, master at 4d04226c2ec7e7f69f6234def63631648e35e828 with the patch from #3984 gives the following warnings: 94 [-Wcast-align] 145 [-Wconversion] 1308 [-Wdocumentation] 84 [-Wextended-offsetof] 6 [-Wformat-nonliteral] 331 [-Wlanguage-extension-token] 453 [-Wmissing-field-initializers] 1 [-Wmissing-noreturn] 237 [-Wmissing-variable-declarations] 7297 [-Wpadded] 758 [-Wshorten-64-to-32] 1647 [-Wsign-conversion] 17 [-Wswitch-enum] 1 [-Wunreachable-code-break] 5 [-Wunreachable-code] 9422 [-Wunused-macros] 661 [-Wunused-parameter] Some of these warnings are not actually useful diagnostics for our use case and should be ignored (-Wpadded, for example, and -Wlanguage-extension-token complaining about the use of inline assembly), so we should not attempt to go for 0 warnings across the board. But some of them are helpful to point to places where the code could be improved. Applying the attached patch series (from git format-patch --stdout) brings things down to 94 [-Wcast-align] 145 [-Wconversion] 84 [-Wextended-offsetof] 4 [-Wformat-nonliteral] 331 [-Wlanguage-extension-token] 453 [-Wmissing-field-initializers] 1 [-Wmissing-noreturn] 82 [-Wmissing-variable-declarations] 7297 [-Wpadded] 759 [-Wshorten-64-to-32] 1645 [-Wsign-conversion] 17 [-Wswitch-enum] 3 [-Wunreachable-code] 9422 [-Wunused-macros] 661 [-Wunused-parameter] Or, in diff form 3d2 < 1308 [-Wdocumentation] 5c4 < 6 [-Wformat-nonliteral] --- > 4 [-Wformat-nonliteral] 9c8 < 237 [-Wmissing-variable-declarations] --- > 82 [-Wmissing-variable-declarations] 11,12c10,11 < 758 [-Wshorten-64-to-32] < 1647 [-Wsign-conversion] --- > 759 [-Wshorten-64-to-32] > 1645 [-Wsign-conversion] 14,15c13 < 1 [-Wunreachable-code-break] < 5 [-Wunreachable-code] --- > 3 [-Wunreachable-code] The attached patches can also be found at https://github.com/kaduk/openssl/commits/warning-cleanup . I did not make a pull request yet since the commits are broken out for ease of describing the included changes; they could very well be consolidated into a smaller number of commits into the main repo. I was a little uncertain about marking the secure_mem variable in sec_mem.c as static, since it seemed like the intent was to export that information; on the other hand, the variable was not declared in any header, which seems to make it not part of any public API. From the comments on pull request 381, it sounds like Rich wants to add an accessor function, in which case making the actual variable static should be fine. -Ben Kaduk -------------- next part -------------- A non-text attachment was scrubbed... Name: warning-cleanup.patch Type: application/octet-stream Size: 80716 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod