From levitte at openssl.org Fri May 1 04:27:32 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 01 May 2020 06:27:32 +0200 Subject: OpenSSL version 3.0.0-alpha1 published In-Reply-To: References: <20200423142936.GA24450@openssl.org> <5ebc99d8-2260-c5a6-ef76-eb91fd5c10d0@openssl.org> Message-ID: <878sicqnyj.wl-levitte@openssl.org> On Fri, 01 May 2020 01:22:34 +0200, Sam Roberts wrote: > > On Fri, Apr 24, 2020 at 9:07 AM Nicola Tuveri wrote: > > At https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers there was already an example of how to do this programmatically, and a link to the manpage for the config file syntax. > > That's not working for me: > > Failed to load Legacy provider: error:25000067:DSO support > routines::could not load the shared library > /home/sam/w/core/tls/./node[26693]: ../../src/node_crypto.cc:6804:void > node::crypto::InitCryptoOnce(): Assertion `"Unreachable code reached"' > failed. > 1: 0x557630598d84 node::Abort() [/home/sam/w/core/tls/./node] > > From: > /* Load Multiple providers into the default (NULL) library context */ > auto legacy = OSSL_PROVIDER_load(0, "legacy"); > if (legacy == nullptr) { > unsigned long err = ERR_get_error(); > fprintf(stderr, "Failed to load Legacy provider: %s\n", > ERR_error_string(err, nullptr)); > UNREACHABLE(); > } > auto deflt = OSSL_PROVIDER_load(0, "default"); > if (deflt == nullptr) { > unsigned long err = ERR_get_error(); > fprintf(stderr, "Failed to load Default provider: %s\n", > ERR_error_string(err, nullptr)); > OSSL_PROVIDER_unload(legacy); > UNREACHABLE(); > } > > > I notice that the legacy.so isn't in the same folder as the other .so > files, so I tried: > > LD_LIBRARY_PATH=/usr/local/stow/openssl-3.0.0-alpha1/lib:/usr/local/stow/openssl-3.0.0-alpha1/lib/ossl-modules > > But that didn't work. > > It looks like adding this did work: > > OSSL_PROVIDER_set_default_search_path(0, > "/usr/local/stow/openssl-3.0.0-alpha1/lib/ossl-modules"); > > What are the default values? I built with prefix set to /usr/local, > but then installed to the DESTDIR directory above, is that what caused > me trouble? You can find out the default value with 'openssl info -modulesdir' Yes, running from the DESTDIR "installation" gets you into trouble. DESTDIR is intended to be a staging directory, i.e. a place to put files that you want to put in an archive or package for more proper (distribute) installation in the right place. It can be used for testing, of course, but you then need to know a little more what you're doing. I suggest having a look at doc/man7/openssl-env.pod, it contains a complete enough catalogue of diverse environment variables that you can use to affect OpenSSL's internal behaviour. OPENSSL_MODULES is of particular interest in this case. Suggested command to read a .pod file comfortably: perldoc -o man doc/man7/openssl-env.pod I suspect, btw, that people might wonder why we install provider modules separately from engines. The simple reason is that they are very different beasts, but the major one is that provider modules are intended to be fairly OpenSSL version agnostic, by design. Engines are unfortunately not version agnostic at all, acutely so since OpenSSL 1.1.0. So while provider modules do not need to be updated for every OpenSSL version, engines do. Cheers, Richard > > Cheers, > Sam > > > > > I just added also a minimal config file example to load both the default and the legacy provider in the default library context. > > > > > > Cheers, > > > > Nicola > > > > On Fri, 24 Apr 2020 at 17:56, Sam Roberts wrote: > >> > >> On Fri, Apr 24, 2020 at 1:05 AM Matt Caswell wrote: > >> > This one is interesting: > >> > > >> > ERR_OSSL_EVP_FETCH_FAILED > >> > > >> > > >> > This means that the algorithm you are trying to use isn't available in > >> > the loaded providers. Since you should be getting the default provider > >> > loaded automatically it could be because some legacy algorithms were > >> > moved to the legacy provider (MD2, MD4, MDC2, RMD160, CAST5, BF > >> > (Blowfish), IDEA, SEED, RC2, RC4, RC5 and DES (but not 3DES)). If you're > >> > using something from that list then that would explain it. > >> > >> Can we add the legacy provider, via configuration, or via code? > -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From levitte at openssl.org Fri May 1 04:36:40 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 01 May 2020 06:36:40 +0200 Subject: OpenSSL version 3.0.0-alpha1 published In-Reply-To: References: <20200423142936.GA24450@openssl.org> <20200425221513.GB402559@roeckx.be> Message-ID: <877dxwqnjb.wl-levitte@openssl.org> On Sun, 26 Apr 2020 11:35:14 +0200, Yann Ylavic wrote: > > On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx wrote: > > > > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote: > > > > > > - DH_bits(dh) (used for logging only in httpd) > > > Replaced by BN_num_bits(DH_get0_p(dh)). > > > Not sure this one should be deprecated, it seems to be used in several > > > places in openssl codebase still, no replacement? > > > > I think the replacement is using the EVP_PKEY API and then use > > EVP_PKEY_bits() > > Sure, but if all you have is a DH object (say obtained by > DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does > not help. > It seems a bit odd to me that DH_bits() or DH_security_bits() are > deprecated, but not DH_get0_*() or DH_get_length() for instance. The DH_get0_* functions are useful in contructing other low-level DH objects using the same numbers as the one you currently have. I don't quite see that DH_bits() would be useful in that manner. Along that line of thinking, I agree that it's odd that DH_get_length() wasn't deprecated. I can't remember if it was discussed in particular... it might simply be an omission. All that being said, DH_bits() was undeprecated yesterday. See https://github.com/openssl/openssl/pull/11669 Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From wadecline at hotmail.com Fri May 1 05:23:47 2020 From: wadecline at hotmail.com (Wade Cline) Date: Thu, 30 Apr 2020 22:23:47 -0700 Subject: Indirect CRL CLI and support Message-ID: Hello, I have the following PKI: root_ca / \ localhost signing_ca - / | \ admin friend referrer - | \ referred referred_bad_indirect (R) 'admin', 'friend', 'referred', and 'referred_bad_indirect' are all client certificates while the others are CAs ('referrer' has a 'pathlen' of '0'). My goal is to revoke the 'referred_bad_indirect' certificate via the 'signing_ca' using an indirect CRL. >From what I've read on an old forum post about Indirect CRLs [1] it seems possible to add the "CRL Distribution Points" extension [2] to the 'referred_bad_indirect' certificate and to add the "Issuing Distribution Point" extension [3] to the issued CRL; however, it seems that the CRL also needs to have at least one "Certificate Issuer" extension [4] for each certificate that is not revoked by the CRL issuer. This does not appear to be possible with the current `crl` tool provided by OpenSSL as the CRL is generated from the plaintext database which does not appear to have support for certificates issued by other CAs. For completeness, I tried out [5] a set-up similar to the one mentioned in the old Indirect CRL forum post mentioned earlier [1]: root_ca ----------------------- / \ \ localhost signing_ca_indirectcrl crl_ca / \ friend_indirect friend_bad_indirect (R) I was able to get the "CRL Distribution Points" extension added to 'friend_indirect' and 'friend_bad_indirect' and also the "Issuing Distribution Point" to the CRL generated by 'crl_ca', but was not able to verify that 'friend_bad_indirect' was actually revoked, which I expect is due to the fact that the CRL does not have a "Certificate Issuer" extension and the CRL issuer does not match the issuer of the 'friend_bad_indirect' certificate, which is how I interpet [1]: As written, both user credentials successfully validate because the CRL generated does not include the issuer extension on each of its entries. If you choose common names such that the CA credential, CRL issuer credential, and CRL issuer named in the user certificates are all the same, the verify command will successfully recognize that one of the user credentials has been revoked. So at this point it seems to be that the problem is a lack of the "Certificate Issuer" extension on the generated CRL. My questions are thus: 1) Is it possible to generate an indirect CRL with appropriate "Certificate Issuer" extensions via the OpenSSL CLI tools? 2) If not, is this supported via the library API? 3) Does OpenSSL fully support verifying an indirect CRL if one is provided? 4) Lastly, referring to the first PKI, what would happen if 'referred_bad_indirect' left out its "CRL Distribution Points" extension (perhaps a lazy or malevolent 'referrer' CA), but the 'signing_ca' issued an indirect CRL with 'referred_bad_indirect' revoked? Would the revocation be ignored because 'referred_bad_indirect' lacked a "CRL Distribution Points" extension or would it the revocation be accepted regardless because it's in the CRL? My version of OpenSSL is 'OpenSSL 1.1.1g 21 Apr 2020', provided by the Gentoo system distribution. Thanks, Wade [1] http://openssl.6102.n7.nabble.com/Re-openssl-org-3097-Incorrect-revocation-status-with-indirect-CRL-td47482.html [2] https://tools.ietf.org/html/rfc5280#section-4.2.1.13 [3] https://tools.ietf.org/html/rfc5280#section-5.2.5 [4] https://tools.ietf.org/html/rfc5280#section-5.3.3 [5] https://github.com/clinew/inspircdtests/blob/indirect_crl/afr.sh#L437 From matt at openssl.org Fri May 1 09:59:10 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 1 May 2020 10:59:10 +0100 Subject: OpenSSL version 3.0.0-alpha1 build failed In-Reply-To: <629958f6-2cab-3899-6139-47f725b471f8@openssl.org> References: <20200423142936.GA24450@openssl.org> <629958f6-2cab-3899-6139-47f725b471f8@openssl.org> Message-ID: On 30/04/2020 22:44, Matt Caswell wrote: > This appears to be a bug in perl. You have a very old version of perl > (the oldest we support is 5.10.0). It's probably worth trying to upgrade it. I've seen a very similar (but not quite the same) crash in an older version of perl on a different platform. Please see the workaround procedure I've documented here: https://github.com/openssl/openssl/issues/11694 Please could you try this out and let me know if it works? Thanks Matt > > Matt > > > On 30/04/2020 22:12, Ken Goldman wrote: >> My build failed with the below. >> >> x86_64 Linux kernel 2.6.32 >> RHEL 6.7 >> Perl 5.10.1 >> >> Everything through 1.1.1e was successful. >> >> ~~ >> >> >> ./config >> Operating system: x86_64-whatever-linux2 >> Configuring OpenSSL version 3.0.0-alpha1 for target linux-x86_64 >> Using os-specific seed configuration >> *** glibc detected *** /usr/bin/perl: double free or corruption (out): >> 0x0000000002a401e0 *** >> ======= Backtrace: ========= >> /lib64/libc.so.6[0x3c2fa75dee] >> /lib64/libc.so.6[0x3c2fa78c80] >> /usr/lib64/perl5/CORE/libperl.so(Perl_sv_clear+0x6a5)[0x3c35ab93c5] >> /usr/lib64/perl5/CORE/libperl.so(Perl_sv_free2+0x52)[0x3c35ab95d2] >> /usr/lib64/perl5/CORE/libperl.so(Perl_av_undef+0x58)[0x3c35aa4018] >> /usr/lib64/perl5/CORE/libperl.so(Perl_sv_clear+0x598)[0x3c35ab92b8] >> /usr/lib64/perl5/CORE/libperl.so(Perl_sv_free2+0x52)[0x3c35ab95d2] >> /usr/lib64/perl5/CORE/libperl.so(Perl_sv_clear+0x47c)[0x3c35ab919c] >> /usr/lib64/perl5/CORE/libperl.so(Perl_sv_free2+0x52)[0x3c35ab95d2] >> /usr/lib64/perl5/CORE/libperl.so(Perl_hv_free_ent+0x42)[0x3c35a9e8c2] >> /usr/lib64/perl5/CORE/libperl.so[0x3c35a9fde1] >> /usr/lib64/perl5/CORE/libperl.so(Perl_hv_clear+0xfa)[0x3c35a9ffea] >> /usr/lib64/perl5/CORE/libperl.so(Perl_leave_scope+0xea8)[0x3c35ad6258] >> /usr/lib64/perl5/CORE/libperl.so(Perl_pp_unstack+0x59)[0x3c35aa8419] >> /usr/lib64/perl5/CORE/libperl.so(Perl_runops_standard+0x16)[0x3c35aa4b06] >> /usr/lib64/perl5/CORE/libperl.so(perl_run+0x338)[0x3c35a4d0d8] >> /usr/bin/perl(main+0x154)[0x400e74] >> /lib64/libc.so.6(__libc_start_main+0xfd)[0x3c2fa1ed1d] >> [snipped] >> From ylavic.dev at gmail.com Fri May 1 12:00:04 2020 From: ylavic.dev at gmail.com (Yann Ylavic) Date: Fri, 1 May 2020 14:00:04 +0200 Subject: OpenSSL version 3.0.0-alpha1 published In-Reply-To: <877dxwqnjb.wl-levitte@openssl.org> References: <20200423142936.GA24450@openssl.org> <20200425221513.GB402559@roeckx.be> <877dxwqnjb.wl-levitte@openssl.org> Message-ID: On Fri, May 1, 2020 at 6:36 AM Richard Levitte wrote: > > On Sun, 26 Apr 2020 11:35:14 +0200, > Yann Ylavic wrote: > > > > On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx wrote: > > > > > > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote: > > > > > > > > - DH_bits(dh) (used for logging only in httpd) > > > > Replaced by BN_num_bits(DH_get0_p(dh)). > > > > Not sure this one should be deprecated, it seems to be used in several > > > > places in openssl codebase still, no replacement? > > > > > > I think the replacement is using the EVP_PKEY API and then use > > > EVP_PKEY_bits() > > > > Sure, but if all you have is a DH object (say obtained by > > DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does > > not help. > > It seems a bit odd to me that DH_bits() or DH_security_bits() are > > deprecated, but not DH_get0_*() or DH_get_length() for instance. > > The DH_get0_* functions are useful in contructing other low-level DH > objects using the same numbers as the one you currently have. I don't > quite see that DH_bits() would be useful in that manner. > > Along that line of thinking, I agree that it's odd that > DH_get_length() wasn't deprecated. I can't remember if it was > discussed in particular... it might simply be an omission. > > All that being said, DH_bits() was undeprecated yesterday. See > https://github.com/openssl/openssl/pull/11669 Thanks for that. Regards, Yann. From dfulger at gmx.com Fri May 1 14:02:39 2020 From: dfulger at gmx.com (Dan Fulger) Date: Fri, 1 May 2020 16:02:39 +0200 Subject: FFT algorithm for BIGNUM multiplication Message-ID: off topic: ? "till" is correct and?older than "until". ? https://www.merriam-webster.com/dictionary/till https://en.wiktionary.org/wiki/till line?786915 in file?http://www.gutenberg.org/cache/epub/673/pg673.txt ? and all four paper dictionaries I have in my home (two of them do not even mention "til"). ? From Michael.Wojcik at microfocus.com Fri May 1 14:45:45 2020 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 1 May 2020 14:45:45 +0000 Subject: FFT algorithm for BIGNUM multiplication In-Reply-To: References: Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of > Dan Fulger > Sent: Friday, May 01, 2020 08:03 > > off topic: > > "till" is correct and older than "until". > > https://www.merriam-webster.com/dictionary/till > https://en.wiktionary.org/wiki/till > line 786915 in file http://www.gutenberg.org/cache/epub/673/pg673.txt > > and all four paper dictionaries I have in my home (two of them do not even > mention "til"). Argh. Now that you mention it, I remember reading this some years ago. I should have checked before posting that. (You'd think after decades of mailing lists and Usenet and whatnot I'd have acquired that habit...) I stand corrected. Thanks. From guidovranken at gmail.com Fri May 1 16:14:39 2020 From: guidovranken at gmail.com (Guido Vranken) Date: Fri, 1 May 2020 18:14:39 +0200 Subject: liblegacy.a does not work unless compiled with -static Message-ID: When I configure using "./config enable-legacy" it creates providers/liblegacy.a, then in the program I link with it, OSSL_PROVIDER_load fails (returns NULL). When I configure using "./config enable-legacy -static" it works as expected. However, building with -static fails on OSS-Fuzz when building with sanitizers, and I need the .a file instead of the .so file for fuzzing. So, is it possible to configure using "./config enable-legacy" and have a working liblegacy.a? Is this a bug? