From rt at openssl.org Fri Apr 1 06:09:43 2016 From: rt at openssl.org (Hejian via RT) Date: Fri, 01 Apr 2016 06:09:43 +0000 Subject: [openssl-dev] =?utf-8?b?562U5aSNOiAgW29wZW5zc2wub3JnICM0NDk1XSBB?= =?utf-8?q?fter_upgrade_openssl_to_1=2E0=2E2g=2C_it_cause_core_acci?= =?utf-8?q?dently=2C_please_help_me_!?= In-Reply-To: References: <56FD2D61.9050204@openssl.org> Message-ID: Hi, Thanks for reply. Pkey is not NULL, but its memory has been freed if reference decreases to 0 when the other thread don't add it to 1. Please make sure whether this will happened. Today I will use debug version to find this problem. Please help check whether the other people feedback this problem. Is there any same problems to compare. -----????----- ???: Matt Caswell via RT [mailto:rt at openssl.org] ????: 2016?3?31? 22:00 ???: Hejian (E) ??: openssl-dev at openssl.org ??: Re: [openssl-dev] [openssl.org #4495] After upgrade openssl to 1.0.2g, it cause core accidently, please help me ! On 31/03/16 14:00, Hejian via RT wrote: > Hello, when upgrade openssl to 1.0.2g, If multi thread call the corba > interface, it will cause core accidently. Please help analyze why the > core is generated. > > There are two kinds of core stack list below. > > > #0 0x00007f97729ad324 in RSA_verify () from > /opt/oss/server/3rdTools/lib/libcrypto.so.1.0.0 #1 > 0x00007f97729b2c13 in pkey_rsa_verify () from > /opt/oss/server/3rdTools/lib/libcrypto.so.1.0.0 #2 0x00007f97729e1e6a > in EVP_DigestVerifyFinal () from > /opt/oss/server/3rdTools/lib/libcrypto.so.1.0.0 #3 > 0x00007f97729ec0d0 in ASN1_item_verify () from > /opt/oss/server/3rdTools/lib/libcrypto.so.1.0.0 #4 > 0x00007f9772a0b7f2 in internal_verify () from > /opt/oss/server/3rdTools/lib/libcrypto.so.1.0.0 #5 0x00007f9772a0d03a > in X509_verify_cert () from > /opt/oss/server/3rdTools/lib/libcrypto.so.1.0.0 #6 > 0x00007f97727aed68 in ssl_verify_cert_chain () from > /opt/oss/server/3rdTools/lib/libssl.so.1.0.0 #7 0x00007f977278a486 in > ssl3_get_server_certificate () from > /opt/oss/server/3rdTools/lib/libssl.so.1.0.0 #8 0x00007f977278da22 in > ssl3_connect () from /opt/oss/server/3rdTools/lib/libssl.so.1.0.0 > #9 0x00007f977279797a in ssl23_connect () from > /opt/oss/server/3rdTools/lib/libssl.so.1.0.0 #10 0x00007f97719ad764 in > ACE_SSL_SOCK_Connector::ssl_connect(ACE_SSL_SOCK_Stream&, > ACE_Time_Value const*) () > > The first core stack, we suspect there is NULL ptr use in > internal_verify function: > > when first thread run in X509_PUBKEY_get and create key->pkey, and go > to EVP_PKEY_free(pkey); At same time another thread run to below > function find key->pkey not NULL, get the value, and not goto add > reference. The first thread think the reference decrease to 0 and free > it. The second thread will call NULL ptr and cause core. Please help > confirm whether my analyze is correct and why here is a core? > > /* Check to see if another thread set key->pkey first */ > CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); if (key->pkey) { > CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); EVP_PKEY_free(ret); ret = > key->pkey; } else { key->pkey = ret; > CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); } CRYPTO_add(&ret->references, > 1, CRYPTO_LOCK_EVP_PKEY); > So you think pkey ends up being NULL? Is that just a theory or have you verified that in a debugger? I can't immediately see a problem with the above code - the reference counting looks ok to me. Don't forget when EVP_PKEY_new() gets called the reference count starts off as 1, and in order to return from the X509_PUBKEY_get() function you must have incremented the reference count by an additional 1 (no matter in which order the threads complete the function). Furthermore the ASN1_item_verify() function in the above stack trace verifies that pkey != NULL before it gets as far as calling EVP_DigestVerifyFinal(). Are you able to recompile OpenSSL with debugging symbols included (i.e. pass the "-d" flag to "config" when building). That may help narrow things down a bit. > > The second stack we can't find why it cause core, please help analyze > the source code where may cause core? #0 0x00007f84a332bf2d in Without debugging symbols it is difficult to say much about this one. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4495 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4495 Please log in as guest with password guest if prompted From hkario at redhat.com Fri Apr 1 10:19:21 2016 From: hkario at redhat.com (Hubert Kario) Date: Fri, 01 Apr 2016 12:19:21 +0200 Subject: [openssl-dev] Could someone verify my efforts of a scan for the DROWN attack? In-Reply-To: <20160330162747.GJ76402@numachi.com> References: <20160330162747.GJ76402@numachi.com> Message-ID: <2516517.xN9ni11YES@pintsize.usersys.redhat.com> On Wednesday 30 March 2016 12:27:47 Brian Reichert wrote: > I'm applying the advice from this post: > > https://mta.openssl.org/pipermail/openssl-dev/2016-March/005602.html > > I've successfully downloaded and compiled this test utility. > > I have a number of varying SSL services I'm scanned; some are Java > apps, and some are linked against OpenSSL. > > According to the above URL: > > In both cases all the individual tests in the scripts should print > "OK" status if the specific cipher is not supported and report > "failed: 0" together with exit status of 0 if you want to automate > it. > > From this, I infer that 'fail' means an SSL connection could indeed > be established using that SSL version/cipher combination. (The code > uses the 'conversation' term, so I'll use that in this post.) correct, that's the idea > Each failed conversation yields a 'TLSIllegalParameterException' > error; e.g. > > Connect with SSLv2 EXP-RC4-MD5 ... > Error encountered while processing node > (child: > ) > with last message being: None > Error while processing > Traceback (most recent call last): > File "scripts/test-sslv2-force-export-cipher.py", line 109, in > main runner.run() > File "/root/tlsfuzzer/tlsfuzzer/runner.py", line 129, in run > header, parser = self.state.msg_sock.recvMessageBlocking() > File "/root/tlsfuzzer/tlslite/messagesocket.py", line 100, in > recvMessageBlocking > for res in self.recvMessage(): > File "/root/tlsfuzzer/tlslite/messagesocket.py", line 82, in > recvMessage for ret in self.recvRecord(): > File "/root/tlsfuzzer/tlslite/recordlayer.py", line 682, in > recvRecord for result in self._recordSocket.recv(): > File "/root/tlsfuzzer/tlslite/recordlayer.py", line 188, in recv > for record in self._recvHeader(): > File "/root/tlsfuzzer/tlslite/recordlayer.py", line 165, in > _recvHeader "Malformed record layer header") > TLSIllegalParameterException: Malformed record layer header That may indicate that the server does not respond with a SSLv2 message to the client's message. Could you provide a packet dump of the connection? > When I test for each of these SSL version/ciphers individually using > s_client, they all fail; e.g.: > > # openssl s_client -connect localhost:10000 -ssl2 \ > -cipher EXP-RC4-MD5 > /dev/null; echo $? > error setting cipher list > 140548678301512:error:1410D0B9:SSL > routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314: > 1 OpenSSL has a 100% false negative rate for this test. The openssl client won't force the server to accept a cipher, even if forcing would succeed. Tlsfuzzer does force the server to accept a cipher and expects the forcing to fail (in that the server closes the connection and make further communication impossible). That's why you need a custom tool for testing the vulnerability. > So - are the python-based tests really failing in my case? > > For example, hitting port 80, which isn't SSL-enabled at all, also > yields the TLSIllegalParameterException error, and a non-zero exit > status: > > # PYTHONPATH=. python scripts/test-sslv2-force-export-cipher.py \ > -h localhost -p 80 | grep TLSIllegalParameterException > TLSIllegalParameterException: Malformed record layer header > TLSIllegalParameterException: Malformed record layer header > TLSIllegalParameterException: Malformed record layer header > TLSIllegalParameterException: Malformed record layer header > TLSIllegalParameterException: Malformed record layer header > TLSIllegalParameterException: Malformed record layer header There is no sanity check in the test script, so yes, false positives are possible. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From hecht at hlrs.de Fri Apr 1 15:06:42 2016 From: hecht at hlrs.de (Martin Hecht) Date: Fri, 1 Apr 2016 17:06:42 +0200 Subject: [openssl-dev] requirements for tests in openssl 1.1.0 (openssl-SNAP-20160331) Message-ID: <56FE8E82.2020401@hlrs.de> on SUSE Linux Enterprise Server 11 SP3, when running ./config && make test I get errors like: Compilation failed in require at ../test/recipes/90-test_v3name.t line 3. BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t line 3. # Looks like your test died before it could output anything. ../test/recipes/90-test_v3name............dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--72 test scripts could be run, alas--no output ever seen make: *** [test] Error 255 runing the tests manually shows that the Test::More module is of an older version than expected: /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331> perl test/recipes/90-test_v3name.t Test::More version 0.96 required--this is only version 0.72 at /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331/test/testlib/OpenSSL/Test.pm line 6. Of course I could install that perl module locally in my $HOME to get the test running. But is this a hard requirement or could a lower version do the job as well? The same problem on Scientific Linux release 6.7 (Carbon), a RHEL clone: ../test/recipes/01-test_abort.t ........... Test::More version 0.96 required--this is only version 0.92 at ../test/testlib/OpenSSL/Test.pm line 6. On Ubuntu 14.04.4 LTS all the tests ran through happily. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2252 bytes Desc: S/MIME Cryptographic Signature URL: From matt at openssl.org Fri Apr 1 15:20:17 2016 From: matt at openssl.org (Matt Caswell) Date: Fri, 1 Apr 2016 16:20:17 +0100 Subject: [openssl-dev] requirements for tests in openssl 1.1.0 (openssl-SNAP-20160331) In-Reply-To: <56FE8E82.2020401@hlrs.de> References: <56FE8E82.2020401@hlrs.de> Message-ID: <56FE91B1.3030203@openssl.org> On 01/04/16 16:06, Martin Hecht wrote: > on SUSE Linux Enterprise Server 11 SP3, when running > > ./config && make test > > I get errors like: > Compilation failed in require at ../test/recipes/90-test_v3name.t line 3. > BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t > line 3. > # Looks like your test died before it could output anything. > ../test/recipes/90-test_v3name............dubious > > Test returned status 255 (wstat 65280, 0xff00) > FAILED--72 test scripts could be run, alas--no output ever seen > make: *** [test] Error 255 > > runing the tests manually shows that the Test::More module is of an > older version than expected: > /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331> perl > test/recipes/90-test_v3name.t > Test::More version 0.96 required--this is only version 0.72 at > /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331/test/testlib/OpenSSL/Test.pm > line 6. > > Of course I could install that perl module locally in my $HOME to get > the test running. > But is this a hard requirement or could a lower version do the job as well? > > The same problem on Scientific Linux release 6.7 (Carbon), a RHEL clone: > ../test/recipes/01-test_abort.t ........... Test::More version 0.96 > required--this is only version 0.92 at ../test/testlib/OpenSSL/Test.pm > line 6. > > On Ubuntu 14.04.4 LTS all the tests ran through happily. Test::More version 0.96 or above is a requirement in order to run the tests. Please refer to README.PERL for more information on this requirement and how to install any missing modules. Matt From hecht at hlrs.de Fri Apr 1 16:16:44 2016 From: hecht at hlrs.de (Martin Hecht) Date: Fri, 1 Apr 2016 18:16:44 +0200 Subject: [openssl-dev] requirements for tests in openssl 1.1.0 (openssl-SNAP-20160331) In-Reply-To: <56FE91B1.3030203@openssl.org> References: <56FE8E82.2020401@hlrs.de> <56FE91B1.3030203@openssl.org> Message-ID: <56FE9EEC.1020905@hlrs.de> On 04/01/2016 05:20 PM, Matt Caswell wrote: > > On 01/04/16 16:06, Martin Hecht wrote: >> on SUSE Linux Enterprise Server 11 SP3, when running >> >> ./config && make test >> >> I get errors like: >> Compilation failed in require at ../test/recipes/90-test_v3name.t line 3. >> BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t >> line 3. >> # Looks like your test died before it could output anything. >> ../test/recipes/90-test_v3name............dubious >> >> Test returned status 255 (wstat 65280, 0xff00) >> FAILED--72 test scripts could be run, alas--no output ever seen >> make: *** [test] Error 255 >> >> runing the tests manually shows that the Test::More module is of an >> older version than expected: >> /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331> perl >> test/recipes/90-test_v3name.t >> Test::More version 0.96 required--this is only version 0.72 at >> /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331/test/testlib/OpenSSL/Test.pm >> line 6. >> >> Of course I could install that perl module locally in my $HOME to get >> the test running. >> But is this a hard requirement or could a lower version do the job as well? >> >> The same problem on Scientific Linux release 6.7 (Carbon), a RHEL clone: >> ../test/recipes/01-test_abort.t ........... Test::More version 0.96 >> required--this is only version 0.92 at ../test/testlib/OpenSSL/Test.pm >> line 6. >> >> On Ubuntu 14.04.4 LTS all the tests ran through happily. > Test::More version 0.96 or above is a requirement in order to run the tests. > > Please refer to README.PERL for more information on this requirement and > how to install any missing modules. > > Matt thanks Matt, I should have checked the README.PERL first. after updating Test::Simple, Test::Builder, Test::Builder::Module, and Test::More all tests succeed. The README.PERL sais that you have bundled Text::Template as a fallback. What about adding the above ones in the required version as well? Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2252 bytes Desc: S/MIME Cryptographic Signature URL: From reichert at numachi.com Fri Apr 1 16:35:49 2016 From: reichert at numachi.com (Brian Reichert) Date: Fri, 1 Apr 2016 12:35:49 -0400 Subject: [openssl-dev] Could someone verify my efforts of a scan for the DROWN attack? In-Reply-To: <2516517.xN9ni11YES@pintsize.usersys.redhat.com> References: <20160330162747.GJ76402@numachi.com> <2516517.xN9ni11YES@pintsize.usersys.redhat.com> Message-ID: <20160401163549.GQ76402@numachi.com> On Fri, Apr 01, 2016 at 12:19:21PM +0200, Hubert Kario wrote: > On Wednesday 30 March 2016 12:27:47 Brian Reichert wrote: > > Each failed conversation yields a 'TLSIllegalParameterException' > > error; e.g. > > > > Connect with SSLv2 EXP-RC4-MD5 ... [snipped] > > TLSIllegalParameterException: Malformed record layer header > > That may indicate that the server does not respond with a SSLv2 message > to the client's message. > > Could you provide a packet dump of the connection? Attached; hopefully it won't get filtered out. > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purky??ova 99/71, 612 45, Brno, Czech Republic -- Brian Reichert BSD admin/developer at large -------------- next part -------------- A non-text attachment was scrubbed... Name: test-sslv2-force.cap Type: application/octet-stream Size: 8368 bytes Desc: not available URL: From hkario at redhat.com Fri Apr 1 17:21:13 2016 From: hkario at redhat.com (Hubert Kario) Date: Fri, 01 Apr 2016 19:21:13 +0200 Subject: [openssl-dev] Could someone verify my efforts of a scan for the DROWN attack? In-Reply-To: <20160401163549.GQ76402@numachi.com> References: <20160330162747.GJ76402@numachi.com> <2516517.xN9ni11YES@pintsize.usersys.redhat.com> <20160401163549.GQ76402@numachi.com> Message-ID: <1863734.yNapEKfetQ@pintsize.usersys.redhat.com> On Friday 01 April 2016 12:35:49 Brian Reichert wrote: > On Fri, Apr 01, 2016 at 12:19:21PM +0200, Hubert Kario wrote: > > On Wednesday 30 March 2016 12:27:47 Brian Reichert wrote: > > > Each failed conversation yields a 'TLSIllegalParameterException' > > > error; e.g. > > > > > > Connect with SSLv2 EXP-RC4-MD5 ... > > [snipped] > > > > TLSIllegalParameterException: Malformed record layer header > > > > That may indicate that the server does not respond with a SSLv2 > > message to the client's message. > > > > Could you provide a packet dump of the connection? > > Attached; hopefully it won't get filtered out. it got through, thanks! So, the server behaves incorrectly. On the first SSLv2 Client Hello message it replies with TLSv1.0 fatal alert with description of Illegal Parameter. That is OK and valid (and expected by the test script). What is not correct is that it does not close the connection (violation of RFC 5246 Section 7.2: "Alert messages with a level of fatal result in the immediate termination of the connection."). After alert message it sends a HTTP/1.0 302 reply. Side note: it does sent data with no buffering, each line is in a separate packet - very bad if it behaves similarly while using TLS as that will leak lengths of lines in headers and maybe even content. On second and third connection it doesn't reply with TLS at all, but goes straight to HTTP 302 (this is not handled by tlsfuzzer and will cause false positives). On fourth it fails just like with the first connection. So, while it doesn't look like it is vulnerable to DROWN, it doesn't instill a lot of confidence in me... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From uri at ll.mit.edu Fri Apr 1 18:53:41 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Fri, 1 Apr 2016 18:53:41 +0000 Subject: [openssl-dev] Installation fails Message-ID: Current Github, Mac OS X 10.10.5: install libcrypto.a -> /Users/ur20980/src/openssl-1.1/lib/libcrypto.a ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(async_null.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(async_win.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_dl.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_openssl.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_vms.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_win32.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(ebcdic.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(e_rc5.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(m_md2.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(rand_egd.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(rand_vms.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(rand_win.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(threads_none.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(threads_win.o) has no symbols install libssl.a -> /Users/ur20980/src/openssl-1.1/lib/libssl.a ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libssl.a.new(ssl_utst.o) has no symbols ranlib: file: /Users/ur20980/src/openssl-1.1/lib/libssl.a.new(t1_trce.o) has no symbols install libcrypto.1.1.dylib -> /Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib link /Users/ur20980/src/openssl-1.1/lib/libcrypto.dylib -> /Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib install libssl.1.1.dylib -> /Users/ur20980/src/openssl-1.1/lib/libssl.1.1.dylib link /Users/ur20980/src/openssl-1.1/lib/libssl.dylib -> /Users/ur20980/src/openssl-1.1/lib/libssl.1.1.dylib install libcrypto.pc -> /Users/ur20980/src/openssl-1.1/lib/pkgconfig/libcrypto.pc install libssl.pc -> /Users/ur20980/src/openssl-1.1/lib/pkgconfig/libssl.pc install openssl.pc -> /Users/ur20980/src/openssl-1.1/lib/pkgconfig/openssl.pc *** Installing engines install engines/capi.dylib -> /Users/ur20980/src/openssl-1.1/lib/engines/capi.dylib install engines/dasync.dylib -> /Users/ur20980/src/openssl-1.1/lib/engines/dasync.dylib install engines/padlock.dylib -> /Users/ur20980/src/openssl-1.1/lib/engines/padlock.dylib *** Installing runtime files : ; install apps/openssl -> /Users/ur20980/src/openssl-1.1/bin/openssl install ./tools/c_rehash -> /Users/ur20980/src/openssl-1.1/bin/c_rehash install ./tools/c_hash -> /Users/ur20980/src/openssl-1.1/etc/misc/c_hash install ./tools/c_info -> /Users/ur20980/src/openssl-1.1/etc/misc/c_info install ./tools/c_issuer -> /Users/ur20980/src/openssl-1.1/etc/misc/c_issuer install ./tools/c_name -> /Users/ur20980/src/openssl-1.1/etc/misc/c_name install ./apps/CA.pl -> /Users/ur20980/src/openssl-1.1/etc/misc/CA.pl install /apps/tsget -> /Users/ur20980/src/openssl-1.1/etc/misc/tsget cp: /apps/tsget: No such file or directory make: *** [install_runtime] Error 1 $ All the previous steps (configure, make depend, make clean, etc.) succeeded. -- Regards, Uri Blumenthal -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From levitte at openssl.org Fri Apr 1 18:58:28 2016 From: levitte at openssl.org (Richard Levitte) Date: Fri, 01 Apr 2016 20:58:28 +0200 Subject: [openssl-dev] Installation fails In-Reply-To: References: Message-ID: Know error. There's a github PR with a patch, I hope it will get in soon Cheers Richard "Blumenthal, Uri - 0553 - MITLL" skrev: (1 april 2016 20:53:41 CEST) >Current Github, Mac OS X 10.10.5: > >install libcrypto.a -> /Users/ur20980/src/openssl-1.1/lib/libcrypto.a >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(async_null.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(async_win.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_dl.o) >has no symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_openssl.o) has >no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_vms.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(dso_win32.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(ebcdic.o) >has no symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(e_rc5.o) >has no symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(m_md2.o) >has no symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(rand_egd.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(rand_vms.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(rand_win.o) has no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(threads_none.o) has >no >symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libcrypto.a.new(threads_win.o) has >no >symbols >install libssl.a -> /Users/ur20980/src/openssl-1.1/lib/libssl.a >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libssl.a.new(ssl_utst.o) >has no symbols >ranlib: file: >/Users/ur20980/src/openssl-1.1/lib/libssl.a.new(t1_trce.o) >has no symbols >install libcrypto.1.1.dylib -> >/Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib >link /Users/ur20980/src/openssl-1.1/lib/libcrypto.dylib -> >/Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib >install libssl.1.1.dylib -> >/Users/ur20980/src/openssl-1.1/lib/libssl.1.1.dylib >link /Users/ur20980/src/openssl-1.1/lib/libssl.dylib -> >/Users/ur20980/src/openssl-1.1/lib/libssl.1.1.dylib >install libcrypto.pc -> >/Users/ur20980/src/openssl-1.1/lib/pkgconfig/libcrypto.pc >install libssl.pc -> >/Users/ur20980/src/openssl-1.1/lib/pkgconfig/libssl.pc >install openssl.pc -> >/Users/ur20980/src/openssl-1.1/lib/pkgconfig/openssl.pc >*** Installing engines >install engines/capi.dylib -> >/Users/ur20980/src/openssl-1.1/lib/engines/capi.dylib >install engines/dasync.dylib -> >/Users/ur20980/src/openssl-1.1/lib/engines/dasync.dylib >install engines/padlock.dylib -> >/Users/ur20980/src/openssl-1.1/lib/engines/padlock.dylib >*** Installing runtime files >: ; >install apps/openssl -> /Users/ur20980/src/openssl-1.1/bin/openssl >install ./tools/c_rehash -> /Users/ur20980/src/openssl-1.1/bin/c_rehash >install ./tools/c_hash -> >/Users/ur20980/src/openssl-1.1/etc/misc/c_hash >install ./tools/c_info -> >/Users/ur20980/src/openssl-1.1/etc/misc/c_info >install ./tools/c_issuer -> >/Users/ur20980/src/openssl-1.1/etc/misc/c_issuer >install ./tools/c_name -> >/Users/ur20980/src/openssl-1.1/etc/misc/c_name >install ./apps/CA.pl -> /Users/ur20980/src/openssl-1.1/etc/misc/CA.pl >install /apps/tsget -> /Users/ur20980/src/openssl-1.1/etc/misc/tsget >cp: /apps/tsget: No such file or directory >make: *** [install_runtime] Error 1 >$ > >All the previous steps (configure, make depend, make clean, etc.) >succeeded. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From levitte at openssl.org Fri Apr 1 21:05:59 2016 From: levitte at openssl.org (Richard Levitte) Date: Fri, 01 Apr 2016 23:05:59 +0200 (CEST) Subject: [openssl-dev] requirements for tests in openssl 1.1.0 (openssl-SNAP-20160331) In-Reply-To: <56FE9EEC.1020905@hlrs.de> References: <56FE8E82.2020401@hlrs.de> <56FE91B1.3030203@openssl.org> <56FE9EEC.1020905@hlrs.de> Message-ID: <20160401.230559.1385336119116897153.levitte@openssl.org> In message <56FE9EEC.1020905 at hlrs.de> on Fri, 1 Apr 2016 18:16:44 +0200, Martin Hecht said: hecht> On 04/01/2016 05:20 PM, Matt Caswell wrote: hecht> > hecht> > On 01/04/16 16:06, Martin Hecht wrote: hecht> >> on SUSE Linux Enterprise Server 11 SP3, when running hecht> >> hecht> >> ./config && make test hecht> >> hecht> >> I get errors like: hecht> >> Compilation failed in require at ../test/recipes/90-test_v3name.t line 3. hecht> >> BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t hecht> >> line 3. hecht> >> # Looks like your test died before it could output anything. hecht> >> ../test/recipes/90-test_v3name............dubious hecht> >> hecht> >> Test returned status 255 (wstat 65280, 0xff00) hecht> >> FAILED--72 test scripts could be run, alas--no output ever seen hecht> >> make: *** [test] Error 255 hecht> >> hecht> >> runing the tests manually shows that the Test::More module is of an hecht> >> older version than expected: hecht> >> /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331> perl hecht> >> test/recipes/90-test_v3name.t hecht> >> Test::More version 0.96 required--this is only version 0.72 at hecht> >> /tmp/tmp.COsNuvUJPw/openssl-SNAP-20160331/test/testlib/OpenSSL/Test.pm hecht> >> line 6. hecht> >> hecht> >> Of course I could install that perl module locally in my $HOME to get hecht> >> the test running. hecht> >> But is this a hard requirement or could a lower version do the job as well? hecht> >> hecht> >> The same problem on Scientific Linux release 6.7 (Carbon), a RHEL clone: hecht> >> ../test/recipes/01-test_abort.t ........... Test::More version 0.96 hecht> >> required--this is only version 0.92 at ../test/testlib/OpenSSL/Test.pm hecht> >> line 6. hecht> >> hecht> >> On Ubuntu 14.04.4 LTS all the tests ran through happily. hecht> > Test::More version 0.96 or above is a requirement in order to run the tests. hecht> > hecht> > Please refer to README.PERL for more information on this requirement and hecht> > how to install any missing modules. hecht> > hecht> > Matt hecht> thanks Matt, I should have checked the README.PERL first. hecht> hecht> after updating Test::Simple, Test::Builder, Test::Builder::Module, and hecht> Test::More all tests succeed. hecht> hecht> The README.PERL sais that you have bundled Text::Template as a fallback. hecht> What about adding the above ones in the required version as well? There's a few differences: 1) Text::Template isn't a core perl module, so we can't reasonably expect it to be installed more or less everywhere. Test::More and accompanying modules are core perl, so can be reasonably expected to be present, even though we know that an upgrade is needed on older systems. 2) Text::Template is use more or less everywhere, even in Configure, we have it for all templating. Test::More is "only" used when testing and is therefore not as critical. 3) Text::Template is a very simple module, very easy to bundle. Test::More and all its accompanying modules is a bit more complex. For all those reasons, we found it reasonable enough to bundle Text::Template but not Test::More et al. Bundling is something we'd rather avoid if we can, and is strictly reserved for non-code modules, at least for now. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From reichert at numachi.com Fri Apr 1 20:47:57 2016 From: reichert at numachi.com (Brian Reichert) Date: Fri, 1 Apr 2016 16:47:57 -0400 Subject: [openssl-dev] Could someone verify my efforts of a scan for the DROWN attack? In-Reply-To: <1863734.yNapEKfetQ@pintsize.usersys.redhat.com> References: <20160330162747.GJ76402@numachi.com> <2516517.xN9ni11YES@pintsize.usersys.redhat.com> <20160401163549.GQ76402@numachi.com> <1863734.yNapEKfetQ@pintsize.usersys.redhat.com> Message-ID: <20160401204757.GR76402@numachi.com> On Fri, Apr 01, 2016 at 07:21:13PM +0200, Hubert Kario wrote: > So, while it doesn't look like it is vulnerable to DROWN, it doesn't > instill a lot of confidence in me... Thanks for the review. FWIW, this is an ancient version of webmin (1.300), using perl v5.10.1, employing Net::SSLeay as packaged by CentOS 6.7 (perl-Net-SSLeay-1.35-9.el6.x86_64), in turn linked against openssl-1.0.1e-42.el6_7.4.x86_64. Under the hood, we're using these config options: ssl_cipher_list=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_ctx_options=OP_NO_SSLv2 OP_NO_SSLv3 I'm happy with your assessment, as-is, but if there's some more directed exploration you'd like me to do, please let me know. > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purky??ova 99/71, 612 45, Brno, Czech Republic -- Brian Reichert BSD admin/developer at large From noloader at gmail.com Fri Apr 1 21:59:13 2016 From: noloader at gmail.com (Jeffrey Walton) Date: Fri, 1 Apr 2016 17:59:13 -0400 Subject: [openssl-dev] Testing i686 build on x86_64 Message-ID: Hi Everyone, I'm working from Master, and testing an i686 build on x86_64. Is building for i686 on x86_64 a supported configuration? If so, I'm not sure what to make of this. Does this require a full-blown cross-compile? (I feel like adding `-m32` is the wrong thing to do because the configuration script is supposed to take care of those details). Jeff # x86_64 host $ MACHINE=i686 ./config Operating system: i686-whatever-linux2 Configuring for linux-elf ... $ make ... gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -DL_ENDIAN -fomit-frame-pointer -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include -MMD -MF crypto/aes/aesni-x86.d.tmp -MT crypto/aes/aesni-x86.o -c -o crypto/aes/aesni-x86.o crypto/aes/aesni-x86.s crypto/aes/aesni-x86.s: Assembler messages: crypto/aes/aesni-x86.s:364: Error: invalid instruction suffix for `push' crypto/aes/aesni-x86.s:365: Error: invalid instruction suffix for `push' crypto/aes/aesni-x86.s:366: Error: invalid instruction suffix for `push' ... From levitte at openssl.org Fri Apr 1 22:23:56 2016 From: levitte at openssl.org (Richard Levitte) Date: Sat, 02 Apr 2016 00:23:56 +0200 (CEST) Subject: [openssl-dev] Testing i686 build on x86_64 In-Reply-To: References: Message-ID: <20160402.002356.587788857933064650.levitte@openssl.org> In message on Fri, 1 Apr 2016 17:59:13 -0400, Jeffrey Walton said: noloader> Hi Everyone, noloader> noloader> I'm working from Master, and testing an i686 build on x86_64. Is noloader> building for i686 on x86_64 a supported configuration? noloader> noloader> If so, I'm not sure what to make of this. Does this require a noloader> full-blown cross-compile? (I feel like adding `-m32` is the wrong noloader> thing to do because the configuration script is supposed to take care noloader> of those details). noloader> noloader> Jeff noloader> noloader> # x86_64 host noloader> $ MACHINE=i686 ./config noloader> Operating system: i686-whatever-linux2 noloader> Configuring for linux-elf noloader> ... noloader> $ make noloader> ... noloader> noloader> gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS noloader> -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS noloader> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m noloader> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM noloader> -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM noloader> -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" noloader> -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread noloader> -DL_ENDIAN -fomit-frame-pointer -Wa,--noexecstack -fPIC -Iinclude -I. noloader> -Icrypto/include -MMD -MF crypto/aes/aesni-x86.d.tmp -MT noloader> crypto/aes/aesni-x86.o -c -o crypto/aes/aesni-x86.o noloader> crypto/aes/aesni-x86.s noloader> crypto/aes/aesni-x86.s: Assembler messages: noloader> crypto/aes/aesni-x86.s:364: Error: invalid instruction suffix for `push' noloader> crypto/aes/aesni-x86.s:365: Error: invalid instruction suffix for `push' noloader> crypto/aes/aesni-x86.s:366: Error: invalid instruction suffix for `push' noloader> ... Just for the sake of the experiment, how about trying this? $ MACHINE=i686 ./config -m32 It may be that we need to add -m32 to the linux-elf config... Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From rt at openssl.org Sat Apr 2 14:05:51 2016 From: rt at openssl.org (Daniel Gruszczyk via RT) Date: Sat, 02 Apr 2016 14:05:51 +0000 Subject: [openssl-dev] [openssl.org #4497] openssl ciphers app possible bug In-Reply-To: References: Message-ID: Hi,I was playing with a ciphers app to create example list of suites. Looking at the website (https://openssl.org/docs/manmaster/apps/ciphers.html) if I run one of the examples there: openssl ciphers -v '3DES:+RSA'I supposed to get a list of 3DES ciphers with any RSA ones at the end of the list (if I can read correctly). What I get instead is: $ openssl ciphers -v '3DES:+RSA'ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 Clearly, RSA ciphers are not at the end. I have a similar situation with excluding ECDSA ciphers. Let's say I run the following: $ openssl ciphers -v 'AESGCM'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEADECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEADDH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEADDHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEADDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEADDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEADADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEADECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEADECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEADAES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEADECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEADECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEADDH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEADDHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEADDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEADDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEADADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEADECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEADECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEADAES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD Now if I try to exclude all ECDSA ciphers: $ openssl ciphers -v 'AESGCM:!ECDSA'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEADDH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEADDHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEADDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEADDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEADADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEADECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEADECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEADAES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEADECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEADDH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEADDHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEADDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEADDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEADADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEADECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEADECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEADAES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD I still get 2 ECDSA ciphers on the list. Is that a bug, or is it just my ignorance? I am using openssl 1.0.2g.Here are posts I made about that on community forums, with people confirming they run into the same issue:http://stackoverflow.com/questions/36204245/select-all-cipher-suites-except-those-using-ecdsahttp://security.stackexchange.com/questions/118470/openssl-ciphers-list-sorting-and-removing Cheers, Daniel Gruszczyk -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4497 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 2 14:05:51 2016 From: rt at openssl.org (Sebastian Andrzej Siewior via RT) Date: Sat, 02 Apr 2016 14:05:51 +0000 Subject: [openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC In-Reply-To: <20160402135602.GA3269@breakpoint.cc> References: <20160402135602.GA3269@breakpoint.cc> Message-ID: A TLS1.2 connetion with openssl server and gnutls-cli using a SECP384R1 key ends up with SHA256 as the hash algorithm for signing the key exchange. This is because gnutls sends the hash algorithms from weak to strong and by default client's preference is used. gnutls complains about this situation: |<1>| The hash size used in signature (32) is less than the expected (48) The complaint is based on the recommendation in RFC 5480, section 4. Security Considerations. There two ways to fix it: - Using -sigalgs "ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA256:ECDSA+SHA224:ECDSA+SHA1" -serverpref The weaker algorithms - The following patch which eliminates SHA256+SHA224 from the list of possible candidates. SHA1 is still available if left out in -sigalgs and nothing else matches. Signed-off-by: Sebastian Andrzej Siewior --- ssl/ssl_cert.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4081ebe4ffbd..7d00ad3182f5 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1135,6 +1135,25 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int o if (level >= 3) return 0; break; +#ifndef OPENSSL_NO_EC + case SSL_SECOP_SIGALG_SHARED: + if (s && s->cert && s->cert->key && s->cert->key->privatekey) { + EVP_PKEY *skey = s->cert->key->privatekey; + + /* + * RFC 5480 Section 4, Security Considerations. + * For a curve with keysize of 384 bits (secp384r1) we + * allow SHA-384 and higher + */ + if (EVP_PKEY_id(skey) == EVP_PKEY_EC) { + if (EVP_PKEY_bits(skey) > (bits * 2)) + return 0; + } + } + if (bits < minbits) + return 0; + break; +#endif default: if (bits < minbits) return 0; -- 2.8.0.rc3 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4496 Please log in as guest with password guest if prompted From openssl-users at dukhovni.org Sat Apr 2 18:36:44 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 2 Apr 2016 14:36:44 -0400 Subject: [openssl-dev] [openssl.org #4497] openssl ciphers app possible bug In-Reply-To: References: Message-ID: <84D539BA-EF2C-4CBB-8BB5-5F354A7AB5D6@dukhovni.org> > On Apr 2, 2016, at 10:05 AM, Daniel Gruszczyk via RT wrote: > > Hi,I was playing with a ciphers app to create example list of suites. Looking at the website (https://openssl.org/docs/manmaster/apps/ciphers.html) if I run one of the examples there: > openssl ciphers -v '3DES:+RSA'I supposed to get a list of 3DES ciphers with any RSA ones at the end of the list (if I can read correctly). You're forgetting about the distinction between "kRSA" and "aRSA". The "RSA" cipher string is a synonym for "kRSA" (RSA key exchange), not "aRSA" (RSA authentication). This documented in ciphers(1): kRSA, RSA cipher suites using RSA key exchange. ... aRSA cipher suites using RSA authentication, i.e. the certificates carry RSA keys. -- Viktor. From rt at openssl.org Sat Apr 2 18:36:58 2016 From: rt at openssl.org (Viktor Dukhovni via RT) Date: Sat, 02 Apr 2016 18:36:58 +0000 Subject: [openssl-dev] [openssl.org #4497] openssl ciphers app possible bug In-Reply-To: <84D539BA-EF2C-4CBB-8BB5-5F354A7AB5D6@dukhovni.org> References: <84D539BA-EF2C-4CBB-8BB5-5F354A7AB5D6@dukhovni.org> Message-ID: > On Apr 2, 2016, at 10:05 AM, Daniel Gruszczyk via RT wrote: > > Hi,I was playing with a ciphers app to create example list of suites. Looking at the website (https://openssl.org/docs/manmaster/apps/ciphers.html) if I run one of the examples there: > openssl ciphers -v '3DES:+RSA'I supposed to get a list of 3DES ciphers with any RSA ones at the end of the list (if I can read correctly). You're forgetting about the distinction between "kRSA" and "aRSA". The "RSA" cipher string is a synonym for "kRSA" (RSA key exchange), not "aRSA" (RSA authentication). This documented in ciphers(1): kRSA, RSA cipher suites using RSA key exchange. ... aRSA cipher suites using RSA authentication, i.e. the certificates carry RSA keys. -- Viktor. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4497 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 2 20:40:09 2016 From: rt at openssl.org (noloader@gmail.com via RT) Date: Sat, 02 Apr 2016 20:40:09 +0000 Subject: [openssl-dev] [openssl.org #4498] Failed compile on ARM32 (BeagleBone Black) In-Reply-To: References: Message-ID: Working from Master. It looks like the build system is having some issues with resource constrained devices due to "Warning: end of file in comment; newline inserted". It usually indicates a Out-Of-Memory (OOM) kill occurred. There's also a compile problem with Cha-Cha. This appears to be new behavior. ********** $ make gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -march=armv7-a -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include -Icrypto -MMD -MF crypto/aes/aes-armv4.d.tmp -MT crypto/aes/aes-armv4.o -c -o crypto/aes/aes-armv4.o crypto/aes/aes-armv4.s crypto/aes/aes-armv4.s: Assembler messages: crypto/aes/aes-armv4.s: Warning: end of file in comment; newline inserted ... gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -march=armv7-a -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include -MMD -MF crypto/cast/c_skey.d.tmp -MT crypto/cast/c_skey.o -c -o crypto/cast/c_skey.o crypto/cast/c_skey.c CC="gcc" /usr/bin/perl crypto/chacha/asm/chacha-armv4.pl linux32 crypto/chacha/chacha-armv4.S gcc -E crypto/chacha/chacha-armv4.S > crypto/chacha/chacha-armv4.s crypto/chacha/chacha-armv4.S:1:22: fatal error: arm_arch.h: No such file or directory #include "arm_arch.h" ^ compilation terminated. : recipe for target 'crypto/chacha/chacha-armv4.s' failed make: *** [crypto/chacha/chacha-armv4.s] Error 1 ... ********** $ ./config Operating system: armv7l-whatever-linux2 Configuring for linux-armv4 Configuring OpenSSL version 1.1.0-pre4-dev (0x0x10100004L) no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir) no-crypto-mdebug-backtrace [forced] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir) no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-egd [default] OPENSSL_NO_EGD (skip dir) no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir) no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-shared [default] no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir) no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir) no-static-engine [default] OPENSSL_NO_STATIC_ENGINE (skip dir) no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) no-zlib [default] no-zlib-dynamic [default] Configuring for linux-armv4 IsMK1MF =no CC =gcc CFLAG =-Wall -O3 -pthread -march=armv7-a -Wa,--noexecstack SHARED_CFLAG =-fPIC DEFINES =DSO_DLFCN HAVE_DLFCN_H OPENSSL_THREADS OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM AES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM POLY1305_ASM LFLAG = PLIB_LFLAG = EX_LIBS =-ldl APPS_OBJ = CPUID_OBJ =armcap.o armv4cpuid.o UPLINK_OBJ = BN_ASM =bn_asm.o armv4-mont.o armv4-gf2m.o EC_ASM =ecp_nistz256.o ecp_nistz256-armv4.o DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o BF_ENC =bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o rc4_skey.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM =sha1-armv4-large.o sha256-armv4.o sha512-armv4.o RMD160_OBJ_ASM= CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o MODES_OBJ =ghash-armv4.o ghashv8-armx.o PADLOCK_OBJ = CHACHA_ENC =chacha-armv4.o POLY1305_OBJ =poly1305-armv4.o PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl THIRTY_TWO_BIT mode BN_LLONG mode Configured for linux-armv4. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4498 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 2 21:14:49 2016 From: rt at openssl.org (noloader@gmail.com via RT) Date: Sat, 02 Apr 2016 21:14:49 +0000 Subject: [openssl-dev] [openssl.org #4499] ARM32 and "undefined reference to `engine_load_afalg_internal'" In-Reply-To: References: Message-ID: Working from Master on another ARM32 gadget with more resources.... LD_LIBRARY_PATH=.: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines" -Wall -O3 -pthread -march=armv7-a -Wa,--noexecstack -o apps/openssl apps/app_rand.o apps/apps.o apps/asn1pars.o apps/ca.o apps/ciphers.o apps/cms.o apps/crl.o apps/crl2p7.o apps/dgst.o apps/dhparam.o apps/dsa.o apps/dsaparam.o apps/ec.o apps/ecparam.o apps/enc.o apps/engine.o apps/errstr.o apps/gendsa.o apps/genpkey.o apps/genrsa.o apps/nseq.o apps/ocsp.o apps/openssl.o apps/opt.o apps/passwd.o apps/pkcs12.o apps/pkcs7.o apps/pkcs8.o apps/pkey.o apps/pkeyparam.o apps/pkeyutl.o apps/prime.o apps/rand.o apps/rehash.o apps/req.o apps/rsa.o apps/rsautl.o apps/s_cb.o apps/s_client.o apps/s_server.o apps/s_socket.o apps/s_time.o apps/sess_id.o apps/smime.o apps/speed.o apps/spkac.o apps/srp.o apps/ts.o apps/verify.o apps/version.o apps/x509.o -L. -lssl -L. -lcrypto -ldl ./libcrypto.a(init.o): In function `ossl_init_engine_afalg': init.c:(.text+0x18): undefined reference to `engine_load_afalg_internal' collect2: error: ld returned 1 exit status Makefile.shared:186: recipe for target 'link_app.' failed make[1]: *** [link_app.] Error 1 make[1]: Leaving directory '/home/jwalton/openssl' Makefile:5937: recipe for target 'apps/openssl' failed make: *** [apps/openssl] Error 2 ********** $ ./config && make Operating system: armv7l-whatever-linux2 Configuring for linux-armv4 Configuring OpenSSL version 1.1.0-pre5-dev (0x0x10100005L) no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir) no-crypto-mdebug-backtrace [forced] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir) no-dynamic-engine [forced] no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-egd [default] OPENSSL_NO_EGD (skip dir) no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir) no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-shared [default] no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir) no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir) no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) no-zlib [default] no-zlib-dynamic [default] Configuring for linux-armv4 CC =gcc CFLAG =-Wall -O3 -pthread -march=armv7-a -Wa,--noexecstack SHARED_CFLAG =-fPIC DEFINES =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM AES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM POLY1305_ASM LFLAG = PLIB_LFLAG = EX_LIBS =-ldl APPS_OBJ = CPUID_OBJ =armcap.o armv4cpuid.o UPLINK_OBJ = BN_ASM =bn_asm.o armv4-mont.o armv4-gf2m.o EC_ASM =ecp_nistz256.o ecp_nistz256-armv4.o DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o BF_ENC =bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o rc4_skey.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM =sha1-armv4-large.o sha256-armv4.o sha512-armv4.o RMD160_OBJ_ASM= CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o MODES_OBJ =ghash-armv4.o ghashv8-armx.o PADLOCK_OBJ = CHACHA_ENC =chacha-armv4.o POLY1305_OBJ =poly1305-armv4.o BLAKE2_OBJ = PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl THIRTY_TWO_BIT mode BN_LLONG mode RC4 uses unsigned char Configured for linux-armv4. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4499 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 2 21:22:39 2016 From: rt at openssl.org (noloader@gmail.com via RT) Date: Sat, 02 Apr 2016 21:22:39 +0000 Subject: [openssl-dev] [openssl.org #4498] AutoReply: Failed compile on ARM32 (BeagleBone Black) In-Reply-To: References: Message-ID: Close it; no longer seeing it with the 25c7844 pull. On Sat, Apr 2, 2016 at 4:40 PM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "Failed compile on ARM32 (BeagleBone Black)", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #4498]. > > Please include the string: > > [openssl.org #4498] > > in the subject line of all future correspondence about this issue. To do so, > you may reply to this message. > > Thank you, > rt at openssl.org > > ------------------------------------------------------------------------- > Working from Master. It looks like the build system is having some > issues with resource constrained devices due to "Warning: end of file > in comment; newline inserted". It usually indicates a Out-Of-Memory > (OOM) kill occurred. > > There's also a compile problem with Cha-Cha. > > This appears to be new behavior. > > ********** > > $ make > gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS > -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM > -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM > -DOPENSSLDIR="\"/usr/local/ssl\"" > -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread > -march=armv7-a -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include > -Icrypto -MMD -MF crypto/aes/aes-armv4.d.tmp -MT > crypto/aes/aes-armv4.o -c -o crypto/aes/aes-armv4.o > crypto/aes/aes-armv4.s > crypto/aes/aes-armv4.s: Assembler messages: > crypto/aes/aes-armv4.s: Warning: end of file in comment; newline inserted > ... > > gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS > -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM > -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM > -DOPENSSLDIR="\"/usr/local/ssl\"" > -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread > -march=armv7-a -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include > -MMD -MF crypto/cast/c_skey.d.tmp -MT crypto/cast/c_skey.o -c -o > crypto/cast/c_skey.o crypto/cast/c_skey.c > CC="gcc" /usr/bin/perl crypto/chacha/asm/chacha-armv4.pl linux32 > crypto/chacha/chacha-armv4.S > gcc -E crypto/chacha/chacha-armv4.S > crypto/chacha/chacha-armv4.s > crypto/chacha/chacha-armv4.S:1:22: fatal error: arm_arch.h: No such > file or directory > #include "arm_arch.h" > ^ > compilation terminated. > : recipe for target 'crypto/chacha/chacha-armv4.s' failed > make: *** [crypto/chacha/chacha-armv4.s] Error 1 > ... > > ********** > > $ ./config > Operating system: armv7l-whatever-linux2 > Configuring for linux-armv4 > Configuring OpenSSL version 1.1.0-pre4-dev (0x0x10100004L) > no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir) > no-crypto-mdebug-backtrace [forced] > OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir) > no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) > no-egd [default] OPENSSL_NO_EGD (skip dir) > no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir) > no-md2 [default] OPENSSL_NO_MD2 (skip dir) > no-rc5 [default] OPENSSL_NO_RC5 (skip dir) > no-sctp [default] OPENSSL_NO_SCTP (skip dir) > no-shared [default] > no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) > no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir) > no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir) > no-static-engine [default] OPENSSL_NO_STATIC_ENGINE (skip dir) > no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) > no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) > no-zlib [default] > no-zlib-dynamic [default] > Configuring for linux-armv4 > IsMK1MF =no > CC =gcc > CFLAG =-Wall -O3 -pthread -march=armv7-a -Wa,--noexecstack > SHARED_CFLAG =-fPIC > DEFINES =DSO_DLFCN HAVE_DLFCN_H OPENSSL_THREADS > OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_MONT > OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM AES_ASM BSAES_ASM > GHASH_ASM ECP_NISTZ256_ASM POLY1305_ASM > LFLAG = > PLIB_LFLAG = > EX_LIBS =-ldl > APPS_OBJ = > CPUID_OBJ =armcap.o armv4cpuid.o > UPLINK_OBJ = > BN_ASM =bn_asm.o armv4-mont.o armv4-gf2m.o > EC_ASM =ecp_nistz256.o ecp_nistz256-armv4.o > DES_ENC =des_enc.o fcrypt_b.o > AES_ENC =aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o > BF_ENC =bf_enc.o > CAST_ENC =c_enc.o > RC4_ENC =rc4_enc.o rc4_skey.o > RC5_ENC =rc5_enc.o > MD5_OBJ_ASM = > SHA1_OBJ_ASM =sha1-armv4-large.o sha256-armv4.o sha512-armv4.o > RMD160_OBJ_ASM= > CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o > MODES_OBJ =ghash-armv4.o ghashv8-armx.o > PADLOCK_OBJ = > CHACHA_ENC =chacha-armv4.o > POLY1305_OBJ =poly1305-armv4.o > PROCESSOR = > RANLIB =/usr/bin/ranlib > ARFLAGS = > PERL =/usr/bin/perl > > THIRTY_TWO_BIT mode > BN_LLONG mode > > Configured for linux-armv4. > > > > ------------------------------------------------------------------------- > http://rt.openssl.org/Ticket/Display.html?id=4498&user=guest&pass=guest -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4498 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 2 21:25:48 2016 From: rt at openssl.org (Rich Salz via RT) Date: Sat, 02 Apr 2016 21:25:48 +0000 Subject: [openssl-dev] [openssl.org #4498] Failed compile on ARM32 (BeagleBone Black) In-Reply-To: References: Message-ID: Closing per OP's request to do so. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4498 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 2 21:26:10 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Sat, 02 Apr 2016 21:26:10 +0000 Subject: [openssl-dev] [openssl.org #4498] Failed compile on ARM32 (BeagleBone Black) In-Reply-To: References: Message-ID: Closing on request -- Richard Levitte levitte at openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4498 Please log in as guest with password guest if prompted From beldmit at gmail.com Sun Apr 3 10:02:51 2016 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Sun, 3 Apr 2016 13:02:51 +0300 Subject: [openssl-dev] [openssl.org #4438] AutoReply: GOST ciphersuites and DTLS In-Reply-To: References: Message-ID: Hello! The patch marking the GOST ciphersuites DTLS-uncapable is attached. Thank you! On Thu, Mar 17, 2016 at 4:28 PM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "GOST ciphersuites and DTLS", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #4438]. > > Please include the string: > > [openssl.org #4438] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > rt at openssl.org > > ------------------------------------------------------------------------- > Hello OpenSSL team, > > The GOST ciphersuites currently defined are not DTLS-capable. > > So it should be fixed in the ssl/s3_lib.c file. > > Thank you! > > -- > SY, Dmitry Belyavsky > > > ------------------------------------------------------------------------- > http://rt.openssl.org/Ticket/Display.html?id=4438&user=guest&pass=guest > -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ef65050..46987a9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT, SSL_GOST89MAC, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, @@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST94, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, @@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT12, SSL_GOST89MAC12, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, @@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST12_256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 0, From rt at openssl.org Sun Apr 3 10:03:04 2016 From: rt at openssl.org (Dmitry Belyavsky via RT) Date: Sun, 03 Apr 2016 10:03:04 +0000 Subject: [openssl-dev] [openssl.org #4438] AutoReply: GOST ciphersuites and DTLS In-Reply-To: References: Message-ID: Hello! The patch marking the GOST ciphersuites DTLS-uncapable is attached. Thank you! On Thu, Mar 17, 2016 at 4:28 PM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "GOST ciphersuites and DTLS", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #4438]. > > Please include the string: > > [openssl.org #4438] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > rt at openssl.org > > ------------------------------------------------------------------------- > Hello OpenSSL team, > > The GOST ciphersuites currently defined are not DTLS-capable. > > So it should be fixed in the ssl/s3_lib.c file. > > Thank you! > > -- > SY, Dmitry Belyavsky > > > ------------------------------------------------------------------------- > http://rt.openssl.org/Ticket/Display.html?id=4438&user=guest&pass=guest > -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438 Please log in as guest with password guest if prompted -------------- next part -------------- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ef65050..46987a9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT, SSL_GOST89MAC, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, @@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST94, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, @@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT12, SSL_GOST89MAC12, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, @@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST12_256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 0, From mmcco at mykolab.com Mon Apr 4 03:09:59 2016 From: mmcco at mykolab.com (Michael McConville) Date: Sun, 3 Apr 2016 23:09:59 -0400 Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine Message-ID: <20160404030958.GA44091@thinkpad.swarthmore.edu> I think we're deleting all engine code from LibreSSL, but at least one hunk of this diff is relevant to OpenSSL: https://marc.info/?l=libressl&m=145791622313784&w=2 Essentially, volatile casts are being used in place of explicit zeroing functions. From hkario at redhat.com Mon Apr 4 11:47:03 2016 From: hkario at redhat.com (Hubert Kario) Date: Mon, 04 Apr 2016 13:47:03 +0200 Subject: [openssl-dev] Could someone verify my efforts of a scan for the DROWN attack? In-Reply-To: <20160401204757.GR76402@numachi.com> References: <20160330162747.GJ76402@numachi.com> <1863734.yNapEKfetQ@pintsize.usersys.redhat.com> <20160401204757.GR76402@numachi.com> Message-ID: <5162539.6lWjgcZNJi@pintsize.usersys.redhat.com> On Friday 01 April 2016 16:47:57 Brian Reichert wrote: > On Fri, Apr 01, 2016 at 07:21:13PM +0200, Hubert Kario wrote: > > So, while it doesn't look like it is vulnerable to DROWN, it doesn't > > instill a lot of confidence in me... > > Thanks for the review. > > FWIW, this is an ancient version of webmin (1.300), using perl > v5.10.1, employing Net::SSLeay as packaged by CentOS 6.7 > (perl-Net-SSLeay-1.35-9.el6.x86_64), in turn linked against > openssl-1.0.1e-42.el6_7.4.x86_64. > > Under the hood, we're using these config options: > > > ssl_cipher_list=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM > ssl_ctx_options=OP_NO_SSLv2 OP_NO_SSLv3 > > I'm happy with your assessment, as-is, but if there's some more > directed exploration you'd like me to do, please let me know. If you could prepare a minimal perl script that reproduces that behaviour that would be ideal - I'm not fluent in Perl and I'm not familiar with NET::SSLeay but I'd like to exclude a bug in them. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From rsalz at akamai.com Mon Apr 4 13:56:03 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 4 Apr 2016 13:56:03 +0000 Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404030958.GA44091@thinkpad.swarthmore.edu> References: <20160404030958.GA44091@thinkpad.swarthmore.edu> Message-ID: > I think we're deleting all engine code from LibreSSL, but at least one hunk of > this diff is relevant to OpenSSL: > > https://marc.info/?l=libressl&m=145791622313784&w=2 Thanks for forwarding this. We removed crypto/engine/eng_padlock.c ... From levitte at openssl.org Mon Apr 4 13:59:03 2016 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 Apr 2016 15:59:03 +0200 (CEST) Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: References: <20160404030958.GA44091@thinkpad.swarthmore.edu> Message-ID: <20160404.155903.1530813598509966219.levitte@openssl.org> In message on Mon, 4 Apr 2016 13:56:03 +0000, "Salz, Rich" said: rsalz> rsalz> > I think we're deleting all engine code from LibreSSL, but at least one hunk of rsalz> > this diff is relevant to OpenSSL: rsalz> > rsalz> > https://marc.info/?l=libressl&m=145791622313784&w=2 rsalz> rsalz> Thanks for forwarding this. We removed crypto/engine/eng_padlock.c ... Not quite. It was moved to engines/ Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From levitte at openssl.org Mon Apr 4 14:07:49 2016 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 Apr 2016 16:07:49 +0200 (CEST) Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404.155903.1530813598509966219.levitte@openssl.org> References: <20160404030958.GA44091@thinkpad.swarthmore.edu> <20160404.155903.1530813598509966219.levitte@openssl.org> Message-ID: <20160404.160749.30589165521948749.levitte@openssl.org> In message <20160404.155903.1530813598509966219.levitte at openssl.org> on Mon, 04 Apr 2016 15:59:03 +0200 (CEST), Richard Levitte said: levitte> In message on Mon, 4 Apr 2016 13:56:03 +0000, "Salz, Rich" said: levitte> levitte> rsalz> levitte> rsalz> > I think we're deleting all engine code from LibreSSL, but at least one hunk of levitte> rsalz> > this diff is relevant to OpenSSL: levitte> rsalz> > levitte> rsalz> > https://marc.info/?l=libressl&m=145791622313784&w=2 levitte> rsalz> levitte> rsalz> Thanks for forwarding this. We removed crypto/engine/eng_padlock.c ... levitte> levitte> Not quite. levitte> levitte> It was moved to engines/ That being said, engines/e_padlock.c has changed quite a bit since, so if patching is still needed, it needs to be reworked with somewhat more modern code (that libressl patch applies to OpenSSL 0.9.8, which is past EOL). Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From rsalz at akamai.com Mon Apr 4 14:19:33 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 4 Apr 2016 14:19:33 +0000 Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404.155903.1530813598509966219.levitte@openssl.org> References: <20160404030958.GA44091@thinkpad.swarthmore.edu> <20160404.155903.1530813598509966219.levitte@openssl.org> Message-ID: > It was moved to engines/ True. But look at "padlock_use_rng" :) From mmcco at mykolab.com Mon Apr 4 14:44:09 2016 From: mmcco at mykolab.com (Michael McConville) Date: Mon, 4 Apr 2016 10:44:09 -0400 Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404.160749.30589165521948749.levitte@openssl.org> References: <20160404030958.GA44091@thinkpad.swarthmore.edu> <20160404.155903.1530813598509966219.levitte@openssl.org> <20160404.160749.30589165521948749.levitte@openssl.org> Message-ID: <20160404144408.GA75125@thinkpad.swarthmore.edu> Richard Levitte wrote: > That being said, engines/e_padlock.c has changed quite a bit since, so > if patching is still needed, it needs to be reworked with somewhat > more modern code (that libressl patch applies to OpenSSL 0.9.8, which > is past EOL). True, but it's still the same one line that needs to be changed. engines/e_padlock.c:779: > *(volatile unsigned int *)&buf = 0; I've never worked with OpenSSL before, but the below is what I was imagining. diff --git a/engines/e_padlock.c b/engines/e_padlock.c index 96e7483..709c4de 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count) *output++ = (unsigned char)buf; count--; } - *(volatile unsigned int *)&buf = 0; + + OPENSSL_cleanse(&buf, sizeof(buf)); return 1; } From levitte at openssl.org Mon Apr 4 14:49:42 2016 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 Apr 2016 16:49:42 +0200 (CEST) Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404144408.GA75125@thinkpad.swarthmore.edu> References: <20160404.155903.1530813598509966219.levitte@openssl.org> <20160404.160749.30589165521948749.levitte@openssl.org> <20160404144408.GA75125@thinkpad.swarthmore.edu> Message-ID: <20160404.164942.868027325565615626.levitte@openssl.org> In message <20160404144408.GA75125 at thinkpad.swarthmore.edu> on Mon, 4 Apr 2016 10:44:09 -0400, Michael McConville said: mmcco> Richard Levitte wrote: mmcco> > That being said, engines/e_padlock.c has changed quite a bit since, so mmcco> > if patching is still needed, it needs to be reworked with somewhat mmcco> > more modern code (that libressl patch applies to OpenSSL 0.9.8, which mmcco> > is past EOL). mmcco> mmcco> True, but it's still the same one line that needs to be changed. mmcco> engines/e_padlock.c:779: mmcco> mmcco> > *(volatile unsigned int *)&buf = 0; mmcco> mmcco> I've never worked with OpenSSL before, but the below is what I was mmcco> imagining. mmcco> mmcco> mmcco> diff --git a/engines/e_padlock.c b/engines/e_padlock.c mmcco> index 96e7483..709c4de 100644 mmcco> --- a/engines/e_padlock.c mmcco> +++ b/engines/e_padlock.c mmcco> @@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count) mmcco> *output++ = (unsigned char)buf; mmcco> count--; mmcco> } mmcco> - *(volatile unsigned int *)&buf = 0; mmcco> + mmcco> + OPENSSL_cleanse(&buf, sizeof(buf)); mmcco> mmcco> return 1; mmcco> } That looks good enough, I'll see to it being inserted. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From levitte at openssl.org Mon Apr 4 15:02:33 2016 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 Apr 2016 17:02:33 +0200 (CEST) Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404.164942.868027325565615626.levitte@openssl.org> References: <20160404.160749.30589165521948749.levitte@openssl.org> <20160404144408.GA75125@thinkpad.swarthmore.edu> <20160404.164942.868027325565615626.levitte@openssl.org> Message-ID: <20160404.170233.210714947731631234.levitte@openssl.org> In message <20160404.164942.868027325565615626.levitte at openssl.org> on Mon, 04 Apr 2016 16:49:42 +0200 (CEST), Richard Levitte said: levitte> In message <20160404144408.GA75125 at thinkpad.swarthmore.edu> on Mon, 4 Apr 2016 10:44:09 -0400, Michael McConville said: levitte> levitte> mmcco> Richard Levitte wrote: levitte> mmcco> > That being said, engines/e_padlock.c has changed quite a bit since, so levitte> mmcco> > if patching is still needed, it needs to be reworked with somewhat levitte> mmcco> > more modern code (that libressl patch applies to OpenSSL 0.9.8, which levitte> mmcco> > is past EOL). levitte> mmcco> levitte> mmcco> True, but it's still the same one line that needs to be changed. levitte> mmcco> engines/e_padlock.c:779: levitte> mmcco> levitte> mmcco> > *(volatile unsigned int *)&buf = 0; levitte> mmcco> levitte> mmcco> I've never worked with OpenSSL before, but the below is what I was levitte> mmcco> imagining. levitte> mmcco> levitte> mmcco> levitte> mmcco> diff --git a/engines/e_padlock.c b/engines/e_padlock.c levitte> mmcco> index 96e7483..709c4de 100644 levitte> mmcco> --- a/engines/e_padlock.c levitte> mmcco> +++ b/engines/e_padlock.c levitte> mmcco> @@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count) levitte> mmcco> *output++ = (unsigned char)buf; levitte> mmcco> count--; levitte> mmcco> } levitte> mmcco> - *(volatile unsigned int *)&buf = 0; levitte> mmcco> + levitte> mmcco> + OPENSSL_cleanse(&buf, sizeof(buf)); levitte> mmcco> levitte> mmcco> return 1; levitte> mmcco> } levitte> levitte> That looks good enough, I'll see to it being inserted. And pushed. Thank you! commit 6c13488c4e75ef839bc07a3ce428289aef4bd267 Author: Richard Levitte Date: Mon Apr 4 16:55:12 2016 +0200 Make sure the rand_byte buffer in padlock engine is cleansed. Submitted by Michael McConville Reviewed-by: Rich Salz -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From noloader at gmail.com Mon Apr 4 15:05:57 2016 From: noloader at gmail.com (Jeffrey Walton) Date: Mon, 4 Apr 2016 11:05:57 -0400 Subject: [openssl-dev] Proper explicit zeroing in VIA PadLock engine In-Reply-To: <20160404.155903.1530813598509966219.levitte@openssl.org> References: <20160404030958.GA44091@thinkpad.swarthmore.edu> <20160404.155903.1530813598509966219.levitte@openssl.org> Message-ID: On Mon, Apr 4, 2016 at 9:59 AM, Richard Levitte wrote: > In message on Mon, 4 Apr 2016 13:56:03 +0000, "Salz, Rich" said: > > rsalz> > rsalz> > I think we're deleting all engine code from LibreSSL, but at least one hunk of > rsalz> > this diff is relevant to OpenSSL: > rsalz> > > rsalz> > https://marc.info/?l=libressl&m=145791622313784&w=2 > rsalz> > rsalz> Thanks for forwarding this. We removed crypto/engine/eng_padlock.c ... > > Not quite. > > It was moved to engines/ If anyone needs access to a machine with VIA C7-D processor and the Padlock extensions for testing, then I can provide it. Send over your SSH public key. Jeff From noloader at gmail.com Mon Apr 4 18:07:54 2016 From: noloader at gmail.com (Jeffrey Walton) Date: Mon, 4 Apr 2016 14:07:54 -0400 Subject: [openssl-dev] Next protocol negotiations and different defines in opensslconf.h Message-ID: I *think* this question on Stack Overflow is due to changing the define associated with protocol negotiations: "Building curl from sources - undefined reference to SSL_CTX_set_alpn_protos" (http://stackoverflow.com/q/36404426). That is, OpenSSL 1.0.2 used 'no-npn' and OPENSSL_NO_NPN, while 1.1.0 uses 'no-nextprotoneg' and OPENSSL_NO_NEXTPROTONEG. Maybe it would be a good idea to ensure 1.1.0 defines both OPENSSL_NO_NEXTPROTONEG (1.1.0) and OPENSSL_NO_NPN (1.0.2 and earlier). Perhaps something like the following: #ifdef OPENSSL_NO_NEXTPROTONEG # define OPENSSL_NO_NPN #endif I think its easier to fix OpenSSL in one place rather than fix thousands of user programs hundreds of libraries. Jeff From martin_ghosal at hotmail.co.uk Tue Apr 5 09:17:34 2016 From: martin_ghosal at hotmail.co.uk (Martin Ghosal) Date: Tue, 5 Apr 2016 09:17:34 +0000 Subject: [openssl-dev] aarch64 build breaking Message-ID: Hello, When attempting to build for aarch64 the build breaks while testing here: http://pastebin.com/ucy8gKPA I can work around this issue by adding no-asm flags to the configure, I assume theres some asm code aarch64 isn't happy with? Is this a known issue or is it more likely my setup? Possibly outdated qemu. Cheers Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From uri at ll.mit.edu Tue Apr 5 17:55:26 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 5 Apr 2016 17:55:26 +0000 Subject: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug In-Reply-To: References: <9901de91e2a14612a1155d04cd74be30@ustx2ex-dag1mb1.msg.corp.akamai.com> <999933F8-9E51-48F8-8130-93B8AFBED011@gmail.com> Message-ID: I had the same (good) results on El Capitan 10.11.4 (and before than on 10.11.3), Xcode-7.3, and Openssl-1.0.2g (and Openssl-1.0.2h-dev). With some modifications (changing the calls to the 1.1 standard so it can compile :) it also produced the expected (correct) results with OpenSSL-1.1.0-pre5. Again, Mac OS X 10.10.5 and 10.11.4, Xcode-7.2.1 and Xcode-7.3, OpenSSL branches 1.0.2g, 1.0.2h-dev, 1.1.0-pre? $ cat openssl-hmac-tst.c #include #include void test_hmac() { #if OPENSSL_VERSION_NUMBER >= 0x10100001L HMAC_CTX *ctx; #else HMAC_CTX ctx; #endif /* OPENSSL-1.1 */ uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46, 0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3, 0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15}; #if OPENSSL_VERSION_NUMBER >= 0x10100001L ctx = HMAC_CTX_new(); #else HMAC_CTX_init(&ctx); #endif /* OPENSSL-1.1 */ #if OPENSSL_VERSION_NUMBER >= 0x10100001L int thor = HMAC_Init_ex(ctx, &key, 32, EVP_sha256(), NULL); #else int thor = HMAC_Init_ex(&ctx, &key, 32, EVP_sha256(), NULL); #endif /* OPENSSL-1.1 */ printf("hmac init = %d\n", thor); #if OPENSSL_VERSION_NUMBER >= 0x10100001L HMAC_CTX_free(ctx); #else HMAC_CTX_cleanup(&ctx); #endif /* OPENSSL-1.1 */ } int main(int argc, char **argv) { test_hmac(); } $ clang -o openssl-hmac-tst-1.1 -I/Users/ur20980/src/openssl-1.1/include openssl-hmac-tst.c -L /Users/ur20980/src/openssl-1.1/lib -lcrypto $ clang -o openssl-hmac-tst -I /opt/local/include openssl-hmac-tst.c -L /opt/local/lib -lcrypto $ ./openssl-hmac-tst hmac init = 1 $ ./openssl-hmac-tst-1.1 hmac init = 1 $ otool -L openssl-hmac-tst openssl-hmac-tst: /opt/local/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0) $ otool -L openssl-hmac-tst-1.1 openssl-hmac-tst-1.1: /Users/ur20980/src/openssl-1.1/lib/libcrypto.1.1.dylib (compatibility version 1.1.0, current version 1.1.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0) $ -- Regards, Uri Blumenthal From: Uri Blumenthal Date: Thursday, March 24, 2016 at 15:10 To: viisakas Subject: Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug >Sorry for my laziness/busy-ness ? but I don?t experience the problem you >described (on Yosemite). I will test on El Capitan (Mac OS X 10.11.4, >Xcode-7.3) later today. > >Mac OS X 10.10.5, Xcode-7.2.1: > >$ cat openssl-hmac-tst.c >#include >#include > >void test_hmac() { > HMAC_CTX ctx; > uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46, >0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3, >0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15}; > > HMAC_CTX_init(&ctx); > > int thor = HMAC_Init_ex(&ctx, &key, 32, EVP_sha256(), NULL); > > printf("hmac init = %d\n", thor); > > HMAC_CTX_cleanup(&ctx); >} > >int main(int argc, char **argv) { > test_hmac(); >} >$ clang -I/opt/local/include -o openssl-hmac-tst openssl-hmac-tst.c >-L/opt/local/lib -lcrypto >$ ./openssl-hmac-tst >hmac init = 1 >$ ./openssl-hmac-tst >hmac init = 1 >$ ./openssl-hmac-tst >hmac init = 1 >$ ./openssl-hmac-tst >hmac init = 1 >$ openssl version >OpenSSL 1.0.2h-dev xx XXX xxxx >$ > >-- >Regards, >Uri Blumenthal > >From: viisakas >Date: Tuesday, February 23, 2016 at 3:48 >To: Uri Blumenthal >Subject: Re: [openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug > >>Hey, >> >>sorry for the laziness. >>This is with 1.0.2f, on OS X 10.11.3. >> >>void test_hmac() { >> HMAC_CTX ctx; >> uint8_t key[32] = {0xDC, 0xFB, 0x59, 0x40, 0x73, 0x32, 0xF0, 0x46, >>0x1F, 0xC4, 0xF9, 0xE0, 0xEF, 0x15, 0x62, 0xB5, 0xC9, 0x9F, 0xE4, 0xD3, >>0x36, 0xDB, 0x9D, 0x61, 0xE0, 0x31, 0xA5, 0x6E, 0xD0, 0x79, 0xD7, 0x15}; >> >> HMAC_CTX_init(&ctx); >> >> int thor = HMAC_Init_ex(&ctx, &key, 32, EVP_sha256(), NULL); >> >> printf("hmac init = %d\n", thor); >> >> HMAC_CTX_cleanup(&ctx); >>} >> >>Best of wishes, >>Mikk R?tsep >> >>>On 22 veebr 2016, at 18:42, Blumenthal, Uri - 0553 - MITLL >>> wrote: >>> >>> If somebody (Mikk, Felipe, you hear? :) cares to send me a *simple* >>>*short* >>> code that exposes this problem, I?ll be willing to test it on Linux and >>> Mac OS X, with OpenSSL-1.0.2f, OpenSSL-1.0.2-stable, and >>>1.1-pre. >>> -- >>> Regards, >>> Uri Blumenthal -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From director at openca.org Wed Apr 6 20:58:05 2016 From: director at openca.org (Dr. Pala) Date: Wed, 6 Apr 2016 17:58:05 -0300 Subject: [openssl-dev] [openssl-users] Block Ciphers in XTS mode (AES-XTS) [SOLVED - almost ?] In-Reply-To: <5705150D.6060200@openca.org> References: <5705150D.6060200@openca.org> Message-ID: <5705785D.8060706@openca.org> Hi all, well.. I did dig a little bit into the implementation code.. I wish who wrote the code would have put some comments to understand how to use the cipher properly.. I hope I did get it right. If anybody is interested in the code-tracking, here's some details: // Tracking down XTS code in OSSL // // crypto/evp/e_evp.c: // EVP_AES_XTS_CTX (@line 85) // aes_xts_ctrl (supports EVP_CTRL_COPY & EVP_CTRL_INIT only) (@line 1000) // aes_xts_init_key (@line 1026) // aes_xts_cipher (@line 1088) -> CRYPTO_xts128_encrypt // define: BLOCK_CIPHER_custom (@line 1119) // // crypto/modes/modes.h: [TODO: check tweak, scratch] // XTS128_CONTEXT (@line 144) -> struct xts128_context // CRYPTO_xts128_encrypt (@line 146) // // crypto/modes/xts128.c: // CRYPTO_xts128_encrypt (@line 61) // // crypto/modes/modes_lcl.h: // struct xts128_context (@line 120) // Now, for the interesting part, checking the code I noticed the use of a flag that checks for the size of the data to be encrypted that, for FIPS implementation, should not exceed 2^20 * block-size (in disk encryption that would be the size of the block, I suppose). Anyhow, that inspired me to try to see if, since there is no CRTL to set the size of the block, the implementation assumes that the size of the block is actually passed as the size of the data for each EVP_EncryptUpdate (or EVP_DecryptUpdate)... that seems to be the case. The test code that I generated is capable of decrypting the data at "block" boundaries (code follows). Although I hoped for a more sophisticated and less error-prone interface, I guess I can work with this (but I hope someone would take charge of adding a little more of complexity to help with the details - maybe that work can also help CTR mode as well to be easier to use for random-access decryption). Here's an initial (very simple) test implementation: // Init the CTX ctx = EVP_CIPHER_CTX_new(); // Set cipher type and mode if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_xts(), NULL, key, iv) // Total bytes to encrypt n_ops = 0; next_op_size = 0; remains = clear_len; enc_buf_curr = enc_buf; clear_buf_curr = clear_buf; // Encrypt plaintext while (remains > 0) { // Gets the size of the next chunk to be encrypted next_op_size = (block_size < remains ? block_size : remains); // Performs the encryption EVP_EncryptUpdate(ctx, enc_buf_curr, &tmp_len, clear_buf_curr, next_op_size); // Updates the number of ops n_ops++; // Updates the remaining data size to encrypt remains -= block_size; // Updates the pointer to the next enc buffer space enc_buf_curr += tmp_len; // Updates the pointer to the next clear buffer space clear_buf_curr += block_size; } // Finalize the Encryption EVP_EncryptFinal_ex(ctx, &enc_buf[ret_len], &tmp_len); // Now we can output the cyphertext (encrypted message) printf("Ciphertext %d:\n", ret_len); BIO_dump_fp(stdout, (char *)enc_buf, ret_len); printf("\n"); // Let's free the OpenSSL CTX structure EVP_CIPHER_CTX_free(ctx); Although this works, I noticed that the same data in different blocks result in the same ciphertext (really bad!). For example, with a block size of 64bytes (I know it is very small, but bear with me) and the following clear text input: char * text = // 128bits per row "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF" "0123456789ABCDEF"; The output is as follows: Encrypted Data: 0000 - bb 56 4d ed dc 56 7c 3d-f8 c5 9d 58 34 d6 68 94 .VM..V|=...X4.h. 0010 - f8 10 03 59 f0 a7 bb 79-e0 9c a3 33 bf b9 48 2d ...Y...y...3..H- 0020 - 0f 23 c7 56 a8 b0 9c bf-aa a1 0e 4f 11 8b 18 14 .#.V.......O.... 0030 - 93 aa ca 02 ea 33 2f 92-b1 40 a2 01 c2 87 3f cc .....3/.. at ....?. 0040 - bb 56 4d ed dc 56 7c 3d-f8 c5 9d 58 34 d6 68 94 .VM..V|=...X4.h. 0050 - f8 10 03 59 f0 a7 bb 79-e0 9c a3 33 bf b9 48 2d ...Y...y...3..H- 0060 - 0f 23 c7 56 a8 b0 9c bf-aa a1 0e 4f 11 8b 18 14 .#.V.......O.... 0070 - 93 aa ca 02 ea 33 2f 92-b1 40 a2 01 c2 87 3f cc .....3/.. at ....?. 0080 - bb 56 4d ed dc 56 7c 3d-f8 c5 9d 58 34 d6 68 94 .VM..V|=...X4.h. 0090 - f8 10 03 59 f0 a7 bb 79-e0 9c a3 33 bf b9 48 2d ...Y...y...3..H- 00a0 - 0f 23 c7 56 a8 b0 9c bf-aa a1 0e 4f 11 8b 18 14 .#.V.......O.... 00b0 - 93 aa ca 02 ea 33 2f 92-b1 40 a2 01 c2 87 3f cc .....3/.. at ....?. 00c0 - bb 56 4d ed dc 56 7c 3d-f8 c5 9d 58 34 d6 68 94 .VM..V|=...X4.h. 00d0 - f8 10 03 59 f0 a7 bb 79-e0 9c a3 33 bf b9 48 2d ...Y...y...3..H- 00e0 - 0f 23 c7 56 a8 b0 9c bf-aa a1 0e 4f 11 8b 18 14 .#.V.......O.... 00f0 - 93 aa ca 02 ea 33 2f 92-b1 40 a2 01 c2 87 3f cc .....3/.. at ....?. Which, for what I know if XTS (that is very little, I admit), this should not be the case.. am I correct ? I was under the impression that the encryption should be tied to the position in the file (or Disk) - i.e., the block number. If so, does anybody know what I am actually missing here ? Am I supposed to, somehow, modify the plaintext before encrypting it (e.g., XOR with the block number ?). Thanks, Max P.S.: I am cross-posting the message also to dev as this might have better chances to get an answer there... ? On 4/6/16 10:54 AM, Dr. Pala wrote: > Hi all, > > I am trying to solve a particular problem related to provide random > access to encrypted files. AFAIK, I have two options. The first is to > use CRT mode (read only) and the second is to use XTS (read and write). > > Since I have never used the XTS mode before, does anybody have > experience in using the XTS support in OpenSSL ? Do you have any > particular recommendations for key re-usage in this case (i.e., shall > I use one key per file or can I re-use the same key for different > files) ? > > Any examples that can guide me through the implementation effort ? > > Thanks, > Max > > > -- > Massimiliano Pala, PhD > Director at OpenCA Labs > twitter: @openca -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Apr 7 02:03:11 2016 From: rt at openssl.org (Paul Dembry via RT) Date: Thu, 07 Apr 2016 02:03:11 +0000 Subject: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure In-Reply-To: <007701d19068$3e78fcd0$bb6af670$@trifox.com> References: <007701d19068$3e78fcd0$bb6af670$@trifox.com> Message-ID: OpenSSL: Version 1.0.2g OS: Linux tri26 3.0.13-0.27-default #1 SMP Wed Feb 15 13:33:49 UTC 2012 (d73692b) s390x s390x s390x GNU/Linux Hardware: Hercules 3.11 emulator, running on Linux rad5 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux make test Testing cipher AES-128-XTS(encrypt/decrypt) Key 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IV 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Plaintext 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Ciphertext 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 0010 cd 43 d2 f5 95 98 ed 85 8c 02 c2 65 2f bf 92 2e Ciphertext mismatch Got 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 0010 89 36 96 08 51 3b fa 4f 4e 41 fd cf 81 18 01 b4 Expected 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 0010 cd 43 d2 f5 95 98 ed 85 8c 02 c2 65 2f bf 92 2e make[1]: *** [test_evp] Error 9 make[1]: Leaving directory `/usr4/tmp/openssl-1.0.2g/test' make: *** [tests] Error 2 Regards, Paul -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4500 Please log in as guest with password guest if prompted From rt at openssl.org Thu Apr 7 11:44:09 2016 From: rt at openssl.org (Peter Chernyshev via RT) Date: Thu, 07 Apr 2016 11:44:09 +0000 Subject: [openssl-dev] [openssl.org #4501] bug in BN_mod_word In-Reply-To: References: Message-ID: ?????? ????! ????????? ?????????? BN_mod_word BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); ???????? ??????? ?? 64 ??? ?????? ??? ????????? w>2^32, ???? ????????? ??? BN_ULONG (64 ????). ???? Hello! BN part program BN_ULONG BN_mod_word (const BIGNUM * a, BN_ULONG w); does not work properly on 64-bit machine with some w> 2 ^ 32, although declared as BN_ULONG (64 bits). Peter. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4501 Please log in as guest with password guest if prompted From director at openca.org Thu Apr 7 16:46:09 2016 From: director at openca.org (Dr. Pala) Date: Thu, 7 Apr 2016 13:46:09 -0300 Subject: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure In-Reply-To: References: <007701d19068$3e78fcd0$bb6af670$@trifox.com> Message-ID: <57068ED1.1010207@openca.org> Hi Paul, I have not checked the code for the test, but I do get the expected values with my little test program. Here's the dump (key and iv set to 0 - block size is 32 bytes (i.e. 2 * 128bit units)): AES XTS Encrypt: ---------------- Plaintext (32): 0020 - Ciphertext 32: 0000 - 91 7c f6 9e bd 68 b2 ec-9b 9f e9 a3 ea dd a6 92 .|...h.......... 0010 - cd 43 d2 f5 95 98 ed 85-8c 02 c2 65 2f bf 92 2e .C.........e/... AES XTS Decrypt: ---------------- Encrypted Data: 0000 - 91 7c f6 9e bd 68 b2 ec-9b 9f e9 a3 ea dd a6 92 .|...h.......... 0010 - cd 43 d2 f5 95 98 ed 85-8c 02 c2 65 2f bf 92 2e .C.........e/... Decrypt Offset: 0 Original Start: 0 Throw Away: 0 Clear Text 32: 0020 - My guess is that the second part of the key is not all zeros - this would cause you to get the first part of the message encrypted correctly and the second part not having the good values... this is just my guess, of course. Cheers, Max On 4/6/16 11:03 PM, Paul Dembry via RT wrote: > OpenSSL: Version 1.0.2g > > OS: Linux tri26 3.0.13-0.27-default #1 SMP Wed Feb 15 13:33:49 UTC 2012 > (d73692b) s390x s390x s390x GNU/Linux > > Hardware: Hercules 3.11 emulator, running on Linux rad5 2.6.18.2-34-default > #1 SMP Mon Nov 27 11:46:27 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux > > > > make test > > > > Testing cipher AES-128-XTS(encrypt/decrypt) > > Key > > 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > IV > > 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Plaintext > > 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Ciphertext > > 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 > > 0010 cd 43 d2 f5 95 98 ed 85 8c 02 c2 65 2f bf 92 2e > > Ciphertext mismatch > > Got > > 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 > > 0010 89 36 96 08 51 3b fa 4f 4e 41 fd cf 81 18 01 b4 > > Expected > > 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 > > 0010 cd 43 d2 f5 95 98 ed 85 8c 02 c2 65 2f bf 92 2e > > make[1]: *** [test_evp] Error 9 > > make[1]: Leaving directory `/usr4/tmp/openssl-1.0.2g/test' > > make: *** [tests] Error 2 > > > > Regards, > > Paul > > -- Massimiliano Pala, PhD Director at OpenCA Labs twitter: @openca -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Apr 7 19:36:04 2016 From: rt at openssl.org (Viktor Dukhovni via RT) Date: Thu, 07 Apr 2016 19:36:04 +0000 Subject: [openssl-dev] [openssl.org #4502] CT todos In-Reply-To: References: Message-ID: Beyond the suggested changes to SCT_LIST_validate() et. al. and documentation, IIRC at some point or other I noted that the chain verification status observed in resumed sessions may not be correct if handshakes without valid SCTs are allowed to complete and perhaps get reused. Even without resumption, applications typically expect to find out chain validity via SSL_get_verify_result(). This suggests the view that SCT validation is a late phase of chain validation, and that if SCT processing is enabled, but no valid SCTs are presented, while the verify result is X509_V_OK, it perhaps ought to be set to some (new) error value, and as a result remain set in resumed sessions. This means that the difference between the permissive and the strict callback would be only in the return value, both would still look for at least one valid SCT and set an X509_V_ERR_<...> if still X509_V_OK (do not override any prior X509 error). It is unfortunate that we're doing SCT at the SSL layer and not the X.509 layer, but sadly it seems that not all the SCTs are available at the time we're processing the peer's certificate message. (stapled OCSP is after the chain IIRC). So this issue should be dealt with (or decided to be a non issue) in the next few days before beta2. -- Viktor. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4502 Please log in as guest with password guest if prompted From rt at openssl.org Thu Apr 7 21:48:26 2016 From: rt at openssl.org (Beat Bolli via RT) Date: Thu, 07 Apr 2016 21:48:26 +0000 Subject: [openssl-dev] [openssl.org #4503] RSA: the docs still talk about RSA_PKCS1_SSLeay In-Reply-To: <5706D396.2010705@drbeat.li> References: <5706D396.2010705@drbeat.li> Message-ID: See this pull request: https://github.com/openssl/openssl/pull/953 Cheers, Beat -- https://drbeat.li pgp: 0x506A903A; 49D5 794A EA77 F907 764F D89E 304B 93CF 506A 903A gsm: 4.7.7.6.0.7.7.9.7.1.4.e164.arpa icbm: 47.0452 N, 7.2715 E "It takes love over gold, and mind over matter" -- Dire Straits -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4503 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: not available URL: From rt at openssl.org Fri Apr 8 13:55:32 2016 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 08 Apr 2016 13:55:32 +0000 Subject: [openssl-dev] [openssl.org #4041] [PATCH] Add Certificate Transparency Support In-Reply-To: References: Message-ID: Done. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4041 Please log in as guest with password guest if prompted From doctor at doctor.nl2k.ab.ca Sat Apr 9 12:11:14 2016 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sat, 9 Apr 2016 06:11:14 -0600 Subject: [openssl-dev] Openssl-SMAP-20160409 issue Message-ID: <20160409121114.GA21055@doctor.nl2k.ab.ca> ../test/recipes/70-test_sslvertol.t ....... is hung. Please fix -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Manitoba ! Save your province in April! Vote Liberal!! From rt at openssl.org Sat Apr 9 12:46:24 2016 From: rt at openssl.org (=?UTF-8?B?0JDQvdC00YDQtdC5INCf0YDQvtC60L7Qv9GM0LXQsg==?= via RT) Date: Sat, 09 Apr 2016 12:46:24 +0000 Subject: [openssl-dev] [openssl.org #4504] Openssl cms encrypt bug. In-Reply-To: References: Message-ID: Hi Team, I tried to use cms commands from https://www.openssl.org/docs/manmaster/apps/cms.html Create an encrypted message using 128 bit Camellia: openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem However if we use -seed insted of -camellia128, it will failed. openssl cms -encrypt -in file1 -outform PEM -seed -out cms_temp.msg c03.pem 3074082492:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:cms_enc.c:215: 3074082492:error:2E07F041:CMS routines:CMS_final:malloc failure:cms_smime.c:767: Thanks, Andrew -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4504 Please log in as guest with password guest if prompted From rt at openssl.org Sun Apr 10 07:15:13 2016 From: rt at openssl.org (Paul Dembry via RT) Date: Sun, 10 Apr 2016 07:15:13 +0000 Subject: [openssl-dev] [openssl.org #4505] RE: Testing cipher AES-128-XTS(encrypt/decrypt) failure In-Reply-To: <003e01d19277$e4636de0$ad2a49a0$@trifox.com> References: <007c01d19068$3f57c410$be074c30$@trifox.com> <003e01d19277$e4636de0$ad2a49a0$@trifox.com> Message-ID: I lost the email that assigned a request number to this submittal. This may in fact be an error in the Hercules emulator's implementation of some 390 cryptography instructions so please disregard it. I will re-submit it if it turns out that it is not a Hercules problem. Paul From: Paul Dembry [mailto:pade at trifox.com] Sent: Wednesday, April 6, 2016 5:56 PM To: rt at openssl.org Subject: Testing cipher AES-128-XTS(encrypt/decrypt) failure OpenSSL: Version 1.0.2g OS: Linux tri26 3.0.13-0.27-default #1 SMP Wed Feb 15 13:33:49 UTC 2012 (d73692b) s390x s390x s390x GNU/Linux Hardware: Hercules 3.11 emulator, running on Linux rad5 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux make test Testing cipher AES-128-XTS(encrypt/decrypt) Key 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IV 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Plaintext 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Ciphertext 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 0010 cd 43 d2 f5 95 98 ed 85 8c 02 c2 65 2f bf 92 2e Ciphertext mismatch Got 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 0010 89 36 96 08 51 3b fa 4f 4e 41 fd cf 81 18 01 b4 Expected 0000 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92 0010 cd 43 d2 f5 95 98 ed 85 8c 02 c2 65 2f bf 92 2e make[1]: *** [test_evp] Error 9 make[1]: Leaving directory `/usr4/tmp/openssl-1.0.2g/test' make: *** [tests] Error 2 Regards, Paul -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4505 Please log in as guest with password guest if prompted From rt at openssl.org Sun Apr 10 07:15:13 2016 From: rt at openssl.org (Kazuki Yamaguchi via RT) Date: Sun, 10 Apr 2016 07:15:13 +0000 Subject: [openssl-dev] [openssl.org #4506] Add SSL_CTX_get_ciphers() [GitHub PR #957] In-Reply-To: <5ec8171e-2d59-c7e9-bb84-5f3a2795c9b8@rhe.jp> References: <5ec8171e-2d59-c7e9-bb84-5f3a2795c9b8@rhe.jp> Message-ID: See this pull request on GitHub: - Add SSL_CTX_get_ciphers() - https://github.com/openssl/openssl/pull/957 Thanks, -- Kazuki Yamaguchi -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4506 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 11 03:44:12 2016 From: rt at openssl.org (Yuan Jochen Kang via RT) Date: Mon, 11 Apr 2016 03:44:12 +0000 Subject: [openssl-dev] [openssl.org #4507] Bugs due to missing error handling In-Reply-To: <570B0086.7030208@cs.columbia.edu> References: <570B0086.7030208@cs.columbia.edu> Message-ID: Dear OpenSSL developers, We are security researchers at Columbia University and the University of Virginia. As part of a research project, we have built a tool for automatically finding error handling bugs and are testing it on various cryptographic libraries and applications that use them. In version 1.0.1s, we discovered various instances where function calls are not checked for failures, which could lead to silent errors in the user output. Please let us know how you intend to address these issues. 1, When bio_out is NULL, it can still be used, and the function would return the non-error value, 0, instead of maybe another error exit value: apps/prime.c, lines 108, 128, 136, 144: int MAIN(int argc, char **argv) { ... if ((bio_out = BIO_new(BIO_s_file())) != NULL) { ... } BIO_printf(bio_out, "%s\n", s); ... BN_print(bio_out, bn); BIO_printf(bio_out, " is %sprime\n", BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not "); ... return 0; ... } 2, SSL_write should be checked for a non-positive error value, before the output buffer is overwritten with data from SSL_read. apps/s_time.c, lines 427, 485, 522: int MAIN(int argc, char **argv) { ... SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; ... SSL_write(scon, buf, strlen(buf)); while (SSL_read(scon, buf, sizeof(buf)) > 0) ; ... SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; ... } Thank you, Yuan Kang -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4507 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 11 07:02:13 2016 From: rt at openssl.org (Harry Reimann via RT) Date: Mon, 11 Apr 2016 07:02:13 +0000 Subject: [openssl-dev] [openssl.org #4508] BUG in openssl-1.1.0-pre4 (and current GIT master) In-Reply-To: References: Message-ID: Openssl-1.1.0-pre4 can't be built for linux-ppc with options no-chacha or no-poly1305 since crypto/ppccap.c doesn't use OPENSSL_NO_CHACHA and OPENSSL_NO_POLY1305. Best regards, Harry Reimann -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4508 Please log in as guest with password guest if prompted From rt at openssl.org Tue Apr 12 13:41:52 2016 From: rt at openssl.org (Nikos Mavrogiannopoulos via RT) Date: Tue, 12 Apr 2016 13:41:52 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: <1460455510.3558.29.camel@redhat.com> References: <1460455510.3558.29.camel@redhat.com> Message-ID: A part of the gnutls test suite runs under valgrind, and in fedora 23 it occasionally fails, something that I have traced it to softhsm library and particular hardware. The failures are due to the softhsm library which uses openssl underneath and in particular EC key generation. This can be reproduced using only the openssl tools: $ openssl version OpenSSL 1.0.2d-fips 9 Jul 2015 $ valgrind openssl genpkey -algorithm ec??-pkeyopt ec_paramgen_curve:P-256? vex: the `impossible' happened: ???isZeroU vex storage: T total 270175784 bytes allocated vex storage: P total 640 bytes allocated valgrind: the 'impossible' happened: ???LibVEX called failure_exit(). [...] sched status: ? running_tid=1 Thread 1: status = VgTs_Runnable (lwpid 28037) ==28037==????at 0x5B14C80: ecp_nistz256_avx2_select_w7 (in /usr/lib64/libcrypto.so.1.0.2g) ==28037==????by 0x5AFA92F: EC_POINT_mul (in /usr/lib64/libcrypto.so.1.0.2g) ==28037==????by 0x5AF9876: EC_POINT_new (in /usr/lib64/libcrypto.so.1.0.2g) ==28037==????by 0x5B02835: EC_KEY_generate_key (in /usr/lib64/libcrypto.so.1.0.2g) ==28037==????by 0x5B51B82: EVP_PKEY_keygen (in /usr/lib64/libcrypto.so.1.0.2g) ==28037==????by 0x436A29: ??? (in /usr/bin/openssl) ==28037==????by 0x41A457: ??? (in /usr/bin/openssl) ==28037==????by 0x41A0D6: ??? (in /usr/bin/openssl) ==28037==????by 0x62B357F: (below main) (libc-start.c:289) This may be a bug in valgrind, or according to some valgrind posts, caused by an illegal instruction. Thus reported here. The failed system is: model name : Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat epb pln pts dtherm intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt originally at: https://bugzilla.redhat.com/show_bug.cgi?id=1326024 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From balajimarisetti at gmail.com Wed Apr 13 13:11:29 2016 From: balajimarisetti at gmail.com (balaji marisetti) Date: Wed, 13 Apr 2016 18:41:29 +0530 Subject: [openssl-dev] need clarification on openssl s_server s_client applications Message-ID: Hi, When I try to send any data > MTU (1500) from s_server/client applications (in DTLS mode), I see an error (errno:90) on the sender side. Is it normal? Is it a limitation of the s_server/client applications or the OpenSSL implementation or the DTLS standard itself? I'm using Openssl-1.0.2g on Ubuntu-14.04 Thanks, Balaji M From tshort at akamai.com Wed Apr 13 19:18:34 2016 From: tshort at akamai.com (Short, Todd) Date: Wed, 13 Apr 2016 19:18:34 +0000 Subject: [openssl-dev] need clarification on openssl s_server s_client applications In-Reply-To: References: Message-ID: <56808A94-4C03-431A-8EB1-0F4DEEBF1316@akamai.com> DTLS standard: DTLS does not permit fragmentation of the data (handshaking has it?s own fragmentation mechanism separate from the record layer). See https://tools.ietf.org/html/rfc4347#section-4.2.3 -- -Todd Short // tshort at akamai.com // "One if by land, two if by sea, three if by the Internet." On Apr 13, 2016, at 9:11 AM, balaji marisetti > wrote: Hi, When I try to send any data > MTU (1500) from s_server/client applications (in DTLS mode), I see an error (errno:90) on the sender side. Is it normal? Is it a limitation of the s_server/client applications or the OpenSSL implementation or the DTLS standard itself? I'm using Openssl-1.0.2g on Ubuntu-14.04 Thanks, Balaji M -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Wed Apr 13 19:22:52 2016 From: rt at openssl.org (Short, Todd via RT) Date: Wed, 13 Apr 2016 19:22:52 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: References: <1460455510.3558.29.camel@redhat.com> Message-ID: Valgrind does not necessarily support all instructions, if there?s any optimized assembly, you might run into problems. Are you able to compile a non-assembly version of the OpenSSL library? Are you able to update to a newer Valgrind? You also seem to have a version discrepancy in OpenSSL: 1.0.2d-fips and 1.0.2g? -- -Todd Short // tshort at akamai.com // "One if by land, two if by sea, three if by the Internet." On Apr 12, 2016, at 9:41 AM, Nikos Mavrogiannopoulos via RT > wrote: A part of the gnutls test suite runs under valgrind, and in fedora 23 it occasionally fails, something that I have traced it to softhsm library and particular hardware. The failures are due to the softhsm library which uses openssl underneath and in particular EC key generation. This can be reproduced using only the openssl tools: $ openssl version OpenSSL 1.0.2d-fips 9 Jul 2015 $ valgrind openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 vex: the `impossible' happened: isZeroU vex storage: T total 270175784 bytes allocated vex storage: P total 640 bytes allocated valgrind: the 'impossible' happened: LibVEX called failure_exit(). [...] sched status: running_tid=1 Thread 1: status = VgTs_Runnable (lwpid 28037) ==28037== at 0x5B14C80: ecp_nistz256_avx2_select_w7 (in /usr/lib64/libcrypto.so.1.0.2g) ==28037== by 0x5AFA92F: EC_POINT_mul (in /usr/lib64/libcrypto.so.1.0.2g) ==28037== by 0x5AF9876: EC_POINT_new (in /usr/lib64/libcrypto.so.1.0.2g) ==28037== by 0x5B02835: EC_KEY_generate_key (in /usr/lib64/libcrypto.so.1.0.2g) ==28037== by 0x5B51B82: EVP_PKEY_keygen (in /usr/lib64/libcrypto.so.1.0.2g) ==28037== by 0x436A29: ??? (in /usr/bin/openssl) ==28037== by 0x41A457: ??? (in /usr/bin/openssl) ==28037== by 0x41A0D6: ??? (in /usr/bin/openssl) ==28037== by 0x62B357F: (below main) (libc-start.c:289) This may be a bug in valgrind, or according to some valgrind posts, caused by an illegal instruction. Thus reported here. The failed system is: model name : Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat epb pln pts dtherm intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt originally at: https://bugzilla.redhat.com/show_bug.cgi?id=1326024 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From anthony.chow at al-enterprise.com Thu Apr 14 00:31:30 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Thu, 14 Apr 2016 00:31:30 +0000 Subject: [openssl-dev] Start contributing to OpenSSL Message-ID: I would like to start contributing to this project. On github under openssl/CONTRIBUTING stated that there are local unit testing that can be done for sanity checking that we can do before submitting a PR. In some cases, running these local unit test is not enough. I will be doing the changes on a Ubuntu 14.04 system, is there any other way that I can test my code via some upper level "application" such as web browser such that I can switch between the official version and the version with my changes. Thanks for the pointers, Anthony. -------------- next part -------------- An HTML attachment was scrubbed... URL: From anthony.chow at al-enterprise.com Thu Apr 14 04:55:02 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Thu, 14 Apr 2016 04:55:02 +0000 Subject: [openssl-dev] make TESTS="test_ocsp" test In-Reply-To: References: Message-ID: Can this test be tested standalone? I must have missed something: === INVALID SIGNATURE on the OCSP RESPONSE === NON-DELEGATED; Intermediate CA -> EE Response Verify Failure 47813825843168:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103: 47813825843168:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: 47813825843168:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218: 47813825843168:error:27069075:OCSP routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: NON-DELEGATED; Root CA -> Intermediate CA Response Verify Failure 47579061129184:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103: 47579061129184:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: 47579061129184:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218: 47579061129184:error:27069075:OCSP routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: NON-DELEGATED; Root CA -> EE Any pointer on what I can do? Anthony. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Apr 14 05:33:02 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 Apr 2016 07:33:02 +0200 (CEST) Subject: [openssl-dev] make TESTS="test_ocsp" test In-Reply-To: References: Message-ID: <20160414.073302.2120384461169802828.levitte@openssl.org> In message on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony said: anthony.chow> Can this test be tested standalone? I must have missed something: anthony.chow> anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> 47813825843168:error:27069075:OCSP anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> 47579061129184:error:27069075:OCSP anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do? This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future). As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something) Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From anthony.chow at al-enterprise.com Thu Apr 14 05:37:00 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Thu, 14 Apr 2016 05:37:00 +0000 Subject: [openssl-dev] make TESTS="test_ocsp" test In-Reply-To: <20160414.073302.2120384461169802828.levitte@openssl.org> References: <20160414.073302.2120384461169802828.levitte@openssl.org> Message-ID: Oh thanks. This is a negative test. I will move on. Is there a good way to test the openssl library and not just the command line? Anthony. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Richard Levitte Sent: Wednesday, April 13, 2016 10:33 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] make TESTS="test_ocsp" test In message on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony said: anthony.chow> Can this test be tested standalone? I must have missed something: anthony.chow> anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> 47813825843168:error:27069075:OCSP anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> 47579061129184:error:27069075:OCSP anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do? This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future). As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something) Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From levitte at openssl.org Thu Apr 14 07:13:11 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 Apr 2016 09:13:11 +0200 (CEST) Subject: [openssl-dev] make TESTS="test_ocsp" test In-Reply-To: References: <20160414.073302.2120384461169802828.levitte@openssl.org> Message-ID: <20160414.091311.629066462466407575.levitte@openssl.org> I could argue that testing the command line *does* test the library ;-) However, there are a number of test programs in test/ that test diverse aspects of the library as well, also through the aid of test recipes. Which aspect of the library are you looking for? Cheers, Richard In message on Thu, 14 Apr 2016 05:37:00 +0000, CHOW Anthony said: anthony.chow> Oh thanks. This is a negative test. I will move on. anthony.chow> anthony.chow> Is there a good way to test the openssl library and not just the command line? anthony.chow> anthony.chow> Anthony. anthony.chow> anthony.chow> -----Original Message----- anthony.chow> From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Richard Levitte anthony.chow> Sent: Wednesday, April 13, 2016 10:33 PM anthony.chow> To: openssl-dev at openssl.org anthony.chow> Subject: Re: [openssl-dev] make TESTS="test_ocsp" test anthony.chow> anthony.chow> In message on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony said: anthony.chow> anthony.chow> anthony.chow> Can this test be tested standalone? I must have missed something: anthony.chow> anthony.chow> anthony.chow> anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> anthony.chow> 47813825843168:error:27069075:OCSP anthony.chow> anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> anthony.chow> 47579061129184:error:27069075:OCSP anthony.chow> anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do? anthony.chow> anthony.chow> This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future). anthony.chow> anthony.chow> As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something) anthony.chow> anthony.chow> Cheers, anthony.chow> Richard anthony.chow> anthony.chow> -- anthony.chow> Richard Levitte levitte at openssl.org anthony.chow> OpenSSL Project http://www.openssl.org/~levitte/ anthony.chow> -- anthony.chow> openssl-dev mailing list anthony.chow> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev anthony.chow> -- anthony.chow> openssl-dev mailing list anthony.chow> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev anthony.chow> From anthony.chow at al-enterprise.com Thu Apr 14 07:18:14 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Thu, 14 Apr 2016 07:18:14 +0000 Subject: [openssl-dev] make TESTS="test_ocsp" test In-Reply-To: <20160414.091311.629066462466407575.levitte@openssl.org> References: <20160414.073302.2120384461169802828.levitte@openssl.org> <20160414.091311.629066462466407575.levitte@openssl.org> Message-ID: OCSP in specific. Actually, I am trying to have OpenSSL to use OCSP before CRL in check_revocation(). On the web I found someone make this change but it did not get merged into OpenSSL. I want to test that part of the code change where I merged in my local Ubuntu 14.04. Thanks so much, Anthony. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Richard Levitte Sent: Thursday, April 14, 2016 12:13 AM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] make TESTS="test_ocsp" test I could argue that testing the command line *does* test the library ;-) However, there are a number of test programs in test/ that test diverse aspects of the library as well, also through the aid of test recipes. Which aspect of the library are you looking for? Cheers, Richard In message on Thu, 14 Apr 2016 05:37:00 +0000, CHOW Anthony said: anthony.chow> Oh thanks. This is a negative test. I will move on. anthony.chow> anthony.chow> Is there a good way to test the openssl library and not just the command line? anthony.chow> anthony.chow> Anthony. anthony.chow> anthony.chow> -----Original Message----- anthony.chow> From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Richard Levitte anthony.chow> Sent: Wednesday, April 13, 2016 10:33 PM anthony.chow> To: openssl-dev at openssl.org anthony.chow> Subject: Re: [openssl-dev] make TESTS="test_ocsp" test anthony.chow> anthony.chow> In message on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony said: anthony.chow> anthony.chow> anthony.chow> Can this test be tested standalone? I must have missed something: anthony.chow> anthony.chow> anthony.chow> anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> anthony.chow> 47813825843168:error:27069075:OCSP anthony.chow> anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> anthony.chow> 47579061129184:error:27069075:OCSP anthony.chow> anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do? anthony.chow> anthony.chow> This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future). anthony.chow> anthony.chow> As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something) anthony.chow> anthony.chow> Cheers, anthony.chow> Richard anthony.chow> anthony.chow> -- anthony.chow> Richard Levitte levitte at openssl.org anthony.chow> OpenSSL Project http://www.openssl.org/~levitte/ anthony.chow> -- anthony.chow> openssl-dev mailing list anthony.chow> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev anthony.chow> -- anthony.chow> openssl-dev mailing list anthony.chow> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev anthony.chow> -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From matt at openssl.org Thu Apr 14 08:25:49 2016 From: matt at openssl.org (Matt Caswell) Date: Thu, 14 Apr 2016 09:25:49 +0100 Subject: [openssl-dev] Start contributing to OpenSSL In-Reply-To: References: Message-ID: <570F540D.2070109@openssl.org> On 14/04/16 01:31, CHOW Anthony wrote: > I would like to start contributing to this project. On github under > openssl/CONTRIBUTING stated that there are local unit testing that can > be done for sanity checking that we can do before submitting a PR. > > > > In some cases, running these local unit test is not enough. I will be > doing the changes on a Ubuntu 14.04 system, is there any other way that > I can test my code via some upper level ?application? such as web > browser such that I can switch between the official version and the > version with my changes. Most people use s_client/s_server. Matt From rt at openssl.org Thu Apr 14 10:59:38 2016 From: rt at openssl.org (Matt Caswell via RT) Date: Thu, 14 Apr 2016 10:59:38 +0000 Subject: [openssl-dev] [openssl.org #4455] OpenSUSE 42: undefined reference to `engine_load_afalg_internal' In-Reply-To: References: Message-ID: Please can you try this again on latest master. Possibly fixed by 627537ddf379. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4455 Please log in as guest with password guest if prompted From rt at openssl.org Thu Apr 14 11:05:20 2016 From: rt at openssl.org (Matt Caswell via RT) Date: Thu, 14 Apr 2016 11:05:20 +0000 Subject: [openssl-dev] [openssl.org #4499] ARM32 and "undefined reference to `engine_load_afalg_internal'" In-Reply-To: References: Message-ID: Please try again from latest master. Possibly fixed by 627537ddf379. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4499 Please log in as guest with password guest if prompted From cyriacjoseph at gmail.com Thu Apr 14 10:09:24 2016 From: cyriacjoseph at gmail.com (cyriac) Date: Thu, 14 Apr 2016 03:09:24 -0700 (MST) Subject: [openssl-dev] Where is the sample-comprehensive CAVS test vectors' set with all 259 test vectors Message-ID: <1460628564877-65538.post@n7.nabble.com> Hi, *In FIPS Userguide 2.0*, Appendix B, about CAVS testing, I could find: Note this step requires a large directory tree of input test data files produced by the testing lab using a NIST provided tool (CAVS); several sets of input and response values can be found http://openssl.com/testing/validation-2.0/testvectors/. The file *http://openssl.com/testing/validation-2.0/testvectors/tv.tar.gz contains a complete set of 259 test vector files with correct responses that can be used for a single comprehensive test. *Note the number and format of these test vector files changes over time, so this set may not correspond exactly to what the CAVS tool currently produces. Unfortunately, this sample comprehensive test vector tar-ball (tv.tar.gz) is not present in this location. I have been searching all out, but I could not get hold of this set with all 259 vectors from anywhere. Could I know how to get hold of this complete test vector set. (Any web link available?). Kindly help? Thanks, Cyriac -- View this message in context: http://openssl.6102.n7.nabble.com/Where-is-the-sample-comprehensive-CAVS-test-vectors-set-with-all-259-test-vectors-tp65538.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. From marquess at openssl.com Thu Apr 14 11:57:47 2016 From: marquess at openssl.com (Steve Marquess) Date: Thu, 14 Apr 2016 07:57:47 -0400 Subject: [openssl-dev] Where is the sample-comprehensive CAVS test vectors' set with all 259 test vectors In-Reply-To: <1460628564877-65538.post@n7.nabble.com> References: <1460628564877-65538.post@n7.nabble.com> Message-ID: <570F85BB.5070006@openssl.com> On 04/14/2016 06:09 AM, cyriac wrote: > Hi, > > *In FIPS Userguide 2.0*, Appendix B, about CAVS testing, I could find: > Note this step requires a large directory tree of input test data files > produced by the > testing lab using a NIST provided tool (CAVS); several sets of input and > response values can be > found http://openssl.com/testing/validation-2.0/testvectors/. The file > *http://openssl.com/testing/validation-2.0/testvectors/tv.tar.gz > contains a complete set of 259 test vector files with correct responses that > can be used for a single > comprehensive test. *Note the number and format of these test vector files > changes over time, so this > set may not correspond exactly to what the CAVS tool currently produces. > > Unfortunately, this sample comprehensive test vector tar-ball (tv.tar.gz) is > not present in this location. > I have been searching all out, but I could not get hold of this set with all > 259 vectors from anywhere. > Could I know how to get hold of this complete test vector set. (Any web link > available?). Kindly help? The tv.tar.gz symlink was missing; I've restored it. Unfortunately that doesn't do you much good. You can find a huge collection of historical test vectors at: http://openssl.com/testing/validation-2.0/testvectors/ and tv.tar.gz is now pointing to one of them. But, the format and contents of these test vector data sets change over time, frequently. Having one of them doesn't do you much good for a number of reasons: 1) Even if you appear to have processed them without error, you can't properly verify them without an accredited test lab, and if you were working with an accredited test lab they would supply you with a current set of test vectors. 2) There is no reason to fool with these test vectors unless you're trying for your own validation using the OpenSSL FIPS module code, in which case you'll have to engage an accredited test lab. 3) Even if you have a current set (unlikely), any official algorithm validation action requires a unique new set of test vectors (which ... wait for it ... you can only get from an accredited test lab). 4) If you're working with a non-current set of test vectors (which is usually all of them as the format changes frequently), you'll waste time barking up the wrong tree. They can change substantially in a short period of time; note for instance the file count is no longer 259. Notice I mention "accredited test lab" a lot. You're wasting your time if you've not engaged one. Our open source test suite software makes the mechanics of validation a lot easier, but you still have to use a test lab. Yes, you have to pay the lab, but welcome to the wonderful world of FIPS 140-2. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From balajimarisetti at gmail.com Thu Apr 14 12:01:47 2016 From: balajimarisetti at gmail.com (balaji marisetti) Date: Thu, 14 Apr 2016 17:31:47 +0530 Subject: [openssl-dev] need clarification on openssl s_server s_client applications In-Reply-To: <56808A94-4C03-431A-8EB1-0F4DEEBF1316@akamai.com> References: <56808A94-4C03-431A-8EB1-0F4DEEBF1316@akamai.com> Message-ID: Hi Todd, Thanks for the clarification. On Thu, Apr 14, 2016 at 12:48 AM, Short, Todd wrote: > DTLS standard: DTLS does not permit fragmentation of the data (handshaking > has it?s own fragmentation mechanism separate from the record layer). > > See https://tools.ietf.org/html/rfc4347#section-4.2.3 > > -- > -Todd Short > // tshort at akamai.com > // "One if by land, two if by sea, three if by the Internet." > > On Apr 13, 2016, at 9:11 AM, balaji marisetti > wrote: > > Hi, > > When I try to send any data > MTU (1500) from s_server/client > applications (in DTLS mode), I see an error (errno:90) on the sender > side. Is it normal? Is it a limitation of the s_server/client > applications or the OpenSSL implementation or the DTLS standard > itself? > > I'm using Openssl-1.0.2g on Ubuntu-14.04 > > > Thanks, > Balaji M > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- :-)balaji From cyriacjoseph at gmail.com Thu Apr 14 11:20:21 2016 From: cyriacjoseph at gmail.com (cyriac) Date: Thu, 14 Apr 2016 04:20:21 -0700 (MST) Subject: [openssl-dev] Where is the sample-comprehensive CAVS test vectors' set with all 259 test vectors In-Reply-To: <570F85BB.5070006@openssl.com> References: <1460628564877-65538.post@n7.nabble.com> <570F85BB.5070006@openssl.com> Message-ID: <1460632821137-65541.post@n7.nabble.com> Thanx! That link works now. Infact, we had some samples from there already. We understand now that the test vectors do change over time and there is nothing like a "final" set. And yes, we are working with an accredited test lab already. The intention behind getting hold of a complete set in advance was to have a trial run of the tests in advance till we wait for official test vectors from the lab. And as I understand, officially, these have to be verified with the CAVS tool which can be done only by the lab. However, the perl script fipsalgtest.pl is capable to verify the .rsp files against the .fax files (provided along with the vectors) and to provide a test summary report. (With the exception of some key gen vectors which could be verified only by CAVS tool) We have done this for a set of vectors and it passes too. *Only one clarification sought for.. If fipsalgtest.pl tells me that my vectors are verified without errors, should I still be skeptical until the lab confirms it ?* -Cyriac -- View this message in context: http://openssl.6102.n7.nabble.com/Where-is-the-sample-comprehensive-CAVS-test-vectors-set-with-all-259-test-vectors-tp65538p65541.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. From marquess at openssl.com Thu Apr 14 13:09:40 2016 From: marquess at openssl.com (Steve Marquess) Date: Thu, 14 Apr 2016 09:09:40 -0400 Subject: [openssl-dev] Where is the sample-comprehensive CAVS test vectors' set with all 259 test vectors In-Reply-To: <1460632821137-65541.post@n7.nabble.com> References: <1460628564877-65538.post@n7.nabble.com> <570F85BB.5070006@openssl.com> <1460632821137-65541.post@n7.nabble.com> Message-ID: <570F9694.2090201@openssl.com> On 04/14/2016 07:20 AM, cyriac wrote: > Thanx! That link works now. Infact, we had some samples from there already. > We understand now that the test vectors do change over time and there is > nothing like a "final" set. > > And yes, we are working with an accredited test lab already. The intention > behind getting hold of a complete set in advance was to have a trial run of > the tests in advance till we wait for official test vectors from the lab. IMHO the algorithm testing process is tedious enough as it is; since in general you cannot get a "complete set" in advance because the format changes so frequently, you're just asking for unnecessary grief and frustration. You'll encounter enough of that in the normal course of events without seeking it out :-) Your lab should have told you that... > And as I understand, officially, these have to be verified with the CAVS > tool which can be done only by the lab. Correct. > However, the perl script fipsalgtest.pl is capable to verify the .rsp files > against the .fax files (provided along with the vectors) and to provide a > test summary report. (With the exception of some key gen vectors which could > be verified only by CAVS tool) > We have done this for a set of vectors and it passes too. > > *Only one clarification sought for.. If fipsalgtest.pl tells me that my > vectors are verified without errors, should I still be skeptical until the > lab confirms it ?* Yes, for several reasons: 1) That check only compares the results from a presumed known good platform against the target response files. 2) The test vector set you're using is probably obsolete, and so is no good for your intended outcome even if "correct". 3) Even of "current", with "correct" response files relative to the request files, the request files may be wrong (as in not what is required by the CAVP). Those files are generated from the CAVS tool via a labor intensive manual process, and the CAVS tool is updated frequently and sometimes has bugs. Errors in one or both (manual process or tool) are not at all uncommon; I'd say the error rate is in the 10% range. So you can find that the test vectors you processed without apparent error, and even that the test lab confirmed, can still turn out to be unsuitable. Usually you don't have to reprocess them all, though I usually do given that it's easier to use fipsalgtest.pl on a full test vector set than to manually manipulate individual request files. Note I like to hang on to the test device until the CMVP formally approves the related validation action, as on occasion we've have to re-do testing that was first done months ago. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From cyriacjoseph at gmail.com Thu Apr 14 12:34:15 2016 From: cyriacjoseph at gmail.com (cyriac) Date: Thu, 14 Apr 2016 05:34:15 -0700 (MST) Subject: [openssl-dev] Does CAVS test harness support testing of Component Vectors like TLS, SSH etc. Message-ID: <1460637255825-65543.post@n7.nabble.com> I am specifically referring to the Key Derivation Function test vectors for conformance with SP800-135 specification. http://csrc.nist.gov/groups/STM/cavp/component-testing.html#KDF135 There we have *test vectors for SP 800-135 like ?TLS KDF Test Vectors?, ?SSH Test Vectors?.* (We have currently upgraded to openssl-fips 2.0.12) In my understanding /fips_algvs/ supports test vectors for specific crypto modules like AES, SHA, HMAC, RSA etc (with the respective fips__main() routine). However, *test vectors for applications utilizing one or more of these cryptos like TSL, SSH etc. are not at all supported by the CAVS test harness* ? *We could not also find any such vectors being uploaded in the test vectors repository* at http://opensslfoundation.com/testing/validation-2.0/testvectors/ (In fact we have randomly downloaded few of those and we could not find) I am clueless how to go about generating response vectors for request vectors like *tls.req* using the test harness. In case the harness does not support, do you recommend any other resources for reference implementation for these tests. It looks like a tough ask! Kindly pour in your suggestions/experiences. -Cyriac -- View this message in context: http://openssl.6102.n7.nabble.com/Does-CAVS-test-harness-support-testing-of-Component-Vectors-like-TLS-SSH-etc-tp65543.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. From marquess at openssl.com Thu Apr 14 13:54:50 2016 From: marquess at openssl.com (Steve Marquess) Date: Thu, 14 Apr 2016 09:54:50 -0400 Subject: [openssl-dev] Does CAVS test harness support testing of Component Vectors like TLS, SSH etc. In-Reply-To: <1460637255825-65543.post@n7.nabble.com> References: <1460637255825-65543.post@n7.nabble.com> Message-ID: <570FA12A.8000202@openssl.com> On 04/14/2016 08:34 AM, cyriac wrote: > I am specifically referring to the Key Derivation Function test vectors for > conformance with SP800-135 specification. > http://csrc.nist.gov/groups/STM/cavp/component-testing.html#KDF135 > There we have *test vectors for SP 800-135 like ?TLS KDF Test Vectors?, ?SSH > Test Vectors?.* > (We have currently upgraded to openssl-fips 2.0.12) > > In my understanding /fips_algvs/ supports test vectors for specific crypto > modules like AES, SHA, HMAC, RSA etc (with the respective > fips__main() routine). > However, *test vectors for applications utilizing one or more of these > cryptos like TSL, SSH etc. are not at all supported by the CAVS test > harness* ? > > *We could not also find any such vectors being uploaded in the test vectors > repository* at > http://opensslfoundation.com/testing/validation-2.0/testvectors/ (In fact we > have randomly downloaded few of those and we could not find) > > I am clueless how to go about generating response vectors for request > vectors like *tls.req* using the test harness. > In case the harness does not support, do you recommend any other resources > for reference implementation for these tests. > It looks like a tough ask! > > Kindly pour in your suggestions/experiences. There are many types of CAVP/CAVS algorithm tests, only some of which are addressed by the OpenSSL FIPS Object Module. The selection of algorithm tests is a function of your requirements and is unique to each validation. You'll need to consult with your accredited test lab. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From rsalz at akamai.com Thu Apr 14 16:57:56 2016 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 14 Apr 2016 16:57:56 +0000 Subject: [openssl-dev] API question; v3_asid/v3_addr Message-ID: Do you use the v3_asid_xxx or v3_addr_xxx API's? Please let me know. (They are not going away, we just need to know if they're internal-only or if people are using them.) -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -------------- next part -------------- An HTML attachment was scrubbed... URL: From sra+openssl at hactrn.net Thu Apr 14 18:00:00 2016 From: sra+openssl at hactrn.net (Rob Austein) Date: Thu, 14 Apr 2016 14:00:00 -0400 Subject: [openssl-dev] API question; v3_asid/v3_addr In-Reply-To: References: Message-ID: <20160414180000.DB1653E8F8D8@minas-ithil.hactrn.net> At Thu, 14 Apr 2016 16:57:56 +0000, Salz, Rich wrote: > > Do you use the v3_asid_xxx or v3_addr_xxx API's? Yes. See: https://subvert-rpki.hactrn.net/trunk/ext/POW.c https://subvert-rpki.hactrn.net/trunk/rp/rcynic/rcynic.c From rsalz at akamai.com Thu Apr 14 18:14:01 2016 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 14 Apr 2016 18:14:01 +0000 Subject: [openssl-dev] API question; v3_asid/v3_addr In-Reply-To: <20160414180000.DB1653E8F8D8@minas-ithil.hactrn.net> References: <20160414180000.DB1653E8F8D8@minas-ithil.hactrn.net> Message-ID: > Yes. See: Great, thanks. It's quite probably that in 1.1 they will become X509v3_addr_xxx etc. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From sra+openssl at hactrn.net Thu Apr 14 18:36:41 2016 From: sra+openssl at hactrn.net (Rob Austein) Date: Thu, 14 Apr 2016 14:36:41 -0400 Subject: [openssl-dev] API question; v3_asid/v3_addr References: <20160414180000.DB1653E8F8D8@minas-ithil.hactrn.net> Message-ID: <20160414184246.738063E90000@minas-ithil.hactrn.net> > It's quite probably that in 1.1 they will become X509v3_addr_xxx etc. Thanks for the heads-up. Having already crossed the "some API changes will not be 100% backwards compatible" Rubicon, this is no big deal. From KThirumal at inautix.co.in Fri Apr 15 08:15:49 2016 From: KThirumal at inautix.co.in (Thirumal, Karthikeyan) Date: Fri, 15 Apr 2016 08:15:49 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications Message-ID: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> Dear Dev folks, My clients are facing are connectivity issues after windows released their OS upgrade this week. I think they have changed the way the SSL handshake happens. My Server is using openssl-0.9.8a and my client sits on a Microsoft platform. >From OpenSSL - do we have a recommendation to overcome this connectivity issue that started after the Microsoft patch ? Please confirm. Thanks & Regards ________________________ Karthikeyan Thirumal ****************************************************** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ****************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Apr 15 08:34:30 2016 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 Apr 2016 09:34:30 +0100 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> Message-ID: <5710A796.6080002@openssl.org> On 15/04/16 09:15, Thirumal, Karthikeyan wrote: > Dear Dev folks, > > My clients are facing are connectivity issues after windows released > their OS upgrade this week. I think they have changed the way the SSL > handshake happens. > > My Server is using openssl-0.9.8a and my client sits on a Microsoft > platform. > > > > From OpenSSL ? do we have a recommendation to overcome this connectivity > issue that started after the Microsoft patch ? Please confirm. We have not had other reports of this issue, so I have no specific recommendation. However openssl-0.9.8a is a *very* old version of OpenSSL (released October 2005). The 0.9.8 series is out of support and is no longer receiving security bug fixes. Your server is almost certainly vulnerable to significant security defects. You should upgrade to a supported version as soon as possible. As we have not had other reports of this problem this is likely to solve your Microsoft issue too. Matt > > > > > > Thanks & Regards > ________________________ > Karthikeyan Thirumal > > > > > ****************************************************** > This message and any files or attachments sent with this message contain > confidential information and is intended only for the individual named. > If you are not the named addressee, you should not disseminate, > distribute, copy or use any part of this email. If you have received > this message in error, please delete it and all copies from your system > and notify the sender immediately by return Email. > > Email transmission cannot be guaranteed to be secure or error-free as > information can be intercepted, corrupted, lost, destroyed, late, > incomplete or may contain viruses. The sender, therefore, does not > accept liability for any errors or omissions in the contents of this > message, which arise as a result of email transmission. > ****************************************************** > > From KThirumal at inautix.co.in Fri Apr 15 09:33:48 2016 From: KThirumal at inautix.co.in (Thirumal, Karthikeyan) Date: Fri, 15 Apr 2016 09:33:48 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <5710A796.6080002@openssl.org> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> Message-ID: <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> Yes Matt - I agree that it is a very old / low version that we are using. We faced few memory issues with the 0.9.8zc - so we backed out and lived with 9.8a. In addition we are also planning to terminate SSL at F5 rather than our Server - so we did not really care about the lower version. Am still unclear what is the patch that MS released on April 12 that is affecting the SSL communication ? Some more info - My F5 version in test region uses 0.9.8e version and connectivity is working fine. Can you clarify the SSL related differences between 8a and 8e ? Thanks & Regards ________________________ Karthikeyan Thirumal -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications On 15/04/16 09:15, Thirumal, Karthikeyan wrote: > Dear Dev folks, > > My clients are facing are connectivity issues after windows released > their OS upgrade this week. I think they have changed the way the SSL > handshake happens. > > My Server is using openssl-0.9.8a and my client sits on a Microsoft > platform. > > > > From OpenSSL - do we have a recommendation to overcome this > connectivity issue that started after the Microsoft patch ? Please confirm. We have not had other reports of this issue, so I have no specific recommendation. However openssl-0.9.8a is a *very* old version of OpenSSL (released October 2005). The 0.9.8 series is out of support and is no longer receiving security bug fixes. Your server is almost certainly vulnerable to significant security defects. You should upgrade to a supported version as soon as possible. As we have not had other reports of this problem this is likely to solve your Microsoft issue too. Matt > > > > > > Thanks & Regards > ________________________ > Karthikeyan Thirumal > > > > > ****************************************************** > This message and any files or attachments sent with this message > contain confidential information and is intended only for the individual named. > If you are not the named addressee, you should not disseminate, > distribute, copy or use any part of this email. If you have received > this message in error, please delete it and all copies from your > system and notify the sender immediately by return Email. > > Email transmission cannot be guaranteed to be secure or error-free as > information can be intercepted, corrupted, lost, destroyed, late, > incomplete or may contain viruses. The sender, therefore, does not > accept liability for any errors or omissions in the contents of this > message, which arise as a result of email transmission. > ****************************************************** > > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ****************************************************** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ****************************************************** From matt at openssl.org Fri Apr 15 09:47:19 2016 From: matt at openssl.org (Matt Caswell) Date: Fri, 15 Apr 2016 10:47:19 +0100 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> Message-ID: <5710B8A7.20302@openssl.org> On 15/04/16 10:33, Thirumal, Karthikeyan wrote: > Yes Matt - I agree that it is a very old / low version that we are > using. We faced few memory issues with the 0.9.8zc - so we backed out > and lived with 9.8a. In addition we are also planning to terminate > SSL at F5 rather than our Server - so we did not really care about > the lower version. > > Am still unclear what is the patch that MS released on April 12 that > is affecting the SSL communication ? No idea - that's probably more a question for MS. > > Some more info - My F5 version in test region uses 0.9.8e version > and connectivity is working fine. Can you clarify the SSL related > differences between 8a and 8e ? The Change log summarises the major differences. See: https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/CHANGES#L1254 Matt > > Thanks & Regards ________________________ Karthikeyan Thirumal > > -----Original Message----- From: openssl-dev > [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell > Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Windows Patch affecting connectivity to > our applications > > > > On 15/04/16 09:15, Thirumal, Karthikeyan wrote: >> Dear Dev folks, >> >> My clients are facing are connectivity issues after windows >> released their OS upgrade this week. I think they have changed the >> way the SSL handshake happens. >> >> My Server is using openssl-0.9.8a and my client sits on a Microsoft >> platform. >> >> >> >> From OpenSSL - do we have a recommendation to overcome this >> connectivity issue that started after the Microsoft patch ? Please >> confirm. > > We have not had other reports of this issue, so I have no specific > recommendation. However openssl-0.9.8a is a *very* old version of > OpenSSL (released October 2005). The 0.9.8 series is out of support > and is no longer receiving security bug fixes. Your server is almost > certainly vulnerable to significant security defects. You should > upgrade to a supported version as soon as possible. As we have not > had other reports of this problem this is likely to solve your > Microsoft issue too. > > Matt > > > >> >> >> >> >> >> Thanks & Regards ________________________ Karthikeyan Thirumal >> >> >> >> >> ****************************************************** This message >> and any files or attachments sent with this message contain >> confidential information and is intended only for the individual >> named. If you are not the named addressee, you should not >> disseminate, distribute, copy or use any part of this email. If you >> have received this message in error, please delete it and all >> copies from your system and notify the sender immediately by return >> Email. >> >> Email transmission cannot be guaranteed to be secure or error-free >> as information can be intercepted, corrupted, lost, destroyed, >> late, incomplete or may contain viruses. The sender, therefore, >> does not accept liability for any errors or omissions in the >> contents of this message, which arise as a result of email >> transmission. >> ****************************************************** >> >> > -- openssl-dev mailing list To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-dev > > ****************************************************** This message > and any files or attachments sent with this message contain > confidential information and is intended only for the individual > named. If you are not the named addressee, you should not > disseminate, distribute, copy or use any part of this email. If you > have received this message in error, please delete it and all copies > from your system and notify the sender immediately by return Email. > > Email transmission cannot be guaranteed to be secure or error-free as > information can be intercepted, corrupted, lost, destroyed, late, > incomplete or may contain viruses. The sender, therefore, does not > accept liability for any errors or omissions in the contents of this > message, which arise as a result of email transmission. > ****************************************************** > From rt at openssl.org Fri Apr 15 13:22:52 2016 From: rt at openssl.org (Hubert Kario via RT) Date: Fri, 15 Apr 2016 13:22:52 +0000 Subject: [openssl-dev] [openssl.org #4511] s_server does not send Alert messages upon receiving malformed Client Key Exchange messages in DHE key exchange In-Reply-To: <1501337.2KOEEos4mI@pintsize.usersys.redhat.com> References: <1501337.2KOEEos4mI@pintsize.usersys.redhat.com> Message-ID: Using either current 1.0.1 or 1.0.2 branch (7a433893a and 9676402c3a respectively) openssl s_server command does not send Alert message upon receiving a malformed or invalid Client Key Exchange message in DHE key exchange. That applies to messages that are longer and shorter than needed as well as messages that include client key shares bigger than the prime selected by server. Reproducer: =========== (requires Python 2.6, 3.2 or later) git clone https://github.com/tomato42/tlsfuzzer.git pushd tlsfuzzer git checkout bad-dhe # won't be necessary in future git clone https://github.com/warner/python-ecdsa .python-ecdsa ln -s .python-ecdsa/ecdsa ecdsa git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng pushd .tlslite-ng git checkout buffered-socket # won't be necessary in future popd ln -s .tlslite-ng/tlslite tlslite popd openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost openssl s_server -www -key localhost.key -cert localhost.crt # in another terminal, same directory PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-dhe-rsa-key-exchange-with-bad-messages.py OpenSSL output: =============== Using default temp DH parameters Using default temp ECDH parameters ACCEPT 140482987349656:error:1408B094:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:dh public value length is wrong:s3_srvr.c:2363: ACCEPT 140482987349656:error:05066066:Diffie-Hellman routines:COMPUTE_KEY:invalid public key:dh_key.c:230: 140482987349656:error:1408B005:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:DH lib:s3_srvr.c:2395: ACCEPT ACCEPT 140482987349656:error:1408B094:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:dh public value length is wrong:s3_srvr.c:2363: ACCEPT Result: ======= padded Client Key Exchange ... Error encountered while processing node (child: ) with last message being: None Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-dhe-rsa-key-exchange-with-bad-messages.py", line 137, in main runner.run() File "/tmp/tlsfuzzer/tlsfuzzer/runner.py", line 145, in run raise AssertionError("Unexpected closure from peer") AssertionError: Unexpected closure from peer invalid dh_Yc value - 8192b ... Error encountered while processing node (child: ) with last message being: None Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-dhe-rsa-key-exchange-with-bad-messages.py", line 137, in main runner.run() File "/tmp/tlsfuzzer/tlsfuzzer/runner.py", line 145, in run raise AssertionError("Unexpected closure from peer") AssertionError: Unexpected closure from peer sanity check DHE_RSA_AES_128 ... OK truncated dh_Yc value ... Error encountered while processing node (child: ) with last message being: None Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-dhe-rsa-key-exchange-with-bad-messages.py", line 137, in main runner.run() File "/tmp/tlsfuzzer/tlsfuzzer/runner.py", line 145, in run raise AssertionError("Unexpected closure from peer") AssertionError: Unexpected closure from peer Test end successful: 1 failed: 3 Expected result: ================ padded Client Key Exchange ... OK invalid dh_Yc value - 8192b ... OK sanity check DHE_RSA_AES_128 ... OK truncated dh_Yc value ... OK Test end successful: 4 failed: 0 -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4511 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From KThirumal at inautix.co.in Fri Apr 15 13:43:46 2016 From: KThirumal at inautix.co.in (Thirumal, Karthikeyan) Date: Fri, 15 Apr 2016 13:43:46 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <5710B8A7.20302@openssl.org> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> <5710B8A7.20302@openssl.org> Message-ID: <55A0598A7539EC4BAB296D8BBA5AC122C010949F@WTPCPMBMEM07.ams.bnymellon.net> Matt, Can you tell me if we can enable SSL in fragments with openssl-0.9.8a ? So that the version of Openssl that I have can handle this seamlessly. Just confirmed with MS that they have started to send SSL data in fragments. Thanks & Regards ________________________ Karthikeyan Thirumal ADD-Web-NXP-India, Application Development Delivery iNautix Technologies India Pvt. Ltd., A BNY Mellon Company. Extn (Internal): 612-10650 Direct Line: (+1) 615-381-0650 Email: kthirumal at inautix.co.in Information Classification: Internal Use Only -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Friday, April 15, 2016 3:17 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications On 15/04/16 10:33, Thirumal, Karthikeyan wrote: > Yes Matt - I agree that it is a very old / low version that we are > using. We faced few memory issues with the 0.9.8zc - so we backed out > and lived with 9.8a. In addition we are also planning to terminate SSL > at F5 rather than our Server - so we did not really care about the > lower version. > > Am still unclear what is the patch that MS released on April 12 that > is affecting the SSL communication ? No idea - that's probably more a question for MS. > > Some more info - My F5 version in test region uses 0.9.8e version and > connectivity is working fine. Can you clarify the SSL related > differences between 8a and 8e ? The Change log summarises the major differences. See: https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/CHANGES#L1254 Matt > > Thanks & Regards ________________________ Karthikeyan Thirumal > > -----Original Message----- From: openssl-dev > [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell > Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our > applications > > > > On 15/04/16 09:15, Thirumal, Karthikeyan wrote: >> Dear Dev folks, >> >> My clients are facing are connectivity issues after windows released >> their OS upgrade this week. I think they have changed the way the SSL >> handshake happens. >> >> My Server is using openssl-0.9.8a and my client sits on a Microsoft >> platform. >> >> >> >> From OpenSSL - do we have a recommendation to overcome this >> connectivity issue that started after the Microsoft patch ? Please >> confirm. > > We have not had other reports of this issue, so I have no specific > recommendation. However openssl-0.9.8a is a *very* old version of > OpenSSL (released October 2005). The 0.9.8 series is out of support > and is no longer receiving security bug fixes. Your server is almost > certainly vulnerable to significant security defects. You should > upgrade to a supported version as soon as possible. As we have not had > other reports of this problem this is likely to solve your Microsoft > issue too. > > Matt > > > >> >> >> >> >> >> Thanks & Regards ________________________ Karthikeyan Thirumal >> >> >> >> >> ****************************************************** This message >> and any files or attachments sent with this message contain >> confidential information and is intended only for the individual >> named. If you are not the named addressee, you should not >> disseminate, distribute, copy or use any part of this email. If you >> have received this message in error, please delete it and all copies >> from your system and notify the sender immediately by return Email. >> >> Email transmission cannot be guaranteed to be secure or error-free as >> information can be intercepted, corrupted, lost, destroyed, late, >> incomplete or may contain viruses. The sender, therefore, does not >> accept liability for any errors or omissions in the contents of this >> message, which arise as a result of email transmission. >> ****************************************************** >> >> > -- openssl-dev mailing list To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-dev > > ****************************************************** This message > and any files or attachments sent with this message contain > confidential information and is intended only for the individual > named. If you are not the named addressee, you should not > disseminate, distribute, copy or use any part of this email. If you > have received this message in error, please delete it and all copies > from your system and notify the sender immediately by return Email. > > Email transmission cannot be guaranteed to be secure or error-free as > information can be intercepted, corrupted, lost, destroyed, late, > incomplete or may contain viruses. The sender, therefore, does not > accept liability for any errors or omissions in the contents of this > message, which arise as a result of email transmission. > ****************************************************** > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ****************************************************** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ****************************************************** From rsalz at akamai.com Fri Apr 15 16:49:22 2016 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 15 Apr 2016 16:49:22 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <5710A796.6080002@openssl.org> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> Message-ID: <7dc54c79c9ff466b94c3b9aa187c615d@usma1ex-dag1mb1.msg.corp.akamai.com> It is quite possible, maybe even likely, that the new MSFT update is using TLS versions that OpenSSL 0.9.8 does not support. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From rt at openssl.org Fri Apr 15 16:51:37 2016 From: rt at openssl.org (Patrick Steuer via RT) Date: Fri, 15 Apr 2016 16:51:37 +0000 Subject: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter? In-Reply-To: <201604151110.u3FBAW7v017702@d06av02.portsmouth.uk.ibm.com> References: <201604151110.u3FBAW7v017702@d06av02.portsmouth.uk.ibm.com> Message-ID: Hello openssl team, The following code in the ChaCha20_ctr32 function in crypto/chacha/chacha_enc.c looks like you are actually using an IV=[64bit counter||64 bit nonce] as specified in the "original Bernstein ChaCha" instead of IV=[32bit counter||96bit nonce] as specified in RFC7539. u32 input[16]; [...] /* advance counter */ if (++input[12] == 0) input[13]++; The code is from your git repo's master branch. Mit freundlichen Gr??en / Kind regards Patrick Steuer Crypto for Linux on z Systems Phone: +49-7031-16-1600 Email: patrick.steuer at de.ibm.com IBM Deutschland Research & Development GmbH Sch?naicher Str. 220, 71032 B?blingen -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4512 Please log in as guest with password guest if prompted From rsalz at akamai.com Fri Apr 15 16:55:58 2016 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 15 Apr 2016 16:55:58 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <55A0598A7539EC4BAB296D8BBA5AC122C010949F@WTPCPMBMEM07.ams.bnymellon.net> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> <5710B8A7.20302@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C010949F@WTPCPMBMEM07.ams.bnymellon.net> Message-ID: <36b21244cc154c2d93668a274ecfa080@usma1ex-dag1mb1.msg.corp.akamai.com> > Can you tell me if we can enable SSL in fragments with openssl-0.9.8a ? So Upgrade. Sorry, that's the only answer. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From rt at openssl.org Sat Apr 16 17:53:59 2016 From: rt at openssl.org (Brian Smith via RT) Date: Sat, 16 Apr 2016 17:53:59 +0000 Subject: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files In-Reply-To: References: Message-ID: It seems that 32-bit ARM has the same limitation as x86 that the input and output pointers must match or the input and output buffers must not overlap at all. I'm not sure which ARM code path (NEON or non-NEON, or both) has this issue. Cheers, Brian -- https://briansmith.org/ -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4362 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 18 13:05:27 2016 From: rt at openssl.org (Davide Galassi via RT) Date: Mon, 18 Apr 2016 13:05:27 +0000 Subject: [openssl-dev] [openssl.org #4513] [PATCH] In-Reply-To: References: Message-ID: Hello, Given that BIO_connect never returns a value less than 0 crypto/bio/b_sock2.c * Returns 1 on success or 0 on failure. On failure errno is set * and an error status is added to the OpenSSL error stack. */ int BIO_connect(int sock, const BIO_ADDR *addr, int options); This call always produces a wrong result openssl/crypto/bio/bss_conn.c case BIO_CONN_S_CONNECT: BIO_clear_retry_flags(b); ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), BIO_SOCK_KEEPALIVE | c->connect_mode); b->retry_reason = 0; if (ret < 0) { I attach a patch with the fix. Best Regards, Davide Galassi -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4513 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: connectfix.patch Type: application/octet-stream Size: 971 bytes Desc: not available URL: From rt at openssl.org Mon Apr 18 20:57:54 2016 From: rt at openssl.org (Michel via RT) Date: Mon, 18 Apr 2016 20:57:54 +0000 Subject: [openssl-dev] [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake In-Reply-To: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> References: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> Message-ID: Hi, Still doing some testing of OpenSSL 1.1.0, I experienced a crash in PKCS12_key_gen_uni(). Even if the original mistake was in my test software, I believe it is worth verifying that 'v' (MD block size) is not nul line 129 of p12_key.c, because it is used as divisor line 136 : Slen = v * ((saltlen + v - 1) / v); Regards, Michel. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4514 Please log in as guest with password guest if prompted From anthony.chow at al-enterprise.com Tue Apr 19 01:11:38 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Tue, 19 Apr 2016 01:11:38 +0000 Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() Message-ID: I am trying to do ?openssl verify ?CAfile server.pem? and the command hang. When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs. But I don?t seems to find this function in the OpenSSL tree. Any insight on this? Thanks so much. grep -rwn . -e "PEM_read_bio_X509_AUX" Binary file ./libcrypto.a matches ./util/libeay.num:1541:PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION: Binary file ./demos/easy_tls/test matches Binary file ./libssl.a matches ./crypto/x509/by_file.c:143: x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); Binary file ./crypto/x509/by_file.o matches Binary file ./crypto/ts/ts_conf.o matches ./crypto/ts/ts_conf.c:102: x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); Binary file ./crypto/pem/pem_xaux.o matches ./ssl/ssl_rsa.c:705: x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, Binary file ./ssl/ssl_rsa.o matches ./doc/crypto/pem.pod:20:PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, ./doc/crypto/pem.pod:154: X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); Binary file ./test/rsa_test matches Binary file ./test/ssltest matches Binary file ./test/evp_extra_test matches Binary file ./test/sha512t matches Binary file ./test/ectest matches Binary file ./test/randtest matches Binary file ./test/ecdhtest matches Binary file ./test/evp_test matches Binary file ./test/enginetest matches Binary file ./test/sha256t matches Binary file ./test/dhtest matches Binary file ./test/md4test matches Binary file ./test/md5test matches Binary file ./test/srptest matches Binary file ./test/igetest matches Binary file ./test/sha1test matches Binary file ./test/shatest matches Binary file ./test/rmdtest matches Binary file ./test/mdc2test matches Binary file ./test/verify_extra_test matches Binary file ./test/ecdsatest matches Binary file ./test/bntest matches Binary file ./test/dsatest matches Binary file ./test/exptest matches Binary file ./test/v3nametest matches Binary file ./test/hmactest matches Binary file ./test/clienthellotest matches Binary file ./apps/openssl matches Binary file ./apps/apps.o matches ./apps/apps.c:896: x = PEM_read_bio_X509_AUX(cert, NULL, -------------- next part -------------- An HTML attachment was scrubbed... URL: From wiml at omnigroup.com Tue Apr 19 02:05:12 2016 From: wiml at omnigroup.com (Wim Lewis) Date: Mon, 18 Apr 2016 19:05:12 -0700 Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() In-Reply-To: References: Message-ID: On Apr 18, 2016, at 6:11 PM, CHOW Anthony wrote: > I am trying to do ?openssl verify ?CAfile server.pem? and the command hang. When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs. > > But I don?t seems to find this function in the OpenSSL tree. > > Any insight on this? Thanks so much. The macros DECLARE_PEM_rw and IMPLEMENT_PEM_rw, which are defined in crypto/pem/pem.h, produce a bunch of functions for reading and writing structures in various ways (with a BIO, from a FILE *, from a string buffer, etc). In this case, I think the function you're looking at is produced by the macro invocation "IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)" in crypto/pem/pem_xaux.c. Possibly it's hanging waiting to read something from stdin. From anthony.chow at al-enterprise.com Tue Apr 19 02:12:30 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Tue, 19 Apr 2016 02:12:30 +0000 Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() In-Reply-To: References: Message-ID: thanks so much. Let me look into .../crypto/pem/ directory. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Wim Lewis Sent: Monday, April 18, 2016 7:05 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] where is PEM_read_bio_X509_AUX() On Apr 18, 2016, at 6:11 PM, CHOW Anthony wrote: > I am trying to do ?openssl verify ?CAfile server.pem? and the command hang. When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs. > > But I don?t seems to find this function in the OpenSSL tree. > > Any insight on this? Thanks so much. The macros DECLARE_PEM_rw and IMPLEMENT_PEM_rw, which are defined in crypto/pem/pem.h, produce a bunch of functions for reading and writing structures in various ways (with a BIO, from a FILE *, from a string buffer, etc). In this case, I think the function you're looking at is produced by the macro invocation "IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)" in crypto/pem/pem_xaux.c. Possibly it's hanging waiting to read something from stdin. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From anthony.chow at al-enterprise.com Tue Apr 19 05:43:57 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Tue, 19 Apr 2016 05:43:57 +0000 Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() In-Reply-To: References: Message-ID: Actually, I did it wrong. Now I get it. I am able to use the openssl in /user/bin to verify a certificate. However, if I compile and install another version in /opt/openssl-1.0.2g/bin/openssl, I am not able to get the issuer?s certificate. I think some trusted certificate is store somewhere in Ubuntu 14.04. How can I reference them from my version in /opt/openssl-1.0.2g/bin/openssl? The error is from X509_verify_cert(): error 2 at 1 depth lookup: unable to get issuer certificate Thanks for the information, Anthony. From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of CHOW Anthony Sent: Monday, April 18, 2016 6:12 PM To: openssl-dev at openssl.org Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() I am trying to do ?openssl verify ?CAfile server.pem? and the command hang. When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs. But I don?t seems to find this function in the OpenSSL tree. Any insight on this? Thanks so much. grep -rwn . -e "PEM_read_bio_X509_AUX" Binary file ./libcrypto.a matches ./util/libeay.num:1541:PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION: Binary file ./demos/easy_tls/test matches Binary file ./libssl.a matches ./crypto/x509/by_file.c:143: x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); Binary file ./crypto/x509/by_file.o matches Binary file ./crypto/ts/ts_conf.o matches ./crypto/ts/ts_conf.c:102: x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); Binary file ./crypto/pem/pem_xaux.o matches ./ssl/ssl_rsa.c:705: x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, Binary file ./ssl/ssl_rsa.o matches ./doc/crypto/pem.pod:20:PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, ./doc/crypto/pem.pod:154: X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); Binary file ./test/rsa_test matches Binary file ./test/ssltest matches Binary file ./test/evp_extra_test matches Binary file ./test/sha512t matches Binary file ./test/ectest matches Binary file ./test/randtest matches Binary file ./test/ecdhtest matches Binary file ./test/evp_test matches Binary file ./test/enginetest matches Binary file ./test/sha256t matches Binary file ./test/dhtest matches Binary file ./test/md4test matches Binary file ./test/md5test matches Binary file ./test/srptest matches Binary file ./test/igetest matches Binary file ./test/sha1test matches Binary file ./test/shatest matches Binary file ./test/rmdtest matches Binary file ./test/mdc2test matches Binary file ./test/verify_extra_test matches Binary file ./test/ecdsatest matches Binary file ./test/bntest matches Binary file ./test/dsatest matches Binary file ./test/exptest matches Binary file ./test/v3nametest matches Binary file ./test/hmactest matches Binary file ./test/clienthellotest matches Binary file ./apps/openssl matches Binary file ./apps/apps.o matches ./apps/apps.c:896: x = PEM_read_bio_X509_AUX(cert, NULL, -------------- next part -------------- An HTML attachment was scrubbed... URL: From anthony.chow at al-enterprise.com Tue Apr 19 06:59:57 2016 From: anthony.chow at al-enterprise.com (CHOW Anthony) Date: Tue, 19 Apr 2016 06:59:57 +0000 Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() In-Reply-To: References: Message-ID: Got it after ? ?cp /usr/lib/ssl/certs/* /opt/openssl-1.0.1e/certs? ? From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of CHOW Anthony Sent: Monday, April 18, 2016 10:44 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] where is PEM_read_bio_X509_AUX() Actually, I did it wrong. Now I get it. I am able to use the openssl in /user/bin to verify a certificate. However, if I compile and install another version in /opt/openssl-1.0.2g/bin/openssl, I am not able to get the issuer?s certificate. I think some trusted certificate is store somewhere in Ubuntu 14.04. How can I reference them from my version in /opt/openssl-1.0.2g/bin/openssl? The error is from X509_verify_cert(): error 2 at 1 depth lookup: unable to get issuer certificate Thanks for the information, Anthony. From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of CHOW Anthony Sent: Monday, April 18, 2016 6:12 PM To: openssl-dev at openssl.org Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() I am trying to do ?openssl verify ?CAfile server.pem? and the command hang. When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs. But I don?t seems to find this function in the OpenSSL tree. Any insight on this? Thanks so much. grep -rwn . -e "PEM_read_bio_X509_AUX" Binary file ./libcrypto.a matches ./util/libeay.num:1541:PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION: Binary file ./demos/easy_tls/test matches Binary file ./libssl.a matches ./crypto/x509/by_file.c:143: x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); Binary file ./crypto/x509/by_file.o matches Binary file ./crypto/ts/ts_conf.o matches ./crypto/ts/ts_conf.c:102: x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); Binary file ./crypto/pem/pem_xaux.o matches ./ssl/ssl_rsa.c:705: x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, Binary file ./ssl/ssl_rsa.o matches ./doc/crypto/pem.pod:20:PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, ./doc/crypto/pem.pod:154: X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); Binary file ./test/rsa_test matches Binary file ./test/ssltest matches Binary file ./test/evp_extra_test matches Binary file ./test/sha512t matches Binary file ./test/ectest matches Binary file ./test/randtest matches Binary file ./test/ecdhtest matches Binary file ./test/evp_test matches Binary file ./test/enginetest matches Binary file ./test/sha256t matches Binary file ./test/dhtest matches Binary file ./test/md4test matches Binary file ./test/md5test matches Binary file ./test/srptest matches Binary file ./test/igetest matches Binary file ./test/sha1test matches Binary file ./test/shatest matches Binary file ./test/rmdtest matches Binary file ./test/mdc2test matches Binary file ./test/verify_extra_test matches Binary file ./test/ecdsatest matches Binary file ./test/bntest matches Binary file ./test/dsatest matches Binary file ./test/exptest matches Binary file ./test/v3nametest matches Binary file ./test/hmactest matches Binary file ./test/clienthellotest matches Binary file ./apps/openssl matches Binary file ./apps/apps.o matches ./apps/apps.c:896: x = PEM_read_bio_X509_AUX(cert, NULL, -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Tue Apr 19 12:45:18 2016 From: rt at openssl.org (Rich Salz via RT) Date: Tue, 19 Apr 2016 12:45:18 +0000 Subject: [openssl-dev] [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake In-Reply-To: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> References: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> Message-ID: Ah, a slippery slope. We do not check for NULL pointers, and similarly a block size of zero is nonsensical. I am closing this as it's really a caller error. OpenSSL doesn't promise to to protect against all such errors :) It has more than enough of its own to worry about. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4514 Please log in as guest with password guest if prompted From rt at openssl.org Tue Apr 19 13:57:15 2016 From: rt at openssl.org (Michel via RT) Date: Tue, 19 Apr 2016 13:57:15 +0000 Subject: [openssl-dev] [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake In-Reply-To: <001501d19a43$57a56b00$06f04100$@sales@free.fr> References: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> <001501d19a43$57a56b00$06f04100$@sales@free.fr> Message-ID: Hi Rich, > OpenSSL doesn't promise to protect against all such errors :) Really ? I'm a bit surprise that you don't care to allow to divide by zero... Especially when it's not a big work to prevent such a case. It's up to you. > block size of zero is nonsensical Zero is the block size returned for Blake digests. And nothing prevents them to be used with PKCS12_key_gen_uni(), and certainly *NOT* the documentation ! ;-) Anyway, it's not a problem for me. -----Message d'origine----- De : Rich Salz via RT [mailto:rt at openssl.org] Envoy? : mardi 19 avril 2016 14:45 ? : michel.sales at free.fr Cc : openssl-dev at openssl.org Objet : [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake Ah, a slippery slope. We do not check for NULL pointers, and similarly a block size of zero is nonsensical. I am closing this as it's really a caller error. It has more than enough of its own to worry about. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4514 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4514 Please log in as guest with password guest if prompted From rsalz at akamai.com Tue Apr 19 13:58:26 2016 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 19 Apr 2016 13:58:26 +0000 Subject: [openssl-dev] [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake In-Reply-To: References: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> <001501d19a43$57a56b00$06f04100$@sales@free.fr> Message-ID: Okay, re-open From rt at openssl.org Tue Apr 19 13:58:35 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 19 Apr 2016 13:58:35 +0000 Subject: [openssl-dev] [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake In-Reply-To: References: <004101d199b4$ef3d4cb0$cdb7e610$@sales@free.fr> <001501d19a43$57a56b00$06f04100$@sales@free.fr> Message-ID: Okay, re-open -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4514 Please log in as guest with password guest if prompted From weber at infotech.de Tue Apr 19 13:57:38 2016 From: weber at infotech.de (weber at infotech.de) Date: Tue, 19 Apr 2016 15:57:38 +0200 Subject: [openssl-dev] Possible deficiency verifying with indirect crl Message-ID: <57163952.8030705@infotech.de> Dear openssl developers, using the older version 1.0.2d we recently stumbled upon a possible deficiency in verifying a cert using an indirect crl. We went through the scoring code and found the CRL_SCORE_AKID flag unset although the crl issuers cert contained a skid. Snippet In the source x509_vfy.c, at the end of function crl_akid_check the possible crl_issuer is being looked up from the untrusted certs stack. But the untrusted certs aren't guaranteed to have the extensions cached. So in our case the crl_issuer->skid was empty causing the function X509_check_akid to return X509_V_ERR_AKID_SKID_MISMATCH. Inserting a X509_check_purpose(crl_issuer, -1, 0); just before the call fixed this issue. We compared the source against the latest version 1.0.2g and found no changes regarding this behavior. Please consider applying following patch +++ openssl-1.0.2d/crypto/x509/x509_vfy.c 2015-07-09 13:57 +0200 @@ -1234,6 +1234,7 @@ (excluded from the next commit) crl_issuer = sk_X509_value(ctx->untrusted, i); if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) continue; + X509_check_purpose(crl_issuer, -1, 0); if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { *pissuer = crl_issuer; *pcrl_score |= CRL_SCORE_AKID; BTW: We didn't check if the certs taken from the chain happen to have extension values cached (about 30 lines up). Thanks in advance -- Christian Weber Snippet From openssl at openssl.org Tue Apr 19 15:14:35 2016 From: openssl at openssl.org (OpenSSL) Date: Tue, 19 Apr 2016 15:14:35 +0000 Subject: [openssl-dev] OpenSSL version 1.1.0 pre release 5 published Message-ID: <20160419151435.GA24258@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.1.0 pre release 5 (beta) =========================================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL 1.1.0 is currently in beta. OpenSSL 1.1.0 pre release 5 has now been made available. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.1.0-notes.html Note: This OpenSSL pre-release has been provided for testing ONLY. It should NOT be used for security critical purposes. The beta release is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.0-pre5.tar.gz Size: 5289112 SHA1 checksum: 1cbc066e471c831ae8c0661abb80361b4d211a70 SHA256 checksum: 25acbdfa5e0259ed20159670e88ddb4257970f80ce923427bd201133e6e580db The checksums were calculated using the following commands: openssl sha1 openssl-1.1.0-pre5.tar.gz openssl sha256 openssl-1.1.0-pre5.tar.gz Please download and check this beta release as soon as possible. Bug reports should go to rt at openssl.org. Please check the release notes and mailing lists to avoid duplicate reports of known issues. Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXFkd3AAoJENnE0m0OYESRpHgIAIZpsbqsYSpoHzkT8TtJ8C83 I8pi4lgq3vWvQddKpM+iUqgeOzUUeQaCqFZmdoF2nvD+cqxlG58q9hUvm8hmbxF+ FN9a1n4WlihR626cipxBbOQz4WfFw7zmszCSYuEPT5MMFRQQR0fRgGidn6eBbAQk 37q6RDWHpwHvqIwNgwxH3qzmoV+jzqGYfZIBV/JrT2KL4M4x6L/Y5/g9WrubkHQe oi/QjIKsXNA+bb+E0zUzhA1Yxvgz+x/VJ96yrGFrzotqLzuHR6w2TVSh4Mx/LxS0 LAdEn8h62Ts04HMyS1+9Tj6pAmJf3cq2EtR6QA+vzNgqfmA8K0jPCdzUSklgqzE= =Wv2a -----END PGP SIGNATURE----- From rainer.jung at kippdata.de Tue Apr 19 17:43:21 2016 From: rainer.jung at kippdata.de (Rainer Jung) Date: Tue, 19 Apr 2016 19:43:21 +0200 Subject: [openssl-dev] Camellia asm build failure for 1.1.0pre5 on Solaris (typo in build.info) Message-ID: <57166E39.3060105@kippdata.de> The change https://github.com/openssl/openssl/commit/5384d1e4ebd58f31a06b2f5d1f6c4b28f63d72ed introduced a typo in the last line of file crypto/camellia/build.info. Fix is: --- crypto/camellia/build.info 2016-03-16 19:18:09.000000000 +0100 +++ crypto/camellia/build.info 2016-04-19 19:39:11.449856000 +0200 @@ -8,4 +8,4 @@ GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME) GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME) INCLUDE[cmllt4-sparcv9.o]=.. -DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9-modes.pl +DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl The Perl script name contains an underscore. Regards, Rainer From rainer.jung at kippdata.de Tue Apr 19 18:40:58 2016 From: rainer.jung at kippdata.de (Rainer Jung) Date: Tue, 19 Apr 2016 20:40:58 +0200 Subject: [openssl-dev] Core dump OpenSSL 1.1.0-pre5 during test (likely in 70-test_sslskewith0p.t) Message-ID: <57167BBA.9000509@kippdata.de> I get a core dump during test execution for 1.1.0-pre5. Test is test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc. The crash happens in BN_num_bits() (crypto/bn/bn_lib.c:211), because it is called with a NULL argument, which is then dereferenced. The call comes from EVP_PKEY_bits() (crypto/evp/p_lib.c:78). There the key has pkey->ameth->pkey_bits equals to dh_bits(), so it calls dh_bits(pkey), which calls BN_num_bits(pkey->pkey.dh->p). Looking at pkey->pkey.dh we see: (gdb) print *pkey->pkey.dh $6 = {pad = 0, version = 0, p = 0x0, g = 0x0, length = 0, pub_key = 0x0, priv_key = 0x0, flags = 1025, method_mont_p = 0x0, q = 0x0, j = 0x0, seed = 0x0, seedlen = 0, counter = 0x0, references = 1, ex_data = {sk = 0x0}, meth = 0x2b45ec, engine = 0x0, lock = 0x2e2c68} so p is actually NULL. Further print stack: #2 0x00072e54 in ssl_print_tmp_key (out=out at entry=0x2dae68, s=s at entry=0x2e1ab0) at apps/s_cb.c:478 #3 0x00075894 in print_stuff (bio=0x2dae68, s=s at entry=0x2e1ab0, full=full at entry=1) at apps/s_client.c:2625 #4 0x000784c8 in s_client_main (argc=, argv=) at apps/s_client.c:2521 Verbose run output: $ HARNESS_VERBOSE=yes TESTS=test_sslskewith0p make test ( cd test; \ SRCTOP=../. \ BLDTOP=../. \ EXE_EXT= \ OPENSSL_ENGINES=.././engines \ /usr/bin/env perl .././test/run_tests.pl test_sslskewith0p ) ../test/recipes/70-test_sslskewith0p.t .. 1..1 Proxy started on port 4453 engine "ossltest" set. Using default temp DH parameters ACCEPT engine "ossltest" set. Connection opened Received client packet Packet length = 102 Processing flight 0 Record 1 (client -> server) Content type: HANDSHAKE Version: TLS1.0 Length: 97 Message type: ClientHello Message Length: 93 Client Version:771 Session ID Len:0 Ciphersuite len:4 Compression Method Len:1 Extensions Len:48 Forwarded packet length = 102 Received server packet Packet length = 474 Processing flight 1 Record 1 (server -> client) Content type: HANDSHAKE Version: TLS1.2 Length: 61 Message type: ServerHello Message Length: 57 Server Version:771 Session ID Len:0 Ciphersuite:52 Compression Method:0 Extensions Len:17 Record 2 (server -> client) Content type: HANDSHAKE Version: TLS1.2 Length: 394 Message type: ServerKeyExchange Message Length: 390 Record 3 (server -> client) Content type: HANDSHAKE Version: TLS1.2 Length: 4 Message type: ServerHelloDone Message Length: 0 Forwarded packet length = 347 1:error:1416D066:SSL routines:tls_process_key_exchange:bad dh value:ssl/statem/statem_clnt.c:1568: Received client packet Packet length = 7 Processing flight 2 Record 1 (client -> server) Content type: ALERT Version: TLS1.2 Length: 2 Forwarded packet length = 7 Connection closed Waiting for server process to close: 14314 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 0 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) CONNECTION FAILURE 1:error:1409441A:SSL routines:ssl3_read_bytes:reason(1050):ssl/record/rec_layer_s3.c:1467:SSL alert number 50 ok 1 - ServerKeyExchange with 0 p Segmentation Fault - core dumped ok All tests successful. Regards, Rainer From rainer.jung at kippdata.de Tue Apr 19 19:18:03 2016 From: rainer.jung at kippdata.de (Rainer Jung) Date: Tue, 19 Apr 2016 21:18:03 +0200 Subject: [openssl-dev] Broken links in pod file of OpenSSL 1.1.0pre5 Message-ID: <5716846B.2000005@kippdata.de> Output during "make install": Cannot find "BIO_gets" in podpath: cannot find suitable replacement path, cannot resolve link Cannot find "BIO_callback_ctrl" in podpath: cannot find suitable replacement path, cannot resolve link Cannot find "DSA_SIG_new3)" in podpath: cannot find suitable replacement path, cannot resolve link Likely patch (it fixes the warnings, but please double check for correctness): --- doc/crypto/DSA_meth_new.pod 2016-04-19 18:51:18.000000000 +0200 +++ doc/crypto/DSA_meth_new.pod 2016-04-19 21:06:01.785837000 +0200 @@ -174,7 +174,7 @@ =head1 SEE ALSO L, L, L, L, -L, L, L, L, +L, L, L, L, L, L, L =head1 HISTORY ( "DSA_SIG_new(3)" instead of "DSA_SIG_new3)"). --- doc/crypto/BIO_meth_new.pod 2016-04-19 18:51:18.000000000 +0200 +++ doc/crypto/BIO_meth_new.pod 2016-04-19 21:14:10.702572000 +0200 @@ -75,7 +75,7 @@ the function have the same meaning as for BIO_puts(). BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically -used for reading a line of data from the BIO respectively (see the L +used for reading a line of data from the BIO respectively (see the L page for more information). This function will be called in response to the application calling BIO_gets(). The parameters for the function have the same meaning as for BIO_gets(). @@ -102,7 +102,7 @@ BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the function used for processing callback ctrl messages in the BIO respectively. See -the L page for more information. This function will be called +the L page for more information. This function will be called in response to the application calling BIO_callback_ctrl(). The parameters for the function have the same meaning as for BIO_callback_ctrl(). (Adding twice "(3)"). Regards, Rainer From matt at openssl.org Wed Apr 20 08:24:09 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Apr 2016 09:24:09 +0100 Subject: [openssl-dev] Core dump OpenSSL 1.1.0-pre5 during test (likely in 70-test_sslskewith0p.t) In-Reply-To: <57167BBA.9000509@kippdata.de> References: <57167BBA.9000509@kippdata.de> Message-ID: <57173CA9.10404@openssl.org> On 19/04/16 19:40, Rainer Jung wrote: > I get a core dump during test execution for 1.1.0-pre5. Test is > test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc. Thanks for the detailed analysis. Based on that I have been able to identify the problem. Fix on the way. Matt From rt at openssl.org Wed Apr 20 11:02:55 2016 From: rt at openssl.org (Michel via RT) Date: Wed, 20 Apr 2016 11:02:55 +0000 Subject: [openssl-dev] [openssl.org #4515] [Patch] Cannot build due to IDEA functions partially renamed In-Reply-To: <002101d19af4$21cce970$6566bc50$@sales@free.fr> References: <002101d19af4$21cce970$6566bc50$@sales@free.fr> Message-ID: Hi, I was not able to build today's git repo. May not be what you would like to do, but the attached patch should fix that. Regards, Michel Microsoft (R) Windows (R) Resource Compiler Version 6.3.9600.17336 Copyright (C) Microsoft Corporation. All rights reserved. link /nologo /debug /dll /implib:libcrypto.lib /out:libcrypto-1_1.dll / def:libcrypto-1_1.def @C:\Users\Michel\AppData\Local\Temp\nm3E7.tmp || (DEL /Q li bcrypto.* libcrypto-1_1.* && EXIT 1) Creating library libcrypto.lib and object libcrypto.exp e_idea.obj : error LNK2019: unresolved external symbol _idea_ecb_encrypt referen ced in function _idea_ecb_cipher e_idea.obj : error LNK2019: unresolved external symbol _idea_cbc_encrypt referen ced in function _idea_cbc_cipher e_idea.obj : error LNK2019: unresolved external symbol _idea_ofb64_encrypt refer enced in function _idea_ofb_cipher e_idea.obj : error LNK2019: unresolved external symbol _idea_cfb64_encrypt refer enced in function _idea_cfb64_cipher libcrypto-1_1.dll : fatal error LNK1120: 4 unresolved externals NMAKE : fatal error U1077: 'link' : return code '0x1' Stop. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4515 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: idea.patch Type: application/octet-stream Size: 1031 bytes Desc: not available URL: From matt at openssl.org Wed Apr 20 12:30:43 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Apr 2016 13:30:43 +0100 Subject: [openssl-dev] Broken links in pod file of OpenSSL 1.1.0pre5 In-Reply-To: <5716846B.2000005@kippdata.de> References: <5716846B.2000005@kippdata.de> Message-ID: <57177673.8020506@openssl.org> On 19/04/16 20:18, Rainer Jung wrote: > Output during "make install": > > Cannot find "BIO_gets" in podpath: cannot find suitable replacement > path, cannot resolve link > Cannot find "BIO_callback_ctrl" in podpath: cannot find suitable > replacement path, cannot resolve link > Cannot find "DSA_SIG_new3)" in podpath: cannot find suitable replacement > path, cannot resolve link > > Likely patch (it fixes the warnings, but please double check for > correctness): Patch applied: https://github.com/openssl/openssl/commit/ecba1fb386919b70933fa0447ee7438d9379dea0 Thanks! Matt > > --- doc/crypto/DSA_meth_new.pod 2016-04-19 18:51:18.000000000 +0200 > +++ doc/crypto/DSA_meth_new.pod 2016-04-19 21:06:01.785837000 +0200 > @@ -174,7 +174,7 @@ > =head1 SEE ALSO > > L, L, L, > L, > -L, L, L, > L, > +L, L, L, > L, > L, L, L > > =head1 HISTORY > > > ( "DSA_SIG_new(3)" instead of "DSA_SIG_new3)"). > > > --- doc/crypto/BIO_meth_new.pod 2016-04-19 18:51:18.000000000 +0200 > +++ doc/crypto/BIO_meth_new.pod 2016-04-19 21:14:10.702572000 +0200 > @@ -75,7 +75,7 @@ > the function have the same meaning as for BIO_puts(). > > BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function > typically > -used for reading a line of data from the BIO respectively (see the > L > +used for reading a line of data from the BIO respectively (see the > L > page for more information). This function will be called in response to > the > application calling BIO_gets(). The parameters for the function have > the same > meaning as for BIO_gets(). > @@ -102,7 +102,7 @@ > > BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and > set the > function used for processing callback ctrl messages in the BIO > respectively. See > -the L page for more information. This function will > be called > +the L page for more information. This function > will be called > in response to the application calling BIO_callback_ctrl(). The > parameters for > the function have the same meaning as for BIO_callback_ctrl(). > > > (Adding twice "(3)"). > > Regards, > > Rainer From KThirumal at inautix.co.in Wed Apr 20 14:03:47 2016 From: KThirumal at inautix.co.in (Thirumal, Karthikeyan) Date: Wed, 20 Apr 2016 14:03:47 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <36b21244cc154c2d93668a274ecfa080@usma1ex-dag1mb1.msg.corp.akamai.com> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> <5710B8A7.20302@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C010949F@WTPCPMBMEM07.ams.bnymellon.net> <36b21244cc154c2d93668a274ecfa080@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <55A0598A7539EC4BAB296D8BBA5AC122C0113689@WTPCPMBMEM07.ams.bnymellon.net> Thanks Rich. We first attempted to move to openssl-0.9.8zc - but we faced memory issues and our process got dumped at SSL_free. So we backed out and moved back to 9.8a. Can I go to 0.9.8e version and will the SSL fragment issue be fixed there ? Thanks & Regards ________________________ Karthikeyan Thirumal -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Salz, Rich Sent: Friday, April 15, 2016 10:26 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications > Can you tell me if we can enable SSL in fragments with openssl-0.9.8a ? So Upgrade. Sorry, that's the only answer. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ****************************************************** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ****************************************************** From rsalz at akamai.com Wed Apr 20 14:09:10 2016 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 20 Apr 2016 14:09:10 +0000 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <55A0598A7539EC4BAB296D8BBA5AC122C0113689@WTPCPMBMEM07.ams.bnymellon.net> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> <5710B8A7.20302@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C010949F@WTPCPMBMEM07.ams.bnymellon.net> <36b21244cc154c2d93668a274ecfa080@usma1ex-dag1mb1.msg.corp.akamai.com> <55A0598A7539EC4BAB296D8BBA5AC122C0113689@WTPCPMBMEM07.ams.bnymellon.net> Message-ID: <867e8ba5db9b420f8ec0a388d95c9269@usma1ex-dag1mb1.msg.corp.akamai.com> > Can I go to 0.9.8e version and will the SSL fragment issue be fixed there ? To repeat myself: upgrade. From matt at openssl.org Wed Apr 20 14:12:59 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Apr 2016 15:12:59 +0100 Subject: [openssl-dev] Windows Patch affecting connectivity to our applications In-Reply-To: <55A0598A7539EC4BAB296D8BBA5AC122C0113689@WTPCPMBMEM07.ams.bnymellon.net> References: <55A0598A7539EC4BAB296D8BBA5AC122C0108E57@WTPCPMBMEM07.ams.bnymellon.net> <5710A796.6080002@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C0108FD6@WTPCPMBMEM07.ams.bnymellon.net> <5710B8A7.20302@openssl.org> <55A0598A7539EC4BAB296D8BBA5AC122C010949F@WTPCPMBMEM07.ams.bnymellon.net> <36b21244cc154c2d93668a274ecfa080@usma1ex-dag1mb1.msg.corp.akamai.com> <55A0598A7539EC4BAB296D8BBA5AC122C0113689@WTPCPMBMEM07.ams.bnymellon.net> Message-ID: <57178E6B.2070007@openssl.org> On 20/04/16 15:03, Thirumal, Karthikeyan wrote: > Thanks Rich. > > We first attempted to move to openssl-0.9.8zc - but we faced memory issues and our process got dumped at SSL_free. So we backed out and moved back to 9.8a. > > Can I go to 0.9.8e version and will the SSL fragment issue be fixed there ? I don't know what the cause of the fragments issue is. AFAICS fragments should work just fine in 0.9.8. However, there are a large number of bugs that were fixed between 0.9.8a and 0.9.8zc. As neither version is in support any more you'd have to try it for yourself. But really Rich is absolutely right...the correct answer here is upgrade to a supported version (i.e. not a 0.9.8/1.0.0 based version) and fix the memory issues you are experiencing. OpenSSL is a security product. With the version that you are currently running you are effectively getting near zero security benefit. Matt > > Thanks & Regards > ________________________ > Karthikeyan Thirumal > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Salz, Rich > Sent: Friday, April 15, 2016 10:26 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Windows Patch affecting connectivity to our applications > >> Can you tell me if we can enable SSL in fragments with openssl-0.9.8a ? So > > Upgrade. > > Sorry, that's the only answer. > > -- > Senior Architect, Akamai Technologies > IM: richsalz at jabber.at Twitter: RichSalz > From huangqinjin at gmail.com Wed Apr 20 18:36:06 2016 From: huangqinjin at gmail.com (=?UTF-8?B?6buE5Yuk55G+?=) Date: Thu, 21 Apr 2016 02:36:06 +0800 Subject: [openssl-dev] Consistent way of making a const bignum Message-ID: I'd submitted a pull request to openssl, changing the use of BN_bin2bin() to static const bignums in bn_const.c . I defined macro bn_pack2 : #if BN_BITS2 == 64 # define bn_pack2(a1,a2) ((0x##a1##ULL<<32)|0x##a2##ULL) #elif BN_BITS2 == 32 # define bn_pack2(a1,a2) 0x##a2##UL, 0x##a1##UL #else # error "unsupported BN_BITS2" #endif Use bn_pack2 to define BN_ULONG arrays: static const BN_ULONG num[] = { bn_pack2(FFFFFFFF, FFFFFFFF), bn_pack2(F44C42E9, A63A3620) }; bn_const.c , bn_dh.c , bn_nist.c , bn_srp.c make const bignums respectively. * richsalz * wants to make them consistent. So if the marco bn_pack2 works well on all platforms, or the best way to do that? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Wed Apr 20 18:49:40 2016 From: rt at openssl.org (Rich Salz via RT) Date: Wed, 20 Apr 2016 18:49:40 +0000 Subject: [openssl-dev] [openssl.org #4515] [Patch] Cannot build due to IDEA functions partially renamed In-Reply-To: <002101d19af4$21cce970$6566bc50$@sales@free.fr> References: <002101d19af4$21cce970$6566bc50$@sales@free.fr> Message-ID: pushed as commit 098a238 Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4515 Please log in as guest with password guest if prompted From brian at briansmith.org Wed Apr 20 19:08:27 2016 From: brian at briansmith.org (Brian Smith) Date: Wed, 20 Apr 2016 09:08:27 -1000 Subject: [openssl-dev] Consistent way of making a const bignum In-Reply-To: References: Message-ID: Feel free to take the patch at https://boringssl.googlesource.com/boringssl/+/7af36e1e38f54051559e2a40e6461a0c3b23b3fc%5E%21/#F0 if it helps you. In particular, crypto/ec (ecp_nistz256, at least) also needs this, and in fact this is already defined there. Cheers, Brian On Wed, Apr 20, 2016 at 8:36 AM, ??? wrote: > I'd submitted a pull request to openssl, changing the use of BN_bin2bin() > to static const bignums in bn_const.c . I defined macro bn_pack2 : > > #if BN_BITS2 == 64 > # define bn_pack2(a1,a2) ((0x##a1##ULL<<32)|0x##a2##ULL) > #elif BN_BITS2 == 32 > # define bn_pack2(a1,a2) 0x##a2##UL, 0x##a1##UL > #else > # error "unsupported BN_BITS2" > #endif > > Use bn_pack2 to define BN_ULONG arrays: > static const BN_ULONG num[] = { > bn_pack2(FFFFFFFF, FFFFFFFF), bn_pack2(F44C42E9, A63A3620) > }; > > bn_const.c , bn_dh.c , bn_nist.c , bn_srp.c make const bignums > respectively. > * > richsalz * wants to make them consistent. So > if the marco bn_pack2 works well on all platforms, or the best way to do > that? > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -- https://briansmith.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Wed Apr 20 19:27:30 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Wed, 20 Apr 2016 19:27:30 +0000 Subject: [openssl-dev] [openssl.org #4513] [PATCH] In-Reply-To: References: Message-ID: Your fix has been merged into master. Thank you! Vid Mon, 18 apr 2016 kl. 13.05.26, skrev davide.galassi at gmail.com: > Hello, > > Given that BIO_connect never returns a value less than 0 > > crypto/bio/b_sock2.c > > * Returns 1 on success or 0 on failure. On failure errno is set > * and an error status is added to the OpenSSL error stack. > */ > int BIO_connect(int sock, const BIO_ADDR *addr, int options); > > This call always produces a wrong result > > openssl/crypto/bio/bss_conn.c > > case BIO_CONN_S_CONNECT: > BIO_clear_retry_flags(b); > ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), > BIO_SOCK_KEEPALIVE | c->connect_mode); > b->retry_reason = 0; > if (ret < 0) { > > I attach a patch with the fix. > > Best Regards, > > Davide Galassi -- Richard Levitte levitte at openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4513 Please log in as guest with password guest if prompted From rt at openssl.org Thu Apr 21 11:45:34 2016 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 21 Apr 2016 11:45:34 +0000 Subject: [openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup() In-Reply-To: References: Message-ID: Closing upon request of OP. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4437 Please log in as guest with password guest if prompted From rt at openssl.org Thu Apr 21 13:21:37 2016 From: rt at openssl.org (Kazuki Yamaguchi via RT) Date: Thu, 21 Apr 2016 13:21:37 +0000 Subject: [openssl-dev] [openssl.org #4517] [PATCH] Fix EC_KEY_set_private_key() to call key->group->meth->set_private() [GitHub PR #986] In-Reply-To: <20160421090910.GA22532@chikuwa.rhe.jp> References: <20160421090910.GA22532@chikuwa.rhe.jp> Message-ID: Fix a bug introduced by 6903e2e7e9a4 (Extended EC_METHOD customisation support., 2016-02-01). key->meth->set_private() is wrongly called where it should call key->group->meth->set_private(). --- I also created a pull request on GitHub: - https://github.com/openssl/openssl/pull/986 Thanks, crypto/ec/ec_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index f7948cc..22c6535 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -483,8 +483,8 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { if (key->group == NULL || key->group->meth == NULL) return 0; - if (key->group->meth->set_private - && key->meth->set_private(key, priv_key) == 0) + if (key->group->meth->set_private != NULL + && key->group->meth->set_private(key, priv_key) == 0) return 0; if (key->meth->set_private != NULL && key->meth->set_private(key, priv_key) == 0) -- 2.8.1.104.g07d5700.dirty -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4517 Please log in as guest with password guest if prompted From ytrezq at sdf-eu.org Thu Apr 21 20:36:25 2016 From: ytrezq at sdf-eu.org (none) Date: Thu, 21 Apr 2016 22:36:25 +0200 Subject: [openssl-dev] =?utf-8?q?proposal_=3A_let_openssl_users_don?= =?utf-8?q?=E2=80=99t_assume_int_is_equal_to_pointer_size=2E?= Message-ID: Hello, As you know, using signed int instead of size_t for size handling is a common source of potential remote code execution? Openssl have lot of functions that takes "int len" as a parameter. Of course changing the api by using size_t would cause problems. So for the functions that can returns errors like BIOS_read(), what about letting the application that did a mistake know they did wrong (because of a vulnerability)?? I mean checking in Openssl that the given integers aren?t negative in the concerned functions (taking the bio_read() example if len would be negative -1 would be returned). Existing applications normally already check the return value of such function, so they have code to handle it. Of course I can make such change (and in fact will finish to do it if you agree with this) From matt at openssl.org Fri Apr 22 14:42:12 2016 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 Apr 2016 15:42:12 +0100 Subject: [openssl-dev] Core dump OpenSSL 1.1.0-pre5 during test (likely in 70-test_sslskewith0p.t) In-Reply-To: <57173CA9.10404@openssl.org> References: <57167BBA.9000509@kippdata.de> <57173CA9.10404@openssl.org> Message-ID: <571A3844.9000003@openssl.org> On 20/04/16 09:24, Matt Caswell wrote: > > > On 19/04/16 19:40, Rainer Jung wrote: >> I get a core dump during test execution for 1.1.0-pre5. Test is >> test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc. > > Thanks for the detailed analysis. Based on that I have been able to > identify the problem. Fix on the way. Should be fixed by this commit: https://github.com/openssl/openssl/commit/ee85fc1dd67faebdeecb8fe8834facaee0566324 Matt From rt at openssl.org Sat Apr 23 04:08:15 2016 From: rt at openssl.org (Stephen Henson via RT) Date: Sat, 23 Apr 2016 04:08:15 +0000 Subject: [openssl-dev] [openssl.org #4517] [PATCH] Fix EC_KEY_set_private_key() to call key->group->meth->set_private() [GitHub PR #986] In-Reply-To: <20160421090910.GA22532@chikuwa.rhe.jp> References: <20160421090910.GA22532@chikuwa.rhe.jp> Message-ID: Fixed, thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4517 Please log in as guest with password guest if prompted From alexhultman at gmail.com Sat Apr 23 05:26:53 2016 From: alexhultman at gmail.com (Alex Hultman) Date: Sat, 23 Apr 2016 07:26:53 +0200 Subject: [openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free) Message-ID: Hi, I'm having trouble "duping" an SSL connection. I have an SSL *pointer that is going to be SSL_free'd, so I need to clone it or up the ref count or somehow make it stay alive. I see that in OpenSSL 1.1.0 it seems you added the SSL_up_ref - is there any equivalent functionality in 1.0.2? I also see that the documentation of SSL_dup has changed in 1.1.0 to a much more strict one (one that does not suit my needs). What I'm basically in need of is some way of cloning the connection just like UNIX dup can duplicate a file descriptor so that a new server can use the dup'ed fd while the original server can go ahead and close the original fd without destroying the underlying connection. I need the equivalent in OpenSSL. I tried this: (0. Have some other HTTPS server accept & establish the SSL pointer) 1. get the SSL pointer, SSL_dup it 2. get the fd, UNIX dup it 3. SSL_set_fd on the duped SSL pointer to the duped fd 4. SSL_write & SSL_shutdown for demo This gives me SSL_ERROR_BAD_MAC_READ errors on the client. If I skip SSL_dup it works, and I can SSL_write a message that shows up in the client. But like I mentioned, the original server is going to SSL_free the SSL pointer I use, so I need to clone it somehow. I would be thankful for any clarifications on this. I've been skimming through the docs for 2 days now and it seems very ambiguous. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at roumenpetrov.info Sat Apr 23 13:01:02 2016 From: openssl at roumenpetrov.info (Roumen Petrov) Date: Sat, 23 Apr 2016 16:01:02 +0300 Subject: [openssl-dev] build with defined ENGINE_REF_COUNT_DEBUG Message-ID: <571B720E.1040300@roumenpetrov.info> Hi, Please see attached file 0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch . If ENGINE_REF_COUNT_DEBUG is defined build fail. Proposed patch resolve issue. Regards, Roumen -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch Type: text/x-diff Size: 775 bytes Desc: not available URL: From openssl at roumenpetrov.info Sat Apr 23 13:11:58 2016 From: openssl at roumenpetrov.info (Roumen Petrov) Date: Sat, 23 Apr 2016 16:11:58 +0300 Subject: [openssl-dev] OPENSSL_cleanup now error is "invalid pointer" In-Reply-To: <56E87D0C.1060209@roumenpetrov.info> References: <56CCC037.5040403@roumenpetrov.info> <56E1F368.5090308@roumenpetrov.info> <56E2CADE.2090208@openssl.org> <56E87D0C.1060209@roumenpetrov.info> Message-ID: <571B749E.7080805@roumenpetrov.info> Hi With current master "corrupted double-linked list" disappear but error still exist, see below Roumen Petrov wrote: > [SNIP] > > Stack trace > *** Error in '/apps/openssl': corrupted double-linked list: > 0x00000000006de730 *** > ^C > Program received signal SIGINT, Interrupt. > 0x00007ffff6fb338b in __lll_lock_wait_private () from /lib64/libc.so.6 > (gdb) bt > #0 0x00007ffff6fb338b in __lll_lock_wait_private () from > /lib64/libc.so.6 > #1 0x00007ffff6f3024a in _L_lock_12669 () from /lib64/libc.so.6 > #2 0x00007ffff6f2d975 in malloc () from /lib64/libc.so.6 > #3 0x00007ffff7de1b26 in _dl_map_object () from > /lib64/ld-linux-x86-64.so.2 > #4 0x00007ffff7ded387 in dl_open_worker () from > /lib64/ld-linux-x86-64.so.2 > #5 0x00007ffff7de8924 in _dl_catch_error () from > /lib64/ld-linux-x86-64.so.2 > #6 0x00007ffff7decc7b in _dl_open () from /lib64/ld-linux-x86-64.so.2 > #7 0x00007ffff6fe0752 in do_dlopen () from /lib64/libc.so.6 > #8 0x00007ffff7de8924 in _dl_catch_error () from > /lib64/ld-linux-x86-64.so.2 > #9 0x00007ffff6fe0812 in __libc_dlopen_mode () from /lib64/libc.so.6 > #10 0x00007ffff6fb9825 in init () from /lib64/libc.so.6 > #11 0x00007ffff7282120 in pthread_once () from /lib64/libpthread.so.0 > #12 0x00007ffff6fb993c in backtrace () from /lib64/libc.so.6 > #13 0x00007ffff6f232a4 in __libc_message () from /lib64/libc.so.6 > #14 0x00007ffff6f293d7 in malloc_printerr () from /lib64/libc.so.6 > #15 0x00007ffff6f2ab0c in _int_free () from /lib64/libc.so.6 > #16 0x00007ffff781b962 in CRYPTO_free (str=0x6de850, > file=0x7ffff78eb3e6 "crypto/threads_pthread.c", line=99) at > crypto/mem.c:226 > #17 0x00007ffff787e7f5 in CRYPTO_THREAD_lock_free (lock=0x6de850) at > crypto/threads_pthread.c:99 > #18 0x00007ffff780eda5 in EVP_PKEY_free_it (x=0x6e9310) at > crypto/evp/p_lib.c:447 > #19 0x00007ffff780ecf4 in EVP_PKEY_free (x=0x6e9310) at > crypto/evp/p_lib.c:431 > #20 0x00007ffff7811307 in EVP_PKEY_CTX_free (ctx=0x6de3a0) at > crypto/evp/pmeth_lib.c:331 > #21 0x00007ffff77f7cd3 in EVP_MD_CTX_reset (ctx=0x6be5d0) at > crypto/evp/digest.c:138 > #22 0x00007ffff77f7d34 in EVP_MD_CTX_free (ctx=0x6be5d0) at > crypto/evp/digest.c:154 > #23 0x00007ffff77f59a3 in md_free (a=0x6be510) at crypto/evp/bio_md.c:116 > #24 0x00007ffff77359b8 in BIO_free (a=0x6be510) at > crypto/bio/bio_lib.c:138 > #25 0x000000000042d54a in dgst_main (argc=1, argv=0x7fffffffd950) at > apps/dgst.c:444 > #26 0x0000000000438844 in do_cmd (prog=0x6b5f20, argc=11, > argv=0x7fffffffd900) at apps/openssl.c:570 > #27 0x0000000000437ff3 in main (argc=11, argv=0x7fffffffd900) at > apps/openssl.c:274 > (gdb) > > I use "0004-avoid-corrupted-double-linked-list-in-EVP_PKEY.patch" as > work-around. Local repository is updated up to: commit acde647fb0347f64af8f8678b73ce41f2f499c02 Author: Kazuki Yamaguchi Date: Thu Apr 21 17:35:53 2016 +0900 Fix EC_KEY_set_private_key() to call key->group->meth->set_private() .... Now error is: *** Error in `/util/../apps/openssl': munmap_chunk(): invalid pointer: 0x0000000000fbe590 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7e3d7)[0x7f95457ec3d7] /util/../libcrypto.so.1.1(CRYPTO_free+0x57)[0x7f954635e0e2] /util/../libcrypto.so.1.1(CRYPTO_THREAD_lock_free+0x39)[0x7f95463c19f1] /util/../libcrypto.so.1.1(+0x17951d)[0x7f954635151d] /util/../libcrypto.so.1.1(EVP_PKEY_free+0x70)[0x7f954635146c] /util/../libcrypto.so.1.1(EVP_PKEY_CTX_free+0x55)[0x7f9546353a7f] /util/../libcrypto.so.1.1(EVP_MD_CTX_reset+0xd7)[0x7f954633a487] /util/../libcrypto.so.1.1(EVP_MD_CTX_free+0x18)[0x7f954633a4e8] /util/../libcrypto.so.1.1(+0x1600b9)[0x7f95463380b9] /util/../libcrypto.so.1.1(BIO_free+0x11d)[0x7f954627abcc] /util/../apps/openssl[0x42d879] /util/../apps/openssl[0x438cf8] /util/../apps/openssl[0x4384b5] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f954578fd05] /util/../apps/openssl[0x41ba99] ======= Memory map: ======== Work-around "avoid-corrupted-double-linked-list-in-EVP_PKEY" from my previous post resolve issue: Roumen P.S. diff for protocol diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index a8fa301..0dfb93b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -436,6 +436,7 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) x->engine = NULL; #endif CRYPTO_THREAD_lock_free(x->lock); + x->lock = NULL; } static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, From openssl at roumenpetrov.info Sat Apr 23 13:28:25 2016 From: openssl at roumenpetrov.info (Roumen Petrov) Date: Sat, 23 Apr 2016 16:28:25 +0300 Subject: [openssl-dev] get engine function for EC key Message-ID: <571B7879.1000108@roumenpetrov.info> Hi, Currently access to engine member is available for some keys: $ grep -r get0_engine include/ include/openssl/dh.h:ENGINE *DH_get0_engine(DH *d); include/openssl/dsa.h:ENGINE *DSA_get0_engine(DSA *d); include/openssl/rsa.h:ENGINE *RSA_get0_engine(RSA *r); Please add function for EC_KEY. If possible constify key argument and result for all those access functions. Roumen From openssl at roumenpetrov.info Sat Apr 23 14:56:37 2016 From: openssl at roumenpetrov.info (Roumen Petrov) Date: Sat, 23 Apr 2016 17:56:37 +0300 Subject: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque? Message-ID: <571B8D25.2030100@roumenpetrov.info> Hi Openssl developers, Recent modification to X509... structures prevent external implementation of X509_LOOKUP_METHOD. Main issue that 1.1beta5 is not usable. A lot of X509... structures are now opaque, but there is no access neither memory management functions. I hop that soon will be provided API for X509_LOOKUP_METHOD and etc., and then we could discuss corresponding API. This email is only for X509_OBJECT as the primary subject is use of lookup methods. 1) X509_STORE_get_X509_by_subject The new function is with argument type and return X509_OBJECT. If is called with X509_LU_CRL returned X509_OBJECT will contain X509_CRL. So the question is why to use this new method instead existing X509_STORE_get_by_subject? What about to declare method as: X509* X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME *name) and to declare another method as: X509_CRL* X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs, X509_NAME *name) Definition could use internally X509_OBJECT with corresponding search type. 2) X509_OBJECT allocation. Function X509_STORE_get_by_subject require pointer to allocated X509_OBJECT. This and implementation of X509_LOOKUP_METHOD require X509_OBJECT allocation method. Unfortunately X509_OBJECT_new is not defined in 1.1beta5. 3) release of X509_OBJECT content. X509_OBJECT_free is a new function that call X509_OBJECT_free_contents. Unfortunately public function X509_OBJECT_free_contents release content but does not change content type nor clear (zero) content. If program code call X509_OBJECT_free_contents and then at some point call X509_OBJECT_free double free error occur. It seems to me current OpenSSL code is not impacted as functions like X509_STORE_add_.... does not use X509_OBJECT_free X509_OBJECT_free_contents(obj); OPENSSL_free(obj); If function X509_OBJECT_free_contents remain public please ensure that double free will not occur. It seems to me change of content type to X509_LU_RETRY will prevent double free. 4) access to X509_OBJECT content. Current API provide access to certificate content but lack for access to revocation list content. Function X509_OBJECT_get0_X509 returns always certificate if argument is not null. This does not look correct. The function must return X.509 certificate only if argument is not null and content type is for certificate. For instance X509 *X509_OBJECT_get0_X509(X509_OBJECT *a) { return a != NULL && a->type == X509_LU_X509 ? a->data.x509 : NULL; } Please define content access function for revocation list: X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) I'm concerned that according plan next release is final one. Roumen From rsalz at akamai.com Sat Apr 23 15:06:54 2016 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 23 Apr 2016 15:06:54 +0000 Subject: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque? In-Reply-To: <571B8D25.2030100@roumenpetrov.info> References: <571B8D25.2030100@roumenpetrov.info> Message-ID: > I'm concerned that according plan next release is final one. Thank you for the feedback! We know that various accessors still need to be provided, and things like what you pointed out are bugs to be fixed. If there are other things you find missing, please let us know. From openssl at roumenpetrov.info Sat Apr 23 15:24:22 2016 From: openssl at roumenpetrov.info (Roumen Petrov) Date: Sat, 23 Apr 2016 18:24:22 +0300 Subject: [openssl-dev] remove defines that access X.509 store Message-ID: <571B93A6.7030905@roumenpetrov.info> Hi, Please find attached file "0004-remove-defines-X509_STORE_set_verify_.-as-context-is.patch" with a patch that removes two defines that access X.509 store members directly. As the X509_STORE is opaque build of source that use those defines fail. Regards, Roumen -------------- next part -------------- A non-text attachment was scrubbed... Name: 0004-remove-defines-X509_STORE_set_verify_.-as-context-is.patch Type: text/x-diff Size: 879 bytes Desc: not available URL: From rt at openssl.org Sun Apr 24 20:28:22 2016 From: rt at openssl.org (deengert@gmail.com via RT) Date: Sun, 24 Apr 2016 20:28:22 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571D2C56.8070604@gmail.com> References: <571D2C56.8070604@gmail.com> Message-ID: The new routines in OpenSSL-1.1.0-pre5 RSA_get0_key and RSA_set0_key with their multiple arguments are not very user friendly requiring much more code being replaced and may lead to freeing an active pointers. Would not a set of routines like: BIGNUM* RSA_get0_key_n(RSA *rsa); int RSA_set0_key_n(RSA *rsa, BIGNUM *n); (A set for: n, e, d, p, q, idmp1, idmq1, iqmp) be much more backward compatible? It would allow for code which contained lines like rsa->n to be replaced by RSA_get0_key_n(rsa) or assignments to be replaced by RSA_get0_key_n(rsa, n); and for backward compatibly a user could define something like: #if OPENSSL_VERSION_NUMBER < 0x10100005L #define RSA_get0_key_n(R) ((R)->n) #define RSA_set0_key_n(R, N) ((R)->n = (N)) ... The above also applies to DSA_get0_* and DSA_set0_* routines too. While converting some existing code, the problem with RSA_set0_key came up. The code would create rsa with n and e in one routine, then in another using rsa and getting n and e would created d, p, q. But to set d required RSA_set0_key(rsa, n, e, d) the sequence of RSA_get0_key(rsa, &n, &e, NULL); ... calculate d ... RSA_set0_key(rsa, n, e, d); RSA_set0_key will free an existing rsa->n, and replace it with the new n, but in the simple case above the point returned by RSA_get0_key for n and e would be freed, but the new pointer points at the same location which were just freed. This is an example of what had to be done using BN_dup to avoid the above problem. If nothing else, all the RSA_set0 routines should test if the same pointer value is being replaced if so do not free it. The same logic need to be done for all the RSA_set0_* functions as well as the DSA_set0_* functions. diff --git a/src/tools/cryptoflex-tool.c b/src/tools/cryptoflex-tool.c index 109aa35..366fdaa 100644 --- a/src/tools/cryptoflex-tool.c +++ b/src/tools/cryptoflex-tool.c @@ -217,8 +217,8 @@ static int parse_public_key(const u8 *key, size_t keysize, RSA *rsa) if (e == NULL) return -1; cf2bn(p, 4, e); - rsa->n = n; - rsa->e = e; + if (RSA_set0_key(rsa, n, e, NULL) != 1) + return -1; return 0; } @@ -226,6 +226,8 @@ static int gen_d(RSA *rsa) { BN_CTX *bnctx; BIGNUM *r0, *r1, *r2; + BIGNUM *rsa_p, *rsa_q, *rsa_n, *rsa_e, *rsa_d; + BIGNUM *rsa_n_new, *rsa_e_new; bnctx = BN_CTX_new(); if (bnctx == NULL) @@ -234,13 +236,25 @@ static int gen_d(RSA *rsa) r0 = BN_CTX_get(bnctx); r1 = BN_CTX_get(bnctx); r2 = BN_CTX_get(bnctx); - BN_sub(r1, rsa->p, BN_value_one()); - BN_sub(r2, rsa->q, BN_value_one()); + RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); + RSA_get0_factors(rsa, &rsa_p, &rsa_q); + + BN_sub(r1, rsa_p, BN_value_one()); + BN_sub(r2, rsa_q, BN_value_one()); BN_mul(r0, r1, r2, bnctx); - if ((rsa->d = BN_mod_inverse(NULL, rsa->e, r0, bnctx)) == NULL) { + if ((rsa_d = BN_mod_inverse(NULL, rsa_e, r0, bnctx)) == NULL) { fprintf(stderr, "BN_mod_inverse() failed.\n"); return -1; } + + /* RSA_set0_key will free previous value, and replace with new value + * Thus the need to copy the contents of rsa_n and rsa_e + */ + rsa_n_new = BN_dup(rsa_n); + rsa_e_new = BN_dup(rsa_e); + if (RSA_set0_key(rsa, rsa_n_new, rsa_e_new, rsa_d) != 1) + return -1; + BN_CTX_end(bnctx); BN_CTX_free(bnctx); return 0; -- Douglas E. Engert -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rsalz at akamai.com Mon Apr 25 11:38:47 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 25 Apr 2016 11:38:47 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <571D2C56.8070604@gmail.com> Message-ID: <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> > Would not a set of routines like: > BIGNUM* RSA_get0_key_n(RSA *rsa); > int RSA_set0_key_n(RSA *rsa, BIGNUM *n); (A set for: n, e, d, p, q, idmp1, > idmq1, iqmp) be much more backward compatible? We had discussed this in the team, and decided that it was better to have a single API that took all the piece-parts, rather than being able to set the individual components. It's conceptually simpler to gather what you need and then create a key, rather than everyone having to constantly check to see if all the necessary fields have been set. > If nothing else, all the RSA_set0 routines should test if the same pointer > value is being replaced if so do not free it. > > The same logic need to be done for all the RSA_set0_* functions as well as > the DSA_set0_* functions. That seems like a bug we should fix. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From rt at openssl.org Mon Apr 25 11:39:06 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Mon, 25 Apr 2016 11:39:06 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > Would not a set of routines like: > BIGNUM* RSA_get0_key_n(RSA *rsa); > int RSA_set0_key_n(RSA *rsa, BIGNUM *n); (A set for: n, e, d, p, q, idmp1, > idmq1, iqmp) be much more backward compatible? We had discussed this in the team, and decided that it was better to have a single API that took all the piece-parts, rather than being able to set the individual components. It's conceptually simpler to gather what you need and then create a key, rather than everyone having to constantly check to see if all the necessary fields have been set. > If nothing else, all the RSA_set0 routines should test if the same pointer > value is being replaced if so do not free it. > > The same logic need to be done for all the RSA_set0_* functions as well as > the DSA_set0_* functions. That seems like a bug we should fix. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 25 13:08:06 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Mon, 25 Apr 2016 13:08:06 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.150743.2285529439490102852.levitte@openssl.org> References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> Message-ID: In message <6b097acbe9d94724ac545f2529e45939 at usma1ex-dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 11:38:47 +0000, "Salz, Rich" said: rsalz> > If nothing else, all the RSA_set0 routines should test if the same pointer rsalz> > value is being replaced if so do not free it. rsalz> > rsalz> > The same logic need to be done for all the RSA_set0_* functions as well as rsalz> > the DSA_set0_* functions. rsalz> rsalz> That seems like a bug we should fix. No, it's by design: : ; perldoc doc/crypto/RSA_get0_key.pod ... The n, e and d parameter values can be set by calling RSA_set0_key() and passing the new values for n, e and d as parameters to the function. Calling this function transfers the memory management of the values to the RSA object, and therefore the values that have been passed in should not be freed by the caller after this function has been called. ... : ; perldoc doc/crypto/DSA_get0_pqg.pod ... The p, q and g values can be set by calling DSA_set0_pqg() and passing the new values for p, q and g as parameters to the function. Calling this function transfers the memory management of the values to the DSA object, and therefore the values that have been passed in should not be freed directly after this function has been called. ... Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rsalz at akamai.com Mon Apr 25 13:19:35 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 25 Apr 2016 13:19:35 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> Message-ID: <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> No, he means setting the same value twice. For example, making this change: If (r=->n != n) BN_free(r->n); If(r->e != e) BN_free(r->e); If (r->d != d) BN_free(r->d); I agree it shouldn't happen, but do we want to protect against that? I could be convinced either way. From rt at openssl.org Mon Apr 25 13:19:38 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Mon, 25 Apr 2016 13:19:38 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: No, he means setting the same value twice. For example, making this change: If (r=->n != n) BN_free(r->n); If(r->e != e) BN_free(r->e); If (r->d != d) BN_free(r->d); I agree it shouldn't happen, but do we want to protect against that? I could be convinced either way. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From tmraz at redhat.com Mon Apr 25 13:29:41 2016 From: tmraz at redhat.com (Tomas Mraz) Date: Mon, 25 Apr 2016 15:29:41 +0200 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> Message-ID: <1461590981.6288.19.camel@redhat.com> On Po, 2016-04-25 at 13:08 +0000, Richard Levitte via RT wrote: >? > rsalz> > If nothing else, all the RSA_set0 routines should test if > the same pointer > rsalz> > value is being replaced if so do not free it. > rsalz> >? > rsalz> > The same logic need to be done for all the RSA_set0_* > functions as well as > rsalz> > the DSA_set0_* functions. > rsalz>? > rsalz> That seems like a bug we should fix. > > No, it's by design: > Then perhaps there should be a function to set only the private part of the RSA and DSA keys? --? Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) From rt at openssl.org Mon Apr 25 13:29:54 2016 From: rt at openssl.org (Tomas Mraz via RT) Date: Mon, 25 Apr 2016 13:29:54 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <1461590981.6288.19.camel@redhat.com> References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> <1461590981.6288.19.camel@redhat.com> Message-ID: On Po, 2016-04-25 at 13:08 +0000, Richard Levitte via RT wrote: >? > rsalz> > If nothing else, all the RSA_set0 routines should test if > the same pointer > rsalz> > value is being replaced if so do not free it. > rsalz> >? > rsalz> > The same logic need to be done for all the RSA_set0_* > functions as well as > rsalz> > the DSA_set0_* functions. > rsalz>? > rsalz> That seems like a bug we should fix. > > No, it's by design: > Then perhaps there should be a function to set only the private part of the RSA and DSA keys? --? Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From deengert at gmail.com Mon Apr 25 13:31:00 2016 From: deengert at gmail.com (Douglas E Engert) Date: Mon, 25 Apr 2016 08:31:00 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> Message-ID: <571E1C14.2040800@gmail.com> Freeing of the values by the caller is not the issue. The issue is RSA_set0_key requires n and e to be none NULL. It the caller use RSA_get0_key to find the n and e then calculates a new d, than calls RSA_set0_key with the the same n and e pointers and the new d. RSA_set0_key will free n and e, and replace the pointer with the same pointer which just got freed. An untested patch for rsa_lib.c is attached DSA has the same problems. Are there other new modules that may have the same issue? On 4/25/2016 8:08 AM, Richard Levitte via RT wrote: > In message <6b097acbe9d94724ac545f2529e45939 at usma1ex-dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 11:38:47 +0000, "Salz, Rich" said: > > rsalz> > If nothing else, all the RSA_set0 routines should test if the same pointer > rsalz> > value is being replaced if so do not free it. > rsalz> > > rsalz> > The same logic need to be done for all the RSA_set0_* functions as well as > rsalz> > the DSA_set0_* functions. > rsalz> > rsalz> That seems like a bug we should fix. > > No, it's by design: > > : ; perldoc doc/crypto/RSA_get0_key.pod > ... > The n, e and d parameter values can be set by calling RSA_set0_key() and > passing the new values for n, e and d as parameters to the function. > Calling this function transfers the memory management of the values to the > RSA object, and therefore the values that have been passed in should not > be freed by the caller after this function has been called. > ... > : ; perldoc doc/crypto/DSA_get0_pqg.pod > ... > The p, q and g values can be set by calling DSA_set0_pqg() and passing the > new values for p, q and g as parameters to the function. Calling this > function transfers the memory management of the values to the DSA object, > and therefore the values that have been passed in should not be freed > directly after this function has been called. > ... > > Cheers, > Richard > -- Douglas E. Engert -------------- next part -------------- A non-text attachment was scrubbed... Name: rsa_lib.c.4518.diff Type: text/x-patch Size: 1259 bytes Desc: not available URL: From rt at openssl.org Mon Apr 25 13:31:11 2016 From: rt at openssl.org (deengert@gmail.com via RT) Date: Mon, 25 Apr 2016 13:31:11 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571E1C14.2040800@gmail.com> References: <571D2C56.8070604@gmail.com> <6b097acbe9d94724ac545f2529e45939@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.150743.2285529439490102852.levitte@openssl.org> <571E1C14.2040800@gmail.com> Message-ID: Freeing of the values by the caller is not the issue. The issue is RSA_set0_key requires n and e to be none NULL. It the caller use RSA_get0_key to find the n and e then calculates a new d, than calls RSA_set0_key with the the same n and e pointers and the new d. RSA_set0_key will free n and e, and replace the pointer with the same pointer which just got freed. An untested patch for rsa_lib.c is attached DSA has the same problems. Are there other new modules that may have the same issue? On 4/25/2016 8:08 AM, Richard Levitte via RT wrote: > In message <6b097acbe9d94724ac545f2529e45939 at usma1ex-dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 11:38:47 +0000, "Salz, Rich" said: > > rsalz> > If nothing else, all the RSA_set0 routines should test if the same pointer > rsalz> > value is being replaced if so do not free it. > rsalz> > > rsalz> > The same logic need to be done for all the RSA_set0_* functions as well as > rsalz> > the DSA_set0_* functions. > rsalz> > rsalz> That seems like a bug we should fix. > > No, it's by design: > > : ; perldoc doc/crypto/RSA_get0_key.pod > ... > The n, e and d parameter values can be set by calling RSA_set0_key() and > passing the new values for n, e and d as parameters to the function. > Calling this function transfers the memory management of the values to the > RSA object, and therefore the values that have been passed in should not > be freed by the caller after this function has been called. > ... > : ; perldoc doc/crypto/DSA_get0_pqg.pod > ... > The p, q and g values can be set by calling DSA_set0_pqg() and passing the > new values for p, q and g as parameters to the function. Calling this > function transfers the memory management of the values to the DSA object, > and therefore the values that have been passed in should not be freed > directly after this function has been called. > ... > > Cheers, > Richard > -- Douglas E. Engert -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: rsa_lib.c.4518.diff Type: text/x-patch Size: 1259 bytes Desc: not available URL: From rt at openssl.org Mon Apr 25 13:39:09 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Mon, 25 Apr 2016 13:39:09 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.153907.1834108663288653601.levitte@openssl.org> References: <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.153907.1834108663288653601.levitte@openssl.org> Message-ID: In message on Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" said: rt> No, he means setting the same value twice. For example, making this change: rt> If (r=->n != n) BN_free(r->n); rt> If(r->e != e) BN_free(r->e); rt> If (r->d != d) BN_free(r->d); rt> rt> I agree it shouldn't happen, but do we want to protect against that? I could be convinced either way. Ah ok... sorry, I misread the intention. Agreed that we could make sure not to free the pointers in that case. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 25 13:53:00 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Mon, 25 Apr 2016 13:53:00 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.155257.1508159110994516624.levitte@openssl.org> References: <20160425.153907.1834108663288653601.levitte@openssl.org> <20160425.155257.1508159110994516624.levitte@openssl.org> Message-ID: I believe this PR fixes the issue for RSA, DSA and DH (they all share the same concept). https://github.com/openssl/openssl/pull/994 Cheers, Richard In message on Mon, 25 Apr 2016 13:39:09 +0000, Richard Levitte via RT said: rt> In message on Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" said: rt> rt> rt> No, he means setting the same value twice. For example, making this change: rt> rt> If (r=->n != n) BN_free(r->n); rt> rt> If(r->e != e) BN_free(r->e); rt> rt> If (r->d != d) BN_free(r->d); rt> rt> rt> rt> I agree it shouldn't happen, but do we want to protect against that? I could be convinced either way. rt> rt> Ah ok... sorry, I misread the intention. rt> rt> Agreed that we could make sure not to free the pointers in that case. rt> rt> Cheers, rt> Richard rt> rt> -- rt> Richard Levitte levitte at openssl.org rt> OpenSSL Project http://www.openssl.org/~levitte/ rt> rt> rt> -- rt> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 rt> Please log in as guest with password guest if prompted rt> rt> -- rt> openssl-dev mailing list rt> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev rt> -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From tmraz at redhat.com Mon Apr 25 14:04:18 2016 From: tmraz at redhat.com (Tomas Mraz) Date: Mon, 25 Apr 2016 16:04:18 +0200 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.153907.1834108663288653601.levitte@openssl.org> Message-ID: <1461593058.6288.21.camel@redhat.com> On Po, 2016-04-25 at 13:39 +0000, Richard Levitte via RT wrote: > In message on > Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" > said: > > rt> No, he means setting the same value twice.??For example, making > this change: > rt>?????If (r=->n != n) BN_free(r->n); > rt>?????If(r->e != e) BN_free(r->e); > rt>?????If (r->d != d) BN_free(r->d); > rt>? > rt> I agree it shouldn't happen, but do we want to protect against > that???I could be convinced either way. > > Ah ok...??sorry, I misread the intention. > > Agreed that we could make sure not to free the pointers in that case. In that case this should be properly documented so the users of the API can depend on it. --? Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) From rt at openssl.org Mon Apr 25 14:04:27 2016 From: rt at openssl.org (Tomas Mraz via RT) Date: Mon, 25 Apr 2016 14:04:27 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <1461593058.6288.21.camel@redhat.com> References: <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.153907.1834108663288653601.levitte@openssl.org> <1461593058.6288.21.camel@redhat.com> Message-ID: On Po, 2016-04-25 at 13:39 +0000, Richard Levitte via RT wrote: > In message on > Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" > said: > > rt> No, he means setting the same value twice.??For example, making > this change: > rt>?????If (r=->n != n) BN_free(r->n); > rt>?????If(r->e != e) BN_free(r->e); > rt>?????If (r->d != d) BN_free(r->d); > rt>? > rt> I agree it shouldn't happen, but do we want to protect against > that???I could be convinced either way. > > Ah ok...??sorry, I misread the intention. > > Agreed that we could make sure not to free the pointers in that case. In that case this should be properly documented so the users of the API can depend on it. --? Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 25 14:08:09 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Mon, 25 Apr 2016 14:08:09 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.160800.1129775403900915951.levitte@openssl.org> References: <1461593058.6288.21.camel@redhat.com> <20160425.160800.1129775403900915951.levitte@openssl.org> Message-ID: In message on Mon, 25 Apr 2016 14:04:27 +0000, Tomas Mraz via RT said: rt> On Po, 2016-04-25 at 13:39 +0000, Richard Levitte via RT wrote: rt> > In message on rt> > Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" rt> > said: rt> > rt> > rt> No, he means setting the same value twice.??For example, making rt> > this change: rt> > rt>?????If (r=->n != n) BN_free(r->n); rt> > rt>?????If(r->e != e) BN_free(r->e); rt> > rt>?????If (r->d != d) BN_free(r->d); rt> > rt>? rt> > rt> I agree it shouldn't happen, but do we want to protect against rt> > that???I could be convinced either way. rt> > rt> > Ah ok...??sorry, I misread the intention. rt> > rt> > Agreed that we could make sure not to free the pointers in that case. rt> rt> In that case this should be properly documented so the users of the API rt> can depend on it. I'm not sure how I'd change the following: Calling this function transfers the memory management of the values to the RSA object, and therefore the values that have been passed in should not be freed by the caller after this function has been called. That in itself hasn't changed, all that's being done is to correct a bug in the memory management. But if you have a good suggestion for a change in that sentence, I'm all ears. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From openssl-users at dukhovni.org Mon Apr 25 14:14:10 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 25 Apr 2016 14:14:10 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <128236e032554e29a7a214c729ac8667@usma1ex-dag1mb1.msg.corp.akamai.com> <20160425.153907.1834108663288653601.levitte@openssl.org> Message-ID: <20160425141410.GX26423@mournblade.imrryr.org> On Mon, Apr 25, 2016 at 01:39:09PM +0000, Richard Levitte via RT wrote: > rt> I agree it shouldn't happen, but do we want to protect against that? I could be convinced either way. > > Ah ok... sorry, I misread the intention. > > Agreed that we could make sure not to free the pointers in that case. No, once "n" or "e" has been passed to this "set0" function, the caller no longer owns the storage, and in particular is not free to pass these any set0 functions that similarly take ownership of the storage. Perhaps the documentation can be made more clear. If users really need an interface for modifying a subset of the components of an already initialized key, then (if we don't already) we should support NULL values as "do not change", provided these are already set. -- Viktor. From openssl-users at dukhovni.org Mon Apr 25 14:15:28 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 25 Apr 2016 14:15:28 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <1461593058.6288.21.camel@redhat.com> <20160425.160800.1129775403900915951.levitte@openssl.org> Message-ID: <20160425141528.GY26423@mournblade.imrryr.org> On Mon, Apr 25, 2016 at 02:08:09PM +0000, Richard Levitte via RT wrote: > I'm not sure how I'd change the following: > > Calling this function transfers the memory management of the values to the > RSA object, and therefore the values that have been passed in should not > be freed by the caller after this function has been called. > > That in itself hasn't changed, all that's being done is to correct a > bug in the memory management. But if you have a good suggestion for a > change in that sentence, I'm all ears. There is no bug. It is not valid to transfer ownership of an object the caller does not own. -- Viktor. From rt at openssl.org Mon Apr 25 15:23:42 2016 From: rt at openssl.org (Jaan Murumets via RT) Date: Mon, 25 Apr 2016 15:23:42 +0000 Subject: [openssl-dev] [openssl.org #4519] [openssl.org bug #993] New bug report In-Reply-To: <20160425151536.465BF601754@mx1.sk.ee> References: <20160425151536.465BF601754@mx1.sk.ee> Message-ID: Hello. We have made new bug report https://github.com/openssl/openssl/issues/993 Should I make similar in https://rt.openssl.org/ or it is enough to have in github.com? Jaan Murumets Estonian ID-Software product manager -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4519 Please log in as guest with password guest if prompted From rsalz at akamai.com Mon Apr 25 15:37:27 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 25 Apr 2016 15:37:27 +0000 Subject: [openssl-dev] [openssl.org #4519] [openssl.org bug #993] New bug report In-Reply-To: References: <20160425151536.465BF601754@mx1.sk.ee> Message-ID: <933eb30f0ab2427e8574cf2abaf4b171@usma1ex-dag1mb1.msg.corp.akamai.com> > Should I make similar in https://rt.openssl.org/ or it is enough to have in > github.com? We prefer bug reports in RT, not as issues. PR's on GitHub are fine. From rt at openssl.org Mon Apr 25 15:37:31 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Mon, 25 Apr 2016 15:37:31 +0000 Subject: [openssl-dev] [openssl.org #4519] [openssl.org bug #993] New bug report In-Reply-To: <933eb30f0ab2427e8574cf2abaf4b171@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160425151536.465BF601754@mx1.sk.ee> <933eb30f0ab2427e8574cf2abaf4b171@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > Should I make similar in https://rt.openssl.org/ or it is enough to have in > github.com? We prefer bug reports in RT, not as issues. PR's on GitHub are fine. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4519 Please log in as guest with password guest if prompted From bkaduk at akamai.com Mon Apr 25 17:17:08 2016 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Mon, 25 Apr 2016 12:17:08 -0500 Subject: [openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free) In-Reply-To: References: Message-ID: <571E5114.4060301@akamai.com> On 04/23/2016 12:26 AM, Alex Hultman wrote: > Hi, > > I'm having trouble "duping" an SSL connection. I have an SSL *pointer > that is going to be SSL_free'd, so I need to clone it or up the ref > count or somehow make it stay alive. I see that in OpenSSL 1.1.0 it > seems you added the SSL_up_ref - is there any equivalent functionality > in 1.0.2? I also see that the documentation of SSL_dup has changed in > 1.1.0 to a much more strict one (one that does not suit my needs). > The SSL_up_ref() on master is just a thin wrapper around CRYPTO_atomic_add() on s->references, which is needed because the SSL structure has become opaque. You can do the same thing in 1.0.2 by open-coding the corresponding call to CRYPTO_add() (master has changed the atomics APIs as well). That would be my recommendation in the scenario you describe, as it allows the original consumer to SSL_free() its handle while the second one continues to use the SSL object. -Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Apr 25 17:21:56 2016 From: levitte at openssl.org (Richard Levitte) Date: Mon, 25 Apr 2016 19:21:56 +0200 (CEST) Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425141410.GX26423@mournblade.imrryr.org> References: <20160425.153907.1834108663288653601.levitte@openssl.org> <20160425141410.GX26423@mournblade.imrryr.org> Message-ID: <20160425.192156.1976205030709085301.levitte@openssl.org> In message <20160425141410.GX26423 at mournblade.imrryr.org> on Mon, 25 Apr 2016 14:14:10 +0000, Viktor Dukhovni said: openssl-users> Perhaps the documentation can be made more clear. If users really openssl-users> need an interface for modifying a subset of the components of an openssl-users> already initialized key, then (if we don't already) we should openssl-users> support NULL values as "do not change", provided these are already openssl-users> set. Doesn't this turn them into individual parameter calls, in practice? I.e. the exact thing we chose not to make? There isn't much difference between this: RSA_set0_key(rsa, n, NULL, NULL); RSA_set0_key(rsa, NULL, e, NULL); RSA_set0_key(rsa, NULL, NULL, d); and something like this: RSA_set0_n(rsa, n); RSA_set0_e(rsa, e); RSA_set0_d(rsa, d); The only difference is that with the former, you get two-in-one, as it also works as a function to set all three numbers in one go. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From uri at ll.mit.edu Mon Apr 25 17:41:32 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Mon, 25 Apr 2016 17:41:32 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.192156.1976205030709085301.levitte@openssl.org> References: <20160425.153907.1834108663288653601.levitte@openssl.org> <20160425141410.GX26423@mournblade.imrryr.org> <20160425.192156.1976205030709085301.levitte@openssl.org> Message-ID: >There isn't much difference between this: > > RSA_set0_key(rsa, n, NULL, NULL); > RSA_set0_key(rsa, NULL, e, NULL); > RSA_set0_key(rsa, NULL, NULL, d); > >and something like this: > > RSA_set0_n(rsa, n); > RSA_set0_e(rsa, e); > RSA_set0_d(rsa, d); The attractiveness of RSA_set0_key(rsa, n, NULL, NULL); is that you can provide whatever many (from 1 to 3 :) parameters using the same single function call, rather than learning three different (albeit quite simple :) independent functions. >The only difference is that with the former, you get two-in-one, as it >also works as a function to set all three numbers in one go. Yes, but this difference adds convenience, IMHO. My preference is this: RSA_set0_key(rsa, n, e, d); with any parameter (except for rsa :) potentially NULL. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From openssl-users at dukhovni.org Mon Apr 25 17:43:23 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 25 Apr 2016 17:43:23 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.192156.1976205030709085301.levitte@openssl.org> References: <20160425.153907.1834108663288653601.levitte@openssl.org> <20160425141410.GX26423@mournblade.imrryr.org> <20160425.192156.1976205030709085301.levitte@openssl.org> Message-ID: <20160425174323.GC26423@mournblade.imrryr.org> On Mon, Apr 25, 2016 at 07:21:56PM +0200, Richard Levitte wrote: > openssl-users> Perhaps the documentation can be made more clear. If users really > openssl-users> need an interface for modifying a subset of the components of an > openssl-users> already initialized key, then (if we don't already) we should > openssl-users> support NULL values as "do not change", provided these are already > openssl-users> set. > > Doesn't this turn them into individual parameter calls, in practice? > I.e. the exact thing we chose not to make? No. We still won't support incomplete initialization, but can support after the fact partial modification. > There isn't much difference between this: > > RSA_set0_key(rsa, n, NULL, NULL); > RSA_set0_key(rsa, NULL, e, NULL); > RSA_set0_key(rsa, NULL, NULL, d); > > and something like this: > > RSA_set0_n(rsa, n); > RSA_set0_e(rsa, e); > RSA_set0_d(rsa, d); There is, if the NULL calls fail when the key is not already initialized. > The only difference is that with the former, you get two-in-one, as it > also works as a function to set all three numbers in one go. The 3-slot function is I think cleaner. I'll leave the decision of whether and when to support NULL parameters to the folks working on that code, but it is pretty clear that one must not pass an object one does not "own", such as one returned from a "get0" function, to a function that expects to take ownership of the indicated object. -- Viktor. From rt at openssl.org Mon Apr 25 17:44:17 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Mon, 25 Apr 2016 17:44:17 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <0adf6499375a488eab73d9dd12ae7ba7@usma1ex-dag1mb1.msg.corp.akamai.com> References: <0adf6499375a488eab73d9dd12ae7ba7@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > Yes, but this difference adds convenience, IMHO. My preference is this: > RSA_set0_key(rsa, n, e, d); with any parameter (except for rsa :) potentially > NULL. This defeats a main point: partial construction is a bad thing. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rsalz at akamai.com Mon Apr 25 17:45:05 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 25 Apr 2016 17:45:05 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425174323.GC26423@mournblade.imrryr.org> References: <20160425.153907.1834108663288653601.levitte@openssl.org> <20160425141410.GX26423@mournblade.imrryr.org> <20160425.192156.1976205030709085301.levitte@openssl.org> <20160425174323.GC26423@mournblade.imrryr.org> Message-ID: > The 3-slot function is I think cleaner. > > I'll leave the decision of whether and when to support NULL parameters to > the folks working on that code, but it is pretty clear that one must not pass an > object one does not "own", such as one returned from a "get0" function, to a > function that expects to take ownership of the indicated object. Agree with both of those. After a "set0" call, set your pointer to NULL, it's no longer yours :) From openssl-users at dukhovni.org Mon Apr 25 17:52:52 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 25 Apr 2016 17:52:52 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160425.153907.1834108663288653601.levitte@openssl.org> <20160425141410.GX26423@mournblade.imrryr.org> <20160425.192156.1976205030709085301.levitte@openssl.org> <20160425174323.GC26423@mournblade.imrryr.org> Message-ID: <20160425175252.GD26423@mournblade.imrryr.org> On Mon, Apr 25, 2016 at 05:45:05PM +0000, Salz, Rich wrote: > After a "set0" call, set your pointer to NULL, it's no longer yours :) That half of the ruleset. The other half is: You must "own" any object passed to a set0 call that takes ownership of its argument (we have a few that don't take ownership, perhaps they should be renamed to just "set"). In particular, objects obtained via "get0" calls MUST NOT then be used in "set0" calls that expect to take ownership of the argument. Hdd OpenSSL been written in Rust we'd be able to make all this explicit, and have the compiler enforce the rules. That's of course impractical, we provide a C API to other C applications and libraries. -- Viktor. From rt at openssl.org Mon Apr 25 17:54:25 2016 From: rt at openssl.org (Rainer Jung via RT) Date: Mon, 25 Apr 2016 17:54:25 +0000 Subject: [openssl-dev] [openssl.org #4520] Camellia asm build failure for 1.1.0pre5 on Solaris (typo in build.info) In-Reply-To: <571E5833.70805@kippdata.de> References: <571E5833.70805@kippdata.de> Message-ID: The change https://github.com/openssl/openssl/commit/5384d1e4ebd58f31a06b2f5d1f6c4b28f63d72ed introduced a typo in the last line of file crypto/camellia/build.info. The fix is: --- crypto/camellia/build.info 2016-03-16 19:18:09.000000000 +0100 +++ crypto/camellia/build.info 2016-04-19 19:39:11.449856000 +0200 @@ -8,4 +8,4 @@ GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME) GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME) INCLUDE[cmllt4-sparcv9.o]=.. -DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9-modes.pl +DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl The correct Perl script name contains an underscore. This was already reported on dev@ on 2016-04-19. I just wanted to make sure it doesn't get missed, therefore this RT. Regards, Rainer -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4520 Please log in as guest with password guest if prompted From rt at openssl.org Mon Apr 25 18:39:24 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Mon, 25 Apr 2016 18:39:24 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160425.203919.2107594282154603287.levitte@openssl.org> References: <20160425.192156.1976205030709085301.levitte@openssl.org> <20160425174323.GC26423@mournblade.imrryr.org> <20160425.203919.2107594282154603287.levitte@openssl.org> Message-ID: So, listening to what everyone had to say, perhaps this PR is better then: https://github.com/openssl/openssl/pull/995 In message on Mon, 25 Apr 2016 17:45:05 +0000, "Salz, Rich" said: rsalz> rsalz> > The 3-slot function is I think cleaner. rsalz> > rsalz> > I'll leave the decision of whether and when to support NULL parameters to rsalz> > the folks working on that code, but it is pretty clear that one must not pass an rsalz> > object one does not "own", such as one returned from a "get0" function, to a rsalz> > function that expects to take ownership of the indicated object. rsalz> rsalz> Agree with both of those. rsalz> rsalz> After a "set0" call, set your pointer to NULL, it's no longer yours :) rsalz> -- rsalz> openssl-dev mailing list rsalz> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev rsalz> -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rt at openssl.org Tue Apr 26 02:09:33 2016 From: rt at openssl.org (Praveen Kariyanahalli via RT) Date: Tue, 26 Apr 2016 02:09:33 +0000 Subject: [openssl-dev] [openssl.org #4521] openssl GCM ordering In-Reply-To: References: Message-ID: Is there is a reason why openssl has restriction of auth before encrypt order ? I dont believe there is an algo restriction, was wondering why openssl has this. *int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,* * size_t len)* *{* *[snip]* * if (ctx->len.u[1])* * return -2; <<<<<<<<<<<<<< Premature return* * alen += len;* The reason I bring this up, is that when I broadcast/multicast traffic need not encrypt the payload multiple times, but need to auth the header differently and openssl is refusing to cooperate :) Please throw light on how to work around this problem. Also please correct me if my assumption is wrong. Thanks in advance -Praveen -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4521 Please log in as guest with password guest if prompted From rt at openssl.org Tue Apr 26 02:13:22 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 26 Apr 2016 02:13:22 +0000 Subject: [openssl-dev] [openssl.org #4521] openssl GCM ordering In-Reply-To: References: Message-ID: Why do you want GCM then? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4521 Please log in as guest with password guest if prompted From brian at briansmith.org Tue Apr 26 02:20:11 2016 From: brian at briansmith.org (Brian Smith) Date: Mon, 25 Apr 2016 16:20:11 -1000 Subject: [openssl-dev] [openssl.org #4521] openssl GCM ordering In-Reply-To: References: Message-ID: Praveen Kariyanahalli via RT wrote: > Is there is a reason why openssl has restriction of auth before encrypt > order ? I dont believe there is an algo restriction, was wondering why > openssl has this. > It *is* inherent in the algorithm. The authentication tag for the AAD is computed first, then the authentication tag for the encrypted data is computed. > The reason I bring this up, is that when I broadcast/multicast traffic need > not encrypt the payload multiple times, but need to auth the header > differently and openssl is refusing to cooperate :) With AEADs, in general, you can't separate the authentication from the encryption like that. Cheers, Brian -- https://briansmith.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexhultman at gmail.com Tue Apr 26 03:17:46 2016 From: alexhultman at gmail.com (Alex Hultman) Date: Tue, 26 Apr 2016 05:17:46 +0200 Subject: [openssl-dev] [Bug] OpenSSL does not send short messages Message-ID: Hi, I've found a very central bug that affects all my OpenSSL applications including the official server example code, the vanilla Node.js HTTPs server and my (arguably non-correct) own server project. https://github.com/openssl/openssl/issues/992 SSL_write followed by SSL_shutdown does not actually send the data passed to SSL_write if the total data size sent is less than (on my system) 7-8 bytes. If you consider the official example: https://wiki.openssl.org/index.php/Simple_TLS_Server (Note: I removed "SSL_CTX_set_ecdh_auto(ctx, 1);" to make it compile) It responds Chrome with ERR_RESPONSE_HEADERS_TRUNCATED, while changing the text sent to "Hello there" works and shows "Hello there" in Chrome. Same goes for Curl. I've tested self-signed certs and one "half-signed" (crap signer). This is on Linux (Fedora 24) and I have OpenSSL 1.1.0 but I'm pretty sure Node.js 5.x uses OpenSSL 1.0.2g. Is this known behavior? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexhultman at gmail.com Tue Apr 26 03:18:23 2016 From: alexhultman at gmail.com (Alex Hultman) Date: Tue, 26 Apr 2016 05:18:23 +0200 Subject: [openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free) Message-ID: Hi Benjamin, Thanks for the answer. I actually found a working solution just a couple of minutes after I posted but I still wanted to hear what you recommended. I just did ssl->references++; and also the same on the attached BIO's before SSL_set_fd. This works perfectly and I'm able to take over the SSL connection even after the original server "destroys" their socket. I guess I just need to use SSL_up_ref when compiling for OpenSSL 1.1.0 then. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Tue Apr 26 04:55:54 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 26 Apr 2016 04:55:54 +0000 Subject: [openssl-dev] [Bug] OpenSSL does not send short messages In-Reply-To: References: Message-ID: <20160426045554.GG26423@mournblade.imrryr.org> [ This question belongs on openssl-users, not openssl-dev. Please reply only to openssl-users. ] On Tue, Apr 26, 2016 at 05:17:46AM +0200, Alex Hultman wrote: > SSL_write followed by SSL_shutdown does not actually send the data passed > to SSL_write if the total data size sent is less than (on my system) 7-8 > bytes. This does not happen in "openssl s_client". You're likely doing something wrong. In one window I start an openssl server: $ cipher=ADH-DES-CBC3-SHA $ seclev= # Make that seclev=":@SECLEVEL=0" with OpenSSL 1.1.0 or later $ openssl s_server -quiet -cipher "$cipher$seclev" -nocert -accept 12345 I another window I start a client: $ cipher=ADH-DES-CBC3-SHA $ seclev= # Make that seclev=":@SECLEVEL=0" with OpenSSL 1.1.0 or later echo XXX | openssl s_client -debug -no_ign_eof -cipher "$cipher$seclev" -connect localhost:12345 On the server side I see the expected output: XXX On the client side after lots of handshake messages: >>> ??? [length 0005] 17 03 03 00 24 write to 0x7f7f8bd003d0 [0x7f7f8c80b203] (41 bytes => 41 (0x29)) 0000 - 17 03 03 00 24 c2 19 ea-c6 f1 a8 c7 74 31 50 3d ....$.......t1P= 0010 - a1 2f fb f0 d5 4d 2e 85-e0 6a 18 86 27 6a 09 1d ./...M...j..'j.. 0020 - de 98 4e 69 05 57 0f 4c-93 ..Ni.W.L. DONE >>> ??? [length 0005] 15 03 03 00 24 write to 0x7f7f8bd003d0 [0x7f7f8c80b203] (41 bytes => 41 (0x29)) 0000 - 15 03 03 00 24 d2 94 f8-11 dd 69 81 f7 ab cc 8c ....$.....i..... 0010 - c4 13 4c 80 24 d7 50 10-b9 62 74 d7 21 86 16 78 ..L.$.P..bt.!..x 0020 - b4 83 87 da 5e 2f d9 5d-34 ....^/.]4 >>> TLS 1.2Alert [length 0002], warning close_notify 01 00 The first of these is the "XXX" encrypted to 16 bytes, and padded with a 20-byte SHA1 MAC (the server and client negotiated TLS 1.2 with Encrypt-then-Mac). The second is the encrypted shutdown alert. > Is this known behavior? No. -- Viktor. From rt at openssl.org Tue Apr 26 06:01:59 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Tue, 26 Apr 2016 06:01:59 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160425.192156.1976205030709085301.levitte@openssl.org> <20160425174323.GC26423@mournblade.imrryr.org> <20160425.203919.2107594282154603287.levitte@openssl.org> Message-ID: Unfortunately, the solution in that PR is flawed. Back to the drawing board. Vid Mon, 25 apr 2016 kl. 18.39.24, skrev levitte: > So, listening to what everyone had to say, perhaps this PR is better > then: > > https://github.com/openssl/openssl/pull/995 > > In message dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 17:45:05 +0000, > "Salz, Rich" said: > > rsalz> > rsalz> > The 3-slot function is I think cleaner. > rsalz> > > rsalz> > I'll leave the decision of whether and when to support NULL > rsalz> > parameters to > rsalz> > the folks working on that code, but it is pretty clear that > rsalz> > one must not pass an > rsalz> > object one does not "own", such as one returned from a "get0" > rsalz> > function, to a > rsalz> > function that expects to take ownership of the indicated > rsalz> > object. > rsalz> > rsalz> Agree with both of those. > rsalz> > rsalz> After a "set0" call, set your pointer to NULL, it's no longer > rsalz> yours :) > rsalz> -- > rsalz> openssl-dev mailing list > rsalz> To unsubscribe: > rsalz> https://mta.openssl.org/mailman/listinfo/openssl-dev > rsalz> -- Richard Levitte levitte at openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From levitte at openssl.org Tue Apr 26 07:26:13 2016 From: levitte at openssl.org (Richard Levitte) Date: Tue, 26 Apr 2016 09:26:13 +0200 (CEST) Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160425.203919.2107594282154603287.levitte@openssl.org> Message-ID: <20160426.092613.268323880614363794.levitte@openssl.org> [temporarly taking this thread away from RT] Basically, I can see two solutions: - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); That's what's implemented in GH#995, except it doesn't check if the input parameters are NULL before setting the corresponding fields, so that call ends up clearing n and e. GH#995 could be changed so that any input parameter can be NULL, and that the corresponding RSA structure fields are left untouched. The consequence is that can never be made NULL. I can live with that, as I can't imagine a reason to reset the fields to NULL. - Add a function RSA_set0_d(RSA *rsa, BIGNUM *d) I personally prefer the first variant, but would like to have some input and thoughts (or just a "go ahead"). Cheers, Richard In message on Tue, 26 Apr 2016 06:01:59 +0000, Richard Levitte via RT said: rt> Unfortunately, the solution in that PR is flawed. Back to the drawing board. rt> rt> Vid Mon, 25 apr 2016 kl. 18.39.24, skrev levitte: rt> > So, listening to what everyone had to say, perhaps this PR is better rt> > then: rt> > rt> > https://github.com/openssl/openssl/pull/995 rt> > rt> > In message > dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 17:45:05 +0000, rt> > "Salz, Rich" said: rt> > rt> > rsalz> rt> > rsalz> > The 3-slot function is I think cleaner. rt> > rsalz> > rt> > rsalz> > I'll leave the decision of whether and when to support NULL rt> > rsalz> > parameters to rt> > rsalz> > the folks working on that code, but it is pretty clear that rt> > rsalz> > one must not pass an rt> > rsalz> > object one does not "own", such as one returned from a "get0" rt> > rsalz> > function, to a rt> > rsalz> > function that expects to take ownership of the indicated rt> > rsalz> > object. rt> > rsalz> rt> > rsalz> Agree with both of those. rt> > rsalz> rt> > rsalz> After a "set0" call, set your pointer to NULL, it's no longer rt> > rsalz> yours :) rt> > rsalz> -- rt> > rsalz> openssl-dev mailing list rt> > rsalz> To unsubscribe: rt> > rsalz> https://mta.openssl.org/mailman/listinfo/openssl-dev rt> > rsalz> rt> rt> rt> -- rt> Richard Levitte rt> levitte at openssl.org rt> rt> -- rt> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 rt> Please log in as guest with password guest if prompted rt> rt> -- rt> openssl-dev mailing list rt> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev rt> From matt at openssl.org Tue Apr 26 08:39:29 2016 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 Apr 2016 09:39:29 +0100 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160426.092613.268323880614363794.levitte@openssl.org> References: <20160425.203919.2107594282154603287.levitte@openssl.org> <20160426.092613.268323880614363794.levitte@openssl.org> Message-ID: <571F2941.4040004@openssl.org> On 26/04/16 08:26, Richard Levitte wrote: > [temporarly taking this thread away from RT] > > Basically, I can see two solutions: > > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); > > That's what's implemented in GH#995, except it doesn't check if the > input parameters are NULL before setting the corresponding fields, > so that call ends up clearing n and e. > > GH#995 could be changed so that any input parameter can be NULL, and > that the corresponding RSA structure fields are left untouched. The > consequence is that can never be made NULL. I can live with that, > as I can't imagine a reason to reset the fields to NULL. IMO this is the way to go. As long as we can't set private key values without first having set the public key, i.e. we should not be able to get into an inconsistent state. Matt > > - Add a function RSA_set0_d(RSA *rsa, BIGNUM *d) > > I personally prefer the first variant, but would like to have some > input and thoughts (or just a "go ahead"). > > Cheers, > Richard > > In message on Tue, 26 Apr 2016 06:01:59 +0000, Richard Levitte via RT said: > > rt> Unfortunately, the solution in that PR is flawed. Back to the drawing board. > rt> > rt> Vid Mon, 25 apr 2016 kl. 18.39.24, skrev levitte: > rt> > So, listening to what everyone had to say, perhaps this PR is better > rt> > then: > rt> > > rt> > https://github.com/openssl/openssl/pull/995 > rt> > > rt> > In message rt> > dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 17:45:05 +0000, > rt> > "Salz, Rich" said: > rt> > > rt> > rsalz> > rt> > rsalz> > The 3-slot function is I think cleaner. > rt> > rsalz> > > rt> > rsalz> > I'll leave the decision of whether and when to support NULL > rt> > rsalz> > parameters to > rt> > rsalz> > the folks working on that code, but it is pretty clear that > rt> > rsalz> > one must not pass an > rt> > rsalz> > object one does not "own", such as one returned from a "get0" > rt> > rsalz> > function, to a > rt> > rsalz> > function that expects to take ownership of the indicated > rt> > rsalz> > object. > rt> > rsalz> > rt> > rsalz> Agree with both of those. > rt> > rsalz> > rt> > rsalz> After a "set0" call, set your pointer to NULL, it's no longer > rt> > rsalz> yours :) > rt> > rsalz> -- > rt> > rsalz> openssl-dev mailing list > rt> > rsalz> To unsubscribe: > rt> > rsalz> https://mta.openssl.org/mailman/listinfo/openssl-dev > rt> > rsalz> > rt> > rt> > rt> -- > rt> Richard Levitte > rt> levitte at openssl.org > rt> > rt> -- > rt> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 > rt> Please log in as guest with password guest if prompted > rt> > rt> -- > rt> openssl-dev mailing list > rt> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > rt> > From extern.Martin.Gaeckler at esolutions.de Tue Apr 26 08:43:23 2016 From: extern.Martin.Gaeckler at esolutions.de (=?iso-8859-1?Q?G=E4ckler_Martin_=28EXT=29?=) Date: Tue, 26 Apr 2016 08:43:23 +0000 Subject: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 Message-ID: <88EA392813A6CF4A8778EB645EFF30495D77C019@DEGAMES02.eso.local> Hello, We're currently developing a system that uses OAuth protocol to identify the users. The service provider is developed in PHP and uses OpenSSL to verify the access token. Unfortunately the identity provider, which is managed by another company, uses ecdsa with sha256 to sign the access tokens. Although the constants for this method (SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256) are defined in OpenSSL, this method is currently not supported by OpenSSL. To solve our problem I've added the required functions to OpenSSL, did few more changes, built a new shared library and gave it to our PHP developer. Now it works. My question is, what can I do, to add my changes to the official OpenSSL sources. I'm new to github and OpenSSL development and I did not find a documentation suitable for me. We would appreciate if this method would become part of the official OpenSSL distribution. Thanks in advance Martin ---------------------------------------------------------------------------------- Martin G?ckler Entwicklung Navigation Im Auftrag der e.solutions GmbH Despagstr. 4a 85055 Ingolstadt Germany Registered Office: Despagstr. 4a 85055 Ingolstadt Germany Phone +49 8458 3332 145 e.solutions GmbH Managing Directors Uwe Reder, Dr. Riclef Schmidt-Clausen Register Court Ingolstadt HRB 5221 -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Apr 26 09:12:26 2016 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 Apr 2016 10:12:26 +0100 Subject: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 In-Reply-To: <88EA392813A6CF4A8778EB645EFF30495D77C019@DEGAMES02.eso.local> References: <88EA392813A6CF4A8778EB645EFF30495D77C019@DEGAMES02.eso.local> Message-ID: <571F30FA.8080805@openssl.org> On 26/04/16 09:43, G?ckler Martin (EXT) wrote: > We?re currently developing a system that uses OAuth protocol to identify > the users. The service provider is developed in PHP and uses OpenSSL to > verify the access token. Unfortunately the identity provider, which is > managed by another company, uses ecdsa with sha256 to sign the access > tokens. Although the constants for this method (SN_ecdsa_with_SHA256 and > NID_ecdsa_with_SHA256) are defined in OpenSSL, this method is currently > not supported by OpenSSL. I'm not really sure what that means, since its perfectly possible to use ECDSA in conjunction with SHA256 to sign data. E.g. just use EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to EVP_DigestSignInit() https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html > > My question is, what can I do, to add my changes to the official OpenSSL > sources. I?m new to github and OpenSSL development and I did not find a > documentation suitable for me. We would appreciate if this method would > become part of the official OpenSSL distribution. Create a new branch based on the master branch in git (new features are not accepted into stable releases). Add your features to it and push your changes to your github repo, and then create a github pull request. Matt From extern.Martin.Gaeckler at esolutions.de Tue Apr 26 09:39:35 2016 From: extern.Martin.Gaeckler at esolutions.de (=?iso-8859-1?Q?G=E4ckler_Martin_=28EXT=29?=) Date: Tue, 26 Apr 2016 09:39:35 +0000 Subject: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 In-Reply-To: <571F30FA.8080805@openssl.org> References: <88EA392813A6CF4A8778EB645EFF30495D77C019@DEGAMES02.eso.local> <571F30FA.8080805@openssl.org> Message-ID: <88EA392813A6CF4A8778EB645EFF30495D77C0B3@DEGAMES02.eso.local> Hi Matt, Thanks for the reply. According to my colleague the PHP function opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This does not work for the digest name "ecdsa-with-SHA256". Nevertheless, I will try to create a new branch. Thanks again. Martin -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Dienstag, 26. April 2016 11:12 To: openssl-dev at openssl.org Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 On 26/04/16 09:43, G?ckler Martin (EXT) wrote: > We're currently developing a system that uses OAuth protocol to > identify the users. The service provider is developed in PHP and uses > OpenSSL to verify the access token. Unfortunately the identity > provider, which is managed by another company, uses ecdsa with sha256 > to sign the access tokens. Although the constants for this method > (SN_ecdsa_with_SHA256 and > NID_ecdsa_with_SHA256) are defined in OpenSSL, this method is > currently not supported by OpenSSL. I'm not really sure what that means, since its perfectly possible to use ECDSA in conjunction with SHA256 to sign data. E.g. just use EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to EVP_DigestSignInit() https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html > > My question is, what can I do, to add my changes to the official > OpenSSL sources. I'm new to github and OpenSSL development and I did > not find a documentation suitable for me. We would appreciate if this > method would become part of the official OpenSSL distribution. Create a new branch based on the master branch in git (new features are not accepted into stable releases). Add your features to it and push your changes to your github repo, and then create a github pull request. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From salmankhan391991 at gmail.com Tue Apr 26 09:41:21 2016 From: salmankhan391991 at gmail.com (salman khan) Date: Tue, 26 Apr 2016 15:11:21 +0530 Subject: [openssl-dev] Fwd: Building Openssl for Universal Windows Platform In-Reply-To: References: Message-ID: Hi, I'm trying to build Openssl as a static library and use it in my projects. Have you guys put any thought to port the Openssl library to UWP(Universal Windows 10 Platform)? Can you provide me any guidelines or useful information that i can use to port the libraries unless ported already? Any suggestions are appreciated. Regards, Salman -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Apr 26 11:01:14 2016 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 Apr 2016 12:01:14 +0100 Subject: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 In-Reply-To: <88EA392813A6CF4A8778EB645EFF30495D77C0B3@DEGAMES02.eso.local> References: <88EA392813A6CF4A8778EB645EFF30495D77C019@DEGAMES02.eso.local> <571F30FA.8080805@openssl.org> <88EA392813A6CF4A8778EB645EFF30495D77C0B3@DEGAMES02.eso.local> Message-ID: <571F4A7A.7090600@openssl.org> On 26/04/16 10:39, G?ckler Martin (EXT) wrote: > Hi Matt, > > Thanks for the reply. According to my colleague the PHP function > opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This > does not work for the digest name "ecdsa-with-SHA256". Hmmm. No. Well "ecdsa-with-SHA256" is not a digest, so I would not expect EVP_get_digestbyname() to return one. But "sha256" is. Have you tried just using that? I am not familiar with the PHP language bindings at all, but I would expect that the ECDSA bit would be derived from the type of key used (i.e. if you supply an EC key then it will use ECDSA). Matt > > Nevertheless, I will try to create a new branch. > > Thanks again. > > Martin > > > > -----Original Message----- From: openssl-dev > [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell > Sent: Dienstag, 26. April 2016 11:12 To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and > NID_ecdsa_with_SHA256 > > > > On 26/04/16 09:43, G?ckler Martin (EXT) wrote: >> We're currently developing a system that uses OAuth protocol to >> identify the users. The service provider is developed in PHP and >> uses OpenSSL to verify the access token. Unfortunately the identity >> provider, which is managed by another company, uses ecdsa with >> sha256 to sign the access tokens. Although the constants for this >> method (SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256) are defined >> in OpenSSL, this method is currently not supported by OpenSSL. > > I'm not really sure what that means, since its perfectly possible to > use ECDSA in conjunction with SHA256 to sign data. E.g. just use > EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to > EVP_DigestSignInit() > > https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html > > > >> >> My question is, what can I do, to add my changes to the official >> OpenSSL sources. I'm new to github and OpenSSL development and I >> did not find a documentation suitable for me. We would appreciate >> if this method would become part of the official OpenSSL >> distribution. > > Create a new branch based on the master branch in git (new features > are not accepted into stable releases). Add your features to it and > push your changes to your github repo, and then create a github pull > request. > > Matt > > -- openssl-dev mailing list To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-dev > From rt at openssl.org Tue Apr 26 11:35:25 2016 From: rt at openssl.org (Jaan Murumets via RT) Date: Tue, 26 Apr 2016 11:35:25 +0000 Subject: [openssl-dev] [openssl.org #4519] [openssl.org bug #993] New bug report In-Reply-To: <20160426113519.4392C60174C@mx1.sk.ee> References: <20160425151536.465BF601754@mx1.sk.ee> <933eb30f0ab2427e8574cf2abaf4b171@usma1ex-dag1mb1.msg.corp.akamai.com> <20160426113519.4392C60174C@mx1.sk.ee> Message-ID: Thanks for registering, when I can expect first your feedback on this bug? -----Original Message----- From: Salz, Rich via RT [mailto:rt at openssl.org] Sent: Monday, April 25, 2016 6:38 PM To: Jaan Murumets Cc: openssl-dev at openssl.org Subject: RE: [openssl-dev] [openssl.org #4519] [openssl.org bug #993] New bug report > Should I make similar in https://rt.openssl.org/ or it is enough to > have in github.com? We prefer bug reports in RT, not as issues. PR's on GitHub are fine. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4519 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4519 Please log in as guest with password guest if prompted From extern.Martin.Gaeckler at esolutions.de Tue Apr 26 11:40:14 2016 From: extern.Martin.Gaeckler at esolutions.de (=?iso-8859-1?Q?G=E4ckler_Martin_=28EXT=29?=) Date: Tue, 26 Apr 2016 11:40:14 +0000 Subject: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 In-Reply-To: <571F4A7A.7090600@openssl.org> References: <88EA392813A6CF4A8778EB645EFF30495D77C019@DEGAMES02.eso.local> <571F30FA.8080805@openssl.org> <88EA392813A6CF4A8778EB645EFF30495D77C0B3@DEGAMES02.eso.local> <571F4A7A.7090600@openssl.org> Message-ID: <88EA392813A6CF4A8778EB645EFF30495D77C335@DEGAMES02.eso.local> Hi, I've asked my colleague to try this solution and it worked. I've seen, that the file "m_ecsda.c" had been removed from the source tree. Since my changes are based on this file, I assume, that my patch is not necessary. Once again, thanks for your help. BTW: We get the signature not with DER encoding. So we assume, that this was our real problem, now. Regards Martin -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Dienstag, 26. April 2016 13:01 To: openssl-dev at openssl.org Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256 On 26/04/16 10:39, G?ckler Martin (EXT) wrote: > Hi Matt, > > Thanks for the reply. According to my colleague the PHP function > opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This > does not work for the digest name "ecdsa-with-SHA256". Hmmm. No. Well "ecdsa-with-SHA256" is not a digest, so I would not expect EVP_get_digestbyname() to return one. But "sha256" is. Have you tried just using that? I am not familiar with the PHP language bindings at all, but I would expect that the ECDSA bit would be derived from the type of key used (i.e. if you supply an EC key then it will use ECDSA). Matt > > Nevertheless, I will try to create a new branch. > > Thanks again. > > Martin > > > > -----Original Message----- From: openssl-dev > [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell > Sent: Dienstag, 26. April 2016 11:12 To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and > NID_ecdsa_with_SHA256 > > > > On 26/04/16 09:43, G?ckler Martin (EXT) wrote: >> We're currently developing a system that uses OAuth protocol to >> identify the users. The service provider is developed in PHP and uses >> OpenSSL to verify the access token. Unfortunately the identity >> provider, which is managed by another company, uses ecdsa with >> sha256 to sign the access tokens. Although the constants for this >> method (SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256) are defined >> in OpenSSL, this method is currently not supported by OpenSSL. > > I'm not really sure what that means, since its perfectly possible to > use ECDSA in conjunction with SHA256 to sign data. E.g. just use > EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to > EVP_DigestSignInit() > > https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html > > > >> >> My question is, what can I do, to add my changes to the official >> OpenSSL sources. I'm new to github and OpenSSL development and I did >> not find a documentation suitable for me. We would appreciate if this >> method would become part of the official OpenSSL distribution. > > Create a new branch based on the master branch in git (new features > are not accepted into stable releases). Add your features to it and > push your changes to your github repo, and then create a github pull > request. > > Matt > > -- openssl-dev mailing list To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-dev > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From levitte at openssl.org Tue Apr 26 11:46:20 2016 From: levitte at openssl.org (Richard Levitte) Date: Tue, 26 Apr 2016 13:46:20 +0200 (CEST) Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571F2941.4040004@openssl.org> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> Message-ID: <20160426.134620.1769480541872118939.levitte@openssl.org> In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell said: matt> matt> matt> On 26/04/16 08:26, Richard Levitte wrote: matt> > [temporarly taking this thread away from RT] matt> > matt> > Basically, I can see two solutions: matt> > matt> > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); matt> > matt> > That's what's implemented in GH#995, except it doesn't check if the matt> > input parameters are NULL before setting the corresponding fields, matt> > so that call ends up clearing n and e. matt> > matt> > GH#995 could be changed so that any input parameter can be NULL, and matt> > that the corresponding RSA structure fields are left untouched. The matt> > consequence is that can never be made NULL. I can live with that, matt> > as I can't imagine a reason to reset the fields to NULL. matt> matt> IMO this is the way to go. As long as we can't set private key values matt> without first having set the public key, i.e. we should not be able to matt> get into an inconsistent state. I've seen no other opinion, so I went with it. Would you mind having a look at GH#995? I did a bit of change in the docs, but could need some help expressing it in a better manner. Also, I'd like to hear from Douglas and Tomas if these changes found in said pull request would fit your bill better... basically, it allows (or should allow, unless I've goofed something up) a call set like this: RSA_set0_key(rsa, n, e, NULL); /* other stuff done, such as calculatig d */ RSA_set0_key(rsa, NULL, NULL, d); Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From rt at openssl.org Tue Apr 26 12:25:21 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 26 Apr 2016 12:25:21 +0000 Subject: [openssl-dev] [openssl.org #4519] [openssl.org bug #993] New bug report In-Reply-To: <3c334aea5f734be5b30aa5f3d283ac77@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160425151536.465BF601754@mx1.sk.ee> <933eb30f0ab2427e8574cf2abaf4b171@usma1ex-dag1mb1.msg.corp.akamai.com> <20160426113519.4392C60174C@mx1.sk.ee> <3c334aea5f734be5b30aa5f3d283ac77@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > Thanks for registering, when I can expect first your feedback on this bug? This is a mostly volunteer open source project. So hopefully soon is the best you can expect. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4519 Please log in as guest with password guest if prompted From uri at ll.mit.edu Tue Apr 26 13:44:15 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 13:44:15 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems Message-ID: <20160426134424.18280531.26391.65375@ll.mit.edu> IMO, go ahead. Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Richard Levitte Sent: Tuesday, April 26, 2016 07:46 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell said: matt> matt> matt> On 26/04/16 08:26, Richard Levitte wrote: matt> > [temporarly taking this thread away from RT] matt> > matt> > Basically, I can see two solutions: matt> > matt> > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); matt> > matt> > That's what's implemented in GH#995, except it doesn't check if the matt> > input parameters are NULL before setting the corresponding fields, matt> > so that call ends up clearing n and e. matt> > matt> > GH#995 could be changed so that any input parameter can be NULL, and matt> > that the corresponding RSA structure fields are left untouched. The matt> > consequence is that can never be made NULL. I can live with that, matt> > as I can't imagine a reason to reset the fields to NULL. matt> matt> IMO this is the way to go. As long as we can't set private key values matt> without first having set the public key, i.e. we should not be able to matt> get into an inconsistent state. I've seen no other opinion, so I went with it. Would you mind having a look at GH#995? I did a bit of change in the docs, but could need some help expressing it in a better manner. Also, I'd like to hear from Douglas and Tomas if these changes found in said pull request would fit your bill better... basically, it allows (or should allow, unless I've goofed something up) a call set like this: RSA_set0_key(rsa, n, e, NULL); /* other stuff done, such as calculatig d */ RSA_set0_key(rsa, NULL, NULL, d); Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From tmraz at redhat.com Tue Apr 26 13:52:43 2016 From: tmraz at redhat.com (Tomas Mraz) Date: Tue, 26 Apr 2016 15:52:43 +0200 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160426.134620.1769480541872118939.levitte@openssl.org> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> Message-ID: <1461678763.18775.12.camel@redhat.com> On ?t, 2016-04-26 at 13:46 +0200, Richard Levitte wrote: >? > I've seen no other opinion, so I went with it.??Would you mind having > a look at GH#995???I did a bit of change in the docs, but could need > some help expressing it in a better manner. > > Also, I'd like to hear from Douglas and Tomas if these changes found > in said pull request would fit your bill better...??basically, it > allows (or should allow, unless I've goofed something up) a call set > like this: > > ????RSA_set0_key(rsa, n, e, NULL); > ????/* other stuff done, such as calculatig d */ > ????RSA_set0_key(rsa, NULL, NULL, d); Yes, this is a reasonable solution and the commit in GH#995 looks sane. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) From deengert at gmail.com Tue Apr 26 15:02:55 2016 From: deengert at gmail.com (Douglas E Engert) Date: Tue, 26 Apr 2016 10:02:55 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160426.134620.1769480541872118939.levitte@openssl.org> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> Message-ID: <571F831F.4080504@gmail.com> I can live with it. The only solution without some type of change was : RSA_set0_key(rsa, n, e, NULL); /* other stuff done, such as calculating d */ n_new = BN_dup(n); e_new = BN_dup(e); RSA_set0_key(rsa, n_new, e_new, d); It is really gross, and is not intuitive. Since you all appear to not want to support individual calls to set0 and get0 for each BIGNUM, a developer of other code is faced with a major rewrite of existing code just to work with OpenSSL-1.1.0-pre5. Using #if OPENSSL_VERSION_NUMBER everywhere leads to unreadable code. So to maintain a code base that can be compiled with OpenSSL version 0.9.7 through 1.1.0 with only a few #if OPENSSL_VERSION_NUMBER we are taking an approach to convert the code to the 1.1.0 API and create defines and macros for the older versions of OpenSSL in a header file The introduction of these *_get0_* *_set0_* have complicated the process even more, requiring us to inline versions of them for the older versions of OpenSSL. I suspect other developers are facing the same issues. On 4/26/2016 6:46 AM, Richard Levitte wrote: > In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell said: > > matt> > matt> > matt> On 26/04/16 08:26, Richard Levitte wrote: > matt> > [temporarly taking this thread away from RT] > matt> > > matt> > Basically, I can see two solutions: > matt> > > matt> > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); > matt> > > matt> > That's what's implemented in GH#995, except it doesn't check if the > matt> > input parameters are NULL before setting the corresponding fields, > matt> > so that call ends up clearing n and e. > matt> > > matt> > GH#995 could be changed so that any input parameter can be NULL, and > matt> > that the corresponding RSA structure fields are left untouched. The > matt> > consequence is that can never be made NULL. I can live with that, > matt> > as I can't imagine a reason to reset the fields to NULL. > matt> > matt> IMO this is the way to go. As long as we can't set private key values > matt> without first having set the public key, i.e. we should not be able to > matt> get into an inconsistent state. > > I've seen no other opinion, so I went with it. Would you mind having > a look at GH#995? I did a bit of change in the docs, but could need > some help expressing it in a better manner. > > Also, I'd like to hear from Douglas and Tomas if these changes found > in said pull request would fit your bill better... basically, it > allows (or should allow, unless I've goofed something up) a call set > like this: > > RSA_set0_key(rsa, n, e, NULL); > /* other stuff done, such as calculatig d */ > RSA_set0_key(rsa, NULL, NULL, d); > > Cheers, > Richard > -- Douglas E. Engert From deengert at gmail.com Tue Apr 26 15:16:20 2016 From: deengert at gmail.com (Douglas E Engert) Date: Tue, 26 Apr 2016 10:16:20 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571F831F.4080504@gmail.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> Message-ID: <571F8644.1040802@gmail.com> Let me update my response. If I am reading GH#995 correctly it still has an issue if a user does: RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ /* other stuff done, such as calculating d */ RSA_set0_key(rsa, n, e, d); rsa is left with n and e pointing to unallocated storage. On 4/26/2016 10:02 AM, Douglas E Engert wrote: > I can live with it. > The only solution without some type of change was : > > RSA_set0_key(rsa, n, e, NULL); > /* other stuff done, such as calculating d */ > n_new = BN_dup(n); > e_new = BN_dup(e); > RSA_set0_key(rsa, n_new, e_new, d); > > It is really gross, and is not intuitive. > > Since you all appear to not want to support individual calls to set0 and get0 for each BIGNUM, > a developer of other code is faced with a major rewrite of existing code just to work with OpenSSL-1.1.0-pre5. > > > Using #if OPENSSL_VERSION_NUMBER everywhere leads to unreadable code. So to maintain a code base that can be compiled > with OpenSSL version 0.9.7 through 1.1.0 with only a few #if OPENSSL_VERSION_NUMBER we are taking an approach to convert > the code to the 1.1.0 API and create defines and macros for the older versions of OpenSSL in a header file > The introduction of these *_get0_* *_set0_* have complicated the process even more, requiring us to inline versions > of them for the older versions of OpenSSL. > > I suspect other developers are facing the same issues. > > On 4/26/2016 6:46 AM, Richard Levitte wrote: >> In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell said: >> >> matt> >> matt> >> matt> On 26/04/16 08:26, Richard Levitte wrote: >> matt> > [temporarly taking this thread away from RT] >> matt> > >> matt> > Basically, I can see two solutions: >> matt> > >> matt> > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); >> matt> > >> matt> > That's what's implemented in GH#995, except it doesn't check if the >> matt> > input parameters are NULL before setting the corresponding fields, >> matt> > so that call ends up clearing n and e. >> matt> > >> matt> > GH#995 could be changed so that any input parameter can be NULL, and >> matt> > that the corresponding RSA structure fields are left untouched. The >> matt> > consequence is that can never be made NULL. I can live with that, >> matt> > as I can't imagine a reason to reset the fields to NULL. >> matt> >> matt> IMO this is the way to go. As long as we can't set private key values >> matt> without first having set the public key, i.e. we should not be able to >> matt> get into an inconsistent state. >> >> I've seen no other opinion, so I went with it. Would you mind having >> a look at GH#995? I did a bit of change in the docs, but could need >> some help expressing it in a better manner. >> >> Also, I'd like to hear from Douglas and Tomas if these changes found >> in said pull request would fit your bill better... basically, it >> allows (or should allow, unless I've goofed something up) a call set >> like this: >> >> RSA_set0_key(rsa, n, e, NULL); >> /* other stuff done, such as calculatig d */ >> RSA_set0_key(rsa, NULL, NULL, d); >> >> Cheers, >> Richard >> > -- Douglas E. Engert From rt at openssl.org Tue Apr 26 15:21:25 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 26 Apr 2016 15:21:25 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> Message-ID: > I can live with it. > The only solution without some type of change was : > > RSA_set0_key(rsa, n, e, NULL); > /* other stuff done, such as calculating d */ > n_new = BN_dup(n); > e_new = BN_dup(e); > RSA_set0_key(rsa, n_new, e_new, d); > > It is really gross, and is not intuitive. Do the dup calls before the RSA_set0_key call. Once that function returns, you have lost all rights to use n and e :) Or perhaps do this: RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL); > Since you all appear to not want to support individual calls to set0 and get0 > for each BIGNUM, a developer of other code is faced with a major rewrite of > existing code just to work with OpenSSL-1.1.0-pre5. I understand your frustration about having to change code. But I think major rewrite is a bit of an overstatement. > [S]o to maintain a code base that can be compiled with OpenSSL version > 0.9.7 through 1.1.0 with only a few #if OPENSSL_VERSION_NUMBER we are > taking an approach to convert the code to the 1.1.0 API and create defines > and macros for the older versions of OpenSSL in a header file The > introduction of these *_get0_* *_set0_* have complicated the process even > more, requiring us to inline versions of them for the older versions of > OpenSSL. We would love to see such a compatibility "get ready for 1.1" facility, and if there were a git repo we could point to, we would gladly do so. "Our code builds with every version of OpenSSL for the past 20 years" is kind of a neat thing to say, but outside of bragging rights, I'm not sure it's worth the effort. But it's your code, not ours, so do what you want :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rt at openssl.org Tue Apr 26 15:21:59 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 26 Apr 2016 15:21:59 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ > /* other stuff done, such as calculating d */ RSA_set0_key(rsa, n, e, d); > > rsa is left with n and e pointing to unallocated storage. That code is incorrect. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From matt at openssl.org Tue Apr 26 15:25:25 2016 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 Apr 2016 16:25:25 +0100 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571F8644.1040802@gmail.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> Message-ID: <571F8865.2000408@openssl.org> On 26/04/16 16:16, Douglas E Engert wrote: > Let me update my response. > If I am reading GH#995 correctly it still has an issue if a user does: > > RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ > /* other stuff done, such as calculating d */ > RSA_set0_key(rsa, n, e, d); > > rsa is left with n and e pointing to unallocated storage. You should not call it like that (programmer error). RSA_get0_key transfers ownership of the memory. You must only transfer ownership for memory that you own! By calling it again you are attempting to transfer ownership of memory that you don't own. Matt From uri at ll.mit.edu Tue Apr 26 15:37:53 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 15:37:53 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: On 4/26/16, 11:21 , "openssl-dev on behalf of Salz, Rich via RT" wrote: >> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ >> /* other stuff done, such as calculating d */ >>RSA_set0_key(rsa, n, e, d); >> >> rsa is left with n and e pointing to unallocated storage. > >That code is incorrect. Would you mind giving more explanation please? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From bkaduk at akamai.com Tue Apr 26 15:42:41 2016 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Tue, 26 Apr 2016 10:42:41 -0500 Subject: [openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free) In-Reply-To: References: Message-ID: <571F8C71.1070703@akamai.com> On 04/25/2016 10:18 PM, Alex Hultman wrote: > Hi Benjamin, > > Thanks for the answer. I actually found a working solution just a > couple of minutes after I posted but I still wanted to hear what you > recommended. I just did ssl->references++; and also the same on the > attached BIO's before SSL_set_fd. This works perfectly and I'm able to > take over the SSL connection even after the original And now you have a subtle threading bug that will only manifest under load -- do not mix ordinary increments (references++) with locked or otherwise atomic operations (CRYPTO_add). > server "destroys" their socket. > > I guess I just need to use SSL_up_ref when compiling for OpenSSL 1.1.0 > then. > You'll need to switch APIs for 1.1.0, yes. -Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at redhat.com Tue Apr 26 15:43:55 2016 From: tmraz at redhat.com (Tomas Mraz) Date: Tue, 26 Apr 2016 17:43:55 +0200 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571F8644.1040802@gmail.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> Message-ID: <1461685435.18775.17.camel@redhat.com> On ?t, 2016-04-26 at 10:16 -0500, Douglas E Engert wrote: > Let me update my response. > If I am reading GH#995 correctly it still has an issue if a user > does: > > RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ > /* other stuff done, such as calculating d */ > RSA_set0_key(rsa, n, e, d); > > rsa is left with n and e pointing to unallocated storage. This is programmer error in your code because the RSA_get0_key is documented to just return internal data and must not be freed. Thus you're not allowed to pass the returned values to RSA_set0_key(). --? Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) From uri at ll.mit.edu Tue Apr 26 15:50:34 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 15:50:34 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <1461685435.18775.17.camel@redhat.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <1461685435.18775.17.camel@redhat.com> Message-ID: On 4/26/16, 11:43 , "openssl-dev on behalf of Tomas Mraz" wrote: >On ?t, 2016-04-26 at 10:16 -0500, Douglas E Engert wrote: >> Let me update my response. >> If I am reading GH#995 correctly it still has an issue if a user >> does: >> >> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ >> /* other stuff done, such as calculating d */ >> RSA_set0_key(rsa, n, e, d); >> >> rsa is left with n and e pointing to unallocated storage. > >This is programmer error in your code because the RSA_get0_key is >documented to just return internal data and must not be freed. Thus >you're not allowed to pass the returned values to RSA_set0_key(). May I suggest that this (obvious to you) text be added to the manual page for both _get0_key() and _set0_key()? [Yes it would be redundant, but IMHO better than allowing a harried programmer making a silly mistake ?because he should?ve known better".] -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From kurt at roeckx.be Tue Apr 26 17:19:13 2016 From: kurt at roeckx.be (Kurt Roeckx) Date: Tue, 26 Apr 2016 19:19:13 +0200 Subject: [openssl-dev] Getting raw ASN1 data from X509 certificate Message-ID: <20160426171913.GA31871@roeckx.be> Hi, I'm working on a tool that checks various things related to X509 certificates. I want to check that the encoding is actually correct DER. With things like ASN1_TIME is seems easy to get to the raw data, it just seems to contain it. But when I try it with an ASN1_INTEGER it doesn't seem to contain all the data. For instance, if it's a number that starts with a byte >= 0x80, the encoding should have a 0x00 in front of it. But in the ASN1_INTEGER it already seems to have removed that 0x00. Is there a way I can get to raw encoding? Or do I need to write my own parser (or use an other existing one) to be able to get to it? Kurt From openssl-users at dukhovni.org Tue Apr 26 17:48:29 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 26 Apr 2016 13:48:29 -0400 Subject: [openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free) In-Reply-To: References: Message-ID: > On Apr 25, 2016, at 11:18 PM, Alex Hultman wrote: > > Thanks for the answer. I actually found a working solution just a couple of minutes after I posted but I still wanted to hear what you recommended. I just did ssl->references++; and also the same on the attached BIO's before SSL_set_fd. This works perfectly and I'm able to take over the SSL connection even after the original server "destroys" their socket. I would not also increment the reference counts on the BIOs except for any that are explicitly freed by the other thread. You be introducing a memory and file descriptor leak. -- Viktor. From deengert at gmail.com Tue Apr 26 17:55:28 2016 From: deengert at gmail.com (Douglas E Engert) Date: Tue, 26 Apr 2016 12:55:28 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <1461685435.18775.17.camel@redhat.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <1461685435.18775.17.camel@redhat.com> Message-ID: <571FAB90.8030100@gmail.com> Yes, there was an error in my example, the first line should have read: RSA_get0_key(rsa, &n, &e, NULL); The rsa was created in a different routine, so n and e were already set. I am not the one freeing it is your RSA_set0_key that is doing the free. Adding the test "if (n != rsa->n)" before the BN_free in the RSA_set0_key would catch this. If the intent of all these new routines it to make sure the data is consistent, please consider adding the above test. Without some change, it is going to catch many others too as they try and convert existing code. On 4/26/2016 10:43 AM, Tomas Mraz wrote: > On ?t, 2016-04-26 at 10:16 -0500, Douglas E Engert wrote: >> Let me update my response. >> If I am reading GH#995 correctly it still has an issue if a user >> does: >> >> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ >> /* other stuff done, such as calculating d */ >> RSA_set0_key(rsa, n, e, d); >> >> rsa is left with n and e pointing to unallocated storage. > > This is programmer error in your code because the RSA_get0_key is > documented to just return internal data and must not be freed. Thus > you're not allowed to pass the returned values to RSA_set0_key(). > > -- > Tomas Mraz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > (You'll never know whether the road is wrong though.) > > > -- Douglas E. Engert From deengert at gmail.com Tue Apr 26 17:56:12 2016 From: deengert at gmail.com (Douglas E Engert) Date: Tue, 26 Apr 2016 12:56:12 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <571FABBC.7010806@gmail.com> OK there was an error in my example. The get needed 2 "&": RSA_get0_key(rsa, &my_n, &my_e, NULL); /* note this is a GET0 */ /* my_n now points to the BIGNUM as does rsa->n */ /* my_e now points to the BIGNUM as does rsa->e */ /* other stuff done, such as calculating d */ RSA_set0_key(rsa, my_n, my_e, d); /* RSA_set0_key does not check if my_n == rsa->n It frees rsa->n and replaces it with my_n which is is pointing at the freed location */ >> On 4/26/2016 10:37 AM, Blumenthal, Uri - 0553 - MITLL wrote: > On 4/26/16, 11:21 , "openssl-dev on behalf of Salz, Rich via RT" > wrote: > >>> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ >>> /* other stuff done, such as calculating d */ >>> RSA_set0_key(rsa, n, e, d); >>> >>> rsa is left with n and e pointing to unallocated storage. >> >> That code is incorrect. > > Would you mind giving more explanation please? > > > -- Douglas E. Engert From uri at ll.mit.edu Tue Apr 26 18:02:05 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 18:02:05 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571FABBC.7010806@gmail.