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From guidovranken at gmail.com Fri May 1 16:20:26 2020 From: guidovranken at gmail.com (Guido Vranken) Date: Fri, 1 May 2020 18:20:26 +0200 Subject: OpenSSL version 3.0.0-alpha1 published In-Reply-To: <20200423142936.GA24450@openssl.org> References: <20200423142936.GA24450@openssl.org> Message-ID: Reminder that in git master and 3.0.0, CAST5 gives the wrong output: https://github.com/openssl/openssl/issues/11459 (this proof of concept was made before you moved CAST5 to liblegacy, so just put OSSL_PROVIDER_load(nullptr, "legacy"); in there to make it work) On Thu, Apr 23, 2020 at 4:30 PM OpenSSL wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > OpenSSL version 3.0 alpha 1 released > ==================================== > > OpenSSL - The Open Source toolkit for SSL/TLS > https://www.openssl.org/ > > OpenSSL 3.0 is currently in alpha. > > OpenSSL 3.0 alpha 1 has now been made available. > > Note: This OpenSSL pre-release has been provided for testing ONLY. > It should NOT be used for security critical purposes. > > Specific notes on upgrading to OpenSSL 3.0 from previous versions, as > well > as known issues are available on the OpenSSL Wiki, here: > > https://wiki.openssl.org/index.php/OpenSSL_3.0 > > The alpha release is available for download via HTTPS and FTP from the > following master locations (you can find the various FTP mirrors under > https://www.openssl.org/source/mirror.html): > > * https://www.openssl.org/source/ > * ftp://ftp.openssl.org/source/ > > The distribution file name is: > > o openssl-3.0.0-alpha1.tar.gz > Size: 9530120 > SHA1 checksum: 4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06 > SHA256 checksum: > 9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57 > > The checksums were calculated using the following commands: > > openssl sha1 openssl-3.0.0-alpha1.tar.gz > openssl sha256 openssl-3.0.0-alpha1.tar.gz > > Please download and check this $LABEL release as soon as possible. > To report a bug, open an issue on GitHub: > > https://github.com/openssl/openssl/issues > > Please check the release notes and mailing lists to avoid duplicate > reports of known issues. (Of course, the source is also available > on GitHub.) > > Yours, > > The OpenSSL Project Team. > > -----BEGIN PGP SIGNATURE----- > > iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g > RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk > I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E > cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8 > hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll > Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F > hIr11rxXNxtBRKUSlOUyJATZn0sV6g== > =uRpM > -----END PGP SIGNATURE----- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri May 1 16:27:33 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 1 May 2020 17:27:33 +0100 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: References: Message-ID: liblegacy.a is an internal artifact! You're not supposed to link your applications against it! You are supposed to link against libcrypto normally. If legacy.so isn't in the default install location then make sure the OPENSSL_MODULES environment variable is pointing at its directory. Matt On 01/05/2020 17:14, Guido Vranken wrote: > When I configure using "./config enable-legacy" it creates > providers/liblegacy.a, then in the program I link with it, > OSSL_PROVIDER_load fails (returns NULL). > > When I configure using "./config enable-legacy -static" it works as > expected. > > However, building with -static fails on OSS-Fuzz when building with > sanitizers, and I need the .a file instead of the .so file for fuzzing. > > So, is it possible to configure using "./config enable-legacy" and have > a working liblegacy.a? Is this a bug? > > Thanks From guidovranken at gmail.com Fri May 1 16:30:50 2020 From: guidovranken at gmail.com (Guido Vranken) Date: Fri, 1 May 2020 18:30:50 +0200 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: References: Message-ID: OK I see, thanks. On Fri, May 1, 2020 at 6:27 PM Matt Caswell wrote: > liblegacy.a is an internal artifact! You're not supposed to link your > applications against it! > > You are supposed to link against libcrypto normally. If legacy.so isn't > in the default install location then make sure the OPENSSL_MODULES > environment variable is pointing at its directory. > > Matt > > > On 01/05/2020 17:14, Guido Vranken wrote: > > When I configure using "./config enable-legacy" it creates > > providers/liblegacy.a, then in the program I link with it, > > OSSL_PROVIDER_load fails (returns NULL). > > > > When I configure using "./config enable-legacy -static" it works as > > expected. > > > > However, building with -static fails on OSS-Fuzz when building with > > sanitizers, and I need the .a file instead of the .so file for fuzzing. > > > > So, is it possible to configure using "./config enable-legacy" and have > > a working liblegacy.a? Is this a bug? > > > > Thanks > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vieuxtech at gmail.com Fri May 1 17:13:32 2020 From: vieuxtech at gmail.com (Sam Roberts) Date: Fri, 1 May 2020 10:13:32 -0700 Subject: OpenSSL version 3.0.0-alpha1 published In-Reply-To: <878sicqnyj.wl-levitte@openssl.org> References: <20200423142936.GA24450@openssl.org> <5ebc99d8-2260-c5a6-ef76-eb91fd5c10d0@openssl.org> <878sicqnyj.wl-levitte@openssl.org> Message-ID: On Thu, Apr 30, 2020 at 9:27 PM Richard Levitte wrote: > Yes, running from the DESTDIR "installation" gets you into trouble. > DESTDIR is intended to be a staging directory, i.e. a place to put Fair enough, I don't have to use DESTDIR, I configure with openssldir and prefix set to a sandbox now. We statically link openssl to get a self-contained binary. I'm not sure if --no-shared was sufficient to "build in" the legacy algs. Provider load failed, reasonably expectedly, but whether our test suite is failing because of missing legacy won't be clear to me until more of the superficial failures are fixed. Is there a reason two terms, "modules" and "providers", are both used? Are there modules that are NOT providers? It is confusing to use different names to describe the same thing, so if modules are providers, perhaps one name could be used consistently. From rsalz at akamai.com Fri May 1 17:22:13 2020 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 1 May 2020 17:22:13 +0000 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: References: Message-ID: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> Hm, so DSO support is a requirement for legacy crypto now? That probably needs to be made explicit, and see if the project gets pushback. From vieuxtech at gmail.com Fri May 1 17:44:30 2020 From: vieuxtech at gmail.com (Sam Roberts) Date: Fri, 1 May 2020 10:44:30 -0700 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> References: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> Message-ID: On Fri, May 1, 2020 at 10:22 AM Salz, Rich via openssl-users wrote: > Hm, so DSO support is a requirement for legacy crypto now? That probably needs to be made explicit, and see if the project gets pushback. It would mean legacy alg support would not exist for Node.js binary distributions, but I'm still figuring out how many legacy algs we support. How hard we'd push back on that would depend on how hard our users push back... but we won't know that until ossl3 makes it into a new major of node, probably spring 2021, when it might be too late to change anything. From levitte at openssl.org Sat May 2 07:30:45 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 02 May 2020 09:30:45 +0200 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> References: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> Message-ID: <875zderdy2.wl-levitte@openssl.org> On Fri, 01 May 2020 19:22:13 +0200, Salz, Rich via openssl-users wrote: > > Hm, so DSO support is a requirement for legacy crypto now? That > probably needs to be made explicit, and see if the project gets > pushback. No. When DSO support is turned off, the legacy provider code becomes part of libcrypto, in an inaccessible state (in other words, you still have to "load" it). Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From paul.dale at oracle.com Sat May 2 07:34:00 2020 From: paul.dale at oracle.com (Dr Paul Dale) Date: Sat, 2 May 2020 17:34:00 +1000 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: <875zderdy2.wl-levitte@openssl.org> References: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> <875zderdy2.wl-levitte@openssl.org> Message-ID: <71374E29-CBE2-4C8A-8782-94F1D7D938A8@oracle.com> I?ve been wondering if an option to build the legacy provider into libcrypto (like the null and default providers) is worthwhile. Given this conservation, it seems it might be. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 2 May 2020, at 5:30 pm, Richard Levitte wrote: > > On Fri, 01 May 2020 19:22:13 +0200, > Salz, Rich via openssl-users wrote: >> >> Hm, so DSO support is a requirement for legacy crypto now? That >> probably needs to be made explicit, and see if the project gets >> pushback. > > No. When DSO support is turned off, the legacy provider code becomes > part of libcrypto, in an inaccessible state (in other words, you still > have to "load" it). > > Cheers, > Richard > > -- > Richard Levitte levitte at openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From vieuxtech at gmail.com Sat May 2 15:39:42 2020 From: vieuxtech at gmail.com (Sam Roberts) Date: Sat, 2 May 2020 08:39:42 -0700 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: <875zderdy2.wl-levitte@openssl.org> References: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> <875zderdy2.wl-levitte@openssl.org> Message-ID: On Sat, May 2, 2020 at 12:31 AM Richard Levitte wrote: > No. When DSO support is turned off, the legacy provider code becomes > part of libcrypto, in an inaccessible state (in other words, you still > have to "load" it). Using OSSL_PROVIDER_load(NULL, "legacy")? My first try after a static only build (and delete of all .so files) got an error from that, but if its the correct way, I'll investigate more. Sam From matt at openssl.org Sat May 2 18:28:33 2020 From: matt at openssl.org (Matt Caswell) Date: Sat, 2 May 2020 19:28:33 +0100 Subject: liblegacy.a does not work unless compiled with -static In-Reply-To: References: <4C1FB791-6C3D-4905-A302-BB3F448068D9@akamai.com> <875zderdy2.wl-levitte@openssl.org> Message-ID: <0eec13e9-ddbe-1f02-99c9-f296d636bf7f@openssl.org> On 02/05/2020 16:39, Sam Roberts wrote: > On Sat, May 2, 2020 at 12:31 AM Richard Levitte wrote: >> No. When DSO support is turned off, the legacy provider code becomes >> part of libcrypto, in an inaccessible state (in other words, you still >> have to "load" it). > > Using OSSL_PROVIDER_load(NULL, "legacy")? > > My first try after a static only build (and delete of all .so files) > got an error from that, but if its the correct way, I'll investigate > more. Yes, that is the correct method. Matt From MLangfinger at web.de Sun May 3 18:14:38 2020 From: MLangfinger at web.de (Michael Langfinger) Date: Sun, 3 May 2020 20:14:38 +0200 Subject: Export regulation / EAR 742.15 Message-ID: Hi, I used my favorite search engine to find out whether this questions was already asked (here), but I just found some old (outdated?) posts, that might or might not be be relevant. Since I am not a lawyer and my legal knowledge regarding export regulation is very limited, I didnt' want to take any chances. Sorry if the following question has already been answered! I was asked to clarify the classification of OpenSSL in regards to the U.S. export regulations and whether the software is a "public available encryption item" according to the US export administration rules (EAR) 742.15. Has someone further information on the topic and can help me out? Thank you! Michael From rsalz at akamai.com Sun May 3 18:55:50 2020 From: rsalz at akamai.com (Salz, Rich) Date: Sun, 3 May 2020 18:55:50 +0000 Subject: Export regulation / EAR 742.15 In-Reply-To: References: Message-ID: <9BED4DA6-6937-4B41-8CA6-31028C9D95CF@akamai.com> You might find https://github.com/openssl/openssl/issues/10923 to have some useful information. OpenSSL is publically available. From minfrin at sharp.fm Tue May 5 10:17:55 2020 From: minfrin at sharp.fm (Graham Leggett) Date: Tue, 5 May 2020 12:17:55 +0200 Subject: PKCS7: Error: Object has zero length. Message-ID: <4CB4BF83-5A09-45D7-B9BC-9C7D4E2CB71E@sharp.fm> Hi all, I am trying to create a "Degenerate certificates-only CMS Signed-Data? using openssl openssl-1.1.1c (from CentOS8) as described by https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the process I am getting the entry "Error: Object has zero length? in the PKCS7 structure and I don't know how to get rid of it: 0 2395: SEQUENCE { 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 15 2380: [0] { 19 2376: SEQUENCE { 23 1: INTEGER 1 26 0: SET {} 28 15: SEQUENCE { 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 41 2: [0] { 43 0: OCTET STRING : Error: Object has zero length. signer); i2d_PKCS7_bio(b, p7); Can anyone confirm what step I am missing? Regards, Graham ? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5014 bytes Desc: not available URL: From sri.deep07 at gmail.com Wed May 6 01:19:34 2020 From: sri.deep07 at gmail.com (Anand Sridharan) Date: Tue, 5 May 2020 18:19:34 -0700 Subject: openssl-1.1.1g cygwin make errors Message-ID: Hi Open SSL users , Please let us know if someone has observed below errors while compiling on source with cygwin. Please do indicate any workaround available , I observed similar errors with different version as well such as openssl 1.1.1a. from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:28:24: ucontext.h: No such file or directory In file included from crypto/async/arch/../async_local.h:30, from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:32: error: parse error before "ucontext_t" crypto/async/arch/../arch/async_posix.h:32: warning: no semicolon at end of struct or union crypto/async/arch/../arch/async_posix.h:35: error: parse error before '}' token crypto/async/arch/../arch/async_posix.h:35: warning: type defaults to `int' in declaration of `async_fibre' crypto/async/arch/../arch/async_posix.h:35: warning: data definition has no type or storage class crypto/async/arch/../arch/async_posix.h:37: error: parse error before '*' token crypto/async/arch/../arch/async_posix.h: In function `async_fibre_swapcontext': crypto/async/arch/../arch/async_posix.h:39: error: `o' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:39: error: (Each undeclared identifier is reported only once crypto/async/arch/../arch/async_posix.h:39: error: for each function it appears in.) crypto/async/arch/../arch/async_posix.h:41: error: `r' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:42: error: `n' undeclared (first use in this function) -- thanks, Anand.S -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomiii at tomiii.com Wed May 6 04:20:34 2020 From: tomiii at tomiii.com (Thomas Dwyer III) Date: Tue, 5 May 2020 21:20:34 -0700 Subject: Extracting the public modulus from an RSA public key? Message-ID: I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed in a way similar to: RSA *rsa = get_pubkey_from_cert(...) BIGNUM *bn = rsa->n; int len = BN_num_bytes(bn); unsigned char *buf = malloc(len); BN_bn2bin(bn, buf); pubkey_to_firmware(buf, len); Yuck. Ignoring the fact that this firmware appears to assume a constant exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA key. I understand this is intentional. The only solution I could find is to print the key to a buffer via EVP_PKEY_print_public(), parse the result to extract the modulus into a giant hex string, and then BN_hex2bn() that back into a BIGNUM. Is there a better way? Thanks, Tom.III -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.dale at oracle.com Wed May 6 04:48:20 2020 From: paul.dale at oracle.com (Dr Paul Dale) Date: Wed, 6 May 2020 14:48:20 +1000 Subject: Extracting the public modulus from an RSA public key? In-Reply-To: References: Message-ID: <48BF17CD-EF71-4E56-9459-C1BE80A6A768@oracle.com> Might I suggest reading the documentation? RSA_get0_n() is the function you are wanting. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 6 May 2020, at 2:20 pm, Thomas Dwyer III wrote: > > I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed in a way similar to: > > RSA *rsa = get_pubkey_from_cert(...) > BIGNUM *bn = rsa->n; > int len = BN_num_bytes(bn); > unsigned char *buf = malloc(len); > BN_bn2bin(bn, buf); > pubkey_to_firmware(buf, len); > > Yuck. Ignoring the fact that this firmware appears to assume a constant exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA key. I understand this is intentional. The only solution I could find is to print the key to a buffer via EVP_PKEY_print_public(), parse the result to extract the modulus into a giant hex string, and then BN_hex2bn() that back into a BIGNUM. Is there a better way? > > > Thanks, > Tom.III > -------------- next part -------------- An HTML attachment was scrubbed... URL: From georg.hoellrigl at gmx.at Wed May 6 05:17:28 2020 From: georg.hoellrigl at gmx.at (=?UTF-8?Q?Georg_H=C3=B6llrigl?=) Date: Wed, 6 May 2020 07:17:28 +0200 Subject: AW: openssl-1.1.1g cygwin make errors In-Reply-To: References: Message-ID: <001b01d62365$a3aa14b0$eafe3e10$@gmx.at> Hello, You could try with ./config no-async Kind Regards, Georg Von: openssl-users Im Auftrag von Anand Sridharan Gesendet: 06 May 2020 03:20 An: openssl-users at openssl.org Betreff: openssl-1.1.1g cygwin make errors Hi Open SSL users , Please let us know if someone has observed below errors while compiling on source with cygwin. Please do indicate any workaround available , I observed similar errors with different version as well such as openssl 1.1.1a. from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:28:24: ucontext.h: No such file or directory In file included from crypto/async/arch/../async_local.h:30, from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:32: error: parse error before "ucontext_t" crypto/async/arch/../arch/async_posix.h:32: warning: no semicolon at end of struct or union crypto/async/arch/../arch/async_posix.h:35: error: parse error before '}' token crypto/async/arch/../arch/async_posix.h:35: warning: type defaults to `int' in declaration of `async_fibre' crypto/async/arch/../arch/async_posix.h:35: warning: data definition has no type or storage class crypto/async/arch/../arch/async_posix.h:37: error: parse error before '*' token crypto/async/arch/../arch/async_posix.h: In function `async_fibre_swapcontext': crypto/async/arch/../arch/async_posix.h:39: error: `o' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:39: error: (Each undeclared identifier is reported only once crypto/async/arch/../arch/async_posix.h:39: error: for each function it appears in.) crypto/async/arch/../arch/async_posix.h:41: error: `r' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:42: error: `n' undeclared (first use in this function) -- thanks, Anand.S From tomiii at tomiii.com Wed May 6 05:29:04 2020 From: tomiii at tomiii.com (Thomas Dwyer III) Date: Tue, 5 May 2020 22:29:04 -0700 Subject: Extracting the public modulus from an RSA public key? In-Reply-To: <48BF17CD-EF71-4E56-9459-C1BE80A6A768@oracle.com> References: <48BF17CD-EF71-4E56-9459-C1BE80A6A768@oracle.com> Message-ID: Ugh. So simple! I don't know how I missed that. I found get0 & get1 accessors for many other structures but I didn't see that one. Thanks, Tom.III On Tue, May 5, 2020 at 9:50 PM Dr Paul Dale wrote: > Might I suggest reading the documentation? > > RSA_get0_n() is the function you are wanting. > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > > On 6 May 2020, at 2:20 pm, Thomas Dwyer III wrote: > > I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A > portion of this code reads X509 certificates, extracts the public key, and > passes it to firmware that I cannot modify. Unfortunately, this legacy > firmware API was very poorly designed such that the public key is passed in > a way similar to: > > RSA *rsa = get_pubkey_from_cert(...) > BIGNUM *bn = rsa->n; > int len = BN_num_bytes(bn); > unsigned char *buf = malloc(len); > BN_bn2bin(bn, buf); > pubkey_to_firmware(buf, len); > > Yuck. Ignoring the fact that this firmware appears to assume a constant > exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA > key. I understand this is intentional. The only solution I could find is to > print the key to a buffer via EVP_PKEY_print_public(), parse the result to > extract the modulus into a giant hex string, and then BN_hex2bn() that back > into a BIGNUM. Is there a better way? > > > Thanks, > Tom.III > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dfulger at gmx.com Wed May 6 09:14:03 2020 From: dfulger at gmx.com (Dan Fulger) Date: Wed, 6 May 2020 11:14:03 +0200 Subject: AW: openssl-1.1.1g cygwin make errors Message-ID: ucontext.h existed in 2017 in Cygwin, and still exists. ? Maybe you have a very old Cygwin (you can update with setup.exe). From tengicki at autopoll.de Wed May 6 18:44:57 2020 From: tengicki at autopoll.de (Andreas Tengicki) Date: Wed, 6 May 2020 20:44:57 +0200 Subject: mutual-TLS / mTLS Example with certificate problem Message-ID: Hello, I can not find a working mutual-TLS server/client example on github or the whole internet. Only some example for pieces of code. Communication via socket without and with encryption (openSSL) is working, but with mTLS not. I believe that I theoretical understand mTLS, but the practice will not work. The whole (small) project is here: https://github.com/deckard-rick/mTLS-example Server Side ========= I initialize the SSL-context without errors with (sample, error handling is not in this email) ??? SSL_CTX_set_ecdh_auto(srvCtx->ctx, 1); ??? SSL_CTX_set_verify(srvCtx->ctx, SSL_VERIFY_PEER or SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); ??? SSL_CTX_load_verify_locations(srvCtx->ctx,NULL,"../certs"); //???? ??? SSL_CTX_use_certificate_chain_file(srvCtx->ctx, "../certs/server/ca.crt"); ??? SSL_CTX_use_certificate_file(srvCtx->ctx, "../certs/server/server.crt", SSL_FILETYPE_PEM); ??? SSL_CTX_use_PrivateKey_file(srvCtx->ctx, "../certs/server/server.key", SSL_FILETYPE_PEM); ??? SSL_CTX_check_private_key(srvCtx->ctx); the certificates are: ca.crt:? Version: 3 (0x2) ??? Serial Number: 5a:fc:74:e6:28:28:0e:df:5b:7a:50:9e:a8:18:e6:04:42:f0:fd:8d ??? Signature Algorithm: sha256WithRSAEncryption ??? Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA ???? Validity? Not Before: May? 6 09:21:23 2020 GMT? Not After : May? 6 09:21:23 2022 GMT ???? Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA server.crt: Version: 1 (0x0) ??? Serial Number: 5f:6f:44:b5:27:47:f2:d2:fe:2b:21:5b:38:7d:e5:f6:e5:d9:c1:23 ??? Signature Algorithm: sha256WithRSAEncryption ??? Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA ??? Validity? Not Before: May? 6 09:30:23 2020 GMT?? Not After : May? 6 09:30:23 2021 GMT ??? Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = debiandevdesktop01.sdctec.lokal debiandevdesktop01.sdctec.lokal is the FQDN of the development server Client Side ========= ??? SSL_CTX_set_ecdh_auto(ctx, 1); ??? SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); ? ? SSL_CTX_use_certificate_chain_file(ctx, "../certs/client/ca.crt"); ??? SSL_CTX_use_certificate_file(ctx, "../certs/client/client.crt", SSL_FILETYPE_PEM); ??? SSL_CTX_use_PrivateKey_file(ctx, "../certs/client/client.key", SSL_FILETYPE_PEM); ca.crt:? (see server) client.crt: Version: 1 (0x0) ?? Serial Number:? 5f:6f:44:b5:27:47:f2:d2:fe:2b:21:5b:38:7d:e5:f6:e5:d9:c1:24 ?? Signature Algorithm: sha256WithRSAEncryption ?? Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA ?? Validity? Not Before: May? 6 09:35:51 2020 GMT?? Not After : May? 6 09:35:51 2021 GMT ?? Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CLIENT001 Error: ===== If the client connects the server there are the following errors: server: 139918902234240:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915: client: 139918902234240:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915: I think, there is a problem with the certificates. But where is the problem and why? The statement to create the certificates are in the project ./certs/read.me Thanks for any help, I'm looking since days for a solution and I believe it is only a small bug. Best regards ? Andreas From openssl-users at dukhovni.org Wed May 6 19:37:04 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 6 May 2020 15:37:04 -0400 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: <20200506193704.GP76674@straasha.imrryr.org> On Wed, May 06, 2020 at 08:44:57PM +0200, Andreas Tengicki wrote: > I can not find a working mutual-TLS server/client example on github or > the whole internet. Only some example for pieces of code. Communication > via socket without and with encryption (openSSL) is working, but with > mTLS not. I believe that I theoretical understand mTLS, but the practice > will not work. Postfix uses an "ask_ccert" configuration boolean to solicit client certificates. The associated server-side code (with the SNI ctx side-effects elided) is: if (props->ask_ccert) verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; SSL_CTX_set_verify(server_ctx, verify_flags, tls_verify_certificate_callback); if (props->ask_ccert && *props->CAfile) { STACK_OF(X509_NAME) *calist = SSL_load_client_CA_file(props->CAfile); if (calist == 0) { /* Not generally critical */ msg_warn("error loading client CA names from: %s", props->CAfile); tls_print_errors(); } SSL_CTX_set_client_CA_list(server_ctx, calist); } Some clients will not send a certificate unless the server-side client CA list is non-empty and includes the root CA that issued the client's cert. > ??? SSL_CTX_set_ecdh_auto(ctx, 1); > ??? SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); > ? ? SSL_CTX_use_certificate_chain_file(ctx, "../certs/client/ca.crt"); > ??? SSL_CTX_use_certificate_file(ctx, "../certs/client/client.crt", SSL_FILETYPE_PEM); > ??? SSL_CTX_use_PrivateKey_file(ctx, "../certs/client/client.key", SSL_FILETYPE_PEM); You SHOULD NOT specify both a certificate chain file and certificate file. The ..._chain_file() function loads the leaf cert, and then the rest of the chain. > > server: > 139918902234240:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:../ssl/statem/statem_clnt.c:1915: Your trust stores don't contain the requisite CAs and/or the chain files are missing required intermediate certs. -- Viktor. From openssl-users at dukhovni.org Wed May 6 19:39:09 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 6 May 2020 15:39:09 -0400 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: <20200506193909.GQ76674@straasha.imrryr.org> On Wed, May 06, 2020 at 08:44:57PM +0200, Andreas Tengicki wrote: > ??? SSL_CTX_load_verify_locations(srvCtx->ctx,NULL,"../certs"); //???? Have you run "c_rehash" on "../certs" (not keen on relative file names here myself). > Client Side > ========= > > ??? SSL_CTX_set_ecdh_auto(ctx, 1); > ??? SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); > ? ? SSL_CTX_use_certificate_chain_file(ctx, "../certs/client/ca.crt"); > ??? SSL_CTX_use_certificate_file(ctx, "../certs/client/client.crt", SSL_FILETYPE_PEM); > ??? SSL_CTX_use_PrivateKey_file(ctx, "../certs/client/client.key", SSL_FILETYPE_PEM); What is the client doing for "verify_locations"? -- Viktor. From Michael.Wojcik at microfocus.com Wed May 6 19:59:23 2020 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Wed, 6 May 2020 19:59:23 +0000 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of > Andreas Tengicki > Sent: Wednesday, May 06, 2020 12:45 > To: openssl-users at openssl.org > Subject: mutual-TLS / mTLS Example with certificate problem > > I can not find a working mutual-TLS server/client example on github or > the whole internet. By "mutual-TLS" I assume you mean "TLS with mutual authentication". I don't know about open-source examples off the top of my head, but all the products I work on support mutual authentication. Oh, wait, of course I know of an open-source example. It's OpenSSL, which supports mutual authentication in the s_server and s_client apps. > SSL_CTX_use_certificate_chain_file(srvCtx->ctx, > "../certs/server/ca.crt"); > SSL_CTX_use_certificate_file(srvCtx->ctx, > "../certs/server/server.crt", SSL_FILETYPE_PEM); This is very likely wrong. SSL(_CTX)_use_certificate_chain_file sets the entity certificate and its (partial) chain. So when you call SSL_CTX_use_certificate_file you're overwriting the entity certificate set by use_certificate_chain_file. Get rid of the call to use_certificate_file and put everything the server should be sending into the chain file, in the order described in the OpenSSL documentation: entity certificate, certificate for its issuer, and so on up to and including the root. (I've just noticed the docs don't say whether use_certificate_chain_file specifies SSL_BUILD_CHAIN_FLAG_NO_ROOT when it calls add1_chain_cert, so offhand I don't know whether this will cause the root to be included in the chain the server sends. But that shouldn't really matter.) > ca.crt: Version: 3 (0x2) > Serial Number: > 5a:fc:74:e6:28:28:0e:df:5b:7a:50:9e:a8:18:e6:04:42:f0:fd:8d > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA > Validity Not Before: May 6 09:21:23 2020 GMT Not After : May 6 > 09:21:23 2022 GMT > Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN > = 42CA Not enough information. We don't know what the Basic Constraints are for this certificate, or EKU, or whether it's actually the certificate that signed your server's entity certificate. More importantly, if this is the only certificate in ca.crt, which was what you passed to use_certificate_chain_file, then this was stored in the context as the entity cert, and no certificates were added to the chain. Then you overwrote the entity cert with use_certificate_file, and you still have no chain. (At least I believe that's what will happen; I haven't actually tried it.) > server.crt: Version: 1 (0x0) X.509v1? PKIX moved to v3 in, what, 2002 (with RFC 3280)? I mean, X.509v1 ought to still work, but it's hardly good practice. > Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = > debiandevdesktop01.sdctec.lokal > > debiandevdesktop01.sdctec.lokal is the FQDN of the development server And is that exactly what the client is specifying when it tries to verify the server's certificate? > SSL_CTX_use_certificate_chain_file(ctx, "../certs/client/ca.crt"); > SSL_CTX_use_certificate_file(ctx, "../certs/client/client.crt", > SSL_FILETYPE_PEM); Same problem as above. > If the client connects the server there are the following errors: > > server: > 139918902234240:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:../ssl/statem/statem_clnt.c:1915: Is that the whole OpenSSL error stack? When reporting an OpenSSL error (from your application), you should always make sure to dump the whole stack. Also, a piece of advice: A good place to start when diagnosing issues like this is to swap out the server for openssl s_server, or the client for openssl s_client. s_client can give you a whole bunch of information about what the server is sending, and would have shown the chain is just the entity certificate in this case. -- Michael Wojcik Distinguished Engineer, Micro Focus From norm.green at gemtalksystems.com Thu May 7 00:22:17 2020 From: norm.green at gemtalksystems.com (Norm Green) Date: Wed, 6 May 2020 17:22:17 -0700 Subject: openssl 3 alpha 1 test failures on AIX Message-ID: All tests on AIX fail like this.? Is this a known issue?? What debugging information is needed?? Should I open an issue on github? Also note I had to set LD_LIBRARY_PATH to the SSL build directory to get the tests to run at all. normg at sky>gmake test ??????? make depend && make _tests ??????? ( SRCTOP=.? BLDTOP=. PERL="/export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl" EXE_EXT=? /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ./test/run_tests.pl? ) 01-test_abort.t .................... # The results of this test will end up in test-runs/test_abort 1..1 Use of uninitialized value in concatenation (.) or string at ../../util/wrap.pl line 14. Use of uninitialized value in concatenation (.) or string at ../../util/wrap.pl line 14. Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d ../../util/../engines; ?= ../../util/../providers ??? if ( / at ../../util/wrap.pl line 14. ../../util/wrap.pl ../../test/aborttest => 255 ok 1 - Testing that abort is caught correctly ok 01-test_sanity.t ................... # The results of this test will end up in test-runs/test_sanity 1..1 Use of uninitialized value in concatenation (.) or string at ../../util/wrap.pl line 14. Use of uninitialized value in concatenation (.) or string at ../../util/wrap.pl line 14. Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d ../../util/../engines; ?= ../../util/../providers ??? if ( / at ../../util/wrap.pl line 14. ../../util/wrap.pl ../../test/sanitytest => 255 not ok 1 - running sanitytest ------------------------------------------------ Also: normg at sky>/export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl configdata.pm --dump Command line (with current working directory = .): ??? /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ./Configure threads shared no-zlib --prefix=/sky2/users/normg/gs360-openssl-300/slow9/openssl/install9 --openssldir=/usr/local/ssl debug-aix64-cc Perl information: ??? /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ??? 5.24.0 for aix-thread-multi-64int Enabled features: ??? aria ??? asm ??? async ??? autoalginit ??? autoerrinit ??? autoload-config ??? bf ??? blake2 ??? camellia ??? capieng ??? cast ??? chacha ??? cmac ??? cmp ??? cms ??? comp ??? ct ??? deprecated ??? des ??? dgram ??? dh ??? dsa ??? dso ??? dtls ??? dynamic-engine ??? ec ??? ec2m ??? ecdh ??? ecdsa ??? engine ??? err ??? filenames ??? fips ??? gost ??? idea ??? legacy ??? makedepend ??? md4 ??? mdc2 ??? module ??? multiblock ??? nextprotoneg ??? pinshared ??? ocb ??? ocsp ??? padlockeng ??? pic ??? poly1305 ??? posix-io ??? psk ??? rc2 ??? rc4 ??? rdrand ??? rfc3779 ??? rmd160 ??? scrypt ??? secure-memory ??? seed ??? shared ??? siphash ??? siv ??? sm2 ??? sm3 ??? sm4 ??? sock ??? srp ??? srtp ??? sse2 ??? ssl ??? static-engine ??? stdio ??? tests ??? threads ??? tls ??? ts ??? ui-console ??? whirlpool ??? tls1 ??? tls1-method ??? tls1_1 ??? tls1_1-method ??? tls1_2 ??? tls1_2-method ??? tls1_3 ??? dtls1 ??? dtls1-method ??? dtls1_2 ??? dtls1_2-method Disabled features: ??? afalgeng??????????? [not-linux] OPENSSL_NO_AFALGENG ??? asan??????????????? [default]??????? OPENSSL_NO_ASAN ??? buildtest-c++?????? [default] ??? crypto-mdebug?????? [default] OPENSSL_NO_CRYPTO_MDEBUG ??? devcryptoeng??????? [default] OPENSSL_NO_DEVCRYPTOENG ??? ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 ??? egd???????????????? [default]??????? OPENSSL_NO_EGD ??? external-tests????? [default] OPENSSL_NO_EXTERNAL_TESTS ??? fuzz-libfuzzer????? [default] OPENSSL_NO_FUZZ_LIBFUZZER ??? fuzz-afl??????????? [default] OPENSSL_NO_FUZZ_AFL ??? ktls??????????????? [default]??????? OPENSSL_NO_KTLS ??? md2???????????????? [default]??????? OPENSSL_NO_MD2 (skip crypto/md2) ??? msan??????????????? [default]??????? OPENSSL_NO_MSAN ??? rc5???????????????? [default]??????? OPENSSL_NO_RC5 (skip crypto/rc5) ??? sctp??????????????? [default]??????? OPENSSL_NO_SCTP ??? ssl-trace?????????? [default] OPENSSL_NO_SSL_TRACE ??? trace?????????????? [default]??????? OPENSSL_NO_TRACE ??? ubsan?????????????? [default]??????? OPENSSL_NO_UBSAN ??? unit-test?????????? [default] OPENSSL_NO_UNIT_TEST ??? uplink????????????? [no uplink_arch] OPENSSL_NO_UPLINK ??? weak-ssl-ciphers??? [default] OPENSSL_NO_WEAK_SSL_CIPHERS ??? zlib??????????????? [option] ??? zlib-dynamic??????? [default] ??? ssl3??????????????? [default]??????? OPENSSL_NO_SSL3 ??? ssl3-method???????? [default] OPENSSL_NO_SSL3_METHOD Config target attributes: ??? AR => "ar -X64", ??? ARFLAGS => "r", ??? CC => "cc", ??? CFLAGS => "-O0 -g", ??? HASHBANGPERL => "/usr/bin/env perl", ??? RANLIB => "ranlib -X64", ??? RC => "windres", ??? asm_arch => "ppc64", ??? bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", ??? build_file => "Makefile", ??? build_scheme => [ "unified", "unix" ], ??? cflags => "-q64 -qmaxmem=16384 -qro -qroconst -qthreaded", ??? cppflags => "-D_THREAD_SAFE", ??? defines => [ "OPENSSL_BUILDING_OPENSSL" ], ??? disable => [? ], ??? dso_scheme => "dlfcn", ??? enable => [? ], ??? ex_libs => "-lpthreads", ??? includes => [? ], ??? lflags => "-Wl,-bsvr4", ??? lib_cflags => "", ??? lib_cppflags => "-DB_ENDIAN", ??? lib_defines => [? ], ??? module_cflags => "-qpic", ??? module_cxxflags => undef, ??? module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry", ??? perl_platform => "AIX", ??? perlasm_scheme => "aix64", ??? shared_cflag => "-qpic", ??? shared_defflag => "-Wl,-bE:", ??? shared_defines => [? ], ??? shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", ??? shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry", ??? shared_rcflag => "", ??? shared_target => "aix", ??? sys_id => "AIX", ??? thread_defines => [? ], ??? thread_scheme => "pthreads", ??? unistd => "", Recorded environment: ??? AR = ??? ARFLAGS = ??? AS = ??? ASFLAGS = ??? BUILDFILE = ??? CC = /usr/vac/bin/xlc_r ??? CFLAGS = ??? CPP = ??? CPPDEFINES = ??? CPPFLAGS = ??? CPPINCLUDES = ??? CROSS_COMPILE = ??? CXX = ??? CXXFLAGS = ??? HASHBANGPERL = ??? LD = /usr/vacpp/bin/xlC_r ??? LDFLAGS = ??? LDLIBS = ??? MT = ??? MTFLAGS = ??? OPENSSL_LOCAL_CONFIG_DIR = ??? PERL = /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ??? RANLIB = ??? RC = ??? RCFLAGS = ??? RM = ??? WINDRES = ??? __CNF_CFLAGS = ??? __CNF_CPPDEFINES = ??? __CNF_CPPFLAGS = ??? __CNF_CPPINCLUDES = ??? __CNF_CXXFLAGS = ??? __CNF_LDFLAGS = ??? __CNF_LDLIBS = Makevars: ??? AR????????????? = ar -X64 ??? ARFLAGS???????? = r ??? CC????????????? = /usr/vac/bin/xlc_r ??? CFLAGS????????? = -O0 -g ??? CPPDEFINES????? = ??? CPPFLAGS??????? = ??? CPPINCLUDES???? = ??? CXXFLAGS??????? = ??? HASHBANGPERL??? = /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ??? LD????????????? = /usr/vacpp/bin/xlC_r ??? LDFLAGS???????? = ??? LDLIBS????????? = ??? PERL??????????? = /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ??? RANLIB????????? = ranlib -X64 ??? RC????????????? = windres ??? RCFLAGS???????? = NOTE: These variables only represent the configuration view.? The build file template may have processed these variables further, please have a look at the build file for more exact data: ??? Makefile build file: ??? Makefile build file templates: ??? Configurations/common0.tmpl ??? Configurations/unix-Makefile.tmpl ??? Configurations/common.tmpl From bkaduk at akamai.com Thu May 7 00:33:55 2020 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Wed, 6 May 2020 17:33:55 -0700 Subject: openssl 3 alpha 1 test failures on AIX In-Reply-To: References: Message-ID: <20200507003354.GO3811@akamai.com> On Wed, May 06, 2020 at 05:22:17PM -0700, Norm Green wrote: > All tests on AIX fail like this.? Is this a known issue?? What debugging > information is needed?? Should I open an issue on github? > > Also note I had to set LD_LIBRARY_PATH to the SSL build directory to get the > tests to run at all. > > > > > > normg at sky>gmake test > ??????? make depend && make _tests > ??????? ( SRCTOP=.? BLDTOP=. > PERL="/export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl" EXE_EXT=? > /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ./test/run_tests.pl? ) > 01-test_abort.t .................... > # The results of this test will end up in test-runs/test_abort > 1..1 > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d > ../../util/../engines; > ?