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> Message-ID: On 4/26/16, 13:56 , "openssl-dev on behalf of Douglas E Engert" wrote: >... >RSA_get0_key(rsa, &my_n, &my_e, NULL); /* note this is a GET0 */ > >/* my_n now points to the BIGNUM as does rsa->n */ >/* my_e now points to the BIGNUM as does rsa->e */ > >/* other stuff done, such as calculating d */ > >RSA_set0_key(rsa, my_n, my_e, d); > >/* RSA_set0_key does not check if my_n == rsa->n >It frees rsa->n and replaces it with my_n which is is pointing at the >freed location */ After all the discussion that occurred here, I think that the problem Doug is pointing at should be fixed, and the solution he recommends should be put in. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From rt at openssl.org Tue Apr 26 18:03:39 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 26 Apr 2016 18:03:39 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> Message-ID: That code is still wrong. Once you "get0" something you can only look at it. You cannot pass it off to a "set0" function. Get0 gives you a pointer that *you do not own* and *set0* takes a pointer that you DO own and are giving away. You can't give away something that isn't yours :) The error is thinking that "my_e" is yours; it's not. As documtend. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From uri at ll.mit.edu Tue Apr 26 18:12:39 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 18:12:39 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> Message-ID: On 4/26/16, 14:03 , "openssl-dev on behalf of Salz, Rich via RT" wrote: >That code is still wrong. Once you "get0" something you can only look at >it. You cannot pass it off to a "set0" function. Get0 gives you a >pointer that *you do not own* and *set0* takes a pointer that you DO own >and are giving away. On the other hand, it seems all to easy (IMHO) for a programmer to think ?I got it from OpenSSL, and I?m passing it back?" >You can't give away something that isn't yours :) Funny, most of the governments I know of do this quite successfully and at quite a large scale. For a long time too. :) >The error is thinking that "my_e" is yours; it's not. As documented. Look. If Doug noticed this, programmers less intimate with this API are much more likely to get stung by it. The protection against such a misunderstanding is cheap. There is no justification for refusing to put this defense in. Insulate the wires instead of saying ?I told him not to touch those wires?. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From rsalz at akamai.com Tue Apr 26 18:20:25 2016 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 26 Apr 2016 18:20:25 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> Message-ID: <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> > Look. If Doug noticed this, programmers less intimate with this API are much > more likely to get stung by it. The protection against such a misunderstanding > is cheap. Is it? And what is that protection? Without introducing memory leaks. From uri at ll.mit.edu Tue Apr 26 18:25:44 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 18:25:44 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich" wrote: >> Look. If Doug noticed this, programmers less intimate with this API are >>much >> more likely to get stung by it. The protection against such a >>misunderstanding >> is cheap. > >Is it? I think it is. See Doug?s post. >And what is that protection? Checking whether (n, e) passed are pointing at rsa?s own, and not freeing them if they do. See Doug?s posting for the details. > Without introducing memory leaks. It certainly does not look like this check would introduce any memory leaks, while on the other hand it would prevent a few crashes. If you think otherwise - would you care to illustrate? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From openssl-users at dukhovni.org Tue Apr 26 19:15:32 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 26 Apr 2016 19:15:32 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571FAB90.8030100@gmail.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <1461685435.18775.17.camel@redhat.com> <571FAB90.8030100@gmail.com> Message-ID: <20160426191532.GH26423@mournblade.imrryr.org> On Tue, Apr 26, 2016 at 12:55:28PM -0500, Douglas E Engert wrote: > Adding the test "if (n != rsa->n)" before the BN_free in the RSA_set0_key > would catch this. The correct test is to return an error in that case, not to skip the free. The caller is doing the wrong thing, and we should not silently ignore the mistake. There may be other pointers that the caller does not own that he might be tempted to pass into these functions, say get0 the data from one RSA object and attempt to set0 the same parameters on another. The only systemic fix is much more complex. We'd need to manage and set "library-owned" boolean fields in all the structures returned by get0 functions and refuse to accept these in "set0" functions. Thus a new() constructor would produce a caller owned structure, as would a get1() accessor, but a get0() access would return a library owned structure, which would be unsuitable for a set0() call that takes ownership. Implementing this pattern would be a major overhaul of the library. For now, yes we could detect just one class of mistake, but I don't think we should "correct" the mistake, rather we should report it as such to the caller. -- Viktor. From uri at ll.mit.edu Tue Apr 26 19:32:35 2016 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 Apr 2016 19:32:35 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160426191532.GH26423@mournblade.imrryr.org> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571F831F.4080504@gmail.com> <571F8644.1040802@gmail.com> <1461685435.18775.17.camel@redhat.com> <571FAB90.8030100@gmail.com> <20160426191532.GH26423@mournblade.imrryr.org> Message-ID: On 4/26/16, 15:15 , "openssl-dev on behalf of Viktor Dukhovni" wrote: >On Tue, Apr 26, 2016 at 12:55:28PM -0500, Douglas E Engert wrote: >> Adding the test "if (n != rsa->n)" before the BN_free in the >>RSA_set0_key >> would catch this. > >The correct test is to return an error in that case, not to skip >the free. The caller is doing the wrong thing, and we should not >silently ignore the mistake. I?m very certain that this test should be done. What?s the correct behavior if/when the caller is ?caught? doing the wrong thing - I leave to you guys to decide, as your experience and understanding of these API is better than mine. >There may be other pointers that the caller does not own that he >might be tempted to pass into these functions, say get0 the data >from one RSA object and attempt to set0 the same parameters on >another. I hear you? :-( >The only systemic fix is much more complex. We'd need to manage >and set "library-owned" boolean fields in all the structures returned >by get0 functions and refuse to accept these in "set0" functions. > >Thus a new() constructor would produce a caller owned structure, >as would a get1() accessor, but a get0() access would return a >library owned structure, which would be unsuitable for a set0() >call that takes ownership. Right now get0() returns a library-owned structure. But there isn?t a get1() accessor (unless I?m too tired to search correctly :). >Implementing this pattern would be a major overhaul of the library. I hear you. >For now, yes we could detect just one class of mistake, but I >don't think we should "correct" the mistake, rather we should >report it as such to the caller. I think that detecting just one class of mistake makes one mistake class less to worry about. So it would be great to catch at least this one class for now. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4324 bytes Desc: not available URL: From deengert at gmail.com Tue Apr 26 19:49:17 2016 From: deengert at gmail.com (Douglas E Engert) Date: Tue, 26 Apr 2016 14:49:17 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <571FC63D.80303@gmail.com> On 4/26/2016 1:20 PM, Salz, Rich wrote: >> Look. If Doug noticed this, programmers less intimate with this API are much >> more likely to get stung by it. The protection against such a misunderstanding >> is cheap. > > > Is it? And what is that protection? Without introducing memory leaks. In RSA_set0_key: After any type of NULL test: if (e != rsa->e) { BN_free(rsa->e); rsa->e = e; } > -- Douglas E. Engert From openssl at roumenpetrov.info Tue Apr 26 20:17:50 2016 From: openssl at roumenpetrov.info (Roumen Petrov) Date: Tue, 26 Apr 2016 23:17:50 +0300 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160426.134620.1769480541872118939.levitte@openssl.org> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> Message-ID: <571FCCEE.8010001@roumenpetrov.info> Hello Richard, Richard Levitte wrote: > In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell said: > > [SNIP] > I've seen no other opinion, so I went with it. Would you mind having > a look at GH#995? I did a bit of change in the docs, but could need > some help expressing it in a better manner. > > Also, I'd like to hear from Douglas and Tomas if these changes found > in said pull request would fit your bill better... basically, it > allows (or should allow, unless I've goofed something up) a call set > like this: > > RSA_set0_key(rsa, n, e, NULL); > /* other stuff done, such as calculatig d */ > RSA_set0_key(rsa, NULL, NULL, d); As methods allows user to set only public part I would like to propose to add new key method "...set0_privkey" to set just private key. This will allow to avoid duplicate of key public part between get0 and set0 key methods. For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical sample of an upgrade to 1.1 API. RSA is similar. > > Cheers, > Richard > Roumen -------------- next part -------------- A non-text attachment was scrubbed... Name: 0009-sshkey.c-opaque-DSA-structure.patch Type: text/x-diff Size: 9764 bytes Desc: not available URL: From rt at openssl.org Tue Apr 26 21:11:53 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Tue, 26 Apr 2016 21:11:53 +0000 Subject: [openssl-dev] [openssl.org #4520] Camellia asm build failure for 1.1.0pre5 on Solaris (typo in build.info) In-Reply-To: <571FD997.4050008@openssl.org> References: <571E5833.70805@kippdata.de> <571FD997.4050008@openssl.org> Message-ID: > The change > > https://github.com/openssl/openssl/commit/5384d1e4ebd58f31a06b2f5d1f6c4b28f63d72ed > > introduced a typo in the last line of file crypto/camellia/build.info. Fixed. Thanks for report. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4520 Please log in as guest with password guest if prompted From praveen at viptela.com Tue Apr 26 21:12:58 2016 From: praveen at viptela.com (Praveen Kariyanahalli) Date: Tue, 26 Apr 2016 14:12:58 -0700 Subject: [openssl-dev] [openssl.org #4521] openssl GCM ordering In-Reply-To: References: Message-ID: See inline. Look for Praveen. On Mon, Apr 25, 2016 at 7:20 PM, Brian Smith wrote: > Praveen Kariyanahalli via RT wrote: > >> Is there is a reason why openssl has restriction of auth before encrypt >> order ? I dont believe there is an algo restriction, was wondering why >> openssl has this. >> > > It *is* inherent in the algorithm. The authentication tag for the AAD is > computed first, then the authentication tag for the encrypted data is > computed. > [praveen] From the NIST documentation it is not that clear (SP-800-38D page 15). Steps: 1. Let H = CIPHK(0128). 2. Define a block, J0, as follows: If len(IV)=96, then let J0 = IV || 031 ||1. If len(IV) ? 96, then let s = 128 ?len(IV)/128?-len(IV), and let J0=GHASHH(IV||0s+64||[len(IV)]64). * 3. Let C=GCTRK(inc32(J0), P). * 4. Let u = ?? ? ( ) C ? len128len128 (C) and let v = ?? (A) ? ? len128len128 ( ) A . * 5. Define a block, S, as follows: S = GHASHH (A || 0v || C || 0u || [len(A)]64 || [len(C)]64). * 6. Let T ( ) SJ K , 0 ( ). = MSBt GCTR 7. Return (C, T). Sorry my cut n paste swallowed some characters :). The steps mentioned itself is NOT the order you mention. > > >> The reason I bring this up, is that when I broadcast/multicast traffic >> need >> not encrypt the payload multiple times, but need to auth the header >> differently and openssl is refusing to cooperate :) > > > With AEADs, in general, you can't separate the authentication from the > encryption like that. > > [praveen] I agree, but I was talking about auth only part. For example, in a packet that need to be replicated, the outer header will change for each recipient, but the payload will remain same. Was wondering if I can benefit by skipping the C part for the subsequent copies. I totally understand for HW implementation it does NOT make sense. But was curious why this restriction? Thanks -Praveen > Cheers, > Brian > -- > https://briansmith.org/ > > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -- -Praveen -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Tue Apr 26 21:18:23 2016 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 26 Apr 2016 21:18:23 +0000 Subject: [openssl-dev] [openssl.org #4521] openssl GCM ordering In-Reply-To: References: Message-ID: This is the way GCM works. Perhaps you need something else, like CBC mode. Closing this ticket. From levitte at openssl.org Tue Apr 26 21:53:09 2016 From: levitte at openssl.org (Richard Levitte) Date: Tue, 26 Apr 2016 23:53:09 +0200 (CEST) Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571FCCEE.8010001@roumenpetrov.info> References: <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571FCCEE.8010001@roumenpetrov.info> Message-ID: <20160426.235309.1135657706747461634.levitte@openssl.org> In message <571FCCEE.8010001 at roumenpetrov.info> on Tue, 26 Apr 2016 23:17:50 +0300, Roumen Petrov said: openssl> Hello Richard, openssl> openssl> Richard Levitte wrote: openssl> > In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 openssl> > +0100, Matt Caswell said: openssl> > openssl> > [SNIP] openssl> > I've seen no other opinion, so I went with it. Would you mind having openssl> > a look at GH#995? I did a bit of change in the docs, but could need openssl> > some help expressing it in a better manner. openssl> > openssl> > Also, I'd like to hear from Douglas and Tomas if these changes found openssl> > in said pull request would fit your bill better... basically, it openssl> > allows (or should allow, unless I've goofed something up) a call set openssl> > like this: openssl> > openssl> > RSA_set0_key(rsa, n, e, NULL); openssl> > /* other stuff done, such as calculatig d */ openssl> > RSA_set0_key(rsa, NULL, NULL, d); openssl> As methods allows user to set only public part I would like to propose openssl> to add new key method "...set0_privkey" to set just private key. openssl> This will allow to avoid duplicate of key public part between get0 and openssl> set0 key methods. That's conceptually confusing, as the private RSA key is composed of e and d. Why would anyone expect to give it only d? -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From tmraz at redhat.com Wed Apr 27 09:30:02 2016 From: tmraz at redhat.com (Tomas Mraz) Date: Wed, 27 Apr 2016 11:30:02 +0200 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <1461749402.29019.9.camel@redhat.com> On ?t, 2016-04-26 at 18:25 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich" > > wrote: > > > > > > > > > Look. If Doug noticed this, programmers less intimate with this > > > API are > > > much > > > more likely to get stung by it. The protection against such a > > > misunderstanding > > > is cheap. > > Is it??? > I think it is. See Doug?s post. > > > > > > And what is that protection? > Checking whether (n, e) passed are pointing at rsa?s own, and not > freeing > them if they do. See Doug?s posting for the details. No, that gives only false sense of correctness. And in another instance you can try to get n, e from another RSA object and set it to a different one and boom, you have doublefree or use-after-free in your code. I agree that this sequence - get + set should be more precisely documented as forbidden but that's it. --? Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) From levitte at openssl.org Wed Apr 27 09:55:17 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 27 Apr 2016 11:55:17 +0200 (CEST) Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571FCCEE.8010001@roumenpetrov.info> References: <571F2941.4040004@openssl.org> <20160426.134620.1769480541872118939.levitte@openssl.org> <571FCCEE.8010001@roumenpetrov.info> Message-ID: <20160427.115517.1049117197974960953.levitte@openssl.org> In message <571FCCEE.8010001 at roumenpetrov.info> on Tue, 26 Apr 2016 23:17:50 +0300, Roumen Petrov said: openssl> For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical openssl> sample of an upgrade to 1.1 API. RSA is similar. A quick side remark: check the return value of DSA_set0_*... -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From appro at openssl.org Wed Apr 27 10:04:21 2016 From: appro at openssl.org (Andy Polyakov) Date: Wed, 27 Apr 2016 12:04:21 +0200 Subject: [openssl-dev] [openssl.org #4521] openssl GCM ordering In-Reply-To: References: Message-ID: <57208EA5.2070301@openssl.org> > Is there is a reason why openssl has restriction of auth before > encrypt > order ? I dont believe there is an algo restriction, was > wondering why > openssl has this. > > > It *is* inherent in the algorithm. The authentication tag for the > AAD is computed first, then the authentication tag for the encrypted > data is computed. > > [praveen] From the NIST documentation it is not that clear (SP-800-38D > page 15). Yes, it is, clear that is. > * 5. Define a block, S, as follows: S = GHASHH (A || 0v || C || 0u > || [len(A)]64 || [len(C)]64). * It says GHASH over AAD *followed* by Ciphertext, etc. > I agree, but I was talking about auth only part. For example, in a > packet that need to be replicated, the outer header will change for each > recipient, but the payload will remain same. Was wondering if I can > benefit by skipping the C part for the subsequent copies. > > I totally understand for HW implementation it does NOT make sense. But > was curious why this restriction? What restriction? Initial question was why does CRYPTO_gcm128_aad work the way it does (and the answer is to comply with specification), and now it seems to be shifting toward more philosophical why does specification look the way it does? Point is that it looks like a wrong question is being asked. One should rather wonder what would it take to make so to say "fan-out" operation comply with specification, i.e. manufacturing compliant MACs given same initial parameters and pre-encrypted payload. Obviously it would have to take dedicated effort and dedicated interface, say CRYPTO_gcm128_noencrypt(ctx,in,len) in place for CRYPTO_gcm128_encrypt that would do the hashing of the pre-encrypted payload. However! This doesn't mean that it's actually appropriate to implement and do. I mean, as already pointed by others, it doesn't sound like GCM is the right choice for "fan-out"... From rt at openssl.org Wed Apr 27 13:01:55 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Wed, 27 Apr 2016 13:01:55 +0000 Subject: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter? In-Reply-To: <5720B83D.1040006@openssl.org> References: <201604151110.u3FBAW7v017702@d06av02.portsmouth.uk.ibm.com> <5720B83D.1040006@openssl.org> Message-ID: Hi, > The following code in the ChaCha20_ctr32 function in > crypto/chacha/chacha_enc.c looks like you are actually using an IV=[64bit > counter||64 bit nonce] as specified in the "original Bernstein ChaCha" > instead of IV=[32bit counter||96bit nonce] as specified in RFC7539. Correct. While it's indeed confusing, it doesn't affect RFC7539 compliant operation, because subroutine in question takes in full-length 128-bit counter value and is essentially is agnostic to where nonce starts. So that caller has control over effective length of the nonce, as well as indirectly width of the counter. Latter can be achieved by limiting the amount of processed data. I mean if caller passes 0XYZ counter value (every digit/letter representing 32-bit value and XYZ being nonce) but never asks to process more than 2^38 bytes, that counter would never overstep the boundary. > u32 input[16]; > [...] > /* advance counter */ > if (++input[12] == 0) > input[13]++; But even though it doesn't actually affect operation, it's appropriate to remove the overflow handling at least to harmonize with subroutine name, ChaCha20_ctr32, as well as with assembly implementations. Thanks for report. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4512 Please log in as guest with password guest if prompted From steve at openssl.org Wed Apr 27 13:04:11 2016 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 27 Apr 2016 13:04:11 +0000 Subject: [openssl-dev] Getting raw ASN1 data from X509 certificate In-Reply-To: <20160426171913.GA31871@roeckx.be> References: <20160426171913.GA31871@roeckx.be> Message-ID: <20160427130411.GA19439@openssl.org> On Tue, Apr 26, 2016, Kurt Roeckx wrote: > Hi, > > I'm working on a tool that checks various things related to X509 > certificates. I want to check that the encoding is actually > correct DER. With things like ASN1_TIME is seems easy to get to > the raw data, it just seems to contain it. But when I try it with > an ASN1_INTEGER it doesn't seem to contain all the data. For > instance, if it's a number that starts with a byte >= 0x80, the > encoding should have a 0x00 in front of it. But in the > ASN1_INTEGER it already seems to have removed that 0x00. > > Is there a way I can get to raw encoding? Or do I need to write > my own parser (or use an other existing one) to be able to get to > it? > For ASN1_INTEGER you the structure contains the integer value in big endian format stripping off any padding. If you call the i2d function you'll get the encoding back but it does that by reencoding the value so it may not match the original if it's isn't DER. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Wed Apr 27 13:11:05 2016 From: rt at openssl.org (Richard Levitte via RT) Date: Wed, 27 Apr 2016 13:11:05 +0000 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <571D2C56.8070604@gmail.com> References: <571D2C56.8070604@gmail.com> Message-ID: After quite a lot of discussion, we finally came to a solution. Commits 1da12e34ed69cec206f3a251a1e62ceeb694a6ea and 4c5e6b2cb95a4332829af140e5edba965c9685ce That closes this ticket. Cheers, Richard -- Richard Levitte levitte at openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518 Please log in as guest with password guest if prompted From rt at openssl.org Wed Apr 27 13:33:42 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Wed, 27 Apr 2016 13:33:42 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: <5720BFB6.3010401@openssl.org> References: <1460455510.3558.29.camel@redhat.com> <5720BFB6.3010401@openssl.org> Message-ID: > Valgrind does not necessarily support all instructions, if there?s any optimized assembly, you might run into problems. > Are you able to compile a non-assembly version of the OpenSSL library? > Are you able to update to a newer Valgrind? Or at least tell valgrind version, because I can't reproduce the problem with 3.10.1. At any event you can also see if it's problem with unsupported instructions, unsupported by [your version of] valgrind that is, by manipulating OPENSSL_ia32cap environment variable. You can disable AVX2 code paths by setting it to :~0x20 or simply :0 if it runs into more "too-new-to-be-possible" instructions. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From rt at openssl.org Wed Apr 27 13:52:24 2016 From: rt at openssl.org (Patrick Steuer via RT) Date: Wed, 27 Apr 2016 13:52:24 +0000 Subject: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter? In-Reply-To: <201604271351.u3RDpqeQ029781@d06av07.portsmouth.uk.ibm.com> References: <201604151110.u3FBAW7v017702@d06av02.portsmouth.uk.ibm.com> <5720B83D.1040006@openssl.org> <201604271351.u3RDpqeQ029781@d06av07.portsmouth.uk.ibm.com> Message-ID: Hi, I'm aware it doesn't affect anything because the caller shouldn't process more than 2^32 * 64 bytes per key/nonce setup anyway. I was just wondering because it differs from the s390 asm implementation (and whether there is a particular reason to do so). Thanks for reply. Mit freundlichen Gr??en / Kind regards Patrick Steuer Crypto for Linux on z Systems Phone: +49-7031-16-1600 Email: patrick.steuer at de.ibm.com IBM Deutschland Research & Development GmbH Sch?naicher Str. 220, 71032 B?blingen From: Andy Polyakov via RT To: Patrick Steuer/Germany/IBM at IBMDE Cc: openssl-dev at openssl.org Date: 27.04.2016 15:02 Subject: Re: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter? Hi, > The following code in the ChaCha20_ctr32 function in > crypto/chacha/chacha_enc.c looks like you are actually using an IV=[64bit > counter||64 bit nonce] as specified in the "original Bernstein ChaCha" > instead of IV=[32bit counter||96bit nonce] as specified in RFC7539. Correct. While it's indeed confusing, it doesn't affect RFC7539 compliant operation, because subroutine in question takes in full-length 128-bit counter value and is essentially is agnostic to where nonce starts. So that caller has control over effective length of the nonce, as well as indirectly width of the counter. Latter can be achieved by limiting the amount of processed data. I mean if caller passes 0XYZ counter value (every digit/letter representing 32-bit value and XYZ being nonce) but never asks to process more than 2^38 bytes, that counter would never overstep the boundary. > u32 input[16]; > [...] > /* advance counter */ > if (++input[12] == 0) > input[13]++; But even though it doesn't actually affect operation, it's appropriate to remove the overflow handling at least to harmonize with subroutine name, ChaCha20_ctr32, as well as with assembly implementations. Thanks for report. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4512 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4512 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From nmav at redhat.com Wed Apr 27 14:24:31 2016 From: nmav at redhat.com (Nikos Mavrogiannopoulos) Date: Wed, 27 Apr 2016 16:24:31 +0200 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: References: <1460455510.3558.29.camel@redhat.com> <5720BFB6.3010401@openssl.org> Message-ID: <1461767071.2838.12.camel@redhat.com> On Wed, 2016-04-27 at 13:33 +0000, Andy Polyakov via RT wrote: > > > > Valgrind does not necessarily support all instructions, if there?s > > any optimized assembly, you might run into problems. > > Are you able to compile a non-assembly version of the OpenSSL > > library? > > Are you able to update to a newer Valgrind? > Or at least tell valgrind version, because I can't reproduce the > problem > with 3.10.1. At any event you can also see if it's problem with > unsupported instructions, unsupported by [your version of] valgrind > that > is, by manipulating OPENSSL_ia32cap environment variable. You can > disable AVX2 code paths by setting it to :~0x20 or simply :0 if it > runs into more "too-new-to-be-possible" instructions. I tried with valgrind-3.11.0. From rt at openssl.org Wed Apr 27 14:24:46 2016 From: rt at openssl.org (Nikos Mavrogiannopoulos via RT) Date: Wed, 27 Apr 2016 14:24:46 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: <1461767071.2838.12.camel@redhat.com> References: <1460455510.3558.29.camel@redhat.com> <5720BFB6.3010401@openssl.org> <1461767071.2838.12.camel@redhat.com> Message-ID: On Wed, 2016-04-27 at 13:33 +0000, Andy Polyakov via RT wrote: > > > > Valgrind does not necessarily support all instructions, if there?s > > any optimized assembly, you might run into problems. > > Are you able to compile a non-assembly version of the OpenSSL > > library? > > Are you able to update to a newer Valgrind? > Or at least tell valgrind version, because I can't reproduce the > problem > with 3.10.1. At any event you can also see if it's problem with > unsupported instructions, unsupported by [your version of] valgrind > that > is, by manipulating OPENSSL_ia32cap environment variable. You can > disable AVX2 code paths by setting it to :~0x20 or simply :0 if it > runs into more "too-new-to-be-possible" instructions. I tried with valgrind-3.11.0. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From rt at openssl.org Wed Apr 27 14:38:10 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Wed, 27 Apr 2016 14:38:10 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: <5720CED1.3030604@openssl.org> References: <1460455510.3558.29.camel@redhat.com> <5720BFB6.3010401@openssl.org> <1461767071.2838.12.camel@redhat.com> <5720CED1.3030604@openssl.org> Message-ID: >>> Valgrind does not necessarily support all instructions, if there?s >>> any optimized assembly, you might run into problems. >>> Are you able to compile a non-assembly version of the OpenSSL >>> library? >>> Are you able to update to a newer Valgrind? >> Or at least tell valgrind version, because I can't reproduce the >> problem >> with 3.10.1. At any event you can also see if it's problem with >> unsupported instructions, unsupported by [your version of] valgrind >> that >> is, by manipulating OPENSSL_ia32cap environment variable. You can >> disable AVX2 code paths by setting it to :~0x20 or simply :0 if it >> runs into more "too-new-to-be-possible" instructions. > > I tried with valgrind-3.11.0. Tough break... One can actually wonder if valgrind tampers with processor capability vector... And it totally does! I.e. even though my processor is AVX2-capable, when executed under my valgrind openssl doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2 flag, but failed to recognize all the instructions it should have... -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From rt at openssl.org Wed Apr 27 15:03:48 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Wed, 27 Apr 2016 15:03:48 +0000 Subject: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure In-Reply-To: <5720D4D3.4050403@openssl.org> References: <007701d19068$3e78fcd0$bb6af670$@trifox.com> <57068ED1.1010207@openca.org> <5720D4D3.4050403@openssl.org> Message-ID: > Hi Paul, It doesn't seem unlike that OP is not subscribed, so he won't see responses send to alone. To ensure delivery and or reply to . > I have not checked the code for the test, but I do get the expected > values with my little test program. But what is your host, Massimiliano? Is it also Hercules, and if so which version? As Paul indicated later, it might be Hercules bug, and it would be helpful if you can tell what's your version. One has to keep in mind that not all version implement XTS support... > Here's the dump (key and iv set to 0 > - block size is 32 bytes (i.e. 2 * 128bit units)): > > AES XTS Encrypt: > ---------------- > > Plaintext (32): > 0020 - > > Ciphertext 32: > 0000 - 91 7c f6 9e bd 68 b2 ec-9b 9f e9 a3 ea dd a6 92 > .|...h.......... > 0010 - cd 43 d2 f5 95 98 ed 85-8c 02 c2 65 2f bf 92 2e > .C.........e/... > > AES XTS Decrypt: > ---------------- > > Encrypted Data: > 0000 - 91 7c f6 9e bd 68 b2 ec-9b 9f e9 a3 ea dd a6 92 > .|...h.......... > 0010 - cd 43 d2 f5 95 98 ed 85-8c 02 c2 65 2f bf 92 2e > .C.........e/... > > Decrypt Offset: 0 > Original Start: 0 > Throw Away: 0 > > Clear Text 32: > 0020 - > > My guess is that the second part of the key is not all zeros - this > would cause you to get the first part of the message encrypted correctly > and the second part not having the good values... this is just my guess, > of course. > > Cheers, > Max -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4500 Please log in as guest with password guest if prompted From rt at openssl.org Wed Apr 27 15:38:36 2016 From: rt at openssl.org (Paul Dembry via RT) Date: Wed, 27 Apr 2016 15:38:36 +0000 Subject: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure In-Reply-To: <006101d1a09a$d37e69e0$7a7b3da0$@trifox.com> References: <007701d19068$3e78fcd0$bb6af670$@trifox.com> <57068ED1.1010207@openca.org> <5720D4D3.4050403@openssl.org> <006101d1a09a$d37e69e0$7a7b3da0$@trifox.com> Message-ID: There is a bug in Hercules 3.12 and below as well as Hyperion. Here is the fix information from the Hercules-390 yahoo group posted yesterday: ************ 2.1 Defects in PCC and KM instructions -- Patch available for testing Tue Apr 26, 2016 1:33 pm (PDT) . Posted by: juergen.winkelmann Hi All Finally, I think the problem originally reported by Paul is solved. The solution requires changes to the PCC and to the KM instructions, which is why I changed the subject of this thread. A tentative patch is now available for download at https://polybox.ethz.ch/index.php/s/o2knBR1aHwVCcV3 https://polybox.ethz.ch/index.php/s/o2knBR1aHwVCcV3 As usual, the archive contains two versions of the patch, one matching dyncrypt.c as found in Spinhawk (at the Hercules 3.12 release level) and another matching the current Hyperion. Before applying this patch please make sure that my earlier patch to dyncrypt (see the first mail of this thread at https://groups.yahoo.com/neo/groups/hercules-390/conversations/messages/78887 https://groups.yahoo.com/neo/groups/hercules-390/conversations/messages/78887) is applied. Currently, Hyperion has it applied, but it isn't yet in Spinhawk. Given that the patch is non trivial, I don't recommend as of yet to commit it to any of the repositories. Instead I'd appreciate it being tested by users of the cryptographic instructions (if there are any). In particular I'd be grateful for feedback from Paul and Gert concerning the behavior of the OpenSSL installation tests after applying the patch. Problem description: The XTS related functions (codes 50, 52, 58 and 60 of the KM and the PCC instructions) deliver invalid results. Results are stable, except for PCC function codes 58 and 60, which deliver arbitrary results. None of the functions ever delivers a correct result. Root cause: The arbitrary results from PCC function codes 58 and 60 are caused by memory overlay due to an invalid length (too short) of the parameter block. Fixing this overlay makes the results stable, but equally invalid as with the other function codes. The invalid results come from a misinterpretation of the algorithm to use for the GF(2128) multiplication. All diagrams and descriptions in the POP suggest it is the same algorithm as used with function code 65 of the KIMD instruction. However, it is not: For the GCM situation in KIMD the specification found in NIST Special Publication 800-38D, dated November 2007, is relevant, while for the XTS situation in KM and PCC the specification found in IEEE standard 1619-2007 is relevant. In fact, both algorithms are the same (and thus the POP is correct). However, the bit order of the arguments isn't the same in both standards, which isn't exactly mentioned in the POP (one can find it in the prefix pages, once one knows what to search for). Solution: Fix the memory overlay in PCC and use the correct algorithm for the GF(2128) multiplication in KM and PCC. Cheers J?rgen ************** If you need to get around this without doing the patch, change your Hercules configuration to use ARCHMODE ESAME instead of ARCHMODE Z/Arch. This disables the cryptography instruction emulation and uses software emulation (at a serious performance cost). Many thanks to J?rgen who has been pounding on this bug ever since I noticed it. Regards, Paul -----Original Message----- From: Andy Polyakov via RT [mailto:rt at openssl.org] Sent: Wednesday, April 27, 2016 8:04 AM To: pade at trifox.com Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure > Hi Paul, It doesn't seem unlike that OP is not subscribed, so he won't see responses send to alone. To ensure delivery and or reply to . > I have not checked the code for the test, but I do get the expected > values with my little test program. But what is your host, Massimiliano? Is it also Hercules, and if so which version? As Paul indicated later, it might be Hercules bug, and it would be helpful if you can tell what's your version. One has to keep in mind that not all version implement XTS support... > Here's the dump (key and iv set to 0 > - block size is 32 bytes (i.e. 2 * 128bit units)): > > AES XTS Encrypt: > ---------------- > > Plaintext (32): > 0020 - > > Ciphertext 32: > 0000 - 91 7c f6 9e bd 68 b2 ec-9b 9f e9 a3 ea dd a6 92 > .|...h.......... > 0010 - cd 43 d2 f5 95 98 ed 85-8c 02 c2 65 2f bf 92 2e > .C.........e/... > > AES XTS Decrypt: > ---------------- > > Encrypted Data: > 0000 - 91 7c f6 9e bd 68 b2 ec-9b 9f e9 a3 ea dd a6 92 > .|...h.......... > 0010 - cd 43 d2 f5 95 98 ed 85-8c 02 c2 65 2f bf 92 2e > .C.........e/... > > Decrypt Offset: 0 > Original Start: 0 > Throw Away: 0 > > Clear Text 32: > 0020 - > > My guess is that the second part of the key is not all zeros - this > would cause you to get the first part of the message encrypted > correctly and the second part not having the good values... this is > just my guess, of course. > > Cheers, > Max -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4500 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4500 Please log in as guest with password guest if prompted From rt at openssl.org Wed Apr 27 16:01:32 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Wed, 27 Apr 2016 16:01:32 +0000 Subject: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure In-Reply-To: <5720E25C.3050904@openssl.org> References: <007701d19068$3e78fcd0$bb6af670$@trifox.com> <57068ED1.1010207@openca.org> <5720D4D3.4050403@openssl.org> <006101d1a09a$d37e69e0$7a7b3da0$@trifox.com> <5720E25C.3050904@openssl.org> Message-ID: > There is a bug in Hercules 3.12 and below as well as Hyperion. In other words, not OpenSSL problem, cases are being dismissed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4500 Please log in as guest with password guest if prompted From rsalz at akamai.com Wed Apr 27 16:45:31 2016 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 27 Apr 2016 16:45:31 +0000 Subject: [openssl-dev] Are you using "TLS proxy certificates"? Message-ID: <0215c1be002346f1a1496350f4a48b61@usma1ex-dag1mb1.msg.corp.akamai.com> If so, please let us know. Replies to me will be summarized for the lists. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -------------- next part -------------- An HTML attachment was scrubbed... URL: From deengert at gmail.com Wed Apr 27 17:57:17 2016 From: deengert at gmail.com (Douglas E Engert) Date: Wed, 27 Apr 2016 12:57:17 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <1461749402.29019.9.camel@redhat.com> References: <20160426.092613.268323880614363794.levitte@openssl.org> <571F2941.4040004@openssl.org> <571F8644.1040802@gmail.com> <456eadd516d24ada9ff1c43b390d8e5b@usma1ex-dag1mb1.msg.corp.akamai.com> <571FABBC.7010806@gmail.com> <9c033720267f4df9842a65c3f5574511@usma1ex-dag1mb1.msg.corp.akamai.com> <1461749402.29019.9.camel@redhat.com> Message-ID: <5720FD7D.3050900@gmail.com> You can call it a documentation problem. The problem only showed up with trying to update d in an existing rsa key. RSA_set0_key requires n, e, and d == NULL OR n, e, and d to all be set at the same time. (In the case I found, one routine created the key with only n and e, then d was added in a different routine.) Show how to set d by itself with whatever solution you come up with and I will be happy. On 4/27/2016 4:30 AM, Tomas Mraz wrote: > On ?t, 2016-04-26 at 18:25 +0000, Blumenthal, Uri - 0553 - MITLL wrote: >> On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich" >> >> wrote: >> >>> >>>> >>>> Look. If Doug noticed this, programmers less intimate with this >>>> API are >>>> much >>>> more likely to get stung by it. The protection against such a >>>> misunderstanding >>>> is cheap. >>> Is it? >> I think it is. See Doug?s post. >> >> >>> >>> And what is that protection? >> Checking whether (n, e) passed are pointing at rsa?s own, and not >> freeing >> them if they do. See Doug?s posting for the details. > > No, that gives only false sense of correctness. And in another instance > you can try to get n, e from another RSA object and set it to a > different one and boom, you have doublefree or use-after-free in your > code. > > I agree that this sequence - get + set should be more precisely > documented as forbidden but that's it. > > -- > Tomas Mraz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > (You'll never know whether the road is wrong though.) > > > -- Douglas E. Engert From levitte at openssl.org Thu Apr 28 04:31:02 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 28 Apr 2016 06:31:02 +0200 (CEST) Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <5720FD7D.3050900@gmail.com> References: <1461749402.29019.9.camel@redhat.com> <5720FD7D.3050900@gmail.com> Message-ID: <20160428.063102.1842739452290560855.levitte@openssl.org> In message <5720FD7D.3050900 at gmail.com> on Wed, 27 Apr 2016 12:57:17 -0500, Douglas E Engert said: deengert> You can call it a documentation problem. The problem only showed up deengert> with trying to update d deengert> in an existing rsa key. RSA_set0_key requires n, e, and d == NULL OR deengert> n, e, and d to all be set at the same time. Not any more, just the first time (and then only n and e, d can be left NULL). So that makes this particular sequence perfectly legal: RSA_set0_key(rsa, n, e, NULL); /* calculate d */ RSA_set0_key(rsa, NULL, NULL, d); (sloppy code, btw... return codes should really be checked) Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From nmav at redhat.com Thu Apr 28 08:42:54 2016 From: nmav at redhat.com (Nikos Mavrogiannopoulos) Date: Thu, 28 Apr 2016 10:42:54 +0200 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: References: <1460455510.3558.29.camel@redhat.com> <5720BFB6.3010401@openssl.org> <1461767071.2838.12.camel@redhat.com> <5720CED1.3030604@openssl.org> Message-ID: <1461832974.3292.8.camel@redhat.com> On Wed, 2016-04-27 at 14:38 +0000, Andy Polyakov via RT wrote: > > > > > > > > > > > > > Valgrind does not necessarily support all instructions, if > > > > there?s > > > > any optimized assembly, you might run into problems. > > > > Are you able to compile a non-assembly version of the OpenSSL > > > > library? > > > > Are you able to update to a newer Valgrind? > > > Or at least tell valgrind version, because I can't reproduce the > > > problem > > > with 3.10.1. At any event you can also see if it's problem with > > > unsupported instructions, unsupported by [your version of] > > > valgrind > > > that > > > is, by manipulating OPENSSL_ia32cap environment variable. You can > > > disable AVX2 code paths by setting it to :~0x20 or simply :0 if > > > it > > > runs into more "too-new-to-be-possible" instructions. > > I tried with valgrind-3.11.0. > Tough break... One can actually wonder if valgrind tampers with > processor capability vector... And it totally does! I.e. even though > my > processor is AVX2-capable, when executed under my valgrind openssl > doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2 > flag, but failed to recognize all the instructions it should have... I believe that's the case too. The same tests succeed without valgrind on the same CPU. regards, Nikos From rt at openssl.org Thu Apr 28 08:43:07 2016 From: rt at openssl.org (Nikos Mavrogiannopoulos via RT) Date: Thu, 28 Apr 2016 08:43:07 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: <1461832974.3292.8.camel@redhat.com> References: <1460455510.3558.29.camel@redhat.com> <1461767071.2838.12.camel@redhat.com> <5720CED1.3030604@openssl.org> <1461832974.3292.8.camel@redhat.com> Message-ID: On Wed, 2016-04-27 at 14:38 +0000, Andy Polyakov via RT wrote: > > > > > > > > > > > > > Valgrind does not necessarily support all instructions, if > > > > there?s > > > > any optimized assembly, you might run into problems. > > > > Are you able to compile a non-assembly version of the OpenSSL > > > > library? > > > > Are you able to update to a newer Valgrind? > > > Or at least tell valgrind version, because I can't reproduce the > > > problem > > > with 3.10.1. At any event you can also see if it's problem with > > > unsupported instructions, unsupported by [your version of] > > > valgrind > > > that > > > is, by manipulating OPENSSL_ia32cap environment variable. You can > > > disable AVX2 code paths by setting it to :~0x20 or simply :0 if > > > it > > > runs into more "too-new-to-be-possible" instructions. > > I tried with valgrind-3.11.0. > Tough break... One can actually wonder if valgrind tampers with > processor capability vector... And it totally does! I.e. even though > my > processor is AVX2-capable, when executed under my valgrind openssl > doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2 > flag, but failed to recognize all the instructions it should have... I believe that's the case too. The same tests succeed without valgrind on the same CPU. regards, Nikos -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From deengert at gmail.com Thu Apr 28 10:04:29 2016 From: deengert at gmail.com (Douglas E Engert) Date: Thu, 28 Apr 2016 05:04:29 -0500 Subject: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems In-Reply-To: <20160428.063102.1842739452290560855.levitte@openssl.org> References: <1461749402.29019.9.camel@redhat.com> <5720FD7D.3050900@gmail.com> <20160428.063102.1842739452290560855.levitte@openssl.org> Message-ID: <5721E02D.1080107@gmail.com> OK, Thanks. On 4/27/2016 11:31 PM, Richard Levitte wrote: > In message <5720FD7D.3050900 at gmail.com> on Wed, 27 Apr 2016 12:57:17 -0500, Douglas E Engert said: > > deengert> You can call it a documentation problem. The problem only showed up > deengert> with trying to update d > deengert> in an existing rsa key. RSA_set0_key requires n, e, and d == NULL OR > deengert> n, e, and d to all be set at the same time. > > Not any more, just the first time (and then only n and e, d can be > left NULL). So that makes this particular sequence perfectly legal: > > RSA_set0_key(rsa, n, e, NULL); > /* calculate d */ > RSA_set0_key(rsa, NULL, NULL, d); > > (sloppy code, btw... return codes should really be checked) > > Cheers, > Richard > -- Douglas E. Engert From rt at openssl.org Thu Apr 28 11:33:15 2016 From: rt at openssl.org (Andy Polyakov via RT) Date: Thu, 28 Apr 2016 11:33:15 +0000 Subject: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened In-Reply-To: <5721F505.4010200@openssl.org> References: <1460455510.3558.29.camel@redhat.com> <5720CED1.3030604@openssl.org> <1461832974.3292.8.camel@redhat.com> <5721F505.4010200@openssl.org> Message-ID: >>>>> Valgrind does not necessarily support all instructions, if >>>>> there?s >>>>> any optimized assembly, you might run into problems. >>>>> Are you able to compile a non-assembly version of the OpenSSL >>>>> library? >>>>> Are you able to update to a newer Valgrind? >>>> Or at least tell valgrind version, because I can't reproduce the >>>> problem >>>> with 3.10.1. At any event you can also see if it's problem with >>>> unsupported instructions, unsupported by [your version of] >>>> valgrind >>>> that >>>> is, by manipulating OPENSSL_ia32cap environment variable. You can >>>> disable AVX2 code paths by setting it to :~0x20 or simply :0 if >>>> it >>>> runs into more "too-new-to-be-possible" instructions. >>> I tried with valgrind-3.11.0. >> Tough break... One can actually wonder if valgrind tampers with >> processor capability vector... And it totally does! I.e. even though >> my >> processor is AVX2-capable, when executed under my valgrind openssl >> doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2 >> flag, but failed to recognize all the instructions it should have... > > I believe that's the case too. The same tests succeed without valgrind > on the same CPU. In other words it doesn't sound like OpenSSL problem. I suppose ticket can be closed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509 Please log in as guest with password guest if prompted From openssl at openssl.org Thu Apr 28 13:20:13 2016 From: openssl at openssl.org (OpenSSL) Date: Thu, 28 Apr 2016 14:20:13 +0100 (BST) Subject: [openssl-dev] Forthcoming OpenSSL releases Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Forthcoming OpenSSL releases ============================ The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2h, 1.0.1t. These releases will be made available on 3rd May 2016 between approximately 1200-1500 UTC. They will fix several security defects with maximum severity "high". Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Please also note that, as per our previous announcements, support for 1.0.1 will end on 31st December 2016. Yours The OpenSSL Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJXIgXGAAoJEAEKUEB8TIy9XK0IAI/LuJqMK0oC4MXuNqKJAtGZ SYiUWCn0GDqsfucgyOX/OdHjMvkyIPW4Vbt8jZ1HzEmW3DRIalstOgE4MnObZe5a W5ecH1r8cLDTdVMGmSV3u/W1UP6kZScHa5af23emteCmC8zS7s+PDBctEJAPACZm n4olGIHA0yOes79lOsU+nnPzfSaAtNWSCHV/BRLy/Ia5c7oeR2PWnGOvY8oIQllL UNTkNr3qx9n06zjBtHh4dF+bW78eAwLUlY0wUcb2kYRAVeJfXCrJr8nvYIULBMlg pA+WO/GMdoG697qZ5Y6EnNR16X8Hpse5d03LH3EZQ62Gr8Dh3NodWyRMFaIkig0= =cJ4f -----END PGP SIGNATURE----- From shubham13099 at iiitd.ac.in Fri Apr 29 06:48:42 2016 From: shubham13099 at iiitd.ac.in (Shubham Chauhan) Date: Fri, 29 Apr 2016 12:18:42 +0530 Subject: [openssl-dev] Illegal Parameter (47) fatal error in Session Resumption Message-ID: While working on different ways of session management I came across this error. I had a single file consisting of a recently negotiated SSL session (stored using PEM_write_SSL_SESSION()). I used that text file to initialize the Client Hello message with that session_id. I also added the session_id from the file, to the context on the server side, so that a session resumption based on the stored session_id could take place. Well, the idea was to use a previously negotiated session id, from both ends, i.e. client (through client hello) and server (reciprocating through server hello). I ensured using the same protocol at all levels, i.e. SSLv3. The Client Hello got successfully initialized by the session_id. The next message was a "Server Hello, Change Cipher Spec, Encrypted Handshake Message" which also responded with the same session id. The third message a fatal error message => (Level: Fatal (2), Description: Illegal Parameter (47)) I don't understand why the error popped up. Previously I have run tests, to reuse a session stored from a file (server-side), which worked fine. -- Regards Shubham Chauhan -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlott at evertz.com Fri Apr 29 17:53:23 2016 From: rlott at evertz.com (Rodney Lott) Date: Fri, 29 Apr 2016 17:53:23 +0000 Subject: [openssl-dev] postgresql 9.3.10, FIPS mode and DRBG issues. Message-ID: <4ac28cbb0ade496d908413b6218766e2@WARIO.burlington.evertz.tv> Hi, there. First, my particulars: * Ubuntu Trusty build and runtime environment * PostgreSQL 9.3.10 Ubuntu source code * Using a FIPS enabled version of OpenSSL (i.e. 1.0.1p version of the library and 2.0.9 of the FIPS canister source code) * I initially posted this to the pgsql-general list and pgsql-hackers mailing lists, but I wasn't able to get enough specific information to resolve my issues. Hence, why I am posting this here. * I am new to FIPS and postgresql in general (i.e. working with them for a few months) I've been trying to get the postgresql packages to work in FIPS mode. To accomplish this, I've patched the Ubuntu source code with the patch that is attached to this message. The main postgresql server runs fine as expected in either FIPS or non-FIPS modes. However, when I try to use the psql command in FIPS mode, I get the following error: # psql -h 127.0.0.1 -U postgres -d sslmode=require psql: SSL SYSCALL error: EOF detected I used the gdb debugger to try to find where in the backend the command was failing. The backtrace on the server side suggests that the problem involves the key-exchange failing: (gdb) bt #0 0x00007f40183e8f20 in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f40183e8dd4 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:137 #2 0x00007f40196a95ce in DH_generate_key () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #3 0x00007f40199e8ba6 in ssl3_send_server_key_exchange () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #4 0x00007f40199ec18b in ssl3_accept () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #5 0x00007f40199fb8b3 in ssl23_accept () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #6 0x00005618082567a4 in open_server_SSL (port=0x561808e05700) at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/libpq/be-secure.c:925 #7 secure_open_server (port=port at entry=0x561808e05700) at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/libpq/be-secure.c:221 #8 0x00005618082c7eb8 in ProcessStartupPacket (port=port at entry=0x561808e05700, SSLdone=SSLdone at entry=0 '\000') at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/postmaster/postmaster.c:1921 #9 0x00005618081030f9 in BackendInitialize (port=0x561808e05700) at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/postmaster/postmaster.c:4036 #10 BackendStartup (port=0x561808e05700) at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/postmaster/postmaster.c:3807 #11 ServerLoop () at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/postmaster/postmaster.c:1690 #12 0x00005618082cace1 in PostmasterMain (argc=5, argv=) at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/postmaster/postmaster.c:1315 #13 0x0000561808103fb3 in main (argc=5, argv=0x561808db6970) at /home/rlott/git/stash/postgresql-fips/postgresql-9.3-9.3.10/build/../src/backend/main/main.c:227 I tracked it down to the following code in the OpenSSL 2.0.9 canister code: int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen) { int r = 0; if (FIPS_selftest_failed()) { FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED); return 0; } if (!fips_drbg_check(dctx)) return 0; if (dctx->status != DRBG_STATUS_READY && dctx->status != DRBG_STATUS_RESEED) { if (dctx->status == DRBG_STATUS_ERROR) r = FIPS_R_IN_ERROR_STATE; else if(dctx->status == DRBG_STATUS_UNINITIALISED) r = FIPS_R_NOT_INSTANTIATED; goto end; } ... The place where it fails is where dctx->status == DRBG_STATUS_UNINITIALIZED (i.e. 0). So, my question is this: In FIPS mode, what would cause the random number generation to not initialize? I have put print statements in the postgresql code such that I know that it is in FIPS mode properly. I know that the dctx->status pointer, which points to a "static DRBG_CTX ossl_dctx" structure, is initialized to 1 in the main process. It appears that this initialization doesn't get propagated to other backends or the SSL transaction above. If any of the developers have some insight into this, I would appreciate it. Thanks, Rodney Lott -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-FIPS-enabled-postgresql.patch Type: application/octet-stream Size: 2113 bytes Desc: 0001-FIPS-enabled-postgresql.patch URL: From rt at openssl.org Fri Apr 29 22:39:55 2016 From: rt at openssl.org (Withers John Z via RT) Date: Fri, 29 Apr 2016 22:39:55 +0000 Subject: [openssl-dev] [openssl.org #4522] Update to openssl.spec supplied with 1.0.1s In-Reply-To: References: Message-ID: To whom it may concern, I have just completed building RPM files for OpenSSL 1.0.1s (latest source version available to me). I found the provide RPMBUILD specification (.spec) file more than a little lacking. Central to my issue was my attempt to build the RPM as a 'side load' for RHEL 5.11 as an interim measure to support TLSv1.2 connectivity with partner application while waiting patiently for new RHEL 6.x servers to be built. The supplied specification file has a great many hard-coded paths in it. This is probably acceptable in general, but it was a pain in the neck to me trying to build a package that installed elsewhere on the system so that the existing OpenSSL installation (and the applications that depend on it) continue to operate. In the spirit of community, I offer the attached update to openssl.spec. I've replaced the hard coded paths with RPMBUILD macro variables where needed and updated the %files section to avoid those 'installed by not packaged' errors. Please keep up the good work! Thanks! John Withers Enterprise Operations Directory Services Branch - OS:CTO:EO:ISD:DSB:PKI Champaign, Illinois Phone: (217) 974-7736 "A positive attitude may not solve all of your problems, but it will annoy enough people to make it worth the effort" -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4522 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl.spec Type: application/octet-stream Size: 8468 bytes Desc: not available URL: From rt at openssl.org Sat Apr 30 19:51:51 2016 From: rt at openssl.org (Henrik Hofmeister via RT) Date: Sat, 30 Apr 2016 19:51:51 +0000 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: References: Message-ID: Hi there I've recently come across what looks to be an internal bug in openssl: Original symptoms was that neither "curl" or "wget" could access the following site: https://coverage.tre.se - this site is using TLS 1.0 (only) and does have some pretty crazy certificate issues - but does show up "green" in most browsers (Unless you're on a system with an openssl which supports TLS 1.2 ). Accessing the site (curl / wget) hangs during SSL handshake. I then tried: openssl s_client -connect coverage.tre.se:443 which hangs as well By forcing the protocol to TLS1.0 it will correctly parse and see the certificate. By forcing protocol to TLS1.1 it'll correctly error out saying invalid protocol. Even just telling s_client to not include TLS 1.2 will make it work as expected. So to sum up: My guess would be that some incompatibility between the 1.0 and 1.2 protocol causes 1.2 to not determine correctly that the server does not support it , and as such is unable to fallback to previous versions. I have verified this on several ubuntu 14.04 machines with the following openssl versions: OpenSSL 1.0.1f 6 Jan 2014 OpenSSL 1.0.2g 1 Mar 2016 And I've verified that it does work as expected on OSX which has a openssl version that does not support TLS 1.2: OpenSSL 0.9.8zg 14 July 2015 Hope this helps resolve the issue. Kind regards, Henrik -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 30 20:59:46 2016 From: rt at openssl.org (Matt Caswell via RT) Date: Sat, 30 Apr 2016 20:59:46 +0000 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: References: Message-ID: On Sat Apr 30 19:51:51 2016, henrik at newdawn.dk wrote: > Hi there > > I've recently come across what looks to be an internal bug in openssl: > > Original symptoms was that neither "curl" or "wget" could access the > following site: > > https://coverage.tre.se - this site is using TLS 1.0 (only) and does > have some pretty crazy certificate issues - but does show up "green" > in most browsers (Unless you're on a system with an openssl which > supports TLS 1.2 ). > > Accessing the site (curl / wget) hangs during SSL handshake. > > I then tried: > openssl s_client -connect coverage.tre.se:443 which hangs as well > > By forcing the protocol to TLS1.0 it will correctly parse and see the > certificate. By forcing protocol to TLS1.1 it'll correctly error out > saying invalid protocol. Even just telling s_client to not include TLS > 1.2 will make it work as expected. > > So to sum up: > > My guess would be that some incompatibility between the 1.0 and 1.2 > protocol causes 1.2 to not determine correctly that the server does > not support it , and as such is unable to fallback to previous > versions. > > I have verified this on several ubuntu 14.04 machines with the > following openssl versions: > > OpenSSL 1.0.1f 6 Jan 2014 > > > OpenSSL 1.0.2g 1 Mar 2016 > > And I've verified that it does work as expected on OSX which has a > openssl version that does not support TLS 1.2: > > OpenSSL 0.9.8zg 14 July 2015 > > Hope this helps resolve the issue. This is not a bug in OpenSSL. The problem here is that the server is behaving incorrectly when receiving large ClientHello messages. The ClientHello is the first message that is sent from the client to the server. If a large ClientHello is received then the server just hangs. The reason that this impacts TLSv1.2 and not other versions is that there are more ciphersuites available for that protocol version and therefore the ClientHello is bigger. You can verify that it all works correctly by restricting the number of ciphersuites that the client sends in its ClientHello. E.g. just sending one ciphersuite: openssl s_client -connect coverage.tre.se:443 cipher AES128-SHA The above command works fine and successfully connects. If fixing the server is not an option then a simple workaround is to define a ciphersuite selection string that restricts the ciphersuites to a smaller set. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 30 21:11:40 2016 From: rt at openssl.org (Kurt Roeckx via RT) Date: Sat, 30 Apr 2016 21:11:40 +0000 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: <20160430211129.GA18559@roeckx.be> References: <20160430211129.GA18559@roeckx.be> Message-ID: On Sat, Apr 30, 2016 at 08:59:46PM +0000, Matt Caswell via RT wrote: > > This is not a bug in OpenSSL. The problem here is that the server is behaving > incorrectly when receiving large ClientHello messages. The ClientHello is the > first message that is sent from the client to the server. If a large > ClientHello is received then the server just hangs. The reason that this > impacts TLSv1.2 and not other versions is that there are more ciphersuites > available for that protocol version and therefore the ClientHello is bigger. This is a know problem in old versions of F5 BIG-IP product. See: https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14758.html Kurt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted From rt at openssl.org Sat Apr 30 21:23:30 2016 From: rt at openssl.org (Henrik Hofmeister via RT) Date: Sat, 30 Apr 2016 21:23:30 +0000 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: References: Message-ID: Since this is a MS IIS 7.0 server I would argue that it'd be in the interest of openssl to handle the situation rather than accept this scenario - since IIS is likely powering more than a few hosts? It is possible to have the host correctly list its supported protocols using nmap - i'd assume the TLS1.2 attempt can be avoided altogether ( without knowing any implementation details or if tht adds overhead though ) ? On Sat, Apr 30, 2016 at 1:59 PM -0700, "Matt Caswell via RT" wrote: On Sat Apr 30 19:51:51 2016, henrik at newdawn.dk wrote: > Hi there > > I've recently come across what looks to be an internal bug in openssl: > > Original symptoms was that neither "curl" or "wget" could access the > following site: > > https://coverage.tre.se - this site is using TLS 1.0 (only) and does > have some pretty crazy certificate issues - but does show up "green" > in most browsers (Unless you're on a system with an openssl which > supports TLS 1.2 ). > > Accessing the site (curl / wget) hangs during SSL handshake. > > I then tried: > openssl s_client -connect coverage.tre.se:443 which hangs as well > > By forcing the protocol to TLS1.0 it will correctly parse and see the > certificate. By forcing protocol to TLS1.1 it'll correctly error out > saying invalid protocol. Even just telling s_client to not include TLS > 1.2 will make it work as expected. > > So to sum up: > > My guess would be that some incompatibility between the 1.0 and 1.2 > protocol causes 1.2 to not determine correctly that the server does > not support it , and as such is unable to fallback to previous > versions. > > I have verified this on several ubuntu 14.04 machines with the > following openssl versions: > > OpenSSL 1.0.1f 6 Jan 2014 > > > OpenSSL 1.0.2g 1 Mar 2016 > > And I've verified that it does work as expected on OSX which has a > openssl version that does not support TLS 1.2: > > OpenSSL 0.9.8zg 14 July 2015 > > Hope this helps resolve the issue. This is not a bug in OpenSSL. The problem here is that the server is behaving incorrectly when receiving large ClientHello messages. The ClientHello is the first message that is sent from the client to the server. If a large ClientHello is received then the server just hangs. The reason that this impacts TLSv1.2 and not other versions is that there are more ciphersuites available for that protocol version and therefore the ClientHello is bigger. You can verify that it all works correctly by restricting the number of ciphersuites that the client sends in its ClientHello. E.g. just sending one ciphersuite: openssl s_client -connect coverage.tre.se:443 cipher AES128-SHA The above command works fine and successfully connects. If fixing the server is not an option then a simple workaround is to define a ciphersuite selection string that restricts the ciphersuites to a smaller set. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted From rsalz at akamai.com Sat Apr 30 21:26:26 2016 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 30 Apr 2016 21:26:26 +0000 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: References: Message-ID: <1c0b497906674ed39335266efda38175@usma1ex-dag1mb1.msg.corp.akamai.com> > Since this is a MS IIS 7.0 server I would argue that it'd be in the interest of > openssl to handle the situation rather than accept this scenario - since IIS is > likely powering more than a few hosts? It's a known bug, and openssl can work-around the bug by configuring as described. From rt at openssl.org Sat Apr 30 21:26:36 2016 From: rt at openssl.org (Salz, Rich via RT) Date: Sat, 30 Apr 2016 21:26:36 +0000 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: <1c0b497906674ed39335266efda38175@usma1ex-dag1mb1.msg.corp.akamai.com> References: <1c0b497906674ed39335266efda38175@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > Since this is a MS IIS 7.0 server I would argue that it'd be in the interest of > openssl to handle the situation rather than accept this scenario - since IIS is > likely powering more than a few hosts? It's a known bug, and openssl can work-around the bug by configuring as described. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted From openssl-users at dukhovni.org Sat Apr 30 21:53:30 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 30 Apr 2016 17:53:30 -0400 Subject: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts In-Reply-To: <1c0b497906674ed39335266efda38175@usma1ex-dag1mb1.msg.corp.akamai.com> References: <1c0b497906674ed39335266efda38175@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <5D569F66-FE8E-43C1-9D1A-633F023FE904@dukhovni.org> > On Apr 30, 2016, at 5:26 PM, Salz, Rich wrote: > >> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest of >> openssl to handle the situation rather than accept this scenario - since IIS is >> likely powering more than a few hosts? > > It's a known bug, and openssl can work-around the bug by configuring as described. To be clear, it is a known issue in some F5 load-balancers that has been addressed since, and a few other rather unusual systems. All systems that have trouble with the larger TLS client HELLO should have been patched by now, and the problem is entirely on their end. I should also add that in OpenSSL 1.1.0 a lot of TLS ciphers that are obsolete or unnecessary baggage have been phased out. So the 1.1.0 release may well be more interoperable with such servers. -- Viktor. From rt at openssl.org Tue Apr 12 13:41:53 2016 From: rt at openssl.org (SMS Conversation via RT) Date: Tue, 12 Apr 2016 13:41:53 -0000 Subject: [openssl-dev] [openssl.org #4510] SSL certificate problem: unable to get local issuer certificate. Bug? In-Reply-To: References: Message-ID: On my test server running OpenSSL 1.0.2e on Windows Server 2012. The "newest" cacert.pem fails with an error "SSL certificate problem: unable to get local issuer certificate", however, the one from 2014 works. I am attaching both. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4510 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: cacert.pem.20160120.new Type: application/octet-stream Size: 269204 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: cacert.pem.20140813.old Type: application/octet-stream Size: 254260 bytes Desc: not available URL: From openssl-users at dukhovni.org Tue Apr 19 02:44:09 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 19 Apr 2016 02:44:09 -0000 Subject: [openssl-dev] where is PEM_read_bio_X509_AUX() In-Reply-To: References: Message-ID: <20160419024404.GS26423@mournblade.imrryr.org> [ Redirecting to openssl-users at openssl.org ] On Tue, Apr 19, 2016 at 01:11:38AM +0000, CHOW Anthony wrote: > I am trying to do ?openssl verify ?CAfile server.pem? and the command hang. It is supposed to hang (reading standard input) when (incorrectly) invoked this way. You've left out the CAfile filename. The correct way to verify a certificate is: $ trusted=ta.pem $ untrusted=intermediate.pem $ subject=server.pem $ openssl verify -CAfile $trusted -untrusted $untrusted $subject where * "ta.pem" contains your trust-anchor (root CA) certificates, * "intermediate.pem" contains any intermediate certificates needed to build a trust path from a root down to the server certificate, * "server.pem" contains the subject certificate to be verified. Leave out the "-untrusted $untrusted" option if you're verifying a certificate that is directly issued by a trust-anchor. With a sufficiently recent version of OpenSSL replace "-CAfile $trusted" with "-trusted $trusted" to make sure you're not inadvertently using any of the default trust-anchors installed on your system. -- Viktor. From rt at openssl.org Thu Apr 21 13:21:16 2016 From: rt at openssl.org (Eugene Moskalenko via RT) Date: Thu, 21 Apr 2016 13:21:16 -0000 Subject: [openssl-dev] [openssl.org #4516] EBCDIC & z/OS support In-Reply-To: <5718CF8B.2060102@serena.com> References: <5718CF8B.2060102@serena.com> Message-ID: Hello, I have a question regarding or want to clarify state of EBCDIC, system specific encoding, support. Code do contain a lot of "# ifdef CHARSET_EBCDIC" that probably were added a long ago but at the same time I see following: https://rt.openssl.org/Ticket/Display.html?id=2510 https://rt.openssl.org/Ticket/Display.html?id=843 (http://openssl.6102.n7.nabble.com/State-of-EBCDIC-support-in-OpenSSL-td49792.html) >> It's been a decade with no action. Pretty clearly, the openssl team is not going to do more EBCDIC work than what's already in the openssl command. Closing this ticket. The problem with this was initially discovered in code that performs hostname validation from the server certificate, then in the attempt to check state of things was discovered systematic problem with EBCDIC support. So the first and main question, taking into account #843, is there some willingness and possibility to support EBCDIC? (I can try to do my best with this if so, even if I am not so familiar with z/OS environment so far) Just in case my current changes based on openssl-1.0.2a are attached and here brief description and thoughts (can merge them then to any later version): - So the first issue was with hostname validation, by the code it tries to convert/generalize "CN" into UTF8 and then compare. I tried to set hostname in X509_VERIFY_PARAM_set1_host in UTF8 format but it seems not reliable solution because it works only for strict equality because functions "equal_nocase", "equal_wildcard" do work in EBCDIC locale because are not able to nocase compare or detect wildcard. So v3_utl.c is currently changed to performs all comparison of strings as EBCDIC (that mostly shouldn't be a problem but finally it will be probably good to do proper compare in UTF8) The same code also covers Alt Subject Name validation, I haven't tested IP validation yet. - After that appeared that Expiration validation cannot be passed as well so before comparison ASN1_TIME is converted into EBCDIC as well. - During research it was clear that "X509 -text" & "asn1parse" don't display content properly so various print/output function were adjusted - On certificate issuing dates appears in EBCDIC format in certificate instead of ASCII, it was due to strange disabled conversion in a_gentm.c & asn1_par.c. I tried to understand why but without success... - v3_prn.c, not obvious change so far. If for ASN1 structures strings are supposedly stored in ASCII (or UTF8) For the CONF_VALUE isn't so obvious, so far, in #2510 patch, v3_utl.c file, it tries to store some values in ASCII to convert them later back as currently in v3_prn.c. In attached variant it just stores and prints values supposing that they are EBCDIC. If CONF_VALUE isn't stored in certificate and is used only at runtime I suppose that it is more correct, if they can be stored in certificate as is then it is better to keep them in corresponding ASCII format. - Passwords for encrypting keys, they are currently locale depended that means that something generated on Linux/Windows won't be able to decrypt on z/OS and vice versa. In pem_pk8.c & pem_pkey.c was added conversion of passwords to ASCII that should solve this problem but not so obvious if passwords can be only Text in these locations and if so it will be probably good to add special parameter for the "openssl" to specify password encoding, to be able to use both ASCII/EBCDIC on z/OS, for compatibility at least. openssl-1.0.2a-ZOS-PATCH/crypto> ls -Rl .: total 16 drwxr-xr-x 2 dmsys users 4096 Apr 21 14:57 asn1 drwxr-xr-x 2 dmsys users 4096 Apr 21 14:57 pem drwxr-xr-x 2 dmsys users 4096 Apr 21 14:57 x509 drwxr-xr-x 2 dmsys users 4096 Apr 21 14:57 x509v3 ./asn1: total 40 -rw-rw-r-- 1 dmsys users 10122 Apr 11 17:07 a_gentm.c - Un-disabled Date conversion to ASCII for the ASN1 -rw-rw-r-- 1 dmsys users 15898 Apr 14 19:04 asn1_par.c - Un-disabled Date conversion to ASCII for the ASN1 -rw-rw-r-- 1 dmsys users 10486 Apr 11 17:08 a_utctm.c - Proper output of ANS1 strings from "openssl asn1parse" ./pem: total 24 -rw-rw-r-- 1 dmsys users 9711 Apr 14 19:24 pem_pk8.c - Consider password as ASCII -rw-rw-r-- 1 dmsys users 9884 Apr 15 12:37 pem_pkey.c - Consider password as ASCII ./x509: total 80 -rw-rw-r-- 1 dmsys users 7597 Apr 12 11:57 x509_obj.c - Proper output of ANS1 strings in EBCDIC locale -rw-rw-r-- 1 dmsys users 70384 Apr 7 19:19 x509_vfy.c - Dates Validation ./x509v3: total 48 -rw-rw-r-- 1 dmsys users 8024 Apr 15 13:47 v3_prn.c - Proper output of CONF_VALUE strings in EBCDIC locale -rw-rw-r-- 1 dmsys users 39407 Apr 8 13:02 v3_utl.c - Host name & Alt Subject Name validation Please advise to to proceed with this... -Eugene -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4516 Please log in as guest with password guest if prompted -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl-1.0.2a-ZOS-PATCH.7z Type: application/x-7z-compressed Size: 32494 bytes Desc: not available URL: From rt at openssl.org Fri Apr 29 22:40:17 2016 From: rt at openssl.org (Ziegler, Martin via RT) Date: Fri, 29 Apr 2016 22:40:17 +0000 Subject: [openssl-dev] [openssl.org #4523] Failure - make test In-Reply-To: References: Message-ID: Hello .... I got an failure at "make test" sea end of Mail tar xvzf openssl-1.0.1s.tar.g OK! ./Configure --prefix=/usr/local/opensssl --openssldir=/usr/local/openssl no-asm linux-generic32 OK! make depend OK! make test NOT OK! ------------------------------------------------------------------------------------ cat testlog OpenSSL self-test report: OpenSSL version: 1.0.1s Last change: Fix a double-free in DSA code... Options: --prefix=/usr/local/opensssl --openssldir=/usr/local/openssl n o-asm no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no -sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zli b-dynamic static-engine OS (uname): Linux sldestrslx211 3.0.101-63-default #1 SMP Tue Jun 23 16:02 :31 UTC 2015 (4b89d0c) x86_64 x86_64 x86_64 GNU/Linux OS (config): x86_64-whatever-linux2 Target (default): linux-x86_64 Target: linux-generic32 Compiler: Using built-in specs. Target: x86_64-suse-linux Configured with: ../configure --prefix=/usr --infodir=/usr/share/info --mandir=/ usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-languages=c,c ++,objc,fortran,obj-c++,java,ada --enable-checking=release --with-gxx-include-di r=/usr/include/c++/4.3 --enable-ssp --disable-libssp --with-bugurl=http://bugs.o pensuse.org/ --with-pkgversion='SUSE Linux' --disable-libgcj --disable-libmudfla p --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit --enable-libstd cxx-allocator=new --disable-libstdcxx-pch --enable-version-specific-runtime-libs --program-suffix=-4.3 --enable-linux-futex --without-system-libunwind --with-cp u=generic --build=x86_64-suse-linux Thread model: posix gcc version 4.3.4 [gcc-4_3-branch revision 152973] (SUSE Linux) Test passed. sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # make report Checking compiler... ar: creating cctest.a Running make... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' making all in crypto... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto' making all in crypto/objects... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/objects' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/objects' making all in crypto/md4... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md4' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md4' making all in crypto/md5... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md5' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md5' making all in crypto/sha... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/sha' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/sha' making all in crypto/mdc2... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/mdc2' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/mdc2' making all in crypto/hmac... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/hmac' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/hmac' making all in crypto/ripemd... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ripemd' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ripemd' making all in crypto/whrlpool... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/whrlpool' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/whrlpool' making all in crypto/des... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/des' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/des' making all in crypto/aes... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/aes' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/aes' making all in crypto/rc2... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc2' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc2' making all in crypto/rc4... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc4' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc4' making all in crypto/idea... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/idea' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/idea' making all in crypto/bf... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bf' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bf' making all in crypto/cast... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cast' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cast' making all in crypto/camellia... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/camellia' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/camellia' making all in crypto/seed... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/seed' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/seed' making all in crypto/modes... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/modes' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/modes' making all in crypto/bn... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bn' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bn' making all in crypto/ec... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ec' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ec' making all in crypto/rsa... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rsa' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rsa' making all in crypto/dsa... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dsa' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dsa' making all in crypto/ecdsa... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdsa' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdsa' making all in crypto/dh... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dh' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dh' making all in crypto/ecdh... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdh' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdh' making all in crypto/dso... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dso' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dso' making all in crypto/engine... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/engine' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/engine' making all in crypto/buffer... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/buffer' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/buffer' making all in crypto/bio... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bio' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bio' making all in crypto/stack... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/stack' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/stack' making all in crypto/lhash... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/lhash' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/lhash' making all in crypto/rand... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rand' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rand' making all in crypto/err... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/err' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/err' making all in crypto/evp... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/evp' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/evp' making all in crypto/asn1... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/asn1' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/asn1' making all in crypto/pem... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pem' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pem' making all in crypto/x509... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509' making all in crypto/x509v3... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509v3' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509v3' making all in crypto/conf... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/conf' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/conf' making all in crypto/txt_db... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/txt_db' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/txt_db' making all in crypto/pkcs7... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs7' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs7' making all in crypto/pkcs12... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs12' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs12' making all in crypto/comp... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/comp' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/comp' making all in crypto/ocsp... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ocsp' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ocsp' making all in crypto/ui... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ui' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ui' making all in crypto/krb5... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/krb5' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/krb5' making all in crypto/cms... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cms' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cms' making all in crypto/pqueue... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pqueue' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pqueue' making all in crypto/ts... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ts' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ts' making all in crypto/srp... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/srp' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/srp' making all in crypto/cmac... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cmac' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cmac' if [ -n "" ]; then \ (cd ..; make libcrypto.so.1.0.0); \ fi make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto' making all in engines... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines' echo making all in engines/ccgost... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines/ccgost' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines/ccgost' make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines' making all in ssl... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/s sl' gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s2_meth.o s2_meth.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s2_srvr.o s2_srvr.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s2_clnt.o s2_clnt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s2_lib.o s2_lib.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s2_enc.o s2_enc.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s2_pkt.o s2_pkt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_meth.o s3_meth.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_srvr.o s3_srvr.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_clnt.o s3_clnt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_lib.o s3_lib.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_enc.o s3_enc.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_pkt.o s3_pkt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_both.o s3_both.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s3_cbc.o s3_cbc.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s23_meth.o s23_meth.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s23_srvr.o s23_srvr.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s23_clnt.o s23_clnt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s23_lib.o s23_lib.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s23_pkt.o s23_pkt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t1_meth.o t1_meth.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t1_srvr.o t1_srvr.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t1_clnt.o t1_clnt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t1_lib.o t1_lib.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t1_enc.o t1_enc.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_meth.o d1_meth.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_srvr.o d1_srvr.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_clnt.o d1_clnt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_lib.o d1_lib.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_pkt.o d1_pkt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_both.o d1_both.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_enc.o d1_enc.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d1_srtp.o d1_srtp.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_lib.o ssl_lib.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_err2.o ssl_err2.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_cert.o ssl_cert.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_sess.o ssl_sess.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_ciph.o ssl_ciph.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_stat.o ssl_stat.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_rsa.o ssl_rsa.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_asn1.o ssl_asn1.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_txt.o ssl_txt.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_algs.o ssl_algs.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_ssl.o bio_ssl.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_err.o ssl_err.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o kssl.o kssl.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tls_srp.o tls_srp.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t1_reneg.o t1_reneg.c gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssl_utst.o ssl_utst.c ar r ../libssl.a s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s 3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o s 23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr .o t1_clnt.o t1_lib.o t1_enc.o d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_p kt.o d1_both.o d1_enc.o d1_srtp.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl _ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o kssl.o tls_srp.o t1_reneg.o ssl_utst.o ar: creating ../libssl.a /usr/bin/ranlib ../libssl.a || echo Never mind. if [ -n "" ]; then \ (cd ..; make libssl.so.1.0.0); \ fi make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ss l' making all in apps... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/a pps' gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o verify.o verify.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn1pars.o asn1pars.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o req.o req.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dgst.o dgst.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh.o dh.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dhparam.o dhparam.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o enc.o enc.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o passwd.o passwd.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o gendh.o gendh.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o errstr.o errstr.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ca.o ca.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkcs7.o pkcs7.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o crl2p7.o crl2p7.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o crl.o crl.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa.o rsa.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsautl.o rsautl.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa.o dsa.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsaparam.o dsaparam.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec.o ec.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecparam.o ecparam.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509.o x509.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o genrsa.o genrsa.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o gendsa.o gendsa.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o genpkey.o genpkey.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s_server.o s_server.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s_client.o s_client.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o speed.o speed.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s_time.o s_time.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o apps.o apps.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s_cb.o s_cb.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o s_socket.o s_socket.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o app_rand.o app_rand.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o version.o version.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sess_id.o sess_id.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ciphers.o ciphers.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o nseq.o nseq.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkcs12.o pkcs12.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkcs8.o pkcs8.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkey.o pkey.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkeyparam.o pkeyparam.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkeyutl.o pkeyutl.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o spkac.o spkac.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o smime.o smime.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms.o cms.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand.o rand.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o engine.o engine.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp.o ocsp.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o prime.o prime.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts.o ts.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o srp.o srp.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DH AVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o openssl.o openssl.c rm -f openssl shlib_target=; if [ -n "" ]; then \ shlib_target="linux-shared"; \ elif [ -n "" ]; then \ FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPS LD_CC; \ fi; \ LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \ make -f ../Makefile.shared -e \ APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgs t.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o r sa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o vers ion.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o s pkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \ LIBDEPS=" $LIBRARIES -ldl" \ link_app.${shlib_target} make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/a pps' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=open ssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o ge ndh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_tim e.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkc s12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ap ps' make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' Doing certs/demo WARNING: can't open config file: /usr/local/openssl/openssl.cnf dsa-ca.pem => cbdbd8bc.0 WARNING: can't open config file: /usr/local/openssl/openssl.cnf pca-cert.pem => e83ef475.0 WARNING: can't open config file: /usr/local/openssl/openssl.cnf dsa-pca.pem => de4fa23b.0 WARNING: can't open config file: /usr/local/openssl/openssl.cnf ca-cert.pem => 3f77a2b5.0 make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ap ps' making all in test... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=bnte st} bntest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ectest.o ectest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=ecte st} ectest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecdsatest.o ecdsatest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=ecds atest} ecdsatest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecdhtest.o ecdhtest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=ecdh test} ecdhtest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ideatest.o ideatest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=idea test} ideatest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md2test.o md2test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=md2t est} md2test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md4test.o md4test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=md4t est} md4test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md5test.o md5test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=md5t est} md5test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o hmactest.o hmactest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=hmac test} hmactest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o wp_test.o wp_test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=wp_t est} wp_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc2test.o rc2test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=rc2t est} rc2test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc4test.o rc4test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=rc4t est} rc4test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc5test.o rc5test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=rc5t est} rc5test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o destest.o destest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=dest est} destest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o shatest.o shatest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=shat est} shatest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha1test.o sha1test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=sha1 test} sha1test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha256t.o sha256t.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=sha2 56t} sha256t.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha512t.o sha512t.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=sha5 12t} sha512t.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o mdc2test.o mdc2test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=mdc2 test} mdc2test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rmdtest.o rmdtest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=rmdt est} rmdtest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o randtest.o randtest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=rand test} randtest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dhtest.o dhtest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=dhte st} dhtest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o enginetest.o enginetest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=engi netest} enginetest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bftest.o bftest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=bfte st} bftest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o casttest.o casttest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=cast test} casttest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ssltest.o ssltest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=sslt est} ssltest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o exptest.o exptest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=expt est} exptest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsatest.o dsatest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=dsat est} dsatest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_test.o rsa_test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=rsa_ test} rsa_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_test.o evp_test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=evp_ test} evp_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_extra_test.o evp_extra_test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=evp_ extra_test} evp_extra_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o igetest.o igetest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=iget est} igetest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o jpaketest.o jpaketest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=jpak etest} jpaketest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o srptest.o srptest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=srpt est} srptest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn1test.o asn1test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=asn1 test} asn1test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o heartbeat_test.o heartbeat_test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:-../libssl.a ../libcrypto.a -ldl}"; LDCMD="${LDCMD:-gcc }"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_ H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'` ; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=he artbeat_test} heartbeat_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o constant_time_test.o constant_time_test. c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=cons tant_time_test} constant_time_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o verify_extra_test.o verify_extra_test.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=veri fy_extra_test} verify_extra_test.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o clienthellotest.o clienthellotest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=clie nthellotest} clienthellotest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dummytest.o dummytest.c make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=dumm ytest} dummytest.o ${LIBDEPS} ) make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' making all in tools... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t ools' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/to ols' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' Running make test... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' testing... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' making all in apps... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/a pps' make[4]: Nothing to be done for `all'. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ap ps' make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' ../util/shlib_wrap.sh ./destest Doing cbcm Doing ecb Doing ede ecb Doing cbc Doing desx cbc Doing ede cbc Doing pcbc Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done Doing ofb Doing ofb64 Doing ede_ofb64 Doing cbc_cksum Doing quad_cksum input word alignment test 0 1 2 3 output word alignment test 0 1 2 3 fast crypt test ../util/shlib_wrap.sh ./ideatest ecb idea ok cbc idea ok cfb64 idea ok ../util/shlib_wrap.sh ./shatest test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha1test test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha256t Testing SHA-256 ... passed. Testing SHA-224 ... passed. ../util/shlib_wrap.sh ./sha512t Testing SHA-512 ... passed. Testing SHA-384 ... passed. ../util/shlib_wrap.sh ./md4test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./md5test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./hmactest test 0 ok test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok ../util/shlib_wrap.sh ./md2test No MD2 support ../util/shlib_wrap.sh ./mdc2test pad1 - ok pad2 - ok ../util/shlib_wrap.sh ./wp_test Testing Whirlpool ......... passed. ../util/shlib_wrap.sh ./rmdtest test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok test 8 ok ../util/shlib_wrap.sh ./rc2test ecb RC2 ok ../util/shlib_wrap.sh ./rc4test test 0 ok test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test end processing ....................done test multi-call ....................done bulk test ok ../util/shlib_wrap.sh ./rc5test No RC5 support ../util/shlib_wrap.sh ./bftest testing blowfish in raw ecb mode testing blowfish in ecb mode testing blowfish set_key testing blowfish in cbc mode testing blowfish in cfb64 mode testing blowfish in ofb64 ../util/shlib_wrap.sh ./casttest ecb cast5 ok This test will take some time....123456789ABCDEF ok ../util/shlib_wrap.sh ./randtest test 1 done test 2 done test 3 done test 4 done starting big number library test, could take a while... test BN_add test BN_sub test BN_lshift1 test BN_lshift (fixed) test BN_lshift test BN_rshift1 test BN_rshift test BN_sqr test BN_mul test BN_div test BN_div_word test BN_div_recp test BN_mod test BN_mod_mul test BN_mont test BN_mod_exp test BN_mod_exp_mont_consttime test BN_exp test BN_kronecker .........++++++ ................................................................................ .................... test BN_mod_sqrt ..... ..... ..... ..... ..... ..... ..... ..... ..++++++++++++ ..... ....++++++++++++ ..... ..++++++++++++ ..... .............++++++++++++ ..... ....++++++++++++ ..... ...........++++++++++++ ..... .............++++++++++++ ..... .++++++++++++ ..... test BN_GF2m_add test BN_GF2m_mod test BN_GF2m_mod_mul test BN_GF2m_mod_sqr test BN_GF2m_mod_inv test BN_GF2m_mod_div test BN_GF2m_mod_exp test BN_GF2m_mod_sqrt test BN_GF2m_mod_solve_quad running bc verify BN_add................................................................... ................................. verify BN_sub................................................................... ................................................................................ ... verify BN_lshift1............................................................... ..................................... verify BN_lshift (fixed)........................................................ ............................................ verify BN_lshift................................................................ .................................... verify BN_rshift1............................................................... ..................................... verify BN_rshift................................................................ .................................... verify BN_sqr................................................................... ................................... verify BN_mul................................................................... ................................................................................ ... verify BN_div................................................................... ................................................................................ ................................................................................ ......................................................................... verify BN_div_word.............................................................. ................................................................................ .......................................................... verify BN_div_recp.............................................................. ................................................................................ ................................................................................ .............................................................................. verify BN_mod................................................................... ................................. verify BN_mod_mul............................................................... ................................................................................ ................................................................................ ............................................................................. verify BN_mont..... verify BN_mod_exp..... verify BN_mod_exp_mont_consttime..... verify BN_exp..... verify BN_kronecker verify BN_mod_sqrt verify BN_GF2m_add verify BN_GF2m_mod verify BN_GF2m_mod_mul verify BN_GF2m_mod_sqr verify BN_GF2m_mod_inv verify BN_GF2m_mod_div verify BN_GF2m_mod_exp verify BN_GF2m_mod_sqrt verify BN_GF2m_mod_solve_quad 2222 tests passed test a^b%c implementations ../util/shlib_wrap.sh ./exptest ................................................................................ ................................................................................ ........................................ done test elliptic curves ../util/shlib_wrap.sh ./ectest Curve defined by Weierstrass equation y^2 = x^3 + a*x + b (mod 0x17) a = 0x1 b = 0x1 A cyclic subgroup: point at infinity x = 0xD, y = 0x7 x = 0x5, y = 0x4 x = 0x11, y = 0x3 x = 0x11, y = 0x14 x = 0x5, y = 0x13 x = 0xD, y = 0x10 Generator as octet string, compressed form: 030D Generator as octet string, uncompressed form: 040D07 Generator as octet string, hybrid form: 070D07 A representation of the inverse of that generator in Jacobian projective coordinates: X = 0xC, Y = 0xF, Z = 0xA SEC2 curve secp160r1 -- Generator: x = 0x4A96B5688EF573284664698968C38BB913CBFC82 y = 0x23A628553168947D59DCC912042351377AC5FB32 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve P-192 -- Generator: x = 0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012 y = 0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve P-224 -- Generator: x = 0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21 y = 0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve P-256 -- Generator: x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve P-384 -- Generator: x = 0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F 25DBF55296C3A545E3872760AB7 y = 0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B 1CE1D7E819D7A431D7C90EA0E5F verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve P-521 -- Generator: x = 0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14 B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66 y = 0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97 EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok combined multiplication ..... ok Curve defined by Weierstrass equation y^2 + x*y = x^3 + a*x^2 + b (mod 0x13) a = 0x3 b = 0x1 (0x... means binary polynomial) A cyclic subgroup: point at infinity x = 0x6, y = 0x8 x = 0x1, y = 0xD x = 0x7, y = 0x2 x = 0x0, y = 0x1 x = 0x7, y = 0x5 x = 0x1, y = 0xC x = 0x6, y = 0xE Generator as octet string, uncompressed form: 040608 NIST curve K-163 -- Generator: x = 0x2FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8 y = 0x289070FB05D38FF58321F2E800536D538CCDAA3D9 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve B-163 -- Generator: x = 0x3F0EBA16286A2D57EA0991168D4994637E8343E36 y = 0xD51FBC6C71A0094FA2CDD545B11C5C0C797324F1 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve K-233 -- Generator: x = 0x17232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126 y = 0x1DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve B-233 -- Generator: x = 0xFAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B y = 0x1006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve K-283 -- Generator: x = 0x503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC24584928 36 y = 0x1CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD22 59 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve B-283 -- Generator: x = 0x5F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B120 53 y = 0x3676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112 F4 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve K-409 -- Generator: x = 0x60F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189 EB5AAAA62EE222EB1B35540CFE9023746 y = 0x1E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C 42E9C55215AA9CA27A5863EC48D8E0286B verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve B-409 -- Generator: x = 0x15D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A 868A1180515603AEAB60794E54BB7996A7 y = 0x61B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1 FDF4B4F40D2181B3681C364BA0273C706 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve K-571 -- Generator: x = 0x26EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA4437095 8493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972 y = 0x349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979 C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3 verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok NIST curve B-571 -- Generator: x = 0x303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE539 50F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19 y = 0x37BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E 43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B verify degree ... ok verify group order .... ok long/negative scalar tests allowing precomputation ... without precomputation .. . ok combined multiplication ..... ok testing internal curves: ....................................................... ............ ok test ecdsa ../util/shlib_wrap.sh ./ecdsatest some tests from X9.62: testing prime192v1: .... ok testing prime239v1: .... ok testing c2tnb191v1: .... ok testing c2tnb239v1: .... ok testing ECDSA_sign() and ECDSA_verify() with some internal curves: secp160k1: ........ ok secp160r1: ........ ok secp160r2: ........ ok secp192k1: ........ ok secp224k1: ........ ok secp224r1: ........ ok secp256k1: ........ ok secp384r1: ........ ok secp521r1: ........ ok prime192v1: ........ ok prime192v2: ........ ok prime192v3: ........ ok prime239v1: ........ ok prime239v2: ........ ok prime239v3: ........ ok prime256v1: ........ ok sect163k1: ........ ok sect163r1: ........ ok sect163r2: ........ ok sect193r1: ........ ok sect193r2: ........ ok sect233k1: ........ ok sect233r1: ........ ok sect239k1: ........ ok sect283k1: ........ ok sect283r1: ........ ok sect409k1: ........ ok sect409r1: ........ ok sect571k1: ........ ok sect571r1: ........ ok c2pnb163v1: ........ ok c2pnb163v2: ........ ok c2pnb163v3: ........ ok c2pnb176v1: ........ ok c2tnb191v1: ........ ok c2tnb191v2: ........ ok c2tnb191v3: ........ ok c2pnb208w1: ........ ok c2tnb239v1: ........ ok c2tnb239v2: ........ ok c2tnb239v3: ........ ok c2pnb272w1: ........ ok c2pnb304w1: ........ ok c2tnb359v1: ........ ok c2pnb368w1: ........ ok c2tnb431r1: ........ ok wap-wsg-idm-ecid-wtls3: ........ ok wap-wsg-idm-ecid-wtls5: ........ ok wap-wsg-idm-ecid-wtls7: ........ ok wap-wsg-idm-ecid-wtls9: ........ ok wap-wsg-idm-ecid-wtls10: ........ ok wap-wsg-idm-ecid-wtls11: ........ ok wap-wsg-idm-ecid-wtls12: ........ ok ECDSA test passed test ecdh ../util/shlib_wrap.sh ./ecdhtest Testing key generation with NIST Prime-Curve P-192 .... ok Testing key generation with NIST Prime-Curve P-224 .... ok Testing key generation with NIST Prime-Curve P-256 .... ok Testing key generation with NIST Prime-Curve P-384 .... ok Testing key generation with NIST Prime-Curve P-521 .... ok Testing key generation with NIST Binary-Curve K-163 .... ok Testing key generation with NIST Binary-Curve B-163 .... ok Testing key generation with NIST Binary-Curve K-233 .... ok Testing key generation with NIST Binary-Curve B-233 .... ok Testing key generation with NIST Binary-Curve K-283 .... ok Testing key generation with NIST Binary-Curve B-283 .... ok Testing key generation with NIST Binary-Curve K-409 .... ok Testing key generation with NIST Binary-Curve B-409 .... ok Testing key generation with NIST Binary-Curve K-571 .... ok Testing key generation with NIST Binary-Curve B-571 .... ok cat base64 aes-128-cbc aes-128-cbc base64 aes-128-ecb aes-128-ecb base64 aes-192-cbc aes-192-cbc base64 aes-192-ecb aes-192-ecb base64 aes-256-cbc aes-256-cbc base64 aes-256-ecb aes-256-ecb base64 base64 base64 base64 bf bf base64 bf-cbc bf-cbc base64 bf-cfb bf-cfb base64 bf-ecb bf-ecb base64 bf-ofb bf-ofb base64 camellia-128-cbc camellia-128-cbc base64 camellia-128-ecb camellia-128-ecb base64 camellia-192-cbc camellia-192-cbc base64 camellia-192-ecb camellia-192-ecb base64 camellia-256-cbc camellia-256-cbc base64 camellia-256-ecb camellia-256-ecb base64 cast cast base64 cast-cbc cast-cbc base64 cast5-cbc cast5-cbc base64 cast5-cfb cast5-cfb base64 cast5-ecb cast5-ecb base64 cast5-ofb cast5-ofb base64 des des base64 des-cbc des-cbc base64 des-cfb des-cfb base64 des-ecb des-ecb base64 des-ede des-ede base64 des-ede-cbc des-ede-cbc base64 des-ede-cfb des-ede-cfb base64 des-ede-ofb des-ede-ofb base64 des-ede3 des-ede3 base64 des-ede3-cbc des-ede3-cbc base64 des-ede3-cfb des-ede3-cfb base64 des-ede3-ofb des-ede3-ofb base64 des-ofb des-ofb base64 des3 des3 base64 desx desx base64 idea idea base64 idea-cbc idea-cbc base64 idea-cfb idea-cfb base64 idea-ecb idea-ecb base64 idea-ofb idea-ofb base64 rc2 rc2 base64 rc2-40-cbc rc2-40-cbc base64 rc2-64-cbc rc2-64-cbc base64 rc2-cbc rc2-cbc base64 rc2-cfb rc2-cfb base64 rc2-ecb rc2-ecb base64 rc2-ofb rc2-ofb base64 rc4 rc4 base64 rc4-40 rc4-40 base64 seed seed base64 seed-cbc seed-cbc base64 seed-cfb seed-cfb base64 seed-ecb seed-ecb base64 seed-ofb seed-ofb base64 echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2>/dev/null testing X509 conversions p -> d p -> n p -> p d -> d n -> d p -> d d -> n n -> n p -> n d -> p n -> p p -> p echo test first x509v3 certificate test first x509v3 certificate sh ./tx509 v3-cert1.pem 2>/dev/null testing X509 conversions p -> d p -> n p -> p d -> d n -> d p -> d d -> n n -> n p -> n d -> p n -> p p -> p echo test second x509v3 certificate test second x509v3 certificate sh ./tx509 v3-cert2.pem 2>/dev/null testing X509 conversions p -> d p -> n p -> p d -> d n -> d p -> d d -> n n -> n p -> n d -> p n -> p p -> p rsa testing rsa conversions p -> d p -> p d -> d p -> d d -> p p -> p ../util/shlib_wrap.sh ./rsa_test PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok testing crl conversions p -> d p -> p d -> d p -> d d -> p p -> p testing session-id conversions p -> d p -> p d -> d p -> d d -> p p -> p Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 1024 bit RSA private key ........++++++ ...........++++++ writing new private key to 'testkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:eay at mincom.oz.au verify OK testing req conversions p -> d p -> p d -> d p -> d d -> p p -> p testing req conversions p -> d p -> p d -> d p -> d d -> p p -> p testing pkcs7 conversions p -> d p -> p d -> d p -> d d -> p p -> p testing pkcs7 conversions (2) p -> d p -> p d -> d p -> d d -> p p -> p The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo /*.pem ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 1 depth lookup:certificate has expired C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 10 at 1 depth lookup:certificate has expired C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd , CN = PCA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK Generate a set of DH parameters ../util/shlib_wrap.sh ./dhtest .+.+..+..++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++ *++*++*++* p =8D0628726F519097 g =5 pri 1=42AAD29219CD2B42 pub 1=CCB2CDA855AC3F pri 2=4AEFB23527669139 pub 2=788DAEFEB5D776D key1 =03DE5A88E963BF6E key2 =03DE5A88E963BF6E Generate a set of DSA parameters ../util/shlib_wrap.sh ./dsatest test generation of DSA parameters .++++++++++++++++++++++++++++++++++++++++++++++++++* ...+........+..+...+............+.+..+.......................................... ................................++++++++++++++++++++++++++++++++++++++++++++++++ +++* seed D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 counter=105 h=2 P: 00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68: 69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d: 78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac: 32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36: ee:31:c8:02:91 Q: 00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30: f4:8e:da:ce:91:5f G: 62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5: 00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce: 2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21: 92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53: e6:d7:88:02 ../util/shlib_wrap.sh ./dsatest -app2_1 test generation of DSA parameters .++++++++++++++++++++++++++++++++++++++++++++++++++* ...+........+..+...+............+.+..+.......................................... ................................++++++++++++++++++++++++++++++++++++++++++++++++ +++* seed D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 counter=105 h=2 P: 00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68: 69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d: 78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac: 32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36: ee:31:c8:02:91 Q: 00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30: f4:8e:da:ce:91:5f G: 62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5: 00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce: 2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21: 92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53: e6:d7:88:02 Generate and certify a test certificate make a certificate request using 'req' rsa Generating a 2048 bit RSA private key ............................................................................+++ .....+++ writing new private key to 'keyCA.ss' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Dodgy CA convert the certificate request into a self signed certificate using 'x509' Signature ok subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA Getting Private key convert a certificate into a certificate request using 'x509' Getting request Private Key Generating certificate request verify OK verify OK certCA.ss: OK make a user certificate request using 'req' Generating a 2048 bit RSA private key ..+++ ...................+++ writing new private key to 'keyU.ss' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Brother 1 Common Name (eg, YOUR name) []:Brother 2 sign user certificate request with the just created CA via 'x509' Signature ok subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 Getting CA Private Key certU.ss: OK Certificate details subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 issuer= /C=AU/O=Dodgy Brothers/CN=Dodgy CA notBefore=Apr 28 09:21:46 2016 GMT notAfter=May 28 09:21:46 2016 GMT make a proxy certificate request using 'req' Generating a 1024 bit RSA private key ..........++++++ ............................................++++++ writing new private key to 'keyP1.ss' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Brother 1 Common Name (eg, YOUR name) []:Brother 2 Common Name (eg, YOUR name) []:Proxy 1 sign proxy certificate request with the just created user certificate via 'x509' Signature ok subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Getting CA Private Key certP1.ss: C = AU, O = Dodgy Brothers, CN = Brother 1, CN = Brother 2, CN = Prox y 1 error 40 at 0 depth lookup:proxy certificates not allowed, please set the approp riate flag Certificate details subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 notBefore=Apr 28 09:21:46 2016 GMT notAfter=May 28 09:21:46 2016 GMT make another proxy certificate request using 'req' Generating a 1024 bit RSA private key ...............................++++++ .......++++++ writing new private key to 'keyP2.ss' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Brother 1 Common Name (eg, YOUR name) []:Brother 2 Common Name (eg, YOUR name) []:Proxy 1 Common Name (eg, YOUR name) []:Proxy 2 sign second proxy certificate request with the first proxy certificate via 'x509 ' Signature ok subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Getting CA Private Key certP2.ss: C = AU, O = Dodgy Brothers, CN = Brother 1, CN = Brother 2, CN = Prox y 1, CN = Proxy 2 error 40 at 0 depth lookup:proxy certificates not allowed, please set the approp riate flag Certificate details subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 notBefore=Apr 28 09:21:46 2016 GMT notAfter=May 28 09:21:46 2016 GMT The generated CA certificate is certCA.ss The generated CA private key is keyCA.ss The generated user certificate is certU.ss The generated user private key is keyU.ss The first generated proxy certificate is certP1.ss The first generated proxy private key is keyP1.ss The second generated proxy certificate is certP2.ss The second generated proxy private key is keyP2.ss rsa Generate and certify a test certificate via the 'ca' program CA certificate filename (or enter to create) Making CA certificate ... Generating a 2048 bit RSA private key ..........................+++ ........................................+++ writing new private key to './demoCA/private/./cakey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Dodgy CA Using configuration from CAss.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 10206012054631005775 (0x8da309e3d1a2be4f) Validity Not Before: Apr 28 09:21:47 2016 GMT Not After : Apr 28 09:21:47 2019 GMT Subject: countryName = AU organizationName = Dodgy Brothers commonName = Dodgy CA X509v3 extensions: X509v3 Subject Key Identifier: 13:B6:DE:AE:B2:95:55:3C:63:26:FB:7B:2D:B3:CD:C2:9A:CC:92:C3 X509v3 Authority Key Identifier: keyid:13:B6:DE:AE:B2:95:55:3C:63:26:FB:7B:2D:B3:CD:C2:9A:CC:92:C 3 DirName:/C=AU/O=Dodgy Brothers/CN=Dodgy CA serial:8D:A3:09:E3:D1:A2:BE:4F X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Issuer Alternative Name: Certificate is to be certified until Apr 28 09:21:47 2019 GMT (1095 days) Write out database with 1 new entries Data Base Updated Generating a 2048 bit RSA private key ............+++ ...............+++ writing new private key to 'newkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Brother 1 Common Name (eg, YOUR name) []:Brother 2 Request is in newreq.pem, private key is in newkey.pem Using configuration from ../apps/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 10206012054631005776 (0x8da309e3d1a2be50) Validity Not Before: Apr 28 09:21:47 2016 GMT Not After : Apr 28 09:21:47 2017 GMT Subject: countryName = AU organizationName = Dodgy Brothers commonName = Brother 1 commonName = Brother 2 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 46:28:0C:71:C0:42:89:04:B3:65:4D:39:16:F7:DB:8C:02:C3:17:37 X509v3 Authority Key Identifier: keyid:13:B6:DE:AE:B2:95:55:3C:63:26:FB:7B:2D:B3:CD:C2:9A:CC:92:C 3 Certificate is to be certified until Apr 28 09:21:47 2017 GMT (365 days) Sign the certificate? [y/n]: 1 out of 1 certificate requests certified, commit? [y/n]Write out database with 1 new entries Data Base Updated Certificate: Data: Version: 3 (0x2) Serial Number: 10206012054631005776 (0x8da309e3d1a2be50) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, O=Dodgy Brothers, CN=Dodgy CA Validity Not Before: Apr 28 09:21:47 2016 GMT Not After : Apr 28 09:21:47 2017 GMT Subject: C=AU, O=Dodgy Brothers, CN=Brother 1, CN=Brother 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:16:d8:36:13:65:01:75:db:79:b4:ee:aa:07: 46:f9:45:e0:69:71:ba:78:2c:ec:c9:fb:96:0b:b6: f4:22:3b:a0:f9:f7:dd:2b:78:fc:db:52:ba:52:f7: 80:04:bf:cb:2e:bd:5a:a0:ff:48:2b:af:2b:63:e1: 72:d0:95:97:7d:ab:2e:a6:c6:e3:04:e9:c3:c7:a2: c4:01:f1:00:55:81:a8:42:72:74:4b:5c:ac:5b:78: 16:9b:13:84:2c:89:2c:1d:fc:aa:3e:8e:42:b8:65: 92:c6:51:b5:35:1b:dd:55:95:96:27:ec:7b:38:19: b1:ce:c2:99:92:8f:dd:d1:28:1b:2a:cf:d3:25:b7: a8:95:1b:22:db:e8:98:e8:2a:35:42:68:2d:0c:b2: 2f:8f:7b:a0:d5:4d:cc:fe:5e:d2:63:09:f6:b1:75: 30:4b:dc:d6:05:82:ca:5d:40:33:98:90:42:6b:31: b7:eb:e1:93:6e:32:f9:1b:2f:f8:e1:75:82:75:b8: ef:3b:91:12:c5:a6:f7:48:74:a1:a6:9a:58:bd:1e: f7:f1:16:62:70:fe:55:ff:0f:54:4e:33:ae:1b:74: 39:b9:3f:0d:73:e6:36:d6:c4:8e:1a:26:f6:f1:08: 09:7f:52:97:1e:40:95:dd:0b:2b:23:b4:fb:97:d8: 35:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 46:28:0C:71:C0:42:89:04:B3:65:4D:39:16:F7:DB:8C:02:C3:17:37 X509v3 Authority Key Identifier: keyid:13:B6:DE:AE:B2:95:55:3C:63:26:FB:7B:2D:B3:CD:C2:9A:CC:92:C 3 Signature Algorithm: sha1WithRSAEncryption 0d:91:c9:5d:0b:e4:a7:82:92:b6:86:3d:03:c2:bd:68:de:18: 56:aa:00:93:a7:8c:bc:b6:c4:a6:2a:68:68:9a:87:b0:1e:35: 42:81:cd:1d:dc:e1:b0:c0:61:96:4a:d3:a3:29:ea:e6:7e:ce: 75:5c:c6:ee:e7:da:48:df:11:34:b9:fd:03:92:f2:22:d2:b8: d0:27:68:95:ee:a9:a4:70:da:a4:b8:8f:18:1c:a7:08:4d:d9: 07:f9:54:1b:d3:63:ff:d4:7a:85:7c:83:a0:9a:74:b7:fc:64: a2:19:4e:f4:ce:e0:7b:bf:1a:74:db:2b:cc:3b:f1:e1:42:26: 51:4a:ec:22:05:61:0a:88:d1:db:49:85:a5:89:9e:55:bb:33: de:92:57:c0:f1:c7:4f:44:27:9f:47:03:09:98:a5:17:e9:5a: f0:bb:29:d5:3f:4e:f3:a3:b3:a9:de:f9:34:8c:8d:1f:36:47: a1:84:1a:8e:90:53:9b:22:bc:06:0d:a9:2c:14:bf:8d:e6:fa: 19:0c:8b:ed:81:f0:b7:33:86:7e:32:8e:83:3d:cb:55:0e:00: 86:84:3d:30:d2:96:bf:f5:ab:cf:b1:a7:b5:b9:d3:30:01:d3: dc:6f:d1:a4:40:eb:43:6e:c9:62:c8:ec:fc:2e:49:79:86:d8: f6:40:6d:4a -----BEGIN CERTIFICATE----- MIIDhTCCAm2gAwIBAgIJAI2jCePRor5QMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV BAYTAkFVMRcwFQYDVQQKDA5Eb2RneSBCcm90aGVyczERMA8GA1UEAwwIRG9kZ3kg Q0EwHhcNMTYwNDI4MDkyMTQ3WhcNMTcwNDI4MDkyMTQ3WjBOMQswCQYDVQQGEwJB VTEXMBUGA1UECgwORG9kZ3kgQnJvdGhlcnMxEjAQBgNVBAMMCUJyb3RoZXIgMTES MBAGA1UEAwwJQnJvdGhlciAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvhbYNhNlAXXbebTuqgdG+UXgaXG6eCzsyfuWC7b0Ijug+ffdK3j821K6UveA BL/LLr1aoP9IK68rY+Fy0JWXfasupsbjBOnDx6LEAfEAVYGoQnJ0S1ysW3gWmxOE LIksHfyqPo5CuGWSxlG1NRvdVZWWJ+x7OBmxzsKZko/d0SgbKs/TJbeolRsi2+iY 6Co1QmgtDLIvj3ug1U3M/l7SYwn2sXUwS9zWBYLKXUAzmJBCazG36+GTbjL5Gy/4 4XWCdbjvO5ESxab3SHShpppYvR738RZicP5V/w9UTjOuG3Q5uT8Nc+Y21sSOGib2 8QgJf1KXHkCV3QsrI7T7l9g1CwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU RigMccBCiQSzZU05FvfbjALDFzcwHwYDVR0jBBgwFoAUE7berrKVVTxjJvt7LbPN wprMksMwDQYJKoZIhvcNAQEFBQADggEBAA2RyV0L5KeCkraGPQPCvWjeGFaqAJOn jLy2xKYqaGiah7AeNUKBzR3c4bDAYZZK06Mp6uZ+znVcxu7n2kjfETS5/QOS8iLS uNAnaJXuqaRw2qS4jxgcpwhN2Qf5VBvTY//UeoV8g6CadLf8ZKIZTvTO4Hu/GnTb K8w78eFCJlFK7CIFYQqI0dtJhaWJnlW7M96SV8Dxx09EJ59HAwmYpRfpWvC7KdU/ TvOjs6ne+TSMjR82R6GEGo6QU5sivAYNqSwUv43m+hkMi+2B8Lczhn4yjoM9y1UO AIaEPTDSlr/1q8+xp7W50zAB09xv0aRA60NuyWLI7PwuSXmG2PZAbUo= -----END CERTIFICATE----- Signed certificate is in newcert.pem newcert.pem: OK Manipulate the ENGINE structures ../util/shlib_wrap.sh ./enginetest enginetest beginning listing available engine types end of list listing available engine types engine 0, id = "test_id0", name = "First test item" end of list listing available engine types end of list listing available engine types engine 0, id = "test_id2", name = "Third test item" engine 1, id = "test_id1", name = "Second test item" end of list listing available engine types engine 0, id = "test_id2", name = "Third test item" end of list listing available engine types engine 0, id = "test_id2", name = "Third test item" engine 1, id = "test_id3", name = "Fourth test item" end of list Add that should fail did. Remove that should fail did. listing available engine types engine 0, id = "test_id3", name = "Fourth test item" end of list listing available engine types end of list listing available engine types end of list Successfully added and removed to an empty list! About to beef up the engine-type list ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................ About to empty the engine-type list ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................ Tests completed happily ../util/shlib_wrap.sh ./evp_test evptests.txt Testing digest SHA1 Plaintext 0000 61 62 63 Digest 0000 a9 99 3e 36 47 06 81 6a ba 3e 25 71 78 50 c2 6c 0010 9c d0 d8 9d Testing digest MD5 Plaintext Digest 0000 d4 1d 8c d9 8f 00 b2 04 e9 80 09 98 ec f8 42 7e Testing digest MD5 Plaintext 0000 61 Digest 0000 0c c1 75 b9 c0 f1 b6 a8 31 c3 99 e2 69 77 26 61 Testing digest MD5 Plaintext 0000 61 62 63 Digest 0000 90 01 50 98 3c d2 4f b0 d6 96 3f 7d 28 e1 7f 72 Testing digest MD5 Plaintext 0000 6d 65 73 73 61 67 65 20 64 69 67 65 73 74 Digest 0000 f9 6b 69 7d 7c b7 93 8d 52 5a 2f 31 aa f1 61 d0 Testing digest MD5 Plaintext 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 0010 71 72 73 74 75 76 77 78 79 7a Digest 0000 c3 fc d3 d7 61 92 e4 00 7d fb 49 6c ca 67 e1 3b Testing digest MD5 Plaintext 0000 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 0010 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 0020 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 0030 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 Digest 0000 d1 74 ab 98 d2 77 d9 f5 a5 61 1c 2c 9f 41 9d 9f Testing digest MD5 Plaintext 0000 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 0010 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 0020 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 0030 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 0040 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 Digest 0000 57 ed f4 a2 2b e3 c9 55 ac 49 da 2e 21 07 b6 7a Testing cipher AES-128-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Ciphertext 0000 69 c4 e0 d8 6a 7b 04 30 d8 cd b7 80 70 b4 c5 5a Testing cipher AES-192-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 Plaintext 0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Ciphertext 0000 dd a9 7c a4 86 4c df e0 6e af 70 a0 ec 0d 71 91 Testing cipher AES-256-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f Plaintext 0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Ciphertext 0000 8e a2 b7 ca 51 67 45 bf ea fc 49 90 4b 49 60 89 Testing cipher AES-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 3a d7 7b b4 0d 7a 36 60 a8 9e ca f3 24 66 ef 97 Testing cipher AES-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 f5 d3 d5 85 03 b9 69 9d e7 85 89 5a 96 fd ba af Testing cipher AES-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 43 b1 cd 7f 59 8e ce 23 88 1b 00 e3 ed 03 06 88 Testing cipher AES-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 7b 0c 78 5e 27 e8 ad 3f 82 23 20 71 04 72 5d d4 Testing cipher AES-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 bd 33 4f 1d 6e 45 f2 5f f7 12 a2 14 57 1f a5 cc Testing cipher AES-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 97 41 04 84 6d 0a d3 ad 77 34 ec b3 ec ee 4e ef Testing cipher AES-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 ef 7a fd 22 70 e2 e6 0a dc e0 ba 2f ac e6 44 4e Testing cipher AES-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 9a 4b 41 ba 73 8d 6c 72 fb 16 69 16 03 c1 8e 0e Testing cipher AES-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 f3 ee d1 bd b5 d2 a0 3c 06 4b 5a 7e 3d b1 81 f8 Testing cipher AES-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 59 1c cb 10 d4 10 ed 26 dc 5b a7 4a 31 36 28 70 Testing cipher AES-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 b6 ed 21 b9 9c a6 f4 f9 f1 53 e7 b1 be af ed 1d Testing cipher AES-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 23 30 4b 7a 39 f9 f3 ff 06 7d 8d 8f 9e 24 ec c7 Testing cipher AES-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d Testing cipher AES-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2 Testing cipher AES-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16 Testing cipher AES-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7 Testing cipher AES-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 4f 02 1d b2 43 bc 63 3d 71 78 18 3a 9f a0 71 e8 Testing cipher AES-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 4f 02 1d b2 43 bc 63 3d 71 78 18 3a 9f a0 71 e8 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 b4 d9 ad a9 ad 7d ed f4 e5 e7 38 76 3f 69 14 5a Testing cipher AES-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 b4 d9 ad a9 ad 7d ed f4 e5 e7 38 76 3f 69 14 5a Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 57 1b 24 20 12 fb 7a e0 7f a9 ba ac 3d f1 02 e0 Testing cipher AES-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 57 1b 24 20 12 fb 7a e0 7f a9 ba ac 3d f1 02 e0 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 08 b0 e2 79 88 59 88 81 d9 20 a9 e6 4f 56 15 cd Testing cipher AES-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 f5 8c 4c 04 d6 e5 f1 ba 77 9e ab fb 5f 7b fb d6 Testing cipher AES-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 f5 8c 4c 04 d6 e5 f1 ba 77 9e ab fb 5f 7b fb d6 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 9c fc 4e 96 7e db 80 8d 67 9f 77 7b c6 70 2c 7d Testing cipher AES-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 9c fc 4e 96 7e db 80 8d 67 9f 77 7b c6 70 2c 7d Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 39 f2 33 69 a9 d9 ba cf a5 30 e2 63 04 23 14 61 Testing cipher AES-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 39 f2 33 69 a9 d9 ba cf a5 30 e2 63 04 23 14 61 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 b2 eb 05 e2 c3 9b e9 fc da 6c 19 07 8c 6a 9d 1b Testing cipher AES-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 3b 3f d9 2e b7 2d ad 20 33 34 49 f8 e8 3c fb 4a Testing cipher AES-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 3b 3f d9 2e b7 2d ad 20 33 34 49 f8 e8 3c fb 4a Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 c8 a6 45 37 a0 b3 a9 3f cd e3 cd ad 9f 1c e5 8b Testing cipher AES-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 c8 a6 45 37 a0 b3 a9 3f cd e3 cd ad 9f 1c e5 8b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 26 75 1f 67 a3 cb b1 40 b1 80 8c f1 87 a4 f4 df Testing cipher AES-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 26 75 1f 67 a3 cb b1 40 b1 80 8c f1 87 a4 f4 df Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 c0 4b 05 35 7c 5d 1c 0e ea c4 c6 6f 9f f7 f2 e6 Testing cipher AES-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 3b 3f d9 2e b7 2d ad 20 33 34 49 f8 e8 3c fb 4a Testing cipher AES-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 3b 3f d9 2e b7 2d ad 20 33 34 49 f8 e8 3c fb 4a Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 c8 a6 45 37 a0 b3 a9 3f cd e3 cd ad 9f 1c e5 8b Testing cipher AES-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 c8 a6 45 37 a0 b3 a9 3f cd e3 cd ad 9f 1c e5 8b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 26 75 1f 67 a3 cb b1 40 b1 80 8c f1 87 a4 f4 df Testing cipher AES-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 26 75 1f 67 a3 cb b1 40 b1 80 8c f1 87 a4 f4 df Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 c0 4b 05 35 7c 5d 1c 0e ea c4 c6 6f 9f f7 f2 e6 Testing cipher AES-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cd c8 0d 6f dd f1 8c ab 34 c2 59 09 c9 9a 41 74 Testing cipher AES-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 cd c8 0d 6f dd f1 8c ab 34 c2 59 09 c9 9a 41 74 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 67 ce 7f 7f 81 17 36 21 96 1a 2b 70 17 1d 3d 7a Testing cipher AES-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 67 ce 7f 7f 81 17 36 21 96 1a 2b 70 17 1d 3d 7a Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 2e 1e 8a 1d d5 9b 88 b1 c8 e6 0f ed 1e fa c4 c9 Testing cipher AES-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 2e 1e 8a 1d d5 9b 88 b1 c8 e6 0f ed 1e fa c4 c9 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 c0 5f 9f 9c a9 83 4f a0 42 ae 8f ba 58 4b 09 ff Testing cipher AES-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cd c8 0d 6f dd f1 8c ab 34 c2 59 09 c9 9a 41 74 Testing cipher AES-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 cd c8 0d 6f dd f1 8c ab 34 c2 59 09 c9 9a 41 74 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 67 ce 7f 7f 81 17 36 21 96 1a 2b 70 17 1d 3d 7a Testing cipher AES-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 67 ce 7f 7f 81 17 36 21 96 1a 2b 70 17 1d 3d 7a Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 2e 1e 8a 1d d5 9b 88 b1 c8 e6 0f ed 1e fa c4 c9 Testing cipher AES-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 2e 1e 8a 1d d5 9b 88 b1 c8 e6 0f ed 1e fa c4 c9 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 c0 5f 9f 9c a9 83 4f a0 42 ae 8f ba 58 4b 09 ff Testing cipher AES-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 dc 7e 84 bf da 79 16 4b 7e cd 84 86 98 5d 38 60 Testing cipher AES-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 dc 7e 84 bf da 79 16 4b 7e cd 84 86 98 5d 38 60 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 39 ff ed 14 3b 28 b1 c8 32 11 3c 63 31 e5 40 7b Testing cipher AES-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 39 ff ed 14 3b 28 b1 c8 32 11 3c 63 31 e5 40 7b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 df 10 13 24 15 e5 4b 92 a1 3e d0 a8 26 7a e2 f9 Testing cipher AES-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 df 10 13 24 15 e5 4b 92 a1 3e d0 a8 26 7a e2 f9 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 75 a3 85 74 1a b9 ce f8 20 31 62 3d 55 b1 e4 71 Testing cipher AES-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 dc 7e 84 bf da 79 16 4b 7e cd 84 86 98 5d 38 60 Testing cipher AES-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 dc 7e 84 bf da 79 16 4b 7e cd 84 86 98 5d 38 60 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 39 ff ed 14 3b 28 b1 c8 32 11 3c 63 31 e5 40 7b Testing cipher AES-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 39 ff ed 14 3b 28 b1 c8 32 11 3c 63 31 e5 40 7b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 df 10 13 24 15 e5 4b 92 a1 3e d0 a8 26 7a e2 f9 Testing cipher AES-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 df 10 13 24 15 e5 4b 92 a1 3e d0 a8 26 7a e2 f9 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 75 a3 85 74 1a b9 ce f8 20 31 62 3d 55 b1 e4 71 Testing cipher AES-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 3b 3f d9 2e b7 2d ad 20 33 34 49 f8 e8 3c fb 4a Testing cipher AES-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 50 fe 67 cc 99 6d 32 b6 da 09 37 e9 9b af ec 60 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 77 89 50 8d 16 91 8f 03 f5 3c 52 da c5 4e d8 25 Testing cipher AES-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 d9 a4 da da 08 92 23 9f 6b 8b 3d 76 80 e1 56 74 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 97 40 05 1e 9c 5f ec f6 43 44 f7 a8 22 60 ed cc Testing cipher AES-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a7 88 19 58 3f 03 08 e7 a6 bf 36 b1 38 6a bf 23 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 30 4c 65 28 f6 59 c7 78 66 a5 10 d9 c1 d6 ae 5e Testing cipher AES-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 3b 3f d9 2e b7 2d ad 20 33 34 49 f8 e8 3c fb 4a Testing cipher AES-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 50 fe 67 cc 99 6d 32 b6 da 09 37 e9 9b af ec 60 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 77 89 50 8d 16 91 8f 03 f5 3c 52 da c5 4e d8 25 Testing cipher AES-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 d9 a4 da da 08 92 23 9f 6b 8b 3d 76 80 e1 56 74 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 97 40 05 1e 9c 5f ec f6 43 44 f7 a8 22 60 ed cc Testing cipher AES-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a7 88 19 58 3f 03 08 e7 a6 bf 36 b1 38 6a bf 23 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 30 4c 65 28 f6 59 c7 78 66 a5 10 d9 c1 d6 ae 5e Testing cipher AES-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cd c8 0d 6f dd f1 8c ab 34 c2 59 09 c9 9a 41 74 Testing cipher AES-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 a6 09 b3 8d f3 b1 13 3d dd ff 27 18 ba 09 56 5e Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 fc c2 8b 8d 4c 63 83 7c 09 e8 17 00 c1 10 04 01 Testing cipher AES-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 52 ef 01 da 52 60 2f e0 97 5f 78 ac 84 bf 8a 50 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 8d 9a 9a ea c0 f6 59 6f 55 9c 6d 4d af 59 a5 f2 Testing cipher AES-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 bd 52 86 ac 63 aa bd 7e b0 67 ac 54 b5 53 f7 1d Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 6d 9f 20 08 57 ca 6c 3e 9c ac 52 4b d9 ac c9 2a Testing cipher AES-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cd c8 0d 6f dd f1 8c ab 34 c2 59 09 c9 9a 41 74 Testing cipher AES-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 a6 09 b3 8d f3 b1 13 3d dd ff 27 18 ba 09 56 5e Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 fc c2 8b 8d 4c 63 83 7c 09 e8 17 00 c1 10 04 01 Testing cipher AES-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 52 ef 01 da 52 60 2f e0 97 5f 78 ac 84 bf 8a 50 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 8d 9a 9a ea c0 f6 59 6f 55 9c 6d 4d af 59 a5 f2 Testing cipher AES-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 bd 52 86 ac 63 aa bd 7e b0 67 ac 54 b5 53 f7 1d Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 6d 9f 20 08 57 ca 6c 3e 9c ac 52 4b d9 ac c9 2a Testing cipher AES-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 dc 7e 84 bf da 79 16 4b 7e cd 84 86 98 5d 38 60 Testing cipher AES-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 b7 bf 3a 5d f4 39 89 dd 97 f0 fa 97 eb ce 2f 4a Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 4f eb dc 67 40 d2 0b 3a c8 8f 6a d8 2a 4f b0 8d Testing cipher AES-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 e1 c6 56 30 5e d1 a7 a6 56 38 05 74 6f e0 3e dc Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 71 ab 47 a0 86 e8 6e ed f3 9d 1c 5b ba 97 c4 08 Testing cipher AES-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 41 63 5b e6 25 b4 8a fc 16 66 dd 42 a0 9d 96 e7 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 01 26 14 1d 67 f3 7b e8 53 8f 5a 8b e7 40 e4 84 Testing cipher AES-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 dc 7e 84 bf da 79 16 4b 7e cd 84 86 98 5d 38 60 Testing cipher AES-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 b7 bf 3a 5d f4 39 89 dd 97 f0 fa 97 eb ce 2f 4a Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 4f eb dc 67 40 d2 0b 3a c8 8f 6a d8 2a 4f b0 8d Testing cipher AES-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 e1 c6 56 30 5e d1 a7 a6 56 38 05 74 6f e0 3e dc Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 71 ab 47 a0 86 e8 6e ed f3 9d 1c 5b ba 97 c4 08 Testing cipher AES-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 41 63 5b e6 25 b4 8a fc 16 66 dd 42 a0 9d 96 e7 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 01 26 14 1d 67 f3 7b e8 53 8f 5a 8b e7 40 e4 84 Testing cipher AES-128-CTR(encrypt) Key 0000 ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e IV 0000 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 Plaintext 0000 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 Ciphertext 0000 e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 Testing cipher AES-128-CTR(encrypt) Key 0000 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 IV 0000 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f Ciphertext 0000 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 0010 eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 Testing cipher AES-128-CTR(encrypt) Key 0000 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc IV 0000 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 0020 20 21 22 23 Ciphertext 0000 c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 0010 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 0020 25 b2 07 2f Testing cipher AES-192-CTR(encrypt) Key 0000 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed 0010 86 3d 06 cc fd b7 85 15 IV 0000 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 Plaintext 0000 