= ../../util/../providers > ??? if ( / at ../../util/wrap.pl line 14. > ../../util/wrap.pl ../../test/aborttest => 255 > ok 1 - Testing that abort is caught correctly > ok > 01-test_sanity.t ................... > # The results of this test will end up in test-runs/test_sanity > 1..1 > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d > ../../util/../engines; That looks like your perl is unhappy about something; do you have other versions of perl available to try? Thanks, Ben From norm.green at gemtalksystems.com Thu May 7 00:38:22 2020 From: norm.green at gemtalksystems.com (Norm Green) Date: Wed, 6 May 2020 17:38:22 -0700 Subject: openssl 3 alpha 1 test failures on AIX In-Reply-To: <20200507003354.GO3811@akamai.com> References: <20200507003354.GO3811@akamai.com> Message-ID: <46ec3698-1068-4da0-2393-75a11ff3e8cf@gemtalksystems.com> I would have to build a new perl from source, but the perl I'm using meets the requirements. I built the current version (5.24.0) from a source a while back when openssl started requiring at least 5.10.0. Tests pass on the same machine with openssl 1.1.1 . On 5/6/2020 5:33 PM, Benjamin Kaduk wrote: > On Wed, May 06, 2020 at 05:22:17PM -0700, Norm Green wrote: >> All tests on AIX fail like this.? Is this a known issue?? What debugging >> information is needed?? Should I open an issue on github? >> >> Also note I had to set LD_LIBRARY_PATH to the SSL build directory to get the >> tests to run at all. >> >> >> >> >> >> normg at sky>gmake test >> ??????? make depend && make _tests >> ??????? ( SRCTOP=.? BLDTOP=. >> PERL="/export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl" EXE_EXT= >> /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ./test/run_tests.pl? ) >> 01-test_abort.t .................... >> # The results of this test will end up in test-runs/test_abort >> 1..1 >> Use of uninitialized value in concatenation (.) or string at >> ../../util/wrap.pl line 14. >> Use of uninitialized value in concatenation (.) or string at >> ../../util/wrap.pl line 14. >> Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d >> ../../util/../engines; >> ?= ../../util/../providers >> ??? if ( / at ../../util/wrap.pl line 14. >> ../../util/wrap.pl ../../test/aborttest => 255 >> ok 1 - Testing that abort is caught correctly >> ok >> 01-test_sanity.t ................... >> # The results of this test will end up in test-runs/test_sanity >> 1..1 >> Use of uninitialized value in concatenation (.) or string at >> ../../util/wrap.pl line 14. >> Use of uninitialized value in concatenation (.) or string at >> ../../util/wrap.pl line 14. >> Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d >> ../../util/../engines; > That looks like your perl is unhappy about something; do you have other versions > of perl available to try? > > Thanks, > > Ben From matt at openssl.org Thu May 7 08:16:18 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 7 May 2020 09:16:18 +0100 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: <479a949c-ba82-8a9c-0ee3-5565ca7bc37f@openssl.org> On 06/05/2020 19:44, Andreas Tengicki wrote: > ??? SSL_CTX_set_ecdh_auto(srvCtx->ctx, 1); Viktor and Michael have already provided some excellent advice on this so I won't cover the same ground. Just one note on this line though - this is actually unnecessary in modern versions of OpenSSL (anything from OpenSSL 1.1.0 and above). It's a no-op in modern versions - "auto" ecdh is the default. Matt From matt at openssl.org Thu May 7 08:34:30 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 7 May 2020 09:34:30 +0100 Subject: openssl 3 alpha 1 test failures on AIX In-Reply-To: References: Message-ID: <91b6b4d1-d346-5239-4340-3711c6df5f45@openssl.org> On 07/05/2020 01:22, Norm Green wrote: > All tests on AIX fail like this.? Is this a known issue?? What debugging > information is needed?? Should I open an issue on github? Yes - please open an issue on github. > > Also note I had to set LD_LIBRARY_PATH to the SSL build directory to get > the tests to run at all. Do you have any other OPENSSL relevant environment variables set, such as OPENSSL_ENGINES or OPENSSL_CONF (if so please mention this in the github issue)? Matt > > > > > > normg at sky>gmake test > ??????? make depend && make _tests > ??????? ( SRCTOP=.? BLDTOP=. > PERL="/export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl" EXE_EXT=? > /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ./test/run_tests.pl? ) > 01-test_abort.t .................... > # The results of this test will end up in test-runs/test_abort > 1..1 > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d > ../../util/../engines; > ?= ../../util/../providers > ??? if ( / at ../../util/wrap.pl line 14. > ../../util/wrap.pl ../../test/aborttest => 255 > ok 1 - Testing that abort is caught correctly > ok > 01-test_sanity.t ................... > # The results of this test will end up in test-runs/test_sanity > 1..1 > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Use of uninitialized value in concatenation (.) or string at > ../../util/wrap.pl line 14. > Unmatched ) in regex; marked by <-- HERE in m/ '') <-- HERE? eq '' && -d > ../../util/../engines; > ?= ../../util/../providers > ??? if ( / at ../../util/wrap.pl line 14. > ../../util/wrap.pl ../../test/sanitytest => 255 > not ok 1 - running sanitytest > > ------------------------------------------------ > Also: > > normg at sky>/export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl > configdata.pm --dump > > Command line (with current working directory = .): > > ??? /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl ./Configure > threads shared no-zlib > --prefix=/sky2/users/normg/gs360-openssl-300/slow9/openssl/install9 > --openssldir=/usr/local/ssl debug-aix64-cc > > Perl information: > > ??? /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl > ??? 5.24.0 for aix-thread-multi-64int > > Enabled features: > > ??? aria > ??? asm > ??? async > ??? autoalginit > ??? autoerrinit > ??? autoload-config > ??? bf > ??? blake2 > ??? camellia > ??? capieng > ??? cast > ??? chacha > ??? cmac > ??? cmp > ??? cms > ??? comp > ??? ct > ??? deprecated > ??? des > ??? dgram > ??? dh > ??? dsa > ??? dso > ??? dtls > ??? dynamic-engine > ??? ec > ??? ec2m > ??? ecdh > ??? ecdsa > ??? engine > ??? err > ??? filenames > ??? fips > ??? gost > ??? idea > ??? legacy > ??? makedepend > ??? md4 > ??? mdc2 > ??? module > ??? multiblock > ??? nextprotoneg > ??? pinshared > ??? ocb > ??? ocsp > ??? padlockeng > ??? pic > ??? poly1305 > ??? posix-io > ??? psk > ??? rc2 > ??? rc4 > ??? rdrand > ??? rfc3779 > ??? rmd160 > ??? scrypt > ??? secure-memory > ??? seed > ??? shared > ??? siphash > ??? siv > ??? sm2 > ??? sm3 > ??? sm4 > ??? sock > ??? srp > ??? srtp > ??? sse2 > ??? ssl > ??? static-engine > ??? stdio > ??? tests > ??? threads > ??? tls > ??? ts > ??? ui-console > ??? whirlpool > ??? tls1 > ??? tls1-method > ??? tls1_1 > ??? tls1_1-method > ??? tls1_2 > ??? tls1_2-method > ??? tls1_3 > ??? dtls1 > ??? dtls1-method > ??? dtls1_2 > ??? dtls1_2-method > > Disabled features: > > ??? afalgeng??????????? [not-linux] OPENSSL_NO_AFALGENG > ??? asan??????????????? [default]??????? OPENSSL_NO_ASAN > ??? buildtest-c++?????? [default] > ??? crypto-mdebug?????? [default] OPENSSL_NO_CRYPTO_MDEBUG > ??? devcryptoeng??????? [default] OPENSSL_NO_DEVCRYPTOENG > ??? ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 > ??? egd???????????????? [default]??????? OPENSSL_NO_EGD > ??? external-tests????? [default] OPENSSL_NO_EXTERNAL_TESTS > ??? fuzz-libfuzzer????? [default] OPENSSL_NO_FUZZ_LIBFUZZER > ??? fuzz-afl??????????? [default] OPENSSL_NO_FUZZ_AFL > ??? ktls??????????????? [default]??????? OPENSSL_NO_KTLS > ??? md2???????????????? [default]??????? OPENSSL_NO_MD2 (skip crypto/md2) > ??? msan??????????????? [default]??????? OPENSSL_NO_MSAN > ??? rc5???????????????? [default]??????? OPENSSL_NO_RC5 (skip crypto/rc5) > ??? sctp??????????????? [default]??????? OPENSSL_NO_SCTP > ??? ssl-trace?????????? [default] OPENSSL_NO_SSL_TRACE > ??? trace?????????????? [default]??????? OPENSSL_NO_TRACE > ??? ubsan?????????????? [default]??????? OPENSSL_NO_UBSAN > ??? unit-test?????????? [default] OPENSSL_NO_UNIT_TEST > ??? uplink????????????? [no uplink_arch] OPENSSL_NO_UPLINK > ??? weak-ssl-ciphers??? [default] OPENSSL_NO_WEAK_SSL_CIPHERS > ??? zlib??????????????? [option] > ??? zlib-dynamic??????? [default] > ??? ssl3??????????????? [default]??????? OPENSSL_NO_SSL3 > ??? ssl3-method???????? [default] OPENSSL_NO_SSL3_METHOD > > Config target attributes: > > ??? AR => "ar -X64", > ??? ARFLAGS => "r", > ??? CC => "cc", > ??? CFLAGS => "-O0 -g", > ??? HASHBANGPERL => "/usr/bin/env perl", > ??? RANLIB => "ranlib -X64", > ??? RC => "windres", > ??? asm_arch => "ppc64", > ??? bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", > ??? build_file => "Makefile", > ??? build_scheme => [ "unified", "unix" ], > ??? cflags => "-q64 -qmaxmem=16384 -qro -qroconst -qthreaded", > ??? cppflags => "-D_THREAD_SAFE", > ??? defines => [ "OPENSSL_BUILDING_OPENSSL" ], > ??? disable => [? ], > ??? dso_scheme => "dlfcn", > ??? enable => [? ], > ??? ex_libs => "-lpthreads", > ??? includes => [? ], > ??? lflags => "-Wl,-bsvr4", > ??? lib_cflags => "", > ??? lib_cppflags => "-DB_ENDIAN", > ??? lib_defines => [? ], > ??? module_cflags => "-qpic", > ??? module_cxxflags => undef, > ??? module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry", > ??? perl_platform => "AIX", > ??? perlasm_scheme => "aix64", > ??? shared_cflag => "-qpic", > ??? shared_defflag => "-Wl,-bE:", > ??? shared_defines => [? ], > ??? shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", > ??? shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry", > ??? shared_rcflag => "", > ??? shared_target => "aix", > ??? sys_id => "AIX", > ??? thread_defines => [? ], > ??? thread_scheme => "pthreads", > ??? unistd => "", > > Recorded environment: > > ??? AR = > ??? ARFLAGS = > ??? AS = > ??? ASFLAGS = > ??? BUILDFILE = > ??? CC = /usr/vac/bin/xlc_r > ??? CFLAGS = > ??? CPP = > ??? CPPDEFINES = > ??? CPPFLAGS = > ??? CPPINCLUDES = > ??? CROSS_COMPILE = > ??? CXX = > ??? CXXFLAGS = > ??? HASHBANGPERL = > ??? LD = /usr/vacpp/bin/xlC_r > ??? LDFLAGS = > ??? LDLIBS = > ??? MT = > ??? MTFLAGS = > ??? OPENSSL_LOCAL_CONFIG_DIR = > ??? PERL = /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl > ??? RANLIB = > ??? RC = > ??? RCFLAGS = > ??? RM = > ??? WINDRES = > ??? __CNF_CFLAGS = > ??? __CNF_CPPDEFINES = > ??? __CNF_CPPFLAGS = > ??? __CNF_CPPINCLUDES = > ??? __CNF_CXXFLAGS = > ??? __CNF_LDFLAGS = > ??? __CNF_LDLIBS = > > Makevars: > > ??? AR????????????? = ar -X64 > ??? ARFLAGS???????? = r > ??? CC????????????? = /usr/vac/bin/xlc_r > ??? CFLAGS????????? = -O0 -g > ??? CPPDEFINES????? = > ??? CPPFLAGS??????? = > ??? CPPINCLUDES???? = > ??? CXXFLAGS??????? = > ??? HASHBANGPERL??? = /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl > ??? LD????????????? = /usr/vacpp/bin/xlC_r > ??? LDFLAGS???????? = > ??? LDLIBS????????? = > ??? PERL??????????? = /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl > ??? RANLIB????????? = ranlib -X64 > ??? RC????????????? = windres > ??? RCFLAGS???????? = > > NOTE: These variables only represent the configuration view.? The build > file > template may have processed these variables further, please have a look > at the > build file for more exact data: > ??? Makefile > > build file: > > ??? Makefile > > build file templates: > > ??? Configurations/common0.tmpl > ??? Configurations/unix-Makefile.tmpl > ??? Configurations/common.tmpl > From tengicki at autopoll.de Thu May 7 09:22:39 2020 From: tengicki at autopoll.de (Andreas Tengicki) Date: Thu, 7 May 2020 11:22:39 +0200 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: Hello Michael, thank you and Viktor for your fast help. Viktor annotations I don't fully understand. Sure there is the openssl test server and client, but the source code is complex for everyone who is new in this encryption tasks. But testing with openssl was a valuable notice: 1) openssl vs openssl openssl s_server -port 8080 -CAfile certs/server/ca.crt -cert certs/server/server.crt -key certs/server/server.key -Verify 99 Is this the right call for "TLS with mutual authentication", I cannot find an other parameter for SSL_VERIFY_PEER? with openssl s_client -connect localhost:8080 -CAfile certs/client/ca.crt -cert certs/client/client.crt -key certs/client/client.key it is working, and the server sees the COMMON NAME of the client (the whole certificate) 2) openssl vs myclient is working 3) myserver vs openssl (and my client) is not working In the openssl server command line I set only CAfile, cert, key and verify I believe I do this also in my source code: ??? int verify_flags = SSL_VERIFY_PEER ??? SSL_CTX_set_verify(srvCtx->ctx, verify_flags, NULL); ??? char cafile[] = "/home/debdev/Projects/clearing/server/certs/client/ca.crt"; ??? Variant 1: ??? SSL_CTX_use_certificate_chain_file(srvCtx->ctx, cafile) ??? Variant 2: ??? STACK_OF(X509_NAME) *calist = SSL_load_client_CA_file(cafile); ??? SSL_CTX_set_client_CA_list(srvCtx->ctx, calist); ??? if (SSL_CTX_use_certificate_file(srvCtx->ctx, srvCtx->cert, SSL_FILETYPE_PEM) <= 0) ??? if (SSL_CTX_use_PrivateKey_file(srvCtx->ctx, srvCtx->key, SSL_FILETYPE_PEM) <= 0 ) But there is still the error: tls_process_client_certificate:certificate verify failed Why? 4) I have looked into apps/s_server.c there is a ? ctx_set_verify_locations with the cafile information in apps.c this calls:? SSL_CTX_load_verify_file, but the compiler can't find this function. Why? Thanks and sorry if I do not understand all details in the first try. Best regards ? Andreas Am 06.05.2020 um 21:59 schrieb Michael Wojcik: >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of >> Andreas Tengicki >> Sent: Wednesday, May 06, 2020 12:45 >> To: openssl-users at openssl.org >> Subject: mutual-TLS / mTLS Example with certificate problem >> >> I can not find a working mutual-TLS server/client example on github or >> the whole internet. > By "mutual-TLS" I assume you mean "TLS with mutual authentication". > > I don't know about open-source examples off the top of my head, but all the products I work on support mutual authentication. > > Oh, wait, of course I know of an open-source example. It's OpenSSL, which supports mutual authentication in the s_server and s_client apps. > >> SSL_CTX_use_certificate_chain_file(srvCtx->ctx, >> "../certs/server/ca.crt"); >> SSL_CTX_use_certificate_file(srvCtx->ctx, >> "../certs/server/server.crt", SSL_FILETYPE_PEM); > This is very likely wrong. SSL(_CTX)_use_certificate_chain_file sets the entity certificate and its (partial) chain. So when you call SSL_CTX_use_certificate_file you're overwriting the entity certificate set by use_certificate_chain_file. > > Get rid of the call to use_certificate_file and put everything the server should be sending into the chain file, in the order described in the OpenSSL documentation: entity certificate, certificate for its issuer, and so on up to and including the root. (I've just noticed the docs don't say whether use_certificate_chain_file specifies SSL_BUILD_CHAIN_FLAG_NO_ROOT when it calls add1_chain_cert, so offhand I don't know whether this will cause the root to be included in the chain the server sends. But that shouldn't really matter.) > >> ca.crt: Version: 3 (0x2) >> Serial Number: >> 5a:fc:74:e6:28:28:0e:df:5b:7a:50:9e:a8:18:e6:04:42:f0:fd:8d >> Signature Algorithm: sha256WithRSAEncryption >> Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA >> Validity Not Before: May 6 09:21:23 2020 GMT Not After : May 6 >> 09:21:23 2022 GMT >> Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN >> = 42CA > Not enough information. We don't know what the Basic Constraints are for this certificate, or EKU, or whether it's actually the certificate that signed your server's entity certificate. > > More importantly, if this is the only certificate in ca.crt, which was what you passed to use_certificate_chain_file, then this was stored in the context as the entity cert, and no certificates were added to the chain. Then you overwrote the entity cert with use_certificate_file, and you still have no chain. > > (At least I believe that's what will happen; I haven't actually tried it.) > >> server.crt: Version: 1 (0x0) > X.509v1? PKIX moved to v3 in, what, 2002 (with RFC 3280)? > > I mean, X.509v1 ought to still work, but it's hardly good practice. > >> Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = >> debiandevdesktop01.sdctec.lokal >> >> debiandevdesktop01.sdctec.lokal is the FQDN of the development server > And is that exactly what the client is specifying when it tries to verify the server's certificate? > >> SSL_CTX_use_certificate_chain_file(ctx, "../certs/client/ca.crt"); >> SSL_CTX_use_certificate_file(ctx, "../certs/client/client.crt", >> SSL_FILETYPE_PEM); > Same problem as above. > >> If the client connects the server there are the following errors: >> >> server: >> 139918902234240:error:1416F086:SSL >> routines:tls_process_server_certificate:certificate verify >> failed:../ssl/statem/statem_clnt.c:1915: > Is that the whole OpenSSL error stack? When reporting an OpenSSL error (from your application), you should always make sure to dump the whole stack. > > Also, a piece of advice: A good place to start when diagnosing issues like this is to swap out the server for openssl s_server, or the client for openssl s_client. s_client can give you a whole bunch of information about what the server is sending, and would have shown the chain is just the entity certificate in this case. > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > From rashok.svks at gmail.com Thu May 7 10:12:11 2020 From: rashok.svks at gmail.com (Raja Ashok) Date: Thu, 7 May 2020 15:42:11 +0530 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: Hi Andreas, Below repo has examples to use OpenSSL for mTLS (mutual certificate authentication) with sample certificates. You can refer this. https://github.com/TalkWithTLS/TalkWithTLS/blob/master/src/sample/openssl_tls13_server_both_auth.c https://github.com/TalkWithTLS/TalkWithTLS/blob/master/src/sample/openssl_tls13_client_both_auth.c On Thu, May 7, 2020 at 12:36 AM Andreas Tengicki wrote: > Hello, > > I can not find a working mutual-TLS server/client example on github or > the whole internet. Only some example for pieces of code. Communication > via socket without and with encryption (openSSL) is working, but with > mTLS not. I believe that I theoretical understand mTLS, but the practice > will not work. > > The whole (small) project is here: > https://github.com/deckard-rick/mTLS-example > > Server Side > ========= > > I initialize the SSL-context without errors with (sample, error handling > is not in this email) > > SSL_CTX_set_ecdh_auto(srvCtx->ctx, 1); > SSL_CTX_set_verify(srvCtx->ctx, SSL_VERIFY_PEER or > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); > SSL_CTX_load_verify_locations(srvCtx->ctx,NULL,"../certs"); //???? > SSL_CTX_use_certificate_chain_file(srvCtx->ctx, > "../certs/server/ca.crt"); > SSL_CTX_use_certificate_file(srvCtx->ctx, > "../certs/server/server.crt", SSL_FILETYPE_PEM); > SSL_CTX_use_PrivateKey_file(srvCtx->ctx, > "../certs/server/server.key", SSL_FILETYPE_PEM); > SSL_CTX_check_private_key(srvCtx->ctx); > > the certificates are: > > ca.crt: Version: 3 (0x2) > Serial Number: > 5a:fc:74:e6:28:28:0e:df:5b:7a:50:9e:a8:18:e6:04:42:f0:fd:8d > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = > 42CA > Validity Not Before: May 6 09:21:23 2020 GMT Not After : May 6 > 09:21:23 2022 GMT > Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN > = 42CA > > server.crt: Version: 1 (0x0) > Serial Number: > 5f:6f:44:b5:27:47:f2:d2:fe:2b:21:5b:38:7d:e5:f6:e5:d9:c1:23 > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = > 42CA > Validity Not Before: May 6 09:30:23 2020 GMT Not After : May 6 > 09:30:23 2021 GMT > Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = > debiandevdesktop01.sdctec.lokal > > debiandevdesktop01.sdctec.lokal is the FQDN of the development server > > Client Side > ========= > > SSL_CTX_set_ecdh_auto(ctx, 1); > SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); > SSL_CTX_use_certificate_chain_file(ctx, "../certs/client/ca.crt"); > SSL_CTX_use_certificate_file(ctx, "../certs/client/client.crt", > SSL_FILETYPE_PEM); > SSL_CTX_use_PrivateKey_file(ctx, "../certs/client/client.key", > SSL_FILETYPE_PEM); > > ca.crt: (see server) > > client.crt: Version: 1 (0x0) > Serial Number: > 5f:6f:44:b5:27:47:f2:d2:fe:2b:21:5b:38:7d:e5:f6:e5:d9:c1:24 > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = 42CA > Validity Not Before: May 6 09:35:51 2020 GMT Not After : May 6 > 09:35:51 2021 GMT > Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = > CLIENT001 > > Error: > ===== > > If the client connects the server there are the following errors: > > server: > 139918902234240:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:../ssl/statem/statem_clnt.c:1915: > > client: > 139918902234240:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:../ssl/statem/statem_clnt.c:1915: > > I think, there is a problem with the certificates. But where is the > problem and why? > > The statement to create the certificates are in the project ./certs/ > read.me > > Thanks for any help, I'm looking since days for a solution and I believe > it is only a small bug. > > Best regards > > Andreas > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aerowolf at gmail.com Thu May 7 16:48:18 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Thu, 7 May 2020 11:48:18 -0500 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: On a tangent, this file format (and order) was actually finally standardized as "application/pem-certificate-chain" by RFC 8555 section 9.1 (the Automatic Certificate Management Environment protocol, or ACME). On Wed, May 6, 2020 at 2:59 PM Michael Wojcik wrote: > Get rid of the call to use_certificate_file and put everything the server should be sending into the chain file, in the order described in the OpenSSL documentation: entity certificate, certificate for its issuer, and so on up to and including the root. (I've just noticed the docs don't say whether use_certificate_chain_file specifies SSL_BUILD_CHAIN_FLAG_NO_ROOT when it calls add1_chain_cert, so offhand I don't know whether this will cause the root to be included in the chain the server sends. But that shouldn't really matter.) From aerowolf at gmail.com Thu May 7 18:38:04 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Thu, 7 May 2020 13:38:04 -0500 Subject: OCSP pregeneration Message-ID: Is there a way to have OpenSSL's command line generate OCSP responses for every entry in index.txt, without having to go through the process of generating a blank (no-nonce, unsigned) request and then generating a response to each one for each serial number therein? -Kyle H From takotakot+openssl at gmail.com Mon May 11 08:01:27 2020 From: takotakot+openssl at gmail.com (NAKANO Takuho) Date: Mon, 11 May 2020 17:01:27 +0900 Subject: SSL_CTX_set_ssl_version changes security level Message-ID: Hello, I've found SSL_CTX_set_ssl_version changes security level: ===== int main(void){ int i; struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method()); printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx)); // 0--5 any i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method()); printf("SSL_CTX_set_ssl_version result: %d\n", i); // i ==1; success printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx)); // result 2 return 0; } ===== OS: CentOS 8 OpenSSL 1.1.1c FIPS 28 May 2019 Are there any reasons? I know SSLv23_method is deprecated. That does not matter. Regards, Takuho From bkaduk at akamai.com Mon May 11 15:31:29 2020 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Mon, 11 May 2020 08:31:29 -0700 Subject: SSL_CTX_set_ssl_version changes security level In-Reply-To: References: Message-ID: <20200511153127.GU3811@akamai.com> On Mon, May 11, 2020 at 05:01:27PM +0900, NAKANO Takuho wrote: > Hello, > > I've found SSL_CTX_set_ssl_version changes security level: > > ===== > int main(void){ > int i; > struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method()); > > printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx)); > // 0--5 any > > i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method()); > printf("SSL_CTX_set_ssl_version result: %d\n", i); > // i ==1; success > > printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx)); > // result 2 > > return 0; > } > ===== > > OS: CentOS 8 > OpenSSL 1.1.1c FIPS 28 May 2019 > > Are there any reasons? > I know SSLv23_method is deprecated. That does not matter. Note that SSL_CTX_set_ssl_version() has to re-set the cipher list to filter out ciphers unsupported by the new version. It uses the default cipher list as its starting point, which I assume on EL8 includes the security level in the cipher string. You can set the cipher list (and security level) back to what you want afterward, but I note that this behavior is a result of the OS-vendor customization and not inherent to openssl. -Ben From takotakot+openssl at gmail.com Mon May 11 20:22:29 2020 From: takotakot+openssl at gmail.com (NAKANO Takuho) Date: Tue, 12 May 2020 05:22:29 +0900 Subject: SSL_CTX_set_ssl_version changes security level In-Reply-To: <20200511153127.GU3811@akamai.com> References: <20200511153127.GU3811@akamai.com> Message-ID: 2020?5?12?(?) 0:31 Benjamin Kaduk : > > On Mon, May 11, 2020 at 05:01:27PM +0900, NAKANO Takuho wrote: > > Hello, > > > > I've found SSL_CTX_set_ssl_version changes security level: > > > > ===== > > int main(void){ > > int i; > > struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method()); > > > > printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx)); > > // 0--5 any > > > > i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method()); > > printf("SSL_CTX_set_ssl_version result: %d\n", i); > > // i ==1; success > > > > printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx)); > > // result 2 > > > > return 0; > > } > > ===== > > > > OS: CentOS 8 > > OpenSSL 1.1.1c FIPS 28 May 2019 > > > > Are there any reasons? > > I know SSLv23_method is deprecated. That does not matter. > > Note that SSL_CTX_set_ssl_version() has to re-set the cipher list > to filter out ciphers unsupported by the new version. It uses > the default cipher list as its starting point, which I assume on > EL8 includes the security level in the cipher string. > You can set the cipher list (and security level) back to what you > want afterward, but I note that this behavior is a result of the > OS-vendor customization and not inherent to openssl. > OS-vendor customization Thank you. That's very helpful. I get how to configure (but don't know why...). On CentOS 8: First result of SSL_CTX_get_security_level depends on A: /etc/pki/tls/openssl.cnf . To be more precise, set "CipherString = @SECLEVEL=5:..." or "CipherString = @SECLEVEL=0:..." in B: /etc/crypto-policies/back-ends/opensslcnf.config that is included by A. *BUT* second result of SSL_CTX_get_security_level depends on C: /etc/crypto-policies/back-ends/openssl.config (I assume SSL_CTX_set_ssl_version internally refer this file). File C has a single line beginning with: @SECLEVEL=2:kEECDH:.. If I change this level, the second result changes. Maybe it's on RHEL8 patch (system-cipherlist.patch). If I tried on Ubuntu 18.04 with "OpenSSL 1.1.1d 10 Sep 2019", security level diddn't change. Regards, Takuho From bkaduk at akamai.com Mon May 11 20:37:51 2020 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Mon, 11 May 2020 13:37:51 -0700 Subject: SSL_CTX_set_ssl_version changes security level In-Reply-To: References: <20200511153127.GU3811@akamai.com> Message-ID: <20200511203750.GV3811@akamai.com> On Tue, May 12, 2020 at 05:22:29AM +0900, NAKANO Takuho wrote: > 2020?5?12?(?) 0:31 Benjamin Kaduk : > > > OS-vendor customization > > Thank you. That's very helpful. I get how to configure (but don't know why...). > > On CentOS 8: > First result of SSL_CTX_get_security_level depends on > A: /etc/pki/tls/openssl.cnf . > > To be more precise, set "CipherString = @SECLEVEL=5:..." > or "CipherString = @SECLEVEL=0:..." in > B: /etc/crypto-policies/back-ends/opensslcnf.config > that is included by A. > > *BUT* second result of SSL_CTX_get_security_level depends on > C: /etc/crypto-policies/back-ends/openssl.config > (I assume SSL_CTX_set_ssl_version internally refer this file). > File C has a single line beginning with: > @SECLEVEL=2:kEECDH:.. > If I change this level, the second result changes. > Maybe it's on RHEL8 patch (system-cipherlist.patch). https://src.fedoraproject.org/rpms/openssl/blob/master/f/openssl-1.1.1-system-cipherlist.patch suggests (the ssl.h chunk) that this patch does force the use of the "system profile" as the default cipher list. -Ben From takotakot+openssl at gmail.com Tue May 12 01:13:20 2020 From: takotakot+openssl at gmail.com (NAKANO Takuho) Date: Tue, 12 May 2020 10:13:20 +0900 Subject: SSL_CTX_set_ssl_version changes security level In-Reply-To: <20200511203750.GV3811@akamai.com> References: <20200511153127.GU3811@akamai.com> <20200511203750.GV3811@akamai.com> Message-ID: > https://src.fedoraproject.org/rpms/openssl/blob/master/f/openssl-1.1.1-system-cipherlist.patch > suggests (the ssl.h chunk) that this patch does force the use of the "system > profile" as the default cipher list. https://src.fedoraproject.org/rpms/openssl/blob/master/f/openssl.spec "./Configure" with option below: --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config this path is where I pointed. Takuho From tmraz at redhat.com Tue May 12 07:01:51 2020 From: tmraz at redhat.com (Tomas Mraz) Date: Tue, 12 May 2020 09:01:51 +0200 Subject: SSL_CTX_set_ssl_version changes security level In-Reply-To: <20200511203750.GV3811@akamai.com> References: <20200511153127.GU3811@akamai.com> <20200511203750.GV3811@akamai.com> Message-ID: On Mon, 2020-05-11 at 13:37 -0700, Benjamin Kaduk via openssl-users wrote: > On Tue, May 12, 2020 at 05:22:29AM +0900, NAKANO Takuho wrote: > > 2020?5?12?(?) 0:31 Benjamin Kaduk : > > > > > OS-vendor customization > > > > Thank you. That's very helpful. I get how to configure (but don't > > know why...). > > > > On CentOS 8: > > First result of SSL_CTX_get_security_level depends on > > A: /etc/pki/tls/openssl.cnf . > > > > To be more precise, set "CipherString = @SECLEVEL=5:..." > > or "CipherString = @SECLEVEL=0:..." in > > B: /etc/crypto-policies/back-ends/opensslcnf.config > > that is included by A. > > > > *BUT* second result of SSL_CTX_get_security_level depends on > > C: /etc/crypto-policies/back-ends/openssl.config > > (I assume SSL_CTX_set_ssl_version internally refer this file). > > File C has a single line beginning with: > > @SECLEVEL=2:kEECDH:.. > > If I change this level, the second result changes. > > Maybe it's on RHEL8 patch (system-cipherlist.patch). > > https://src.fedoraproject.org/rpms/openssl/blob/master/f/openssl-1.1.1-system-cipherlist.patch > suggests (the ssl.h chunk) that this patch does force the use of the > "system > profile" as the default cipher list. Yes, on Fedora/RHEL 8 you need to replace the cipher strings in both /etc/crypto-policies/back-ends/openssl.config and /etc/crypto- policies/back-ends/opensslcnf.config config files or you have to override the cipher string with a non-default one from the application. -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From jb-openssl at wisemo.com Tue May 12 13:50:30 2020 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 12 May 2020 15:50:30 +0200 Subject: Which 1.1.1 config options set OPENSSL_NO_TESTS ? Message-ID: <5868fa53-2cea-6807-5a45-af5b759474db@wisemo.com> When running Configure in OpenSSL 1.1.1g with various options, it sometimes silently sets OPENSSL_NO_TESTS as reported by "perl configdata.pm -d" . This obviously causes "make test" to do nothing with the message "Tests are not supported with your chosen Configure options" . Unfortunately, neither the message nor "perl configdata.pm -d" gives any clue which of the used Configure options triggered this, and neither do INSTALL nor Configurations/README* nor Configurations/INTERNALS.Configure . So how should one go about finding the offending Configure options (other than endless trial and error)? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From matt at openssl.org Tue May 12 14:01:29 2020 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 May 2020 15:01:29 +0100 Subject: Which 1.1.1 config options set OPENSSL_NO_TESTS ? In-Reply-To: <5868fa53-2cea-6807-5a45-af5b759474db@wisemo.com> References: <5868fa53-2cea-6807-5a45-af5b759474db@wisemo.com> Message-ID: <0915b65f-ed86-faff-6bbc-907edb2bef53@openssl.org> On 12/05/2020 14:50, Jakob Bohm via openssl-users wrote: > When running Configure in OpenSSL 1.1.1g with various options, it sometimes > silently sets OPENSSL_NO_TESTS as reported by "perl configdata.pm -d" . Looking at the code here: https://github.com/openssl/openssl/blob/69296e264e58334620f541d09a4e381ee45542d4/Configure#L470-L510 It seems that "no-tests" will happen automatically if you specify "no-apps". "no-apps" will be automatically turned on by "no-autoalginit". i.e. these 3: no-tests no-apps no-autoalginit It strikes me as a bit over-zealous to disable all the tests because the apps are disabled (quite a few tests use the apps, but quite a few do not - we could at least run the ones that don't use them). These option cascades really ought to be documented in INSTALL, but I can see that they are not. Matt > > This obviously causes "make test" to do nothing with the message "Tests are > not supported with your chosen Configure options" . > > Unfortunately, neither the message nor "perl configdata.pm -d" gives any > clue which of the used Configure options triggered this, and neither do > INSTALL nor Configurations/README* nor Configurations/INTERNALS.Configure . > > So how should one go about finding the offending Configure options (other > than endless trial and error)? > > Enjoy > > Jakob From jb-openssl at wisemo.com Tue May 12 14:30:24 2020 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 12 May 2020 16:30:24 +0200 Subject: Which 1.1.1 config options set OPENSSL_NO_TESTS ? In-Reply-To: <0915b65f-ed86-faff-6bbc-907edb2bef53@openssl.org> References: <5868fa53-2cea-6807-5a45-af5b759474db@wisemo.com> <0915b65f-ed86-faff-6bbc-907edb2bef53@openssl.org> Message-ID: On 12/05/2020 16:01, Matt Caswell wrote: > > On 12/05/2020 14:50, Jakob Bohm via openssl-users wrote: >> When running Configure in OpenSSL 1.1.1g with various options, it sometimes >> silently sets OPENSSL_NO_TESTS as reported by "perl configdata.pm -d" . > Looking at the code here: > > https://github.com/openssl/openssl/blob/69296e264e58334620f541d09a4e381ee45542d4/Configure#L470-L510 > > It seems that "no-tests" will happen automatically if you specify > "no-apps". "no-apps" will be automatically turned on by "no-autoalginit". > > i.e. these 3: > > no-tests > no-apps > no-autoalginit > > It strikes me as a bit over-zealous to disable all the tests because the > apps are disabled (quite a few tests use the apps, but quite a few do > not - we could at least run the ones that don't use them). Similarly, I would expect many of the apps to work fine with no-autoalginit, while the remainder could do the equivalent from the bin/openssl code without imposing it upon library users. > These option cascades really ought to be documented in INSTALL, but I > can see that they are not. >> This obviously causes "make test" to do nothing with the message "Tests are >> not supported with your chosen Configure options" . >> >> Unfortunately, neither the message nor "perl configdata.pm -d" gives any >> clue which of the used Configure options triggered this, and neither do >> INSTALL nor Configurations/README* nor Configurations/INTERNALS.Configure . >> >> So how should one go about finding the offending Configure options (other >> than endless trial and error)? >> Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From bbrumley at gmail.com Tue May 12 14:35:18 2020 From: bbrumley at gmail.com (Billy Brumley) Date: Tue, 12 May 2020 17:35:18 +0300 Subject: openssl 3 and deprecation Message-ID: Howdy Folks, I checked https://www.openssl.org/policies/releasestrat.html but did not manage to find an answer. At what stages is marking a function deprecated still allowed? Only before beta? Or at all stages? Or is it case-by-case with potential OMC vote? Thanks BBB From matt at openssl.org Tue May 12 14:50:15 2020 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 May 2020 15:50:15 +0100 Subject: openssl 3 and deprecation In-Reply-To: References: Message-ID: On 12/05/2020 15:35, Billy Brumley wrote: > Howdy Folks, > > I checked https://www.openssl.org/policies/releasestrat.html but did > not manage to find an answer. > > At what stages is marking a function deprecated still allowed? Only > before beta? Or at all stages? Or is it case-by-case with potential > OMC vote? Hi Billy We allow API changes until Beta 1 (but ideally we would prefer API changes to have appeared in at least one alpha). Deprecation counts as an API change. Matt From john at mccabe.org.uk Tue May 12 18:45:20 2020 From: john at mccabe.org.uk (John McCabe) Date: Tue, 12 May 2020 19:45:20 +0100 (BST) Subject: Can RSA PSS-R be done simply with OpenSSL? Message-ID: <14046134.585354.1589309120372@email.ionos.co.uk> Hi, I've searched around, but found nothing that appears to help. I'm developing some software where I may be given a file that's been created (signed) by using the Crypto++ library's implementation of RSA PSS-R, with a SHA1 hash. As I understand it, the complete file contents then effectively becomes the signature, and the receiving end needs to recover the original file contents and verify its signature. Is the receiving end something I can do with OpenSSL? I have a need to use OpenSSL features in the software I'm developing so, if possible, I'd rather avoid having to include Crypto++ in it! Any pointers would be gratefully appreciated. For what it's worth, this is something I'm fairly new to so, if what I'm asking isn't clear, or if it sounds like I have some concepts wrong, please let me know.... gently ;-) Many thanks John From andrew.tucker at salesforce.com Tue May 12 19:11:29 2020 From: andrew.tucker at salesforce.com (Andrew Tucker) Date: Tue, 12 May 2020 12:11:29 -0700 Subject: Can RSA PSS-R be done simply with OpenSSL? In-Reply-To: <14046134.585354.1589309120372@email.ionos.co.uk> References: <14046134.585354.1589309120372@email.ionos.co.uk> Message-ID: There is example code for doing RSA PSS with OpenSSL at https://www.idrix.fr/Root/Samples/openssl_pss_signature.c On Tue, May 12, 2020 at 11:59 AM John McCabe wrote: > Hi, > I've searched around, but found nothing that appears to help. > > I'm developing some software where I may be given a file that's been > created (signed) by using the Crypto++ library's implementation of RSA > PSS-R, with a SHA1 hash. As I understand it, the complete file contents > then effectively becomes the signature, and the receiving end needs to > recover the original file contents and verify its signature. > > Is the receiving end something I can do with OpenSSL? I have a need to use > OpenSSL features in the software I'm developing so, if possible, I'd rather > avoid having to include Crypto++ in it! > > Any pointers would be gratefully appreciated. For what it's worth, this is > something I'm fairly new to so, if what I'm asking isn't clear, or if it > sounds like I have some concepts wrong, please let me know.... gently ;-) > > Many thanks > John > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomiii at tomiii.com Tue May 12 23:21:46 2020 From: tomiii at tomiii.com (Thomas Dwyer III) Date: Tue, 12 May 2020 16:21:46 -0700 Subject: Minimum gcc version required for openssl 3.x? Message-ID: I searched all the docs I could find but I was unable to locate any statements regarding gcc compatibility for openssl 3.x. I'm having a problem cross-compiling for arm using gcc-4.4.5: rm -f libssl.so && \ ln -s libssl.so.3 libssl.so arm-linux-gnueabi-gcc -Iinclude -fPIC -pthread -Wall -O3 -DNDEBUG -DL_ENDIAN -DOPENSSL_NO_COMP -MMD -MF engines/capi-dso-e_capi.d.tmp -MT engines/capi-dso-e_capi.o -c -o engines/capi-dso-e_capi.o engines/e_capi.c /workspace/XXXXXX/perl/bin/perl ./util/mkdef.pl --ordinals util/engines.num --name engines/capi --OS linux > engines/capi.ld arm-linux-gnueabi-gcc -fPIC -pthread -Wall -O3 -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread arm-linux-gnueabi-gcc: defs: No such file or directory gmake[5]: *** [engines/capi.so] Error 1 I found that gcc-4.9.2 works fine (odd, see below), as does the following patch: $ git diff Configurations/shared-info.pl diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index a673c7c..461ce3c 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -36,7 +36,7 @@ my %shared_info; (grep /(?:^|\s)-fsanitize/, @{$config{CFLAGS}}, @{$config{cflags}}) ? '' - : '-z defs', + : '-Wl,-z,defs', }; }, 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, Although this works in gcc-4.9.2, it appears that the -z flag wasn't documented until gcc-5.5. All Google hits I get for "-z defs" take me to pages that show "-Wl,-z,defs" so it's curious that this particular option isn't being passed with -Wl like the others. Is there a minimum supported gcc version for openssl 3.x? Thanks, Tom.III -------------- next part -------------- An HTML attachment was scrubbed... URL: From abel at aalejandro.com Wed May 13 01:14:27 2020 From: abel at aalejandro.com (abel alejandro) Date: Tue, 12 May 2020 21:14:27 -0400 Subject: Intermittent ssl errors without OPENSSL_ia32cap Message-ID: Hello all, I have a AMD 3600x + X470D4U system where I observed intermittent ssl problems including data corruption of files when downloading thru https. For example: root at oasis:~# curl -o o https://www.google.com % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (35) error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac root at oasis:~# This was originally on unraid linux distribution but I also tried Slax live with the same results. At the end I was able to get rid of the warnings and download without data corruption by using OPENSSL_ia32cap="~0x200000200000000". Could this be a bug somewhere in openssl or my hardware is just bad? Thanks! From doctor at doctor.nl2k.ab.ca Wed May 13 07:00:28 2020 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Wed, 13 May 2020 01:00:28 -0600 Subject: Current openssl 3 alpha dev 2 and upcoming openssh 8.3 Message-ID: <20200513070028.GA95864@doctor.nl2k.ab.ca> Odd. Found this today. In make test , the test stops at simple transfer. In openssh-8.2p1 I worked find to a point. Any changes in the 3 aplha daily snaphots that could cause this? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism No change on the outside will affect the problem within the heart. -unknown From forston_shi at trendmicro.com Wed May 13 06:50:48 2020 From: forston_shi at trendmicro.com (forston_shi at trendmicro.com) Date: Wed, 13 May 2020 06:50:48 +0000 Subject: question about certificate verify Message-ID: <3dd9ecdeaf5e453d8ed24a80a419e235@trendmicro.com> Hi Opessl team We have a root certificate database, there are two root same certificates which have different expire time and thumbprint in the database. We call API "X509_STORE_CTX_init" to load the database first, and then call API "X509_verify_cert" to verify. >From our test result, valid certificate can be passed by this database, expired certificate will failed. We want to confirm how openssl to look for correct certificate to verify. We used version 1.0.1 above now. Because some of our product used old version 0.9.8, valid certificate also failed sometimes. Best regards Forston Shi (RD-CN)
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

For details about what personal information we collect and why, please see our Privacy Notice on our website at: [ https://www.trendmicro.com/privacy] 
-------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed May 13 08:16:40 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2020 09:16:40 +0100 Subject: Minimum gcc version required for openssl 3.x? In-Reply-To: References: Message-ID: <2cdf11fe-f6a7-9846-abf3-19491b8c02e9@openssl.org> On 13/05/2020 00:21, Thomas Dwyer III wrote: > Although this works in gcc-4.9.2, it appears that the -z flag wasn't > documented until gcc-5.5. All Google hits I get for "-z defs" take me to > pages that show "-Wl,-z,defs" so it's curious that this particular > option isn't being passed with -Wl like the others. Is there a minimum > supported gcc version for openssl 3.x? None has been specified. You might want to submit your patch as a PR. Matt From matt at openssl.org Wed May 13 08:18:27 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2020 09:18:27 +0100 Subject: Intermittent ssl errors without OPENSSL_ia32cap In-Reply-To: References: Message-ID: On 13/05/2020 02:14, abel alejandro wrote: > At the end I was able to get rid of the warnings and download without > data corruption by using OPENSSL_ia32cap="~0x200000200000000". Could > this be a bug somewhere in openssl or my hardware is just bad? It could be a bug. I suggest you raise a github issue about it. Please include details about the version of OpenSSL being used. Matt From matt at openssl.org Wed May 13 08:30:51 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2020 09:30:51 +0100 Subject: Current openssl 3 alpha dev 2 and upcoming openssh 8.3 In-Reply-To: <20200513070028.GA95864@doctor.nl2k.ab.ca> References: <20200513070028.GA95864@doctor.nl2k.ab.ca> Message-ID: <7a7a02b7-dbb2-e1f4-64f9-d66ff9311e3a@openssl.org> On 13/05/2020 08:00, The Doctor wrote: > Odd. Found this today. In make test , the test stops at simple > transfer. > > In openssh-8.2p1 I worked find to a point. > > Any changes in the 3 aplha daily snaphots that could cause this? > Nothing that springs to mind. There have been numerous commits in the last few days, so any one of them could have caused it - but I don't see an obvious candidate. Can you raise a github issue with more details? Matt From tomiii at tomiii.com Thu May 14 21:21:30 2020 From: tomiii at tomiii.com (Thomas Dwyer III) Date: Thu, 14 May 2020 14:21:30 -0700 Subject: EVP_PKEY_new_raw_private_key() vs EVP_PKEY_new_mac_key() ? Message-ID: Are EVP_PKEY_new_raw_private_key() and EVP_PKEY_new_mac_key() functionally equivalent? They have very different implementations internally but appear to produce identical results when used with EVP_DigestSignInit() and key type EVP_PKEY_HMAC. The documentation says "works like" but it's not clear whether that really means "equivalent". I'm trying to write portable (openssl version agnostic) HMAC functions and I'm concerned about the note that says "New applications should use EVP_PKEY_new_raw_private_key() instead" when that doesn't exist prior to 1.1.1. Is this the recommended solution? #if OPENSSL_VERSION_NUMBER < 0x10101000L EVP_PKEY *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, ...); #else EVP_PKEY *pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, ...); #endif Thanks, Tom.III -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Thu May 14 21:22:22 2020 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 14 May 2020 21:22:22 +0000 Subject: mutual-TLS / mTLS Example with certificate problem In-Reply-To: References: Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of > Andreas Tengicki > Sent: Thursday, May 07, 2020 03:23 > > 3) myserver vs openssl (and my client) is not working Did you do what I told you to do in my previous message? That is: > > Get rid of the call to use_certificate_file and put everything the server > > should be sending into the chain file, in the order described in the OpenSSL > > documentation: entity certificate, certificate for its issuer, and so on up > > to and including the root. -- Michael Wojcik Distinguished Engineer, Micro Focus From matt at openssl.org Thu May 14 21:38:53 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 14 May 2020 22:38:53 +0100 Subject: EVP_PKEY_new_raw_private_key() vs EVP_PKEY_new_mac_key() ? In-Reply-To: References: Message-ID: On 14/05/2020 22:21, Thomas Dwyer III wrote: > Are EVP_PKEY_new_raw_private_key() and EVP_PKEY_new_mac_key() > functionally equivalent? They have very different implementations > internally but appear to produce identical results when used with > EVP_DigestSignInit() and key type EVP_PKEY_HMAC. The documentation says > "works like" but it's not clear whether that really means "equivalent". > I'm trying to write portable (openssl version agnostic) HMAC functions > and I'm concerned about the note that says "New applications should use > EVP_PKEY_new_raw_private_key() instead" when that doesn't exist prior to > 1.1.1. Is this the recommended solution? > > #if OPENSSL_VERSION_NUMBER < 0x10101000L > ? ? EVP_PKEY *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, ...); > #else > ??? EVP_PKEY *pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, ...); > #endif As you note the implementations are very different. EVP_PKEY_new_raw_private_key() is the preferred approach (its much simpler internally) and also works for other things that are not MACs (e.g. X25519, X448). The two should however be functionally equivalent. Your proposed solution is fine. My guess is that at some point in the future EVP_PKEY_new_mac_key() will be deprecated - but it hasn't been in 1.1.1, and nor has it so far in 3.0. So you *could* choose to just use EVP_PKEY_new_mac_key(). Matt From openssl at openssl.org Fri May 15 14:19:59 2020 From: openssl at openssl.org (OpenSSL) Date: Fri, 15 May 2020 14:19:59 +0000 Subject: OpenSSL version 3.0.0-alpha2 published Message-ID: <20200515141959.GA21247@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenSSL version 3.0 alpha 2 released ==================================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.0 is currently in alpha. OpenSSL 3.0 alpha 2 has now been made available. Note: This OpenSSL pre-release has been provided for testing ONLY. It should NOT be used for security critical purposes. Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well as known issues are available on the OpenSSL Wiki, here: https://wiki.openssl.org/index.php/OpenSSL_3.0 The alpha release is available for download via HTTPS and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-3.0.0-alpha2.tar.gz Size: 9601205 SHA1 checksum: 9224a8957232db61b1e9cf1a80b3a19165f47236 SHA256 checksum: 9077d53d889f9708c261ee8a698df10575e2fd191de6924d89136b97dc8bc0c0 The checksums were calculated using the following commands: openssl sha1 openssl-3.0.0-alpha2.tar.gz openssl sha256 openssl-3.0.0-alpha2.tar.gz Please download and check this alpha release as soon as possible. To report a bug, open an issue on GitHub: https://github.com/openssl/openssl/issues Please check the release notes and mailing lists to avoid duplicate reports of known issues. (Of course, the source is also available on GitHub.) Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6+miwACgkQ2cTSbQ5g RJFqZggAhQGdzxbmbIa6aKeaX3sNpIYEpnu1W3htP/d2tMuqUlv31qG+IKZEnqHy kk/rhpHj9XU08MurpZ9caALayA3WNSpZXCwzpG85pgIm/KlwM2YN2CdmFCuh/G4K sMyU8UgSEcuEfF7BpYNgmfifYxDdRJjlrnrHwBPpFRJ0MdvS+8GN0a9n9b3o2eOm u2Dnub85W7NUH4St4YdKqDfxUF3rIPg+hvgOllb8JjZAqbrnCkeFek2SL9fVYJBM ORy3QODr2ahOo5sOYi61y7qe/MpcLdyjr5btm0L/xggWjBJ+EOo7m1iG2eQdzE88 AvcvALAtph/vmvfU3uPGWL7ms3z9Jg== =ixcT -----END PGP SIGNATURE----- From lear at ofcourseimright.com Mon May 18 09:57:25 2020 From: lear at ofcourseimright.com (Eliot Lear) Date: Mon, 18 May 2020 11:57:25 +0200 Subject: PHP interface and CMS_STREAM flag for cms_encrypt()/cms_sign() Message-ID: <3277c8e8-99cd-d862-054a-ff52a39ac249@ofcourseimright.com> Hi there, I am now just tidying up the PHP interface for CMS, which is an analog to the PKCS#7 interface.? As all the inputs are file names, one wonders if there is any possibility of the CMS_STREAM flag ever being a reasonable option.? If it is not, it will simplify the code. Eliot -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From ca+ssl-users at esmtp.org Mon May 18 16:59:59 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Mon, 18 May 2020 18:59:59 +0200 Subject: How to debug a TLSv1.3 protocol problem? Message-ID: <20200518165959.GA11129@kiel.esmtp.org> I'm stuck and looking for some hints/help. I have two MTAs (let's call them M1 and S8), both built with OpenSSL 1.1.1g. The problem is M1 cannot establish a TLSv1.3 connection with S8. Using other MTAs/sites/protocols/tools works just fine, e.g., M1 can send mail to google using TLSv1.3, and S8 can send mail to M1. Replacing the server or client with openssl s_client/s_server also works. I've added some TLS callbacks to S8 which I found in s_cb.c, but all I get at the end is "SSL_accept:error in TLSv1.3 early data" (see "full" trace below for the steps leading to this). Unfortunately I cannot find a way to figure out more details or what kind of error that is. Any hints how to determine (and fix?) the problem? S8 server side: info_callback where=0x10, ret=1 info_callback where=0x2001, ret=1 SSL_accept:before SSL initialization ssl_msg_cb, writep=0, version=0, len=5, ct=256 ssl_msg_cb, before SSL initialization info_callback where=0x2001, ret=1 SSL_accept:before SSL initialization ssl_msg_cb, writep=0, version=772, len=512, ct=22 ssl_msg_cb, SSLv3/TLS read client hello info_callback where=0x2001, ret=1 SSL_accept:SSLv3/TLS read client hello ssl_msg_cb, writep=1, version=0, len=5, ct=256 ssl_msg_cb, SSLv3/TLS write server hello ssl_msg_cb, writep=1, version=772, len=88, ct=22 ssl_msg_cb, SSLv3/TLS write server hello info_callback where=0x2001, ret=1 SSL_accept:SSLv3/TLS write server hello ssl_msg_cb, writep=1, version=0, len=5, ct=256 ssl_msg_cb, SSLv3/TLS write change cipher spec ssl_msg_cb, writep=1, version=772, len=1, ct=20 ssl_msg_cb, SSLv3/TLS write change cipher spec info_callback where=0x2001, ret=1 SSL_accept:SSLv3/TLS write change cipher spec info_callback where=0x2001, ret=1 SSL_accept:TLSv1.3 early data info_callback where=0x2002, ret=-1 SSL_accept:error in TLSv1.3 early data M1 client side: apps_ssl_info_cb, where=10, ret=1 apps_ssl_info_cb, SSL_connect=before SSL initialization ssl_msg_cb, writep=1, version=0, len=5, ct=100 ssl_msg_cb, SSLv3/TLS write client hello ssl_msg_cb, writep=1, version=772, len=512, ct=16 ssl_msg_cb, SSLv3/TLS write client hello apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello ssl_msg_cb, writep=0, version=0, len=5, ct=100 ssl_msg_cb, SSLv3/TLS write client hello apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello ssl_msg_cb, writep=0, version=772, len=88, ct=16 ssl_msg_cb, SSLv3/TLS read server hello apps_ssl_info_cb, SSL_connect=SSLv3/TLS read server hello ssl_msg_cb, writep=1, version=0, len=5, ct=100 ssl_msg_cb, SSLv3/TLS write change cipher spec ssl_msg_cb, writep=1, version=772, len=1, ct=14 ssl_msg_cb, SSLv3/TLS write change cipher spec apps_ssl_info_cb, SSL_connect=SSLv3/TLS write change cipher spec ssl_msg_cb, writep=1, version=0, len=5, ct=100 ssl_msg_cb, SSLv3/TLS write client hello ssl_msg_cb, writep=1, version=772, len=512, ct=16 ssl_msg_cb, SSLv3/TLS write client hello apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello ssl_msg_cb, writep=0, version=0, len=5, ct=100 ssl_msg_cb, SSLv3/TLS write client hello and here it hangs until timeout. From ddpatel at rfideas.com Mon May 18 17:21:51 2020 From: ddpatel at rfideas.com (Deep D. Patel) Date: Mon, 18 May 2020 17:21:51 +0000 Subject: Help using openssl source code for AES/DES encryption/decryption Message-ID: Hello, I want to add openssl 1.0.2u source code to support AES, DES algorithms in my existing project to build the executable (using Cross Arm GCC C/C++ compiler in Eclipse IDE) for my target environment (32-bit Arm Cortex m3 controller). What are the relevant files/folder of the source code shall I use ? I have downloaded the source code and believe there is a folder named 'crypto' which might be the folder of interest for me. But I am not sure what to use, so wanted to confirm from openssl source code developer, what shall I use. Is there a library file available to use supporting my target environment/hardware ? Thanks. Appreciate your help. [RF IDeas] Deep Patel Embedded Software Engineer D: 224-333-2084 P: 847-870-1723 Ext 437 E: ddpatel at rfideas.com A: 4020 Winnetka Ave., Rolling Meadows, IL 60008 [cid:image005.png at 01D62D0E.E87BD530][Blog] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 2512 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 174 bytes Desc: image005.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.png Type: image/png Size: 1491 bytes Desc: image006.png URL: From matt at openssl.org Mon May 18 17:59:25 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 May 2020 18:59:25 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200518165959.GA11129@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> Message-ID: Are you able to capture a wireshark trace of the handshake? Matt On 18/05/2020 17:59, Claus Assmann wrote: > I'm stuck and looking for some hints/help. I have two MTAs (let's > call them M1 and S8), both built with OpenSSL 1.1.1g. The problem > is M1 cannot establish a TLSv1.3 connection with S8. Using other > MTAs/sites/protocols/tools works just fine, e.g., M1 can send mail > to google using TLSv1.3, and S8 can send mail to M1. Replacing the > server or client with openssl s_client/s_server also works. > > I've added some TLS callbacks to S8 which I found in s_cb.c, but > all I get at the end is "SSL_accept:error in TLSv1.3 early data" > (see "full" trace below for the steps leading to this). > Unfortunately I cannot find a way to figure out more details or > what kind of error that is. Any hints how to determine (and fix?) > the problem? > > S8 server side: > info_callback where=0x10, ret=1 > info_callback where=0x2001, ret=1 > SSL_accept:before SSL initialization > ssl_msg_cb, writep=0, version=0, len=5, ct=256 > ssl_msg_cb, before SSL initialization > info_callback where=0x2001, ret=1 > SSL_accept:before SSL initialization > ssl_msg_cb, writep=0, version=772, len=512, ct=22 > ssl_msg_cb, SSLv3/TLS read client hello > info_callback where=0x2001, ret=1 > SSL_accept:SSLv3/TLS read client hello > ssl_msg_cb, writep=1, version=0, len=5, ct=256 > ssl_msg_cb, SSLv3/TLS write server hello > ssl_msg_cb, writep=1, version=772, len=88, ct=22 > ssl_msg_cb, SSLv3/TLS write server hello > info_callback where=0x2001, ret=1 > SSL_accept:SSLv3/TLS write server hello > ssl_msg_cb, writep=1, version=0, len=5, ct=256 > ssl_msg_cb, SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=772, len=1, ct=20 > ssl_msg_cb, SSLv3/TLS write change cipher spec > info_callback where=0x2001, ret=1 > SSL_accept:SSLv3/TLS write change cipher spec > info_callback where=0x2001, ret=1 > SSL_accept:TLSv1.3 early data > info_callback where=0x2002, ret=-1 > SSL_accept:error in TLSv1.3 early data > > M1 client side: > apps_ssl_info_cb, where=10, ret=1 > apps_ssl_info_cb, SSL_connect=before SSL initialization > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > ssl_msg_cb, writep=1, version=772, len=512, ct=16 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=772, len=88, ct=16 > ssl_msg_cb, SSLv3/TLS read server hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS read server hello > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=772, len=1, ct=14 > ssl_msg_cb, SSLv3/TLS write change cipher spec > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > ssl_msg_cb, writep=1, version=772, len=512, ct=16 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > > and here it hangs until timeout. > From xpahos at gmail.com Mon May 18 18:06:37 2020 From: xpahos at gmail.com (Alexander Gryanko) Date: Mon, 18 May 2020 21:06:37 +0300 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200518165959.GA11129@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> Message-ID: Hi, You can try to add SSL_CTX_set_keylog_callback to your MTA. With keylog callback, your MTA will start writing log in NSS format for decryption of TLS frames. https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret Or you can enable SSL_trace with disabling OPENSSL_NO_SSL_TRACE build option and SSL_set_msg_callback(client_ssl, SSL_trace) callback. But first of all, check your cert type. Looks like you are using non-RSA cert which is not supported by S8. On Mon, 18 May 2020 at 20:00, Claus Assmann wrote: > I'm stuck and looking for some hints/help. I have two MTAs (let's > call them M1 and S8), both built with OpenSSL 1.1.1g. The problem > is M1 cannot establish a TLSv1.3 connection with S8. Using other > MTAs/sites/protocols/tools works just fine, e.g., M1 can send mail > to google using TLSv1.3, and S8 can send mail to M1. Replacing the > server or client with openssl s_client/s_server also works. > > I've added some TLS callbacks to S8 which I found in s_cb.c, but > all I get at the end is "SSL_accept:error in TLSv1.3 early data" > (see "full" trace below for the steps leading to this). > Unfortunately I cannot find a way to figure out more details or > what kind of error that is. Any hints how to determine (and fix?) > the problem? > > S8 server side: > info_callback where=0x10, ret=1 > info_callback where=0x2001, ret=1 > SSL_accept:before SSL initialization > ssl_msg_cb, writep=0, version=0, len=5, ct=256 > ssl_msg_cb, before SSL initialization > info_callback where=0x2001, ret=1 > SSL_accept:before SSL initialization > ssl_msg_cb, writep=0, version=772, len=512, ct=22 > ssl_msg_cb, SSLv3/TLS read client hello > info_callback where=0x2001, ret=1 > SSL_accept:SSLv3/TLS read client hello > ssl_msg_cb, writep=1, version=0, len=5, ct=256 > ssl_msg_cb, SSLv3/TLS write server hello > ssl_msg_cb, writep=1, version=772, len=88, ct=22 > ssl_msg_cb, SSLv3/TLS write server hello > info_callback where=0x2001, ret=1 > SSL_accept:SSLv3/TLS write server hello > ssl_msg_cb, writep=1, version=0, len=5, ct=256 > ssl_msg_cb, SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=772, len=1, ct=20 > ssl_msg_cb, SSLv3/TLS write change cipher spec > info_callback where=0x2001, ret=1 > SSL_accept:SSLv3/TLS write change cipher spec > info_callback where=0x2001, ret=1 > SSL_accept:TLSv1.3 early data > info_callback where=0x2002, ret=-1 > SSL_accept:error in TLSv1.3 early data > > M1 client side: > apps_ssl_info_cb, where=10, ret=1 > apps_ssl_info_cb, SSL_connect=before SSL initialization > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > ssl_msg_cb, writep=1, version=772, len=512, ct=16 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=772, len=88, ct=16 > ssl_msg_cb, SSLv3/TLS read server hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS read server hello > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=772, len=1, ct=14 > ssl_msg_cb, SSLv3/TLS write change cipher spec > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > ssl_msg_cb, writep=1, version=772, len=512, ct=16 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > > and here it hangs until timeout. > > -- ? ?????????, ????????? ?????? Phone: +7(962)9558222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ca+ssl-users at esmtp.org Mon May 18 18:59:14 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Mon, 18 May 2020 20:59:14 +0200 Subject: How to debug a TLSv1.3 protocol problem? Message-ID: <20200518185914.GA5120@kiel.esmtp.org> On Mon, May 18, 2020, Alexander Gryanko wrote: [thanks for the hints, I will try that ASAP] > But first of all, check your cert type. Looks like you are using non-RSA > cert which is not supported by S8. As I wrote: it works fine if I don't use TLSv1.3 or if I use openssl s_client with TLSv1.3 (it is an RSA cert and I also tested against another S8 server which uses a Let's Encrypt cert). From openssl-users at dukhovni.org Mon May 18 20:15:31 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 18 May 2020 16:15:31 -0400 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200518165959.GA11129@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> Message-ID: <20200518201531.GM68966@straasha.imrryr.org> On Mon, May 18, 2020 at 06:59:59PM +0200, Claus Assmann wrote: > I'm stuck and looking for some hints/help. I have two MTAs (let's > call them M1 and S8), both built with OpenSSL 1.1.1g. The problem > is M1 cannot establish a TLSv1.3 connection with S8. Using other > MTAs/sites/protocols/tools works just fine, e.g., M1 can send mail > to google using TLSv1.3, and S8 can send mail to M1. Replacing the > server or client with openssl s_client/s_server also works. I'll strongly second Matt's request for a PCAP file. > M1 client side: > apps_ssl_info_cb, where=10, ret=1 > apps_ssl_info_cb, SSL_connect=before SSL initialization > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > ssl_msg_cb, writep=1, version=772, len=512, ct=16 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=772, len=88, ct=16 > ssl_msg_cb, SSLv3/TLS read server hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS read server hello > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=772, len=1, ct=14 > ssl_msg_cb, SSLv3/TLS write change cipher spec > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write change cipher spec > ssl_msg_cb, writep=1, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello > ssl_msg_cb, writep=1, version=772, len=512, ct=16 > ssl_msg_cb, SSLv3/TLS write client hello > apps_ssl_info_cb, SSL_connect=SSLv3/TLS write client hello > ssl_msg_cb, writep=0, version=0, len=5, ct=100 > ssl_msg_cb, SSLv3/TLS write client hello The client trace looks rather odd, why is writing the hello again after CCS? I don't recall what happens with HRR (Hello retry request) when client's initial keyshare is not usable on the server... Any unusual signature algorithm preferences in this particular client? -- Viktor. From janjust at nikhef.nl Tue May 19 07:40:10 2020 From: janjust at nikhef.nl (Jan Just Keijser) Date: Tue, 19 May 2020 09:40:10 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200518185914.GA5120@kiel.esmtp.org> References: <20200518185914.GA5120@kiel.esmtp.org> Message-ID: <0fbdfdf2-0173-a032-6e9a-dbe414cdbb45@nikhef.nl> Hi Claus, On 18/05/20 20:59, Claus Assmann wrote: > On Mon, May 18, 2020, Alexander Gryanko wrote: > > [thanks for the hints, I will try that ASAP] > >> But first of all, check your cert type. Looks like you are using non-RSA >> cert which is not supported by S8. > As I wrote: it works fine if I don't use TLSv1.3 or if I use openssl > s_client with TLSv1.3 (it is an RSA cert and I also tested against > another S8 server which uses a Let's Encrypt cert). FWIW:? adding TLS 1.3 support to my EAP-TLS code got me stumped for a while as well. I eventually added up the following snippet: ??? /* Set up a SSL Session cache with a callback. This is needed for TLSv1.3+. ???? * During the initial handshake the server signals to the client early on ???? * that the handshake is finished, even before the client has sent its ???? * credentials to the server. The actual connection (and moment that the ???? * client sends its credentials) only starts after the arrival of the first ???? * session ticket. The 'ssl_new_session_cb' catches this ticket. ???? */ ??? SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE); ??? SSL_CTX_sess_set_new_cb(ctx, ssl_new_session_cb); with int ssl_new_session_cb(SSL *s, SSL_SESSION *sess) { ??? dbglog("EAP-TLS: Post-Handshake New Session Ticket arrived:"); ??? /* always return success */ ??? return 1; } This callback is necessary as otherwise the client thinks the session handshake is done too soon (and in my case, it does not bother to send any client-side certificate info to the server). Perhaps you are seeing something similar? If not, then sorry for the noise. HTH, JJK / Jan Just Keijser From ca+ssl-users at esmtp.org Tue May 19 10:31:22 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Tue, 19 May 2020 12:31:22 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <0fbdfdf2-0173-a032-6e9a-dbe414cdbb45@nikhef.nl> References: <20200518185914.GA5120@kiel.esmtp.org> <0fbdfdf2-0173-a032-6e9a-dbe414cdbb45@nikhef.nl> Message-ID: <20200519103122.GA49472@kiel.esmtp.org> On Tue, May 19, 2020, Jan Just Keijser wrote: > FWIW: adding TLS 1.3 support to my EAP-TLS code got me stumped for a while as > well. I eventually added up the following snippet: > SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | > SSL_SESS_CACHE_NO_INTERNAL_STORE); > SSL_CTX_sess_set_new_cb(ctx, ssl_new_session_cb); Thanks, I actally added the callback yesterday based on reading s_client.c. It didn't change anything :-( From ca+ssl-users at esmtp.org Tue May 19 10:49:57 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Tue, 19 May 2020 12:49:57 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200518201531.GM68966@straasha.imrryr.