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 Ciphertext 0000 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 Testing cipher AES-192-CTR(encrypt) Key 0000 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c 0010 67 8c 3d b8 e6 f6 a9 1a IV 0000 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f Ciphertext 0000 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f 0010 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 Testing cipher AES-192-CTR(encrypt) Key 0000 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b 0010 f5 9b 60 a7 86 d3 e0 fe IV 0000 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 0020 20 21 22 23 Ciphertext 0000 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 0010 d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 0020 ab ee 09 35 Testing cipher AES-256-CTR(encrypt) Key 0000 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c 0010 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 IV 0000 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 Plaintext 0000 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 Ciphertext 0000 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 Testing cipher AES-256-CTR(encrypt) Key 0000 f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 0010 c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 IV 0000 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f Ciphertext 0000 f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 0010 b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c Testing cipher AES-256-CTR(encrypt) Key 0000 ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 0010 aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d IV 0000 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 0020 20 21 22 23 Ciphertext 0000 eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa 0010 b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f 0020 1e c0 e6 b8 Testing cipher DES-ECB(encrypt/decrypt) Key 0000 00 00 00 00 00 00 00 00 Plaintext 0000 00 00 00 00 00 00 00 00 Ciphertext 0000 8c a6 4d e9 c1 b1 23 a7 Testing cipher DES-ECB(encrypt/decrypt) Key 0000 ff ff ff ff ff ff ff ff Plaintext 0000 ff ff ff ff ff ff ff ff Ciphertext 0000 73 59 b2 16 3e 4e dc 58 Testing cipher DES-ECB(encrypt/decrypt) Key 0000 30 00 00 00 00 00 00 00 Plaintext 0000 10 00 00 00 00 00 00 01 Ciphertext 0000 95 8e 6e 62 7a 05 55 7b Testing cipher DES-ECB(encrypt/decrypt) Key 0000 11 11 11 11 11 11 11 11 Plaintext 0000 11 11 11 11 11 11 11 11 Ciphertext 0000 f4 03 79 ab 9e 0e c5 33 Testing cipher DES-ECB(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef Plaintext 0000 11 11 11 11 11 11 11 11 Ciphertext 0000 17 66 8d fc 72 92 53 2d Testing cipher DES-ECB(encrypt/decrypt) Key 0000 11 11 11 11 11 11 11 11 Plaintext 0000 01 23 45 67 89 ab cd ef Ciphertext 0000 8a 5a e1 f8 1a b8 f2 dd Testing cipher DES-ECB(encrypt/decrypt) Key 0000 fe dc ba 98 76 54 32 10 Plaintext 0000 01 23 45 67 89 ab cd ef Ciphertext 0000 ed 39 d9 50 fa 74 bc c4 Testing cipher DESX-CBC(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef f1 e0 d3 c2 b5 a4 97 86 0010 fe dc ba 98 76 54 32 10 IV 0000 fe dc ba 98 76 54 32 10 Plaintext 0000 37 36 35 34 33 32 31 20 4e 6f 77 20 69 73 20 74 0010 68 65 20 74 69 6d 65 20 66 6f 72 20 00 00 00 00 Ciphertext 0000 84 6b 29 14 85 1e 9a 29 54 73 2f 8a a0 a6 11 c1 0010 15 cd c2 d7 95 1b 10 53 a6 3c 5e 03 b2 1a a3 c4 Testing cipher DES-EDE3-CBC(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef f1 e0 d3 c2 b5 a4 97 86 0010 fe dc ba 98 76 54 32 10 IV 0000 fe dc ba 98 76 54 32 10 Plaintext 0000 37 36 35 34 33 32 31 20 4e 6f 77 20 69 73 20 74 0010 68 65 20 74 69 6d 65 20 66 6f 72 20 00 00 00 00 Ciphertext 0000 3f e3 01 c9 62 ac 01 d0 22 13 76 3c 1c bd 4c dc 0010 79 96 57 c0 64 ec f5 d4 1c 67 38 12 cf de 96 75 Testing cipher RC4(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef 01 23 45 67 89 ab cd ef Plaintext 0000 01 23 45 67 89 ab cd ef Ciphertext 0000 75 b7 87 80 99 e0 c5 96 Testing cipher RC4(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef 01 23 45 67 89 ab cd ef Plaintext 0000 00 00 00 00 00 00 00 00 Ciphertext 0000 74 94 c2 e7 10 4b 08 79 Testing cipher RC4(encrypt/decrypt) Key 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Plaintext 0000 00 00 00 00 00 00 00 00 Ciphertext 0000 de 18 89 41 a3 37 5d 3a Testing cipher RC4(encrypt/decrypt) Key 0000 ef 01 23 45 ef 01 23 45 ef 01 23 45 ef 01 23 45 Plaintext 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0010 00 00 00 00 Ciphertext 0000 d6 a1 41 a7 ec 3c 38 df bd 61 5a 11 62 e1 c7 ba 0010 36 b6 78 58 Testing cipher RC4(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef 01 23 45 67 89 ab cd ef Plaintext 0000 12 34 56 78 9a bc de f0 12 34 56 78 9a bc de f0 0010 12 34 56 78 9a bc de f0 12 34 56 78 Ciphertext 0000 66 a0 94 9f 8a f7 d6 89 1f 7f 83 2b a8 33 c0 0c 0010 89 2e be 30 14 3c e2 87 40 01 1e cf Testing cipher RC4(encrypt/decrypt) Key 0000 ef 01 23 45 ef 01 23 45 ef 01 23 45 ef 01 23 45 Plaintext 0000 00 00 00 00 00 00 00 00 00 00 Ciphertext 0000 d6 a1 41 a7 ec 3c 38 df bd 61 Testing cipher CAMELLIA-128-ECB(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 Plaintext 0000 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 Ciphertext 0000 67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43 Testing cipher CAMELLIA-192-ECB(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 0010 00 11 22 33 44 55 66 77 Plaintext 0000 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 Ciphertext 0000 b4 99 34 01 b3 e9 96 f8 4e e5 ce e7 d7 9b 09 b9 Testing cipher CAMELLIA-256-ECB(encrypt/decrypt) Key 0000 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 0010 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Plaintext 0000 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 Ciphertext 0000 9a cc 23 7d ff 16 d7 6c 20 ef 7c 91 9e 3a 75 09 Testing cipher CAMELLIA-128-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Ciphertext 0000 77 cf 41 20 67 af 82 70 61 35 29 14 99 19 54 6f Testing cipher CAMELLIA-192-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 Plaintext 0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Ciphertext 0000 b2 2f 3c 36 b7 2d 31 32 9e ee 8a dd c2 90 6c 68 Testing cipher CAMELLIA-256-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f Plaintext 0000 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff Ciphertext 0000 2e df 1f 34 18 d5 3b 88 84 1f c8 98 5f b1 ec f2 Testing cipher CAMELLIA-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 43 2f c5 dc d6 28 11 5b 7c 38 8d 77 0b 27 0c 96 Testing cipher CAMELLIA-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 0b e1 f1 40 23 78 2a 22 e8 38 4c 5a bb 7f ab 2b Testing cipher CAMELLIA-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 a0 a1 ab cd 18 93 ab 6f e0 fe 5b 65 df 5f 86 36 Testing cipher CAMELLIA-128-ECB(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 e6 19 25 e0 d5 df aa 9b b2 9f 81 5b 30 76 e5 1a Testing cipher CAMELLIA-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cc cc 6c 4e 13 8b 45 84 85 14 d4 8d 0d 34 39 d3 Testing cipher CAMELLIA-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 57 13 c6 2c 14 b2 ec 0f 83 93 b6 af d6 f5 78 5a Testing cipher CAMELLIA-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 b4 0e d2 b6 0e b5 4d 09 d0 30 cf 51 1f ee f3 66 Testing cipher CAMELLIA-192-ECB(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 90 9d bd 95 79 90 96 74 8c b2 73 57 e7 3e 1d 26 Testing cipher CAMELLIA-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 be fd 21 9b 11 2f a0 00 98 91 9c d1 01 c9 cc fa Testing cipher CAMELLIA-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 c9 1d 3a 8f 1a ea 08 a9 38 6c f4 b6 6c 01 69 ea Testing cipher CAMELLIA-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 a6 23 d7 11 dc 5f 25 a5 1b b8 a8 0d 56 39 7d 28 Testing cipher CAMELLIA-256-ECB(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 79 60 10 9f b6 dc 42 94 7f cf e5 9e a3 c5 eb 6b Testing cipher CAMELLIA-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 16 07 cf 49 4b 36 bb f0 0d ae b0 b5 03 c8 31 ab Testing cipher CAMELLIA-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 16 07 cf 49 4b 36 bb f0 0d ae b0 b5 03 c8 31 ab Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 a2 f2 cf 67 16 29 ef 78 40 c5 a5 df b5 07 48 87 Testing cipher CAMELLIA-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a2 f2 cf 67 16 29 ef 78 40 c5 a5 df b5 07 48 87 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 0f 06 16 50 08 cf 8b 8b 5a 63 58 63 62 54 3e 54 Testing cipher CAMELLIA-128-CBC(encrypt/decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 36 a8 4c da fd 5f 9a 85 ad a0 f0 a9 93 d6 d5 77 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 74 c6 42 68 cd b8 b8 fa f5 b3 4e 8a f3 73 29 80 Testing cipher CAMELLIA-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 2a 48 30 ab 5a c4 a1 a2 40 59 55 fd 21 95 cf 93 Testing cipher CAMELLIA-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 2a 48 30 ab 5a c4 a1 a2 40 59 55 fd 21 95 cf 93 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 5d 5a 86 9b d1 4c e5 42 64 f8 92 a6 dd 2e c3 d5 Testing cipher CAMELLIA-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 5d 5a 86 9b d1 4c e5 42 64 f8 92 a6 dd 2e c3 d5 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 37 d3 59 c3 34 98 36 d8 84 e3 10 ad df 68 c4 49 Testing cipher CAMELLIA-192-CBC(encrypt/decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 37 d3 59 c3 34 98 36 d8 84 e3 10 ad df 68 c4 49 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 01 fa aa 93 0b 4a b9 91 6e 96 68 e1 42 8c 6b 08 Testing cipher CAMELLIA-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 e6 cf a3 5f c0 2b 13 4a 4d 2c 0b 67 37 ac 3e da Testing cipher CAMELLIA-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 e6 cf a3 5f c0 2b 13 4a 4d 2c 0b 67 37 ac 3e da Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 36 cb eb 73 bd 50 4b 40 70 b1 b7 de 2b 21 eb 50 Testing cipher CAMELLIA-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 36 cb eb 73 bd 50 4b 40 70 b1 b7 de 2b 21 eb 50 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 e3 1a 60 55 29 7d 96 ca 33 30 cd f1 b1 86 0a 83 Testing cipher CAMELLIA-256-CBC(encrypt/decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 e3 1a 60 55 29 7d 96 ca 33 30 cd f1 b1 86 0a 83 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 5d 56 3f 6d 1c cc f2 36 05 1c 0c 5c 1c 58 f2 8f Testing cipher CAMELLIA-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 14 f7 64 61 87 81 7e b5 86 59 91 46 b8 2b d7 19 Testing cipher CAMELLIA-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 14 f7 64 61 87 81 7e b5 86 59 91 46 b8 2b d7 19 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 a5 3d 28 bb 82 df 74 11 03 ea 4f 92 1a 44 88 0b Testing cipher CAMELLIA-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a5 3d 28 bb 82 df 74 11 03 ea 4f 92 1a 44 88 0b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 9c 21 57 a6 64 62 6d 1d ef 9e a4 20 fd e6 9b 96 Testing cipher CAMELLIA-128-CFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 9c 21 57 a6 64 62 6d 1d ef 9e a4 20 fd e6 9b 96 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 74 2a 25 f0 54 23 40 c7 ba ef 24 ca 84 82 bb 09 Testing cipher CAMELLIA-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 14 f7 64 61 87 81 7e b5 86 59 91 46 b8 2b d7 19 Testing cipher CAMELLIA-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 14 f7 64 61 87 81 7e b5 86 59 91 46 b8 2b d7 19 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 a5 3d 28 bb 82 df 74 11 03 ea 4f 92 1a 44 88 0b Testing cipher CAMELLIA-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a5 3d 28 bb 82 df 74 11 03 ea 4f 92 1a 44 88 0b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 9c 21 57 a6 64 62 6d 1d ef 9e a4 20 fd e6 9b 96 Testing cipher CAMELLIA-128-CFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 9c 21 57 a6 64 62 6d 1d ef 9e a4 20 fd e6 9b 96 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 74 2a 25 f0 54 23 40 c7 ba ef 24 ca 84 82 bb 09 Testing cipher CAMELLIA-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 c8 32 bb 97 80 67 7d aa 82 d9 b6 86 0d cd 56 5e Testing cipher CAMELLIA-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 c8 32 bb 97 80 67 7d aa 82 d9 b6 86 0d cd 56 5e Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 86 f8 49 16 27 90 6d 78 0c 7a 6d 46 ea 33 1f 98 Testing cipher CAMELLIA-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 86 f8 49 16 27 90 6d 78 0c 7a 6d 46 ea 33 1f 98 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 69 51 1c ce 59 4c f7 10 cb 98 bb 63 d7 22 1f 01 Testing cipher CAMELLIA-192-CFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 69 51 1c ce 59 4c f7 10 cb 98 bb 63 d7 22 1f 01 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 d5 b5 37 8a 3a be d5 58 03 f2 55 65 d8 90 7b 84 Testing cipher CAMELLIA-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 c8 32 bb 97 80 67 7d aa 82 d9 b6 86 0d cd 56 5e Testing cipher CAMELLIA-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 c8 32 bb 97 80 67 7d aa 82 d9 b6 86 0d cd 56 5e Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 86 f8 49 16 27 90 6d 78 0c 7a 6d 46 ea 33 1f 98 Testing cipher CAMELLIA-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 86 f8 49 16 27 90 6d 78 0c 7a 6d 46 ea 33 1f 98 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 69 51 1c ce 59 4c f7 10 cb 98 bb 63 d7 22 1f 01 Testing cipher CAMELLIA-192-CFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 69 51 1c ce 59 4c f7 10 cb 98 bb 63 d7 22 1f 01 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 d5 b5 37 8a 3a be d5 58 03 f2 55 65 d8 90 7b 84 Testing cipher CAMELLIA-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cf 61 07 bb 0c ea 7d 7f b1 bd 31 f5 e7 b0 6c 93 Testing cipher CAMELLIA-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 cf 61 07 bb 0c ea 7d 7f b1 bd 31 f5 e7 b0 6c 93 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 89 be db 4c cd d8 64 ea 11 ba 4c be 84 9b 5e 2b Testing cipher CAMELLIA-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 89 be db 4c cd d8 64 ea 11 ba 4c be 84 9b 5e 2b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 55 5f c3 f3 4b dd 2d 54 c6 2d 9e 3b f3 38 c1 c4 Testing cipher CAMELLIA-256-CFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 55 5f c3 f3 4b dd 2d 54 c6 2d 9e 3b f3 38 c1 c4 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 59 53 ad ce 14 db 8c 7f 39 f1 bd 39 f3 59 bf fa Testing cipher CAMELLIA-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cf 61 07 bb 0c ea 7d 7f b1 bd 31 f5 e7 b0 6c 93 Testing cipher CAMELLIA-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 cf 61 07 bb 0c ea 7d 7f b1 bd 31 f5 e7 b0 6c 93 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 89 be db 4c cd d8 64 ea 11 ba 4c be 84 9b 5e 2b Testing cipher CAMELLIA-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 89 be db 4c cd d8 64 ea 11 ba 4c be 84 9b 5e 2b Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 55 5f c3 f3 4b dd 2d 54 c6 2d 9e 3b f3 38 c1 c4 Testing cipher CAMELLIA-256-CFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 55 5f c3 f3 4b dd 2d 54 c6 2d 9e 3b f3 38 c1 c4 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 59 53 ad ce 14 db 8c 7f 39 f1 bd 39 f3 59 bf fa Testing cipher CAMELLIA-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 14 f7 64 61 87 81 7e b5 86 59 91 46 b8 2b d7 19 Testing cipher CAMELLIA-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 50 fe 67 cc 99 6d 32 b6 da 09 37 e9 9b af ec 60 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 25 62 3d b5 69 ca 51 e0 14 82 64 99 77 e2 8d 84 Testing cipher CAMELLIA-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 d9 a4 da da 08 92 23 9f 6b 8b 3d 76 80 e1 56 74 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 c7 76 63 4a 60 72 9d c6 57 d1 2b 9f ca 80 1e 98 Testing cipher CAMELLIA-128-OFB(encrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a7 88 19 58 3f 03 08 e7 a6 bf 36 b1 38 6a bf 23 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 d7 76 37 9b e0 e5 08 25 e6 81 da 1a 4c 98 0e 8e Testing cipher CAMELLIA-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 14 f7 64 61 87 81 7e b5 86 59 91 46 b8 2b d7 19 Testing cipher CAMELLIA-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 50 fe 67 cc 99 6d 32 b6 da 09 37 e9 9b af ec 60 Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 25 62 3d b5 69 ca 51 e0 14 82 64 99 77 e2 8d 84 Testing cipher CAMELLIA-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 d9 a4 da da 08 92 23 9f 6b 8b 3d 76 80 e1 56 74 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 c7 76 63 4a 60 72 9d c6 57 d1 2b 9f ca 80 1e 98 Testing cipher CAMELLIA-128-OFB(decrypt) Key 0000 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c IV 0000 a7 88 19 58 3f 03 08 e7 a6 bf 36 b1 38 6a bf 23 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 d7 76 37 9b e0 e5 08 25 e6 81 da 1a 4c 98 0e 8e Testing cipher CAMELLIA-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 c8 32 bb 97 80 67 7d aa 82 d9 b6 86 0d cd 56 5e Testing cipher CAMELLIA-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 a6 09 b3 8d f3 b1 13 3d dd ff 27 18 ba 09 56 5e Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 8e ce b7 d0 35 0d 72 c7 f7 85 62 ae bd f9 93 39 Testing cipher CAMELLIA-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 52 ef 01 da 52 60 2f e0 97 5f 78 ac 84 bf 8a 50 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 bd d6 2d bb b9 70 08 46 c5 3b 50 7f 54 46 96 f0 Testing cipher CAMELLIA-192-OFB(encrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 bd 52 86 ac 63 aa bd 7e b0 67 ac 54 b5 53 f7 1d Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 e2 80 14 e0 46 b8 02 f3 85 c4 c2 e1 3e ad 4a 72 Testing cipher CAMELLIA-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 c8 32 bb 97 80 67 7d aa 82 d9 b6 86 0d cd 56 5e Testing cipher CAMELLIA-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 a6 09 b3 8d f3 b1 13 3d dd ff 27 18 ba 09 56 5e Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 8e ce b7 d0 35 0d 72 c7 f7 85 62 ae bd f9 93 39 Testing cipher CAMELLIA-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 52 ef 01 da 52 60 2f e0 97 5f 78 ac 84 bf 8a 50 Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 bd d6 2d bb b9 70 08 46 c5 3b 50 7f 54 46 96 f0 Testing cipher CAMELLIA-192-OFB(decrypt) Key 0000 8e 73 b0 f7 da 0e 64 52 c8 10 f3 2b 80 90 79 e5 0010 62 f8 ea d2 52 2c 6b 7b IV 0000 bd 52 86 ac 63 aa bd 7e b0 67 ac 54 b5 53 f7 1d Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 e2 80 14 e0 46 b8 02 f3 85 c4 c2 e1 3e ad 4a 72 Testing cipher CAMELLIA-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cf 61 07 bb 0c ea 7d 7f b1 bd 31 f5 e7 b0 6c 93 Testing cipher CAMELLIA-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 b7 bf 3a 5d f4 39 89 dd 97 f0 fa 97 eb ce 2f 4a Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 12 7a d9 7e 8e 39 94 e4 82 00 27 d7 ba 10 93 68 Testing cipher CAMELLIA-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 e1 c6 56 30 5e d1 a7 a6 56 38 05 74 6f e0 3e dc Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 6b ff 62 65 a6 a6 b7 a5 35 bc 65 a8 0b 17 21 4e Testing cipher CAMELLIA-256-OFB(encrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 41 63 5b e6 25 b4 8a fc 16 66 dd 42 a0 9d 96 e7 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 0a 4a 04 04 e2 6a a7 8a 27 cb 27 1e 8b f3 cf 20 Testing cipher CAMELLIA-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 6b c1 be e2 2e 40 9f 96 e9 3d 7e 11 73 93 17 2a Ciphertext 0000 cf 61 07 bb 0c ea 7d 7f b1 bd 31 f5 e7 b0 6c 93 Testing cipher CAMELLIA-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 b7 bf 3a 5d f4 39 89 dd 97 f0 fa 97 eb ce 2f 4a Plaintext 0000 ae 2d 8a 57 1e 03 ac 9c 9e b7 6f ac 45 af 8e 51 Ciphertext 0000 12 7a d9 7e 8e 39 94 e4 82 00 27 d7 ba 10 93 68 Testing cipher CAMELLIA-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 e1 c6 56 30 5e d1 a7 a6 56 38 05 74 6f e0 3e dc Plaintext 0000 30 c8 1c 46 a3 5c e4 11 e5 fb c1 19 1a 0a 52 ef Ciphertext 0000 6b ff 62 65 a6 a6 b7 a5 35 bc 65 a8 0b 17 21 4e Testing cipher CAMELLIA-256-OFB(decrypt) Key 0000 60 3d eb 10 15 ca 71 be 2b 73 ae f0 85 7d 77 81 0010 1f 35 2c 07 3b 61 08 d7 2d 98 10 a3 09 14 df f4 IV 0000 41 63 5b e6 25 b4 8a fc 16 66 dd 42 a0 9d 96 e7 Plaintext 0000 f6 9f 24 45 df 4f 9b 17 ad 2b 41 7b e6 6c 37 10 Ciphertext 0000 0a 4a 04 04 e2 6a a7 8a 27 cb 27 1e 8b f3 cf 20 Testing cipher SEED-ECB(decrypt) Key 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Ciphertext 0000 5e ba c6 e0 05 4e 16 68 19 af f1 cc 6d 34 6c db Testing cipher SEED-ECB(decrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Ciphertext 0000 c1 1f 22 f2 01 40 50 50 84 48 35 97 e4 37 0f 43 Testing cipher SEED-ECB(decrypt) Key 0000 47 06 48 08 51 e6 1b e8 5d 74 bf b3 fd 95 61 85 Plaintext 0000 83 a2 f8 a2 88 64 1f b9 a4 e9 a5 cc 2f 13 1c 7d Ciphertext 0000 ee 54 d1 3e bc ae 70 6d 22 6b c3 14 2c d4 0d 4a Testing cipher SEED-ECB(decrypt) Key 0000 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7 Plaintext 0000 b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7 Ciphertext 0000 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22 Testing cipher SEED-ECB(encrypt) Key 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Plaintext 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Ciphertext 0000 5e ba c6 e0 05 4e 16 68 19 af f1 cc 6d 34 6c db Testing cipher SEED-ECB(encrypt) Key 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f Plaintext 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Ciphertext 0000 c1 1f 22 f2 01 40 50 50 84 48 35 97 e4 37 0f 43 Testing cipher SEED-ECB(encrypt) Key 0000 47 06 48 08 51 e6 1b e8 5d 74 bf b3 fd 95 61 85 Plaintext 0000 83 a2 f8 a2 88 64 1f b9 a4 e9 a5 cc 2f 13 1c 7d Ciphertext 0000 ee 54 d1 3e bc ae 70 6d 22 6b c3 14 2c d4 0d 4a Testing cipher SEED-ECB(encrypt) Key 0000 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7 Plaintext 0000 b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7 Ciphertext 0000 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22 ../util/shlib_wrap.sh ./evp_extra_test PASS test SSL protocol ../util/shlib_wrap.sh ./ssltest -test_cipherlist testing SSLv3 cipher list order: ok testing TLSv1 cipher list order: ok Testing cipherlist order only. Ignoring all other options. test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff7fdcdde0 a cert? 0x0x8274c0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff7fdcddf0 a cert? 0x0x838390 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47162036037288:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 2048 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 2048 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 2048 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 2048 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 2048 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47605611353768:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 2048 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 2048 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.04 s Approximate total client time: 0.11 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.02 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.14 s Approximate total client time: 0.05 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done Testing a lot of proxy conditions. Some of them may turn out being invalid, which is fine. test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff128d9c70 a cert? 0x0x82e1c0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff128d9c80 a cert? 0x0x834d90 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 46935036561064:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 46975976773288:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.01 s Approximate total client time: 0.13 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.13 s Approximate total client time: 0.01 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.16 s Approximate total client time: 0.03 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'B' proved invalid ERROR in CLIENT 47388988274344:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 47898365499048:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = A depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fffe0f73570 a cert? 0x0x830940 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fffe0f73580 a cert? 0x0x835450 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 46930185066152:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47612351596200:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.03 s Approximate total client time: 0.12 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.02 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.16 s Approximate total client time: 0.03 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47378188887720:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffe9d32dbf0 a cert? 0x0x82e1c0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffe9d32dc00 a cert? 0x0x8354d0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47818357757608:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47341915444904:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.01 s Approximate total client time: 0.14 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.13 s Approximate total client time: 0.01 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.13 s Approximate total client time: 0.06 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 47814731294376:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffd0cfa98e0 a cert? 0x0x82fcb0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffd0cfa98f0 a cert? 0x0x834ca0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47745567254184:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47280771196584:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.04 s Approximate total client time: 0.11 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.02 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.15 s Approximate total client time: 0.04 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47819642828456:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none Proxy rights check with condition 'B' proved invalid ERROR in CLIENT 47807166715560:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 47933120194216:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none Proxy rights check with condition 'A|B&!C' proved invalid ERROR in CLIENT 47227851105960:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47243427968680:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff54c8f9e0 a cert? 0x0x830940 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff54c8f9f0 a cert? 0x0x7cb7d0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47608401868456:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47481019868840:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.03 s Approximate total client time: 0.12 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.02 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.16 s Approximate total client time: 0.03 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 47995328476840:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffc10dbd130 a cert? 0x0x82fcc0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffc10dbd140 a cert? 0x0x7cce90 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47518392911528:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 46961092376232:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.03 s Approximate total client time: 0.12 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.13 s Approximate total client time: 0.01 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.14 s Approximate total client time: 0.04 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done Testing a lot of proxy conditions. Some of them may turn out being invalid, which is fine. test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47432681952936:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'B' proved invalid ERROR in CLIENT 47987903608488:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 46999620544168:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = A depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = A depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'A|B&!C' proved invalid ERROR in CLIENT 47638009689768:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47499140818600:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffd6ab61aa0 a cert? 0x0x83afe0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffd6ab61ab0 a cert? 0x0x85e480 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47572156798632:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47351792281256:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.02 s Approximate total client time: 0.13 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.01 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.14 s Approximate total client time: 0.05 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 47295283291816:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = B depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff74cbc1a0 a cert? 0x0x83afd0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7fff74cbc1b0 a cert? 0x0x83fb80 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47047863973544:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47248403367592:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.02 s Approximate total client time: 0.12 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.02 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.14 s Approximate total client time: 0.05 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47765379450536:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'B' proved invalid ERROR in CLIENT 47241771288232:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 47020632532648:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = C depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = none depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = none Proxy rights check with condition 'A|B&!C' proved invalid ERROR in CLIENT 47285311461032:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A' proved invalid ERROR in CLIENT 47652578891432:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'B' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffef5029a50 a cert? 0x0x83abc0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffef5029a60 a cert? 0x0x8409f0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47302779610792:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47701076244136:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.03 s Approximate total client time: 0.12 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.13 s Approximate total client time: 0.01 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.16 s Approximate total client time: 0.03 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'C' proved invalid ERROR in CLIENT 48006681876136:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifica te verify failed:s3_clnt.c:1185: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done test sslv2 Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication Testing was requested for a disabled protocol. Skipping tests. test sslv3 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2 via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with client authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv2 with both client and server authentication via BIO pair Testing was requested for a disabled protocol. Skipping tests. test sslv3 via BIO pair Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with server authentication via BIO pair Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 w/o (EC)DHE via BIO pair Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with 1024bit DHE via BIO pair Available compression methods: NONE DONE via BIO pair: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with server authentication Available compression methods: NONE server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with client authentication via BIO pair Available compression methods: NONE client authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair Available compression methods: NONE client authentication server authentication Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid Initial proxy rights = BC depth=3 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=2 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 Certificate proxy rights = AB, resulting proxy rights = B depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 Certificate proxy rights = BC, resulting proxy rights = B Proxy rights check with condition 'A|B&!C' proved valid TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done test sslv2/sslv3 with both client and server authentication via BIO pair and app verify Available compression methods: NONE client authentication server authentication In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffcc27ccbf0 a cert? 0x0x83afd0 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 In app_verify_callback, allowing cert. Arg is: Test Callback Argument Finished printing do we have a context? 0x0x7ffcc27ccc00 a cert? 0x0x83fb10 cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Prox y 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for TLSv1.2 Testing AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 NULL-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES256-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 46936188475048:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: TLSv1.2, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-GCM-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES256-SHA384 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA384, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-GCM-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA256 Available compression methods: NONE TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA256, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites for SSLv3 Testing AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing IDEA-CBC-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 IDEA-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing RC4-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 RC4-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing NULL-MD5 Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 NULL-MD5, 1024 bit RSA 1 handshakes of 256 bytes done dh Testing DHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-SEED-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-SEED-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing DHE-RSA-CAMELLIA128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing EDH-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done testing connection with weak DH, expecting failure Available compression methods: NONE ERROR in CLIENT 47118893004456:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3422: SSLv3, cipher (NONE) (NONE), 1024 bit RSA 1 handshakes of 256 bytes done ec Testing ECDHE-RSA-AES256-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-AES128-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-RC4-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-RC4-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-DES-CBC3-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-DES-CBC3-SHA, 1024 bit RSA 1 handshakes of 256 bytes done Testing ECDHE-RSA-NULL-SHA Available compression methods: NONE SSLv3, cipher TLSv1/SSLv3 ECDHE-RSA-NULL-SHA, 1024 bit RSA 1 handshakes of 256 bytes done dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ADH-AES256-SHA 10 handshakes of 256 bytes done Approximate total server time: 0.03 s Approximate total client time: 0.12 s rsa test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.12 s Approximate total client time: 0.01 s dh test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA 10 handshakes of 256 bytes done Approximate total server time: 0.13 s Approximate total client time: 0.06 s test tls1 with PSK Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with PSK via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 PSK-AES256-CBC-SHA 1 handshakes of 256 bytes done srp test tls1 with SRP Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-RSA-AES-256-CBC-SHA, 1024 bit RSA 1 handshakes of 256 bytes done test tls1 with SRP auth Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done test tls1 with SRP auth via BIO pair Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 SRP-AES-256-CBC-SHA 1 handshakes of 256 bytes done rsa Setting up TSA test directory... Creating CA for TSA tests... Creating a new CA for the TSA tests... Generating a 1024 bit RSA private key ......++++++ ...........++++++ writing new private key to 'tsacakey.pem' ----- Creating tsa_cert1.pem TSA server cert... Generating a 1024 bit RSA private key ..++++++ ...................++++++ writing new private key to 'tsa_key1.pem' ----- Using extension tsa_cert Signature ok subject=/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Getting CA Private Key Creating tsa_cert2.pem non-TSA server cert... Generating a 1024 bit RSA private key .................++++++ ...................++++++ writing new private key to 'tsa_key2.pem' ----- Using extension non_tsa_cert Signature ok subject=/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa2 Getting CA Private Key Creating req1.req time stamp request for file testtsa... Using configuration from ../CAtsa.cnf Printing req1.req... Using configuration from ../CAtsa.cnf Version: 1 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Policy OID: tsa_policy1 Nonce: 0x8D7ED43C2D0FDEEA Certificate required: yes Extensions: Generating valid response for req1.req... Using configuration from ../CAtsa.cnf Warning: could not open file ./tsa_serial for reading, using serial number: 1 Response has been generated. Printing response... Using configuration from ../CAtsa.cnf Status info: Status: Granted. Status description: unspecified Failure info: unspecified TST info: Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Serial number: 0x01 Time stamp: Apr 28 09:22:15 2016 GMT Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros Ordering: yes Nonce: 0x8D7ED43C2D0FDEEA TSA: DirName:/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Extensions: Verifying valid response... Verification: OK Verification: OK Verifying valid token... Using configuration from ../CAtsa.cnf Verification: OK Verification: OK Creating req2.req time stamp request for file testtsa... Using configuration from ../CAtsa.cnf Printing req2.req... Using configuration from ../CAtsa.cnf Version: 1 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Policy OID: tsa_policy2 Nonce: unspecified Certificate required: no Extensions: Generating valid response for req2.req... Using configuration from ../CAtsa.cnf Response has been generated. Checking '-token_in' and '-token_out' options with '-reply'... Using configuration from ../CAtsa.cnf Using configuration from ../CAtsa.cnf Using configuration from ../CAtsa.cnf Version: 1 Policy OID: tsa_policy2 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Serial number: 0x02 Time stamp: Apr 28 09:22:15 2016 GMT Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros Ordering: yes Nonce: unspecified TSA: DirName:/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Extensions: Using configuration from ../CAtsa.cnf Version: 1 Policy OID: tsa_policy2 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Serial number: 0x02 Time stamp: Apr 28 09:22:15 2016 GMT Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros Ordering: yes Nonce: unspecified TSA: DirName:/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Extensions: Using configuration from ../CAtsa.cnf Response has been generated. Version: 1 Policy OID: tsa_policy2 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Serial number: 0x03 Time stamp: Apr 28 09:22:15 2016 GMT Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros Ordering: yes Nonce: unspecified TSA: DirName:/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Extensions: Printing response... Using configuration from ../CAtsa.cnf Status info: Status: Granted. Status description: unspecified Failure info: unspecified TST info: Version: 1 Policy OID: tsa_policy2 Hash Algorithm: sha1 Message data: 0000 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v&..].g.;.... 0010 - c5 b8 6e 67 ..ng Serial number: 0x02 Time stamp: Apr 28 09:22:15 2016 GMT Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros Ordering: yes Nonce: unspecified TSA: DirName:/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Extensions: Verifying valid response... Verification: OK Verification: OK Verifying response against wrong request, it should fail... 47094932956840:error:2F06606C:time stamp routines:TS_CHECK_POLICY:policy mismatc h:ts_rsp_verify.c:586: Verification: FAILED Ok Verifying response against wrong request, it should fail... 47228921521832:error:2F06606C:time stamp routines:TS_CHECK_POLICY:policy mismatc h:ts_rsp_verify.c:586: Verification: FAILED Ok Creating req3.req time stamp request for file CAtsa.cnf... Using configuration from ../CAtsa.cnf Printing req3.req... Using configuration from ../CAtsa.cnf Version: 1 Hash Algorithm: sha1 Message data: 0000 - 1c b9 52 2b 5c 27 b0 ae-83 b8 b2 c1 6d 82 1a 7f ..R+\'......m... 0010 - db 63 45 e7 .cE. Policy OID: unspecified Nonce: unspecified Certificate required: no Extensions: Verifying response against wrong request, it should fail... 46967041250984:error:2F064067:time stamp routines:TS_CHECK_IMPRINTS:message impr int mismatch:ts_rsp_verify.c:672: Verification: FAILED Ok Cleaning up... Test IGE mode ../util/shlib_wrap.sh ./igetest Test JPAKE ../util/shlib_wrap.sh ./jpaketest No JPAKE support Test SRP ../util/shlib_wrap.sh ./srptest Keys mismatch N = EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA 81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B1 5D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376 435B9FC61D2FC0EB06E3 g = 2 Salt = 98C48EE03C8ECFBB6CBCD920156DDF956FFCEE8B Verifier = D38EC6B97F864B718C2419AAA8971423F19B359F526807257E74815E1A326257877A4 CD7870A9ADA86F48D889DF5172CCE6DA1A60E8A95C2AB2137310E20E9A6DD4B2E6FC7D0C5A81AEE9 8C6B4AD75D8356DCB88272E2AEC560180BF9DE1AE1DCFDCDE81CBF62E7C294FF1AF8878BD204A9E0 6340E13B7A5639FA51FA361175E b = B25A47ACC32359883877CC24B248063088AD6BAF1EAE5D8887EA52E478BCC70C B = 4232E4FFC0208E08F4210F55BC39A582AB863E77E517CC5E6176056599E9E06C2829EDFF9C4D 8DC9FA53965403EDD66E1DB1E36B4A685649621F866B651A9E44DF1C351BB65610F150C75EBE4508 4F492D188E84547C92FFD786CE110F14686A95DC29D158E6482D4F28AA0C791EA62337A5F14E9767 A11851185726D654942A a = 6F14D4C1B8CA137C574BB7AA1115C013443327B4E8ACAE9A8EA8FB53DAB15710 A = 6E761DAA6E6E9283BD2CD199BB3D6196E278753FDA415979C64BC5F9A457DD75DE44954A9249 30D9F8828DC46E69375A9B065AF0032AC6CC5BEFD00AE4135EAF94EBDCA809A487F29D126D068E46 C154469598B57EECCCAD0D96FD45F1BC5EC8825A35AFE21AECB76868296439AFA047E7A2F4A16BF2 2E3E5D5391FE61805929 Client's key = C3EE6A2F36737A97F7F053A69D1AD4C043962450049C0B3AFAC6A4A1FBA44575E 09131AB209B1B8E15FE906743A11FD78540D033A9B25F597C22DA7EA7A689770A0D5F58B3E157CD5 13EF996A231C2606F6A7DFA19994675549E42CC2209ACBB66A229A4B7D2B32B265BE4EA757BEE9CC 35D01AA5E4C91BB113A320886944E6B Server's key = 9F6148258F93917DABB3F05CA8ED43EA3DC34E6DBDCF7286CB48913EEEB71EFFF EDE33766EDC1B78EAA1D075DE93BD05E1C1FD4BA89CAF3BCE974D87A44F5534A1814B82C95800C6D F1C58B67E42E5DC216024C8862E3B11C8A8DF3BCF9DC398EA812654FF88FB5F23424B70DCCB143C2 52ECC1DCAA2AD0369602CE70F1D3EA7 N = EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA 81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B1 5D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376 435B9FC61D2FC0EB06E3 g = 2 Salt = 4A18AFF337F94F78C7627116B3B818061EB469CE Verifier = A8CB2B5F71DC6516A051BCDBB0BA687B55402E74BA3CD1546A6274CE9D2787B2294A2 336C6A4FBE9840C0C94D9BFBCAB1B1AE10DA0F4776293697B1019BAD78690C99746F75740022ABAD 235BAC03DAB7821F67296923AEEACF161808EBD331A3C192425F5234028F54AD2945DA945B8322F5 CB9D5E351EDC072C4FB2B97113A b = 86532ED2EDE0AB5FC57ED70AE997738D58C55E541EF5E21E574DBAD983D2A5DE B = 798E15453219EE61D48F6C9512132001F224AB0304F648542AAE740A7D247901FEA96C970BF4 D6B45E9CF4CF166167368BCF42DE75778141E29092D691F9D818F2516C2E3B9E278903BB84D68779 C7E9BC950857C203616925991E6E2CB822C19707C164E9368D0BB3A1F13709275D97D2C1FC03698C 1395910FE9BD6594915A a = E7D32CE4F0D158A02FD2AFED05BD2AB948C37B4A87F65B39E8C3FEFA41452AAE A = 35F2057A1E2B53A4457A5804FE37A11ADB1ED84878A5BDD77ADDCB5D7F86964F31BAA83EF4B6 4718428F5B9DD044A41668B6326E7B34E35C650B616AC9D084D4E001B49566E80F9D2CC443F5160F 9DD24EC1A63EEDD163BBAAA725F3FE2C9F11CDDD692D7462B96C400E7CBB419A45E01F5D9DFEF7A6 300E01019DAB0C54F673 Client's key = C04722B1022A2064A4E34063FC01340279D3764409C0141D6F9BD846D3748B9A0 CE6FE23804817060332440AAEFAE99F6A03B400B96B84C542084A485A0CD1C53C81C0F9DFF4DBB6C 00C4CAE856D6C8F26B28856EBF48BBB82A4B2E6D6F27874A68CC564EB7ECCB3DC4EB4961A1247902 1A9BFCA2A31BB75875838E0A9544655 Server's key = C04722B1022A2064A4E34063FC01340279D3764409C0141D6F9BD846D3748B9A0 CE6FE23804817060332440AAEFAE99F6A03B400B96B84C542084A485A0CD1C53C81C0F9DFF4DBB6C 00C4CAE856D6C8F26B28856EBF48BBB82A4B2E6D6F27874A68CC564EB7ECCB3DC4EB4961A1247902 1A9BFCA2A31BB75875838E0A9544655 CMS consistency test /usr/bin/perl cms-test.pl CMS => PKCS#7 compatibility tests signed content DER format, RSA key: OK signed detached content DER format, RSA key: OK signed content test streaming BER format, RSA: OK signed content DER format, DSA key: OK signed detached content DER format, DSA key: OK signed detached content DER format, add RSA signer: OK signed content test streaming BER format, DSA key: OK signed content test streaming BER format, 2 DSA and 2 RSA keys: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: O K signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: OK signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys: OK enveloped content test streaming S/MIME format, 3 recipients: OK enveloped content test streaming S/MIME format, 3 recipients, 3rd used: OK enveloped content test streaming S/MIME format, 3 recipients, key only used: OK enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients: OK CMS <= PKCS#7 compatibility tests signed content DER format, RSA key: OK signed detached content DER format, RSA key: OK signed content test streaming BER format, RSA: OK signed content DER format, DSA key: OK signed detached content DER format, DSA key: OK signed detached content DER format, add RSA signer: OK signed content test streaming BER format, DSA key: OK signed content test streaming BER format, 2 DSA and 2 RSA keys: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: O K signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: OK signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys: OK enveloped content test streaming S/MIME format, 3 recipients: OK enveloped content test streaming S/MIME format, 3 recipients, 3rd used: OK enveloped content test streaming S/MIME format, 3 recipients, key only used: OK enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients: OK CMS <=> CMS consistency tests signed content DER format, RSA key: OK signed detached content DER format, RSA key: OK signed content test streaming BER format, RSA: OK signed content DER format, DSA key: OK signed detached content DER format, DSA key: OK signed detached content DER format, add RSA signer: OK signed content test streaming BER format, DSA key: OK signed content test streaming BER format, 2 DSA and 2 RSA keys: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: O K signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: OK signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys: OK enveloped content test streaming S/MIME format, 3 recipients: OK enveloped content test streaming S/MIME format, 3 recipients, 3rd used: OK enveloped content test streaming S/MIME format, 3 recipients, key only used: OK enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid: OK signed content test streaming PEM format, 2 DSA and 2 RSA keys: OK signed content MIME format, RSA key, signed receipt request: OK signed receipt MIME format, RSA key: OK enveloped content test streaming S/MIME format, 3 recipients, keyid: OK enveloped content test streaming PEM format, KEK: OK enveloped content test streaming PEM format, KEK, key only: OK data content test streaming PEM format: OK encrypted content test streaming PEM format, 128 bit RC2 key: OK encrypted content test streaming PEM format, 40 bit RC2 key: OK encrypted content test streaming PEM format, triple DES key: OK encrypted content test streaming PEM format, 128 bit AES key: OK Zlib not supported: compression tests skipped ALL TESTS SUCCESSFUL. ../util/shlib_wrap.sh ./heartbeat_test Test constant time utilites ../util/shlib_wrap.sh ./constant_time_test Testing constant time operations... ok (ran 1908 tests) test_verify_extra ../util/shlib_wrap.sh ./verify_extra_test PASS test_clienthello ../util/shlib_wrap.sh ./clienthellotest make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1s 1 Mar 2016 built on: Thu Apr 28 11:09:06 2016 platform: linux-generic32 options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(ptr) compiler: gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall OPENSSLDIR: "/usr/local/openssl" make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' OpenSSL self-test report: OpenSSL version: 1.0.1s Last change: Fix a double-free in DSA code... Options: --prefix=/usr/local/opensssl --openssldir=/usr/local/openssl n o-asm no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no -sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zli b-dynamic static-engine OS (uname): Linux sldestrslx211 3.0.101-63-default #1 SMP Tue Jun 23 16:02 :31 UTC 2015 (4b89d0c) x86_64 x86_64 x86_64 GNU/Linux OS (config): x86_64-whatever-linux2 Target (default): linux-x86_64 Target: linux-generic32 Compiler: Using built-in specs. Target: x86_64-suse-linux Configured with: ../configure --prefix=/usr --infodir=/usr/share/info --mandir=/ usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-languages=c,c ++,objc,fortran,obj-c++,java,ada --enable-checking=release --with-gxx-include-di r=/usr/include/c++/4.3 --enable-ssp --disable-libssp --with-bugurl=http://bugs.o pensuse.org/ --with-pkgversion='SUSE Linux' --disable-libgcj --disable-libmudfla p --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit --enable-libstd cxx-allocator=new --disable-libstdcxx-pch --enable-version-specific-runtime-libs --program-suffix=-4.3 --enable-linux-futex --without-system-libunwind --with-cp u=generic --build=x86_64-suse-linux Thread model: posix gcc version 4.3.4 [gcc-4_3-branch revision 152973] (SUSE Linux) Test passed. Test report in file testlog sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g # tar xvzf openssl-1.0.1s.tar.g z openssl-1.0.1s/ACKNOWLEDGMENTS openssl-1.0.1s/apps/ openssl-1.0.1s/apps/app_rand.c openssl-1.0.1s/apps/apps.c openssl-1.0.1s/apps/apps.h openssl-1.0.1s/apps/asn1pars.c openssl-1.0.1s/apps/ca.c openssl-1.0.1s/apps/ca-cert.srl openssl-1.0.1s/apps/CA.com openssl-1.0.1s/apps/ca-key.pem . . . openssl-1.0.1s/VMS/install-vms.com openssl-1.0.1s/VMS/mkshared.com openssl-1.0.1s/VMS/multinet_shr.opt openssl-1.0.1s/VMS/openssl_startup.com openssl-1.0.1s/VMS/openssl_undo.com openssl-1.0.1s/VMS/openssl_utils.com openssl-1.0.1s/VMS/socketshr_shr.opt openssl-1.0.1s/VMS/tcpip_shr_decc.opt openssl-1.0.1s/VMS/test-includes.com openssl-1.0.1s/VMS/TODO openssl-1.0.1s/VMS/ucx_shr_decc_log.opt openssl-1.0.1s/VMS/ucx_shr_decc.opt openssl-1.0.1s/VMS/ucx_shr_vaxc.opt openssl-1.0.1s/VMS/VMSify-conf.pl openssl-1.0.1s/VMS/WISHLIST.TXT sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g # sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g # cd openssl-1.0.1s/ sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # ll total 1088 -rw-rw-r-- 1 root root 87 Mar 1 14:35 ACKNOWLEDGMENTS -rw-rw-r-- 1 root root 461913 Mar 1 14:40 CHANGES -rw-rw-r-- 1 root root 42751 Mar 1 14:35 CHANGES.SSLeay -rw-rw-r-- 1 root root 1618 Mar 1 14:35 CONTRIBUTING -rwxrwxr-x 1 root root 107046 Mar 1 14:40 Configure -rw-rw-r-- 1 root root 84 Dec 3 14:25 FAQ -rw-rw-r-- 1 root root 14661 Mar 1 14:35 INSTALL -rw-rw-r-- 1 root root 2053 Mar 1 14:35 INSTALL.DJGPP -rw-rw-r-- 1 root root 3264 Mar 1 14:35 INSTALL.MacOS -rw-rw-r-- 1 root root 18859 Mar 1 14:35 INSTALL.NW -rw-rw-r-- 1 root root 744 Jan 15 2015 INSTALL.OS2 -rw-rw-r-- 1 root root 10966 Mar 1 14:35 INSTALL.VMS -rw-rw-r-- 1 root root 11879 Mar 1 14:35 INSTALL.W32 -rw-rw-r-- 1 root root 2166 Mar 1 14:35 INSTALL.W64 -rw-rw-r-- 1 root root 3263 Mar 1 14:35 INSTALL.WCE -rw-rw-r-- 1 root root 6279 Jan 28 14:38 LICENSE drwxr-xr-x 3 root root 4096 Mar 1 14:35 MacOS -rw-rw-r-- 1 root root 23692 Mar 1 14:40 Makefile -rw-rw-r-- 1 root root 24311 Mar 1 14:40 Makefile.bak -rw-rw-r-- 1 root root 23098 Mar 1 14:40 Makefile.org -rw-rw-r-- 1 root root 21944 Mar 1 14:40 Makefile.shared -rw-rw-r-- 1 root root 31856 Mar 1 14:40 NEWS drwxr-xr-x 2 root root 4096 Mar 1 14:35 Netware -rw-rw-r-- 1 root root 8705 Mar 1 14:35 PROBLEMS -rw-rw-r-- 1 root root 4123 Mar 1 14:40 README -rw-rw-r-- 1 root root 7699 Mar 1 14:35 README.ASN1 -rw-rw-r-- 1 root root 16100 Mar 1 14:35 README.ENGINE drwxr-xr-x 2 root root 4096 Mar 1 14:35 VMS drwxr-xr-x 5 root root 4096 Mar 1 14:40 apps -rw-rw-r-- 1 root root 1289 Dec 3 17:51 appveyor.yml drwxr-xr-x 2 root root 4096 Mar 1 14:35 bugs drwxr-xr-x 4 root root 4096 Mar 1 14:35 certs -rwxrwxr-x 1 root root 28381 Mar 1 14:40 config drwxr-xr-x 59 root root 4096 Mar 1 14:40 crypto drwxr-xr-x 16 root root 4096 Mar 1 14:35 demos drwxr-xr-x 6 root root 4096 Mar 1 14:40 doc -rw-rw-r-- 1 root root 25092 Mar 1 14:40 e_os.h -rw-rw-r-- 1 root root 10949 Mar 1 14:40 e_os2.h drwxr-xr-x 4 root root 4096 Mar 1 14:40 engines drwxr-xr-x 2 root root 4096 Mar 1 14:40 include -rw-rw-r-- 1 root root 3709 Mar 1 14:35 install.com -rwxrwxr-x 1 root root 39979 Mar 1 14:40 makevms.com drwxr-xr-x 2 root root 4096 Mar 1 14:35 ms -rw-rw-r-- 1 root root 137 Mar 1 14:35 openssl.doxy -rw-rw-r-- 1 root root 7929 Mar 1 14:40 openssl.spec drwxr-xr-x 2 root root 4096 Jan 15 2015 os2 drwxr-xr-x 2 root root 4096 Mar 1 14:35 shlib drwxr-xr-x 2 root root 4096 Mar 1 14:40 ssl drwxr-xr-x 4 root root 4096 Apr 28 11:01 test drwxr-xr-x 5 root root 4096 Mar 1 14:40 times drwxr-xr-x 2 root root 4096 Mar 1 14:40 tools drwxr-xr-x 3 root root 4096 Mar 1 14:40 util sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # ./Configure --prefix=/usr/local/opensssl --openssldir=/usr/local/openssl no-asm linux-generic32 Configuring for linux-generic32 no-asm [option] OPENSSL_NO_ASM no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-gmp [default] OPENSSL_NO_GMP (skip dir) no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-shared [default] no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir) no-store [experimental] OPENSSL_NO_STORE (skip dir) no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) no-zlib [default] no-zlib-dynamic [default] IsMK1MF=0 CC =gcc CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fo mit-frame-pointer -Wall EX_LIBS =-ldl CPUID_OBJ =mem_clr.o BN_ASM =bn_asm.o DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes_core.o aes_cbc.o BF_ENC =bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o rc4_skey.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM = RMD160_OBJ_ASM= CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o MODES_OBJ = ENGINES_OBJ = PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl THIRTY_TWO_BIT mode DES_UNROLL used DES_INT used BN_LLONG mode RC4 uses uchar RC4_CHUNK is unsigned long BF_PTR used created directory `include/openssl' e_os2.h => include/openssl/e_os2.h making links in crypto... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto' crypto.h => ../include/openssl/crypto.h opensslv.h => ../include/openssl/opensslv.h opensslconf.h => ../include/openssl/opensslconf.h ebcdic.h => ../include/openssl/ebcdic.h symhacks.h => ../include/openssl/symhacks.h ossl_typ.h => ../include/openssl/ossl_typ.h constant_time_test.c => ../test/constant_time_test.c making links in crypto/objects... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/objects' objects.h => ../../include/openssl/objects.h obj_mac.h => ../../include/openssl/obj_mac.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/objects' making links in crypto/md4... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md4' md4.h => ../../include/openssl/md4.h md4test.c => ../../test/md4test.c md4.c => ../../apps/md4.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md4' making links in crypto/md5... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md5' md5.h => ../../include/openssl/md5.h md5test.c => ../../test/md5test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md5' making links in crypto/sha... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/sha' sha.h => ../../include/openssl/sha.h shatest.c => ../../test/shatest.c sha1test.c => ../../test/sha1test.c sha256t.c => ../../test/sha256t.c sha512t.c => ../../test/sha512t.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/sha' making links in crypto/mdc2... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/mdc2' mdc2.h => ../../include/openssl/mdc2.h mdc2test.c => ../../test/mdc2test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/mdc2' making links in crypto/hmac... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/hmac' hmac.h => ../../include/openssl/hmac.h hmactest.c => ../../test/hmactest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/hmac' making links in crypto/ripemd... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ripemd' ripemd.h => ../../include/openssl/ripemd.h rmdtest.c => ../../test/rmdtest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ripemd' making links in crypto/whrlpool... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/whrlpool' whrlpool.h => ../../include/openssl/whrlpool.h wp_test.c => ../../test/wp_test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/whrlpool' making links in crypto/des... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/des' des.h => ../../include/openssl/des.h des_old.h => ../../include/openssl/des_old.h destest.c => ../../test/destest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/des' making links in crypto/aes... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/aes' aes.h => ../../include/openssl/aes.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/aes' making links in crypto/rc2... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc2' rc2.h => ../../include/openssl/rc2.h rc2test.c => ../../test/rc2test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc2' making links in crypto/rc4... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc4' rc4.h => ../../include/openssl/rc4.h rc4test.c => ../../test/rc4test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc4' making links in crypto/idea... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/idea' idea.h => ../../include/openssl/idea.h ideatest.c => ../../test/ideatest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/idea' making links in crypto/bf... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bf' blowfish.h => ../../include/openssl/blowfish.h bftest.c => ../../test/bftest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bf' making links in crypto/cast... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cast' cast.h => ../../include/openssl/cast.h casttest.c => ../../test/casttest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cast' making links in crypto/camellia... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/camellia' camellia.h => ../../include/openssl/camellia.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/camellia' making links in crypto/seed... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/seed' seed.h => ../../include/openssl/seed.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/seed' making links in crypto/modes... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/modes' modes.h => ../../include/openssl/modes.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/modes' making links in crypto/bn... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bn' bn.h => ../../include/openssl/bn.h bntest.c => ../../test/bntest.c exptest.c => ../../test/exptest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bn' making links in crypto/ec... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ec' ec.h => ../../include/openssl/ec.h ectest.c => ../../test/ectest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ec' making links in crypto/rsa... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rsa' rsa.h => ../../include/openssl/rsa.h rsa_test.c => ../../test/rsa_test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rsa' making links in crypto/dsa... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dsa' dsa.h => ../../include/openssl/dsa.h dsatest.c => ../../test/dsatest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dsa' making links in crypto/ecdsa... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdsa' ecdsa.h => ../../include/openssl/ecdsa.h ecdsatest.c => ../../test/ecdsatest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdsa' making links in crypto/dh... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dh' dh.h => ../../include/openssl/dh.h dhtest.c => ../../test/dhtest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dh' making links in crypto/ecdh... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdh' ecdh.h => ../../include/openssl/ecdh.h ecdhtest.c => ../../test/ecdhtest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdh' making links in crypto/dso... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dso' dso.h => ../../include/openssl/dso.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dso' making links in crypto/engine... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/engine' engine.h => ../../include/openssl/engine.h enginetest.c => ../../test/enginetest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/engine' making links in crypto/buffer... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/buffer' buffer.h => ../../include/openssl/buffer.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/buffer' making links in crypto/bio... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bio' bio.h => ../../include/openssl/bio.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bio' making links in crypto/stack... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/stack' stack.h => ../../include/openssl/stack.h safestack.h => ../../include/openssl/safestack.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/stack' making links in crypto/lhash... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/lhash' lhash.h => ../../include/openssl/lhash.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/lhash' making links in crypto/rand... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rand' rand.h => ../../include/openssl/rand.h randtest.c => ../../test/randtest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rand' making links in crypto/err... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/err' err.h => ../../include/openssl/err.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/err' making links in crypto/evp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/evp' evp.h => ../../include/openssl/evp.h evp_test.c => ../../test/evp_test.c evp_extra_test.c => ../../test/evp_extra_test.c evptests.txt -> ../../test/evptests.txt make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/evp' making links in crypto/asn1... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/asn1' asn1.h => ../../include/openssl/asn1.h asn1_mac.h => ../../include/openssl/asn1_mac.h asn1t.h => ../../include/openssl/asn1t.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/asn1' making links in crypto/pem... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pem' pem.h => ../../include/openssl/pem.h pem2.h => ../../include/openssl/pem2.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pem' making links in crypto/x509... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509' x509.h => ../../include/openssl/x509.h x509_vfy.h => ../../include/openssl/x509_vfy.h verify_extra_test.c => ../../test/verify_extra_test.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509' making links in crypto/x509v3... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509v3' x509v3.h => ../../include/openssl/x509v3.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509v3' making links in crypto/conf... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/conf' conf.h => ../../include/openssl/conf.h conf_api.h => ../../include/openssl/conf_api.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/conf' making links in crypto/txt_db... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/txt_db' txt_db.h => ../../include/openssl/txt_db.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/txt_db' making links in crypto/pkcs7... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs7' pkcs7.h => ../../include/openssl/pkcs7.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs7' making links in crypto/pkcs12... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs12' pkcs12.h => ../../include/openssl/pkcs12.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs12' making links in crypto/comp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/comp' comp.h => ../../include/openssl/comp.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/comp' making links in crypto/ocsp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ocsp' ocsp.h => ../../include/openssl/ocsp.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ocsp' making links in crypto/ui... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ui' ui.h => ../../include/openssl/ui.h ui_compat.h => ../../include/openssl/ui_compat.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ui' making links in crypto/krb5... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/krb5' krb5_asn.h => ../../include/openssl/krb5_asn.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/krb5' making links in crypto/cms... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cms' cms.h => ../../include/openssl/cms.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cms' making links in crypto/pqueue... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pqueue' pqueue.h => ../../include/openssl/pqueue.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pqueue' making links in crypto/ts... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ts' ts.h => ../../include/openssl/ts.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ts' making links in crypto/srp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/srp' srp.h => ../../include/openssl/srp.h srptest.c => ../../test/srptest.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/srp' making links in crypto/cmac... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cmac' cmac.h => ../../include/openssl/cmac.h make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cmac' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto' making links in ssl... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/s sl' ssl.h => ../include/openssl/ssl.h ssl2.h => ../include/openssl/ssl2.h ssl3.h => ../include/openssl/ssl3.h ssl23.h => ../include/openssl/ssl23.h tls1.h => ../include/openssl/tls1.h dtls1.h => ../include/openssl/dtls1.h kssl.h => ../include/openssl/kssl.h srtp.h => ../include/openssl/srtp.h ssltest.c => ../test/ssltest.c heartbeat_test.c => ../test/heartbeat_test.c clienthellotest.c => ../test/clienthellotest.c make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ss l' making links in engines... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines' making links in engines/ccgost... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines/ccgost' make[2]: Nothing to be done for `links'. make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines/ccgost' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines' making links in apps... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/a pps' make[1]: Nothing to be done for `links'. make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ap ps' making links in test... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' make[1]: Nothing to be done for `links'. make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' making links in tools... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t ools' make[1]: Nothing to be done for `links'. make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/to ols' generating dummy tests (if needed)... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' md2test.c => dummytest.c rc5test.c => dummytest.c jpaketest.c => dummytest.c make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' Configured for linux-generic32. *** Because of configuration changes, you MUST do the following before *** building: make depend sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # make depend making depend in crypto... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto' making depend in crypto/objects... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/objects' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- o_names.c obj_dat.c obj_lib.c obj_err. c obj_xref.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/objects' making depend in crypto/md4... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md4' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- md4_dgst.c md4_one.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md4' making depend in crypto/md5... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md5' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- md5_dgst.c md5_one.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md5' making depend in crypto/sha... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/sha' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- sha_dgst.c sha1dgst.c sha_one.c sha1_o ne.c sha256.c sha512.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/sha' making depend in crypto/mdc2... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/mdc2' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- mdc2dgst.c mdc2_one.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/mdc2' making depend in crypto/hmac... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/hmac' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- hmac.c hm_ameth.c hm_pmeth.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/hmac' making depend in crypto/ripemd... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ripemd' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- rmd_dgst.c rmd_one.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ripemd' making depend in crypto/whrlpool... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/whrlpool' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- wp_dgst.c wp_block.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/whrlpool' making depend in crypto/des... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/des' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- cbc_cksm.c cbc_enc.c cfb64enc.c cfb_e nc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c xcbc_ enc.c str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c read2 pwd.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/des' making depend in crypto/aes... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/aes' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- aes_core.c aes_misc.c aes_ecb.c aes_cb c.c aes_cfb.c aes_ofb.c aes_ctr.c aes_ige.c aes_wrap.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/aes' making depend in crypto/rc2... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc2' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb6 4.c rc2ofb64.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc2' making depend in crypto/rc4... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc4' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- rc4_skey.c rc4_enc.c rc4_utl.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc4' making depend in crypto/idea... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/idea' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_ skey.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/idea' making depend in crypto/bf... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bf' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bf' making depend in crypto/cast... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cast' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- c_skey.c c_ecb.c c_enc.c c_cfb64.c c_o fb64.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cast' making depend in crypto/camellia... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/camellia' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- camellia.c cmll_misc.c cmll_ecb.c cmll _cbc.c cmll_ofb.c cmll_cfb.c cmll_ctr.c cmll_utl.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/camellia' making depend in crypto/seed... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/seed' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- seed.c seed_ecb.c seed_cbc.c seed_cfb. c seed_ofb.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/seed' making depend in crypto/modes... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/modes' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- cbc128.c ctr128.c cts128.c cfb128.c of b128.c gcm128.c ccm128.c xts128.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/modes' making depend in crypto/bn... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bn' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- bn_add.c bn_div.c bn_exp.c bn_lib.c bn _ctx.c bn_mul.c bn_mod.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn _kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mo nt.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c bn_depr.c bn_const.c bn_x931p.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bn' making depend in crypto/ec... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ec' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- ec_lib.c ecp_smpl.c ecp_mont.c ecp_nis t.c ec_cvt.c ec_mult.c ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_ke y.c ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c ecp_nistp224.c ecp_nis tp256.c ecp_nistp521.c ecp_nistputil.c ecp_oct.c ec2_oct.c ec_oct.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ec' making depend in crypto/rsa... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rsa' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign .c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_ null.c rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c rsa_pmet h.c rsa_crpt.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rsa' making depend in crypto/dsa... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dsa' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1 .c dsa_vrf.c dsa_sign.c dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dsa' making depend in crypto/ecdsa... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdsa' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_si gn.c ecs_vrf.c ecs_err.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdsa' making depend in crypto/dh... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dh' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- dh_asn1.c dh_gen.c dh_key.c dh_lib.c d h_check.c dh_err.c dh_depr.c dh_ameth.c dh_pmeth.c dh_prn.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dh' making depend in crypto/ecdh... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdh' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- ech_lib.c ech_ossl.c ech_key.c ech_err .c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdh' making depend in crypto/dso... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dso' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- dso_dl.c dso_dlfcn.c dso_err.c dso_lib .c dso_null.c dso_openssl.c dso_win32.c dso_vms.c dso_beos.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dso' making depend in crypto/engine... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/engine' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- eng_err.c eng_lib.c eng_list.c eng_ini t.c eng_ctrl.c eng_table.c eng_pkey.c eng_fat.c eng_all.c tb_rsa.c tb_dsa.c tb_e cdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c tb_cipher.c tb_digest.c tb_pkmeth. c tb_asnmth.c eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_rsax.c eng_r drand.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/engine' making depend in crypto/buffer... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/buffer' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- buffer.c buf_str.c buf_err.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/buffer' making depend in crypto/bio... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bio' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_prin t.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c bss_dgram.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bio' making depend in crypto/stack... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/stack' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- stack.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/stack' making depend in crypto/lhash... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/lhash' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- lhash.c lh_stats.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/lhash' making depend in crypto/rand... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rand' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- md_rand.c randfile.c rand_lib.c rand_e rr.c rand_egd.c rand_win.c rand_unix.c rand_os2.c rand_nw.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rand' making depend in crypto/err... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/err' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- err.c err_all.c err_prn.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/err' making depend in crypto/evp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/evp' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- encode.c digest.c evp_enc.c evp_key.c e vp_acnf.c evp_cnf.c e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c e_rc4.c e_aes. c names.c e_seed.c e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c p _open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c evp_pk ey.c evp_pbe.c p5_crpt.c p5_crpt2.c e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_ sigver.c evp_fips.c e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/evp' making depend in crypto/asn1... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/asn1' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- a_object.c a_bitstr.c a_utctm.c a_gent m.c a_time.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i 2d_fp.c a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c x_a lgor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c x_long.c x_name. c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c x_nx509.c d2i_pu.c d2i_pr .c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bits t.c tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c tasn_prn.c ameth_lib.c f_int.c f_string.c n_pkey.c f_enum.c x_pkey.c a_bool.c x_exten.c bi o_asn1.c bio_ndef.c asn_mime.c asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_byt es.c a_strnid.c evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/asn1' making depend in crypto/pem... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pem' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- pem_sign.c pem_seal.c pem_info.c pem_li b.c pem_all.c pem_err.c pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvk fmt.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pem' making depend in crypto/x509... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- x509_def.c x509_d2.c x509_r2x.c x509_c mp.c x509_obj.c x509_req.c x509spki.c x509_vfy.c x509_set.c x509cset.c x509rset. c x509_err.c x509name.c x509_v3.c x509_ext.c x509_att.c x509type.c x509_lu.c x_a ll.c x509_txt.c x509_trs.c by_file.c by_dir.c x509_vpm.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509' making depend in crypto/x509v3... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509v3' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- v3_bcons.c v3_bitst.c v3_conf.c v3_ext ku.c v3_ia5.c v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3 _akey.c v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3 _info.c v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c v3_asid.c v3_a ddr.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509v3' making depend in crypto/conf... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/conf' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- conf_err.c conf_lib.c conf_api.c conf_d ef.c conf_mod.c conf_mall.c conf_sap.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/conf' making depend in crypto/txt_db... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/txt_db' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- txt_db.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/txt_db' making depend in crypto/pkcs7... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs7' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- pk7_asn1.c pk7_lib.c pkcs7err.c pk7_do it.c pk7_smime.c pk7_attr.c pk7_mime.c bio_pk7.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs7' making depend in crypto/pkcs12... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs12' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- p12_add.c p12_asn.c p12_attr.c p12_crp t.c p12_crt.c p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_utl.c p1 2_npas.c pk12err.c p12_p8d.c p12_p8e.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs12' making depend in crypto/comp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/comp' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- comp_lib.c comp_err.c c_rle.c c_zlib.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/comp' making depend in crypto/ocsp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ocsp' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_li b.c ocsp_cl.c ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ocsp' making depend in crypto/ui... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ui' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- ui_err.c ui_lib.c ui_openssl.c ui_util .c ui_compat.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ui' making depend in crypto/krb5... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/krb5' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- krb5_asn.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/krb5' making depend in crypto/cms... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cms' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- cms_lib.c cms_asn1.c cms_att.c cms_io. c cms_smime.c cms_err.c cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c cms_pwri.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cms' making depend in crypto/pqueue... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pqueue' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- pqueue.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pqueue' making depend in crypto/ts... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ts' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_l ib.c ts_conf.c ts_asn1.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ts' making depend in crypto/srp... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/srp' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- srp_lib.c srp_vfy.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/srp' making depend in crypto/cmac... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cmac' ../../util/domd ../.. -MD gcc -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -O3 -fomit-frame-pointer -Wall -I.. -I../.. -I../modes -I../asn1 -I.. /evp -I../../include -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 - DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_N O_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UN IT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- cmac.c cm_ameth.c cm_pmeth.c make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cmac' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto' making depend in ssl... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/s sl' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ss l' making depend in engines... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines' making depend in engines/ccgost... make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines/ccgost' make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines/ccgost' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines' making depend in apps... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/a pps' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/ap ps' making depend in test... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' making depend in tools... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t ools' make[1]: Nothing to be done for `depend'. make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/to ols' sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # make test Doing certs/demo /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: No such file or directory /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: exec: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: ca nnot execute: No such file or directory dsa-ca.pem => .0 /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: No such file or directory /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: exec: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: ca nnot execute: No such file or directory WARNING: Skipping duplicate certificate pca-cert.pem /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: No such file or directory /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: exec: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: ca nnot execute: No such file or directory WARNING: Skipping duplicate certificate dsa-pca.pem /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: No such file or directory /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/opensslwrap.sh: line 25: exec: /var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/util/../apps/openssl: ca nnot execute: No such file or directory WARNING: Skipping duplicate certificate ca-cert.pem testing... make[1]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' gcc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bntest.o bntest.c (cd ..; make build_libcrypto) make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' making all in crypto... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto' /usr/bin/perl ../util/mkbuildinf.pl "gcc -I. -I.. -I../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall" "linux -generic32" >buildinf.h gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o cryptlib.o cryptlib.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o mem.o mem.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o mem_dbg.o mem_dbg.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o cversion.o cversion.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o ex_data.o ex_data.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o cpt_err.o cpt_err.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o ebcdic.o ebcdic.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o uid.o uid.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o o_time.o o_time.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o o_str.o o_str.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o o_dir.o o_dir.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o o_fips.o o_fips.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o o_init.o o_init.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o fips_ers.o fips_ers.c gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLF CN_H -O3 -fomit-frame-pointer -Wall -c -o mem_clr.o mem_clr.c ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o e bcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o ar: creating ../libcrypto.a [ -z "" ] || ar r ../libcrypto.a fipscanister.o /usr/bin/ranlib ../libcrypto.a || echo Never mind. making all in crypto/objects... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/objects' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o o_names.o o_names.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o obj_dat.o obj_dat.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o obj_lib.o obj_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o obj_err.o obj_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o obj_xref.o obj_xref.c ar r ../../libcrypto.a o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/objects' making all in crypto/md4... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md4' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md4_dgst.o md4_dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md4_one.o md4_one.c ar r ../../libcrypto.a md4_dgst.o md4_one.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md4' making all in crypto/md5... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/md5' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md5_dgst.o md5_dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md5_one.o md5_one.c ar r ../../libcrypto.a md5_dgst.o md5_one.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/md5' making all in crypto/sha... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/sha' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha_dgst.o sha_dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha1dgst.o sha1dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha_one.o sha_one.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha1_one.o sha1_one.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha256.o sha256.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o sha512.o sha512.c ar r ../../libcrypto.a sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha5 12.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/sha' making all in crypto/mdc2... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/mdc2' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o mdc2dgst.o mdc2dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o mdc2_one.o mdc2_one.c ar r ../../libcrypto.a mdc2dgst.o mdc2_one.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/mdc2' making all in crypto/hmac... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/hmac' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o hmac.o hmac.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o hm_ameth.o hm_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o hm_pmeth.o hm_pmeth.c ar r ../../libcrypto.a hmac.o hm_ameth.o hm_pmeth.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/hmac' making all in crypto/ripemd... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ripemd' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rmd_dgst.o rmd_dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rmd_one.o rmd_one.c ar r ../../libcrypto.a rmd_dgst.o rmd_one.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ripemd' making all in crypto/whrlpool... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/whrlpool' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o wp_dgst.o wp_dgst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o wp_block.o wp_block.c ar r ../../libcrypto.a wp_dgst.o wp_block.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/whrlpool' making all in crypto/des... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/des' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o set_key.o set_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecb_enc.o ecb_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cbc_enc.o cbc_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecb3_enc.o ecb3_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cfb64enc.o cfb64enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cfb64ede.o cfb64ede.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cfb_enc.o cfb_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ofb64ede.o ofb64ede.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o enc_read.o enc_read.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o enc_writ.o enc_writ.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ofb64enc.o ofb64enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ofb_enc.o ofb_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o str2key.o str2key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcbc_enc.o pcbc_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o qud_cksm.o qud_cksm.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_key.o rand_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o des_enc.o des_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o fcrypt_b.o fcrypt_b.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o fcrypt.o fcrypt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o xcbc_enc.o xcbc_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rpc_enc.o rpc_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cbc_cksm.o cbc_cksm.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ede_cbcm_enc.o ede_cbcm_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o des_old.o des_old.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o des_old2.o des_old2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o read2pwd.o read2pwd.c ar r ../../libcrypto.a set_key.o ecb_enc.o cbc_enc.o ecb3_enc.o cfb64enc.o cf b64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ofb64enc.o ofb_enc.o str2k ey.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/des' making all in crypto/aes... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/aes' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_misc.o aes_misc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_ecb.o aes_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_cfb.o aes_cfb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_ofb.o aes_ofb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_ctr.o aes_ctr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_ige.o aes_ige.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_wrap.o aes_wrap.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_core.o aes_core.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o aes_cbc.o aes_cbc.c ar r ../../libcrypto.a aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_i ge.o aes_wrap.o aes_core.o aes_cbc.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/aes' making all in crypto/rc2... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc2' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc2_ecb.o rc2_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc2_skey.o rc2_skey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc2_cbc.o rc2_cbc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc2cfb64.o rc2cfb64.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc2ofb64.o rc2ofb64.c ar r ../../libcrypto.a rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc2' making all in crypto/rc4... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rc4' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc4_enc.o rc4_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc4_skey.o rc4_skey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rc4_utl.o rc4_utl.c ar r ../../libcrypto.a rc4_enc.o rc4_skey.o rc4_utl.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rc4' making all in crypto/idea... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/idea' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i_cbc.o i_cbc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i_cfb64.o i_cfb64.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i_ofb64.o i_ofb64.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i_ecb.o i_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i_skey.o i_skey.c ar r ../../libcrypto.a i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/idea' making all in crypto/bf... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bf' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_skey.o bf_skey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_ecb.o bf_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_enc.o bf_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_cfb64.o bf_cfb64.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_ofb64.o bf_ofb64.c ar r ../../libcrypto.a bf_skey.o bf_ecb.o bf_enc.o bf_cfb64.o bf_ofb64.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bf' making all in crypto/cast... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cast' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_skey.o c_skey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_ecb.o c_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_enc.o c_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_cfb64.o c_cfb64.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_ofb64.o c_ofb64.c ar r ../../libcrypto.a c_skey.o c_ecb.o c_enc.o c_cfb64.o c_ofb64.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cast' making all in crypto/camellia... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/camellia' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_ecb.o cmll_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_ofb.o cmll_ofb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_cfb.o cmll_cfb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_ctr.o cmll_ctr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_utl.o cmll_utl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o camellia.o camellia.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_misc.o cmll_misc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmll_cbc.o cmll_cbc.c ar r ../../libcrypto.a cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o cmll_utl.o c amellia.o cmll_misc.o cmll_cbc.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/camellia' making all in crypto/seed... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/seed' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o seed.o seed.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o seed_ecb.o seed_ecb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o seed_cbc.o seed_cbc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o seed_cfb.o seed_cfb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o seed_ofb.o seed_ofb.c ar r ../../libcrypto.a seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/seed' making all in crypto/modes... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/modes' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cbc128.o cbc128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ctr128.o ctr128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cts128.o cts128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cfb128.o cfb128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ofb128.o ofb128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o gcm128.o gcm128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ccm128.o ccm128.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o xts128.o xts128.c ar r ../../libcrypto.a cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o cc m128.o xts128.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/modes' making all in crypto/bn... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bn' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_add.o bn_add.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_div.o bn_div.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_exp.o bn_exp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_lib.o bn_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_ctx.o bn_ctx.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_mul.o bn_mul.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_mod.o bn_mod.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_print.o bn_print.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_rand.o bn_rand.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_shift.o bn_shift.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_word.o bn_word.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_blind.o bn_blind.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_kron.o bn_kron.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_sqrt.o bn_sqrt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_gcd.o bn_gcd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_prime.o bn_prime.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_err.o bn_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_sqr.o bn_sqr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_asm.o bn_asm.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_recp.o bn_recp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_mont.o bn_mont.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_mpi.o bn_mpi.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_exp2.o bn_exp2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_gf2m.o bn_gf2m.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_nist.o bn_nist.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_depr.o bn_depr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_const.o bn_const.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bn_x931p.o bn_x931p.c ar r ../../libcrypto.a bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn _mod.o bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_asm.o bn_recp.o bn_mont.o bn_mpi.o bn_e xp2.o bn_gf2m.o bn_nist.o bn_depr.o bn_const.o bn_x931p.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bn' making all in crypto/ec... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ec' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_lib.o ec_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_smpl.o ecp_smpl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_mont.o ecp_mont.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_nist.o ecp_nist.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_cvt.o ec_cvt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_mult.o ec_mult.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_err.o ec_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_curve.o ec_curve.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_check.o ec_check.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_print.o ec_print.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_asn1.o ec_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_key.o ec_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec2_smpl.o ec2_smpl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec2_mult.o ec2_mult.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_ameth.o ec_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_pmeth.o ec_pmeth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eck_prn.o eck_prn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_nistp224.o ecp_nistp224.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_nistp256.o ecp_nistp256.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_nistp521.o ecp_nistp521.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_nistputil.o ecp_nistputil.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecp_oct.o ecp_oct.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec2_oct.o ec2_oct.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ec_oct.o ec_oct.c ar r ../../libcrypto.a ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mu lt.o ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o ec2_smpl.o ec2 _mult.o ec_ameth.o ec_pmeth.o eck_prn.o ecp_nistp224.o ecp_nistp256.o ecp_nistp5 21.o ecp_nistputil.o ecp_oct.o ec2_oct.o ec_oct.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ec' making all in crypto/rsa... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rsa' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_eay.o rsa_eay.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_gen.o rsa_gen.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_lib.o rsa_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_sign.o rsa_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_saos.o rsa_saos.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_err.o rsa_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_pk1.o rsa_pk1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_ssl.o rsa_ssl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_none.o rsa_none.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_oaep.o rsa_oaep.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_chk.o rsa_chk.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_null.o rsa_null.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_pss.o rsa_pss.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_x931.o rsa_x931.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_asn1.o rsa_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_depr.o rsa_depr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_ameth.o rsa_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_prn.o rsa_prn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_pmeth.o rsa_pmeth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rsa_crpt.o rsa_crpt.c ar r ../../libcrypto.a rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_ err.o rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o rsa_pss.o r sa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o rsa_pmeth.o rsa_crpt.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rsa' making all in crypto/dsa... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dsa' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_gen.o dsa_gen.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_key.o dsa_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_lib.o dsa_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_asn1.o dsa_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_vrf.o dsa_vrf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_sign.o dsa_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_err.o dsa_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_ossl.o dsa_ossl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_depr.o dsa_depr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_ameth.o dsa_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_pmeth.o dsa_pmeth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dsa_prn.o dsa_prn.c ar r ../../libcrypto.a dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_s ign.o dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dsa' making all in crypto/ecdsa... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdsa' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecs_lib.o ecs_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecs_asn1.o ecs_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecs_ossl.o ecs_ossl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecs_sign.o ecs_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecs_vrf.o ecs_vrf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ecs_err.o ecs_err.c ar r ../../libcrypto.a ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs _err.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdsa' making all in crypto/dh... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dh' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_asn1.o dh_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_gen.o dh_gen.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_key.o dh_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_lib.o dh_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_check.o dh_check.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_err.o dh_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_depr.o dh_depr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_ameth.o dh_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_pmeth.o dh_pmeth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dh_prn.o dh_prn.c ar r ../../libcrypto.a dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o dh_ameth.o dh_pmeth.o dh_prn.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dh' making all in crypto/ecdh... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ecdh' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ech_lib.o ech_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ech_ossl.o ech_ossl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ech_key.o ech_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ech_err.o ech_err.c ar r ../../libcrypto.a ech_lib.o ech_ossl.o ech_key.o ech_err.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ecdh' making all in crypto/dso... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/dso' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_dl.o dso_dl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_dlfcn.o dso_dlfcn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_err.o dso_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_lib.o dso_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_null.o dso_null.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_openssl.o dso_openssl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_win32.o dso_win32.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_vms.o dso_vms.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o dso_beos.o dso_beos.c ar r ../../libcrypto.a dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o dso_ openssl.o dso_win32.o dso_vms.o dso_beos.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/dso' making all in crypto/engine... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/engine' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_err.o eng_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_lib.o eng_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_list.o eng_list.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_init.o eng_init.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_ctrl.o eng_ctrl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_table.o eng_table.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_pkey.o eng_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_fat.o eng_fat.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_all.o eng_all.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_rsa.o tb_rsa.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_dsa.o tb_dsa.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_ecdsa.o tb_ecdsa.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_dh.o tb_dh.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_ecdh.o tb_ecdh.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_rand.o tb_rand.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_store.o tb_store.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_cipher.o tb_cipher.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_digest.o tb_digest.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_pkmeth.o tb_pkmeth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tb_asnmth.o tb_asnmth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_openssl.o eng_openssl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_cnf.o eng_cnf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_dyn.o eng_dyn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_cryptodev.o eng_cryptodev.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_rsax.o eng_rsax.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o eng_rdrand.o eng_rdrand.c ar r ../../libcrypto.a eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o eng _table.o eng_pkey.o eng_fat.o eng_all.o tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ ecdh.o tb_rand.o tb_store.o tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o eng_ openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_rsax.o eng_rdrand.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/engine' making all in crypto/buffer... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/buffer' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o buffer.o buffer.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o buf_str.o buf_str.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o buf_err.o buf_err.c ar r ../../libcrypto.a buffer.o buf_str.o buf_err.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/buffer' making all in crypto/bio... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/bio' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_lib.o bio_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_cb.o bio_cb.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_err.o bio_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_mem.o bss_mem.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_null.o bss_null.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_fd.o bss_fd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_file.o bss_file.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_sock.o bss_sock.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_conn.o bss_conn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_null.o bf_null.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_buff.o bf_buff.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o b_print.o b_print.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o b_dump.o b_dump.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o b_sock.o b_sock.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_acpt.o bss_acpt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bf_nbio.o bf_nbio.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_log.o bss_log.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_bio.o bss_bio.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bss_dgram.o bss_dgram.c ar r ../../libcrypto.a bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd .o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_soc k.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o bss_dgram.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/bio' making all in crypto/stack... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/stack' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o stack.o stack.c ar r ../../libcrypto.a stack.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/stack' making all in crypto/lhash... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/lhash' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o lhash.o lhash.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o lh_stats.o lh_stats.c ar r ../../libcrypto.a lhash.o lh_stats.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/lhash' making all in crypto/rand... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/rand' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o md_rand.o md_rand.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o randfile.o randfile.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_lib.o rand_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_err.o rand_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_egd.o rand_egd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_win.o rand_win.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_unix.o rand_unix.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_os2.o rand_os2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o rand_nw.o rand_nw.c ar r ../../libcrypto.a md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o ra nd_win.o rand_unix.o rand_os2.o rand_nw.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/rand' making all in crypto/err... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/err' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o err.o err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o err_all.o err_all.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o err_prn.o err_prn.c ar r ../../libcrypto.a err.o err_all.o err_prn.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/err' making all in crypto/evp... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/evp' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o encode.o encode.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o digest.o digest.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_enc.o evp_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_key.o evp_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_acnf.o evp_acnf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_cnf.o evp_cnf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_des.o e_des.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_bf.o e_bf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_idea.o e_idea.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_des3.o e_des3.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_camellia.o e_camellia.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_rc4.o e_rc4.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_aes.o e_aes.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o names.o names.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_seed.o e_seed.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_xcbc_d.o e_xcbc_d.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_rc2.o e_rc2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_cast.o e_cast.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_rc5.o e_rc5.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_null.o m_null.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_md2.o m_md2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_md4.o m_md4.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_md5.o m_md5.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_sha.o m_sha.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_sha1.o m_sha1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_wp.o m_wp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_dss.o m_dss.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_dss1.o m_dss1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_mdc2.o m_mdc2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_ripemd.o m_ripemd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_ecdsa.o m_ecdsa.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_open.o p_open.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_seal.o p_seal.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_sign.o p_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_verify.o p_verify.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_lib.o p_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_enc.o p_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p_dec.o p_dec.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_md.o bio_md.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_b64.o bio_b64.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_enc.o bio_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_err.o evp_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_null.o e_null.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_all.o c_all.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_allc.o c_allc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_alld.o c_alld.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_lib.o evp_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_ok.o bio_ok.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_pkey.o evp_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_pbe.o evp_pbe.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p5_crpt.o p5_crpt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p5_crpt2.o p5_crpt2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_old.o e_old.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pmeth_lib.o pmeth_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pmeth_fn.o pmeth_fn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pmeth_gn.o pmeth_gn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o m_sigver.o m_sigver.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_fips.o evp_fips.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o e_rc4_hmac_md5.o e_rc4_hmac_md5.c ar r ../../libcrypto.a encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf .o e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o e_rc4.o e_aes.o names.o e_seed. o e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m _sha1.o m_wp.o m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o bio_md.o bio_b64.o bio_enc.o evp_err .o e_null.o c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o evp_pkey.o evp_pbe.o p5 _crpt.o p5_crpt2.o e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips .o e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/evp' making all in crypto/asn1... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/asn1' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_object.o a_object.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_bitstr.o a_bitstr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_utctm.o a_utctm.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_gentm.o a_gentm.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_time.o a_time.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_int.o a_int.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_octet.o a_octet.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_print.o a_print.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_type.o a_type.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_set.o a_set.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_dup.o a_dup.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_d2i_fp.o a_d2i_fp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_i2d_fp.o a_i2d_fp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_enum.o a_enum.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_utf8.o a_utf8.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_sign.o a_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_digest.o a_digest.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_verify.o a_verify.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_mbstr.o a_mbstr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_strex.o a_strex.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_algor.o x_algor.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_val.o x_val.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_pubkey.o x_pubkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_sig.o x_sig.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_req.o x_req.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_attrib.o x_attrib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_bignum.o x_bignum.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_long.o x_long.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_name.o x_name.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_x509.o x_x509.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_x509a.o x_x509a.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_crl.o x_crl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_info.o x_info.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_spki.o x_spki.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o nsseq.o nsseq.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_nx509.o x_nx509.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d2i_pu.o d2i_pu.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o d2i_pr.o d2i_pr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i2d_pu.o i2d_pu.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o i2d_pr.o i2d_pr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_req.o t_req.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_x509.o t_x509.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_x509a.o t_x509a.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_crl.o t_crl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_pkey.o t_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_spki.o t_spki.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o t_bitst.o t_bitst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_new.o tasn_new.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_fre.o tasn_fre.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_enc.o tasn_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_dec.o tasn_dec.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_utl.o tasn_utl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_typ.o tasn_typ.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o tasn_prn.o tasn_prn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ameth_lib.o ameth_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o f_int.o f_int.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o f_string.o f_string.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o n_pkey.o n_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o f_enum.o f_enum.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_pkey.o x_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_bool.o a_bool.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_exten.o x_exten.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_asn1.o bio_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_ndef.o bio_ndef.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn_mime.o asn_mime.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn1_gen.o asn1_gen.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn1_par.o asn1_par.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn1_lib.o asn1_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn1_err.o asn1_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_bytes.o a_bytes.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o a_strnid.o a_strnid.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o evp_asn1.o evp_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn_pack.o asn_pack.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p5_pbe.o p5_pbe.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p5_pbev2.o p5_pbev2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p8_pkey.o p8_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o asn_moid.o asn_moid.c ar r ../../libcrypto.a a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int .o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_enum.o a _utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o x_algor.o x_val.o x_p ubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o x_long.o x_name.o x_x509.o x_x509a .o x_crl.o x_info.o x_spki.o nsseq.o x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr .o t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o tasn_new.o tas n_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o tasn_prn.o ameth_lib.o f_int .o f_string.o n_pkey.o f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef. o asn_mime.o asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o ev p_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/asn1' making all in crypto/pem... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pem' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_sign.o pem_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_seal.o pem_seal.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_info.o pem_info.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_lib.o pem_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_all.o pem_all.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_err.o pem_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_x509.o pem_x509.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_xaux.o pem_xaux.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_oth.o pem_oth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_pk8.o pem_pk8.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pem_pkey.o pem_pkey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pvkfmt.o pvkfmt.c ar r ../../libcrypto.a pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem _err.o pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pem' making all in crypto/x509... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_def.o x509_def.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_d2.o x509_d2.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_r2x.o x509_r2x.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_cmp.o x509_cmp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_obj.o x509_obj.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_req.o x509_req.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509spki.o x509spki.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_vfy.o x509_vfy.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_set.o x509_set.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509cset.o x509cset.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509rset.o x509rset.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_err.o x509_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509name.o x509name.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_v3.o x509_v3.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_ext.o x509_ext.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_att.o x509_att.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509type.o x509type.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_lu.o x509_lu.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x_all.o x_all.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_txt.o x509_txt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_trs.o x509_trs.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o by_file.o by_file.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o by_dir.o by_dir.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o x509_vpm.o x509_vpm.c ar r ../../libcrypto.a x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x5 09_req.o x509spki.o x509_vfy.o x509_set.o x509cset.o x509rset.o x509_err.o x509n ame.o x509_v3.o x509_ext.o x509_att.o x509type.o x509_lu.o x_all.o x509_txt.o x5 09_trs.o by_file.o by_dir.o x509_vpm.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509' making all in crypto/x509v3... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/x509v3' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_bcons.o v3_bcons.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_bitst.o v3_bitst.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_conf.o v3_conf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_extku.o v3_extku.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_ia5.o v3_ia5.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_lib.o v3_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_prn.o v3_prn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_utl.o v3_utl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3err.o v3err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_genn.o v3_genn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_alt.o v3_alt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_skey.o v3_skey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_akey.o v3_akey.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_pku.o v3_pku.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_int.o v3_int.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_enum.o v3_enum.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_sxnet.o v3_sxnet.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_cpols.o v3_cpols.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_crld.o v3_crld.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_purp.o v3_purp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_info.o v3_info.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_ocsp.o v3_ocsp.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_akeya.o v3_akeya.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_pmaps.o v3_pmaps.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_pcons.o v3_pcons.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_ncons.o v3_ncons.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_pcia.o v3_pcia.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_pci.o v3_pci.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcy_cache.o pcy_cache.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcy_node.o pcy_node.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcy_data.o pcy_data.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcy_map.o pcy_map.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcy_tree.o pcy_tree.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pcy_lib.o pcy_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_asid.o v3_asid.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o v3_addr.o v3_addr.c ar r ../../libcrypto.a v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_l ib.o v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o v 3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o pcy_cache.o pcy_n ode.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o v3_asid.o v3_addr.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/x509v3' making all in crypto/conf... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/conf' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_err.o conf_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_lib.o conf_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_api.o conf_api.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_def.o conf_def.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_mod.o conf_mod.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_mall.o conf_mall.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o conf_sap.o conf_sap.c ar r ../../libcrypto.a conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o c onf_mall.o conf_sap.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/conf' making all in crypto/txt_db... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/txt_db' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o txt_db.o txt_db.c ar r ../../libcrypto.a txt_db.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/txt_db' making all in crypto/pkcs7... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs7' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk7_asn1.o pk7_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk7_lib.o pk7_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pkcs7err.o pkcs7err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk7_doit.o pk7_doit.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk7_smime.o pk7_smime.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk7_attr.o pk7_attr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk7_mime.o pk7_mime.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o bio_pk7.o bio_pk7.c ar r ../../libcrypto.a pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o p k7_attr.o pk7_mime.o bio_pk7.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs7' making all in crypto/pkcs12... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pkcs12' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_add.o p12_add.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_asn.o p12_asn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_attr.o p12_attr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_crpt.o p12_crpt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_crt.o p12_crt.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_decr.o p12_decr.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_init.o p12_init.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_key.o p12_key.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_kiss.o p12_kiss.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_mutl.o p12_mutl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_utl.o p12_utl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_npas.o p12_npas.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pk12err.o pk12err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_p8d.o p12_p8d.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o p12_p8e.o p12_p8e.c ar r ../../libcrypto.a p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_ decr.o p12_init.o p12_key.o p12_kiss.o p12_mutl.o p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pkcs12' making all in crypto/comp... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/comp' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o comp_lib.o comp_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o comp_err.o comp_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_rle.o c_rle.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o c_zlib.o c_zlib.c ar r ../../libcrypto.a comp_lib.o comp_err.o c_rle.o c_zlib.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/comp' making all in crypto/ocsp... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ocsp' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_asn.o ocsp_asn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_ext.o ocsp_ext.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_ht.o ocsp_ht.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_lib.o ocsp_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_cl.o ocsp_cl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_srv.o ocsp_srv.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_prn.o ocsp_prn.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_vfy.o ocsp_vfy.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ocsp_err.o ocsp_err.c ar r ../../libcrypto.a ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o ocs p_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ocsp' making all in crypto/ui... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ui' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ui_err.o ui_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ui_lib.o ui_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ui_openssl.o ui_openssl.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ui_util.o ui_util.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ui_compat.o ui_compat.c ar r ../../libcrypto.a ui_err.o ui_lib.o ui_openssl.o ui_util.o ui_compat.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ui' making all in crypto/krb5... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/krb5' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o krb5_asn.o krb5_asn.c ar r ../../libcrypto.a krb5_asn.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/krb5' making all in crypto/cms... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cms' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_lib.o cms_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_asn1.o cms_asn1.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_att.o cms_att.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_io.o cms_io.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_smime.o cms_smime.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_err.o cms_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_sd.o cms_sd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_dd.o cms_dd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_cd.o cms_cd.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_env.o cms_env.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_enc.o cms_enc.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_ess.o cms_ess.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cms_pwri.o cms_pwri.c ar r ../../libcrypto.a cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_ err.o cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o cms_pwri.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cms' making all in crypto/pqueue... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/pqueue' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o pqueue.o pqueue.c ar r ../../libcrypto.a pqueue.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/pqueue' making all in crypto/ts... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/ts' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_err.o ts_err.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_req_utils.o ts_req_utils.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_req_print.o ts_req_print.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_rsp_utils.o ts_rsp_utils.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_rsp_print.o ts_rsp_print.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_rsp_sign.o ts_rsp_sign.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_rsp_verify.o ts_rsp_verify.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_verify_ctx.o ts_verify_ctx.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_lib.o ts_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_conf.o ts_conf.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o ts_asn1.o ts_asn1.c ar r ../../libcrypto.a ts_err.o ts_req_utils.o ts_req_print.o ts_rsp_utils.o ts _rsp_print.o ts_rsp_sign.o ts_rsp_verify.o ts_verify_ctx.o ts_lib.o ts_conf.o ts _asn1.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/ts' making all in crypto/srp... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/srp' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o srp_lib.o srp_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o srp_vfy.o srp_vfy.c ar r ../../libcrypto.a srp_lib.o srp_vfy.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/srp' making all in crypto/cmac... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/c rypto/cmac' gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cmac.o cmac.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cm_ameth.o cm_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD S -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall -c -o cm_pmeth.o cm_pmeth.c ar r ../../libcrypto.a cmac.o cm_ameth.o cm_pmeth.o /usr/bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto/cmac' if [ -n "" ]; then \ (cd ..; make libcrypto.so.1.0.0); \ fi make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/cr ypto' making all in engines... make[3]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines' gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_4758cca.o e_4758cca.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_aep.o e_aep.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_atalla.o e_atalla.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_cswift.o e_cswift.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_gmp.o e_gmp.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_chil.o e_chil.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_nuron.o e_nuron.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_sureware.o e_sureware.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_ubsec.o e_ubsec.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_padlock.o e_padlock.c gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 - fomit-frame-pointer -Wall -c -o e_capi.o e_capi.c echo making all in engines/ccgost... make[4]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/e ngines/ccgost' gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o e_gost_err.o e_gost_err.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost2001_keyx.o gost2001_keyx.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost2001.o gost2001.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost89.o gost89.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost94_keyx.o gost94_keyx.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_ameth.o gost_ameth.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_asn1.o gost_asn1.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_crypt.o gost_crypt.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_ctl.o gost_ctl.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_eng.o gost_eng.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gosthash.o gosthash.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_keywrap.o gost_keywrap.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_md.o gost_md.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_params.o gost_params.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_pmeth.o gost_pmeth.c gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O 3 -fomit-frame-pointer -Wall -c -o gost_sign.o gost_sign.c if [ -n "" ]; then \ make -f ../../Makefile.shared -e \ LIBNAME=gost \ LIBEXTRAS='e_gost_err.o gost2001_keyx.o gost2001.o gost8 9.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o go sthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o' \ LIBDEPS='-L../.. -lcrypto' \ link_o.linux-shared; \ else \ ar r ../../libcrypto.a e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng .o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o; \ fi make[4]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines/ccgost' make[3]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/en gines' make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s' make[2]: Entering directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/t est' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}" ; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -Wall}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=bnte st} bntest.o ${LIBDEPS} ) /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../x86_64-suse-linux/bin/ld: canno t find -lssl collect2: ld returned 1 exit status make[2]: *** [link_app.] Error 1 make[2]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' make[1]: *** [bntest] Error 2 make[1]: Leaving directory `/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s/te st' make: *** [tests] Error 2 sldestrslx211:/var/tmp/OpenSSL/tmp2/openssl_102g/openssl-1.0.1s # Many greetings from Germany Martin Ziegler Systemtechnik / Support structura nova Bechtle Softwarel?sungen GmbH Meitnerstra?e 10, DE-70563 Stuttgart Phone: +49 711 94784-159 Fax: +49 711 94784-299 E-Mail: martin.ziegler at bechtle.com Homepage: http://www.bechtle.com Sitz Neckarsulm, Amtsgericht Stuttgart HRB 725039, Ust-Id.Nr. DE218410885, Gesch?ftsf?hrer Oliver Reinsdorf -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4523 Please log in as guest with password guest if prompted