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> Message-ID: <20200519104957.GB49472@kiel.esmtp.org> On Mon, May 18, 2020, Viktor Dukhovni wrote: > I'll strongly second Matt's request for a PCAP file. If tcpdump is "good enough" then that should be attached. If wireshark and some TLS decoding is needed, then I need some time to figure that out. > The client trace looks rather odd, why is writing the hello > again after CCS? I don't recall what happens with HRR Maybe M1 doesn't get an answer? > (Hello retry request) when client's initial keyshare is > not usable on the server... Any unusual signature algorithm > preferences in this particular client? AFIACT none at all. I've added SSL_trace as suggested and the output is below. When I compare M1 with openssl s_client the main difference is that s_client has extension_type=padding but I don't see where/how M1 would turn that off (or where s_client turns it on?) ------------------------------------------------------------ M8 client side: Sent Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 512 ClientHello, Length=508 client_version=0x303 (TLS 1.2) Random: gmt_unix_time=0x2CE5293F random_bytes (len=28): 60F8FD89D6BFFC32D30870CF534B271108BD7E00452949D9E2CECD7D session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 cipher_suites (len=62) {0x13, 0x02} TLS_AES_256_GCM_SHA384 {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256 {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression_methods (len=1) No Compression (0x00) extensions, length = 373 extension_type=ec_point_formats(11), length=4 uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) extension_type=supported_groups(10), length=12 ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) secp521r1 (P-521) (25) secp384r1 (P-384) (24) extension_type=encrypt_then_mac(22), length=0 extension_type=extended_master_secret(23), length=0 extension_type=signature_algorithms(13), length=48 ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp521r1_sha512 (0x0603) ed25519 (0x0807) ed448 (0x0808) rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha512 (0x080b) rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha512 (0x0806) rsa_pkcs1_sha256 (0x0401) rsa_pkcs1_sha384 (0x0501) rsa_pkcs1_sha512 (0x0601) ecdsa_sha224 (0x0303) ecdsa_sha1 (0x0203) rsa_pkcs1_sha224 (0x0301) rsa_pkcs1_sha1 (0x0201) dsa_sha224 (0x0302) dsa_sha1 (0x0202) dsa_sha256 (0x0402) dsa_sha384 (0x0502) dsa_sha512 (0x0602) extension_type=supported_versions(43), length=9 TLS 1.3 (772) TLS 1.2 (771) TLS 1.1 (770) TLS 1.0 (769) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) extension_type=key_share(51), length=38 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): 3E7E05E66F3F978082E7445E0A6FA9C73F4F4C1E6423AA3FAB7B80C8E521F629 extension_type=padding(21), length=224 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 000f - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 001e - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 002d - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 003c - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 004b - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 005a - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0069 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0078 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0087 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0096 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00a5 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00b4 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00c3 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00d2 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 .............. Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 88 ServerHello, Length=84 server_version=0x303 (TLS 1.2) Random: gmt_unix_time=0xCF21AD74 random_bytes (len=28): E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384 compression_method: No Compression (0x00) extensions, length = 12 extension_type=supported_versions(43), length=2 TLS 1.3 (772) extension_type=key_share(51), length=2 NamedGroup: secp256r1 (P-256) (23) Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 change_cipher_spec (1) Sent Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 512 ClientHello, Length=508 client_version=0x303 (TLS 1.2) Random: gmt_unix_time=0x2CE5293F random_bytes (len=28): 60F8FD89D6BFFC32D30870CF534B271108BD7E00452949D9E2CECD7D session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 cipher_suites (len=62) {0x13, 0x02} TLS_AES_256_GCM_SHA384 {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256 {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression_methods (len=1) No Compression (0x00) extensions, length = 373 extension_type=ec_point_formats(11), length=4 uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) extension_type=supported_groups(10), length=12 ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) secp521r1 (P-521) (25) secp384r1 (P-384) (24) extension_type=encrypt_then_mac(22), length=0 extension_type=extended_master_secret(23), length=0 extension_type=signature_algorithms(13), length=48 ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp521r1_sha512 (0x0603) ed25519 (0x0807) ed448 (0x0808) rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha512 (0x080b) rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha512 (0x0806) rsa_pkcs1_sha256 (0x0401) rsa_pkcs1_sha384 (0x0501) rsa_pkcs1_sha512 (0x0601) ecdsa_sha224 (0x0303) ecdsa_sha1 (0x0203) rsa_pkcs1_sha224 (0x0301) rsa_pkcs1_sha1 (0x0201) dsa_sha224 (0x0302) dsa_sha1 (0x0202) dsa_sha256 (0x0402) dsa_sha384 (0x0502) dsa_sha512 (0x0602) extension_type=supported_versions(43), length=9 TLS 1.3 (772) TLS 1.2 (771) TLS 1.1 (770) TLS 1.0 (769) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) extension_type=key_share(51), length=71 NamedGroup: secp256r1 (P-256) (23) key_exchange: (len=65): 04942A4A721CA99765B0FBEF01CB5B79C88011CCCECE4B93FA082CF7DBD3992D4602BBAC27DF4355243FC4B33C801A989BEC3BB1E818262CED50B7448DAF4C65B1 extension_type=padding(21), length=191 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 000f - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 001e - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 002d - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 003c - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 004b - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 005a - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0069 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0078 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0087 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0096 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00a5 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00b4 - 00 00 00 00 00 00 00 00-00 00 00 ........... Received Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 ------------------------------------------------------------ S8 server side: Received Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 512 ClientHello, Length=508 client_version=0x303 (TLS 1.2) Random: gmt_unix_time=0x2CE5293F random_bytes (len=28): 60F8FD89D6BFFC32D30870CF534B271108BD7E00452949D9E2CECD7D session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 cipher_suites (len=62) {0x13, 0x02} TLS_AES_256_GCM_SHA384 {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256 {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression_methods (len=1) No Compression (0x00) extensions, length = 373 extension_type=ec_point_formats(11), length=4 uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) extension_type=supported_groups(10), length=12 ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) secp521r1 (P-521) (25) secp384r1 (P-384) (24) extension_type=encrypt_then_mac(22), length=0 extension_type=extended_master_secret(23), length=0 extension_type=signature_algorithms(13), length=48 ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp521r1_sha512 (0x0603) ed25519 (0x0807) ed448 (0x0808) rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha512 (0x080b) rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha512 (0x0806) rsa_pkcs1_sha256 (0x0401) rsa_pkcs1_sha384 (0x0501) rsa_pkcs1_sha512 (0x0601) ecdsa_sha224 (0x0303) ecdsa_sha1 (0x0203) rsa_pkcs1_sha224 (0x0301) rsa_pkcs1_sha1 (0x0201) dsa_sha224 (0x0302) dsa_sha1 (0x0202) dsa_sha256 (0x0402) dsa_sha384 (0x0502) dsa_sha512 (0x0602) extension_type=supported_versions(43), length=9 TLS 1.3 (772) TLS 1.2 (771) TLS 1.1 (770) TLS 1.0 (769) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) extension_type=key_share(51), length=38 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): 3E7E05E66F3F978082E7445E0A6FA9C73F4F4C1E6423AA3FAB7B80C8E521F629 extension_type=padding(21), length=224 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 000f - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 001e - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 002d - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 003c - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 004b - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 005a - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0069 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0078 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0087 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 0096 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00a5 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00b4 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00c3 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... 00d2 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 .............. Sent Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 88 ServerHello, Length=84 server_version=0x303 (TLS 1.2) Random: gmt_unix_time=0xCF21AD74 random_bytes (len=28): E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384 compression_method: No Compression (0x00) extensions, length = 12 extension_type=supported_versions(43), length=2 TLS 1.3 (772) extension_type=key_share(51), length=2 NamedGroup: secp256r1 (P-256) (23) Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 change_cipher_spec (1) -------------- next part -------------- A non-text attachment was scrubbed... Name: clt.m1.pcap Type: application/octet-stream Size: 2538 bytes Desc: not available URL: From matt at openssl.org Tue May 19 13:26:01 2020 From: matt at openssl.org (Matt Caswell) Date: Tue, 19 May 2020 14:26:01 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200519104957.GB49472@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> Message-ID: <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> On 19/05/2020 11:49, Claus Assmann wrote: > On Mon, May 18, 2020, Viktor Dukhovni wrote: > >> I'll strongly second Matt's request for a PCAP file. > > If tcpdump is "good enough" then that should be attached. > If wireshark and some TLS decoding is needed, then I need > some time to figure that out. The pcap file doesn't have the required info - however the SSL_trace output gives the same kind of data, so that's good enough for now. > I've added SSL_trace as suggested and the output is below. Thanks that's useful. > When I compare M1 with openssl s_client the main difference > is that s_client has > extension_type=padding > but I don't see where/how M1 would turn that off (or where > s_client turns it on?) This shouldn't make any difference. I'd be very surprised if it was to do with that. >From the trace output I can see that the client sends a ClientHello to the server. The server responds with an HRR, and the client re-issues a new ClientHello. So far so good. However, at this point the server doesn't like something about the new ClientHello and fails. In your original email you got this output from the info callback on the server side: > SSL_accept:error in TLSv1.3 early data This comes from this code in the info callback which you lifted from s_cb.c: } else if (where & SSL_CB_EXIT) { if (ret == 0) BIO_printf(bio_err, "%s:failed in %s\n", str, SSL_state_string_long(s)); else if (ret < 0) BIO_printf(bio_err, "%s:error in %s\n", str, SSL_state_string_long(s)); } Please could you modify this as follows: @@ -481,6 +481,7 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret) else if (ret < 0) BIO_printf(bio_err, "%s:error in %s\n", str, SSL_state_string_long(s)); + ERR_print_errors(bio_err); } } Now retry the handshake and send the output. Thanks Matt > > ------------------------------------------------------------ > M8 client side: > Sent Record > Header: > Version = TLS 1.0 (0x301) > Content Type = Handshake (22) > Length = 512 > ClientHello, Length=508 > client_version=0x303 (TLS 1.2) > Random: > gmt_unix_time=0x2CE5293F > random_bytes (len=28): 60F8FD89D6BFFC32D30870CF534B271108BD7E00452949D9E2CECD7D > session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 > cipher_suites (len=62) > {0x13, 0x02} TLS_AES_256_GCM_SHA384 > {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 > {0x13, 0x01} TLS_AES_128_GCM_SHA256 > {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 > {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 > {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA > {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA > {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA > {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA > {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 > {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 > {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 > {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 > {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA > {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA > {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV > compression_methods (len=1) > No Compression (0x00) > extensions, length = 373 > extension_type=ec_point_formats(11), length=4 > uncompressed (0) > ansiX962_compressed_prime (1) > ansiX962_compressed_char2 (2) > extension_type=supported_groups(10), length=12 > ecdh_x25519 (29) > secp256r1 (P-256) (23) > ecdh_x448 (30) > secp521r1 (P-521) (25) > secp384r1 (P-384) (24) > extension_type=encrypt_then_mac(22), length=0 > extension_type=extended_master_secret(23), length=0 > extension_type=signature_algorithms(13), length=48 > ecdsa_secp256r1_sha256 (0x0403) > ecdsa_secp384r1_sha384 (0x0503) > ecdsa_secp521r1_sha512 (0x0603) > ed25519 (0x0807) > ed448 (0x0808) > rsa_pss_pss_sha256 (0x0809) > rsa_pss_pss_sha384 (0x080a) > rsa_pss_pss_sha512 (0x080b) > rsa_pss_rsae_sha256 (0x0804) > rsa_pss_rsae_sha384 (0x0805) > rsa_pss_rsae_sha512 (0x0806) > rsa_pkcs1_sha256 (0x0401) > rsa_pkcs1_sha384 (0x0501) > rsa_pkcs1_sha512 (0x0601) > ecdsa_sha224 (0x0303) > ecdsa_sha1 (0x0203) > rsa_pkcs1_sha224 (0x0301) > rsa_pkcs1_sha1 (0x0201) > dsa_sha224 (0x0302) > dsa_sha1 (0x0202) > dsa_sha256 (0x0402) > dsa_sha384 (0x0502) > dsa_sha512 (0x0602) > extension_type=supported_versions(43), length=9 > TLS 1.3 (772) > TLS 1.2 (771) > TLS 1.1 (770) > TLS 1.0 (769) > extension_type=psk_key_exchange_modes(45), length=2 > psk_dhe_ke (1) > extension_type=key_share(51), length=38 > NamedGroup: ecdh_x25519 (29) > key_exchange: (len=32): 3E7E05E66F3F978082E7445E0A6FA9C73F4F4C1E6423AA3FAB7B80C8E521F629 > extension_type=padding(21), length=224 > 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 000f - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 001e - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 002d - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 003c - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 004b - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 005a - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0069 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0078 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0087 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0096 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00a5 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00b4 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00c3 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00d2 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 .............. > > Received Record > Header: > Version = TLS 1.2 (0x303) > Content Type = Handshake (22) > Length = 88 > ServerHello, Length=84 > server_version=0x303 (TLS 1.2) > Random: > gmt_unix_time=0xCF21AD74 > random_bytes (len=28): E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C > session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 > cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384 > compression_method: No Compression (0x00) > extensions, length = 12 > extension_type=supported_versions(43), length=2 > TLS 1.3 (772) > extension_type=key_share(51), length=2 > NamedGroup: secp256r1 (P-256) (23) > > Sent Record > Header: > Version = TLS 1.2 (0x303) > Content Type = ChangeCipherSpec (20) > Length = 1 > change_cipher_spec (1) > > Sent Record > Header: > Version = TLS 1.2 (0x303) > Content Type = Handshake (22) > Length = 512 > ClientHello, Length=508 > client_version=0x303 (TLS 1.2) > Random: > gmt_unix_time=0x2CE5293F > random_bytes (len=28): 60F8FD89D6BFFC32D30870CF534B271108BD7E00452949D9E2CECD7D > session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 > cipher_suites (len=62) > {0x13, 0x02} TLS_AES_256_GCM_SHA384 > {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 > {0x13, 0x01} TLS_AES_128_GCM_SHA256 > {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 > {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 > {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA > {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA > {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA > {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA > {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 > {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 > {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 > {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 > {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA > {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA > {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV > compression_methods (len=1) > No Compression (0x00) > extensions, length = 373 > extension_type=ec_point_formats(11), length=4 > uncompressed (0) > ansiX962_compressed_prime (1) > ansiX962_compressed_char2 (2) > extension_type=supported_groups(10), length=12 > ecdh_x25519 (29) > secp256r1 (P-256) (23) > ecdh_x448 (30) > secp521r1 (P-521) (25) > secp384r1 (P-384) (24) > extension_type=encrypt_then_mac(22), length=0 > extension_type=extended_master_secret(23), length=0 > extension_type=signature_algorithms(13), length=48 > ecdsa_secp256r1_sha256 (0x0403) > ecdsa_secp384r1_sha384 (0x0503) > ecdsa_secp521r1_sha512 (0x0603) > ed25519 (0x0807) > ed448 (0x0808) > rsa_pss_pss_sha256 (0x0809) > rsa_pss_pss_sha384 (0x080a) > rsa_pss_pss_sha512 (0x080b) > rsa_pss_rsae_sha256 (0x0804) > rsa_pss_rsae_sha384 (0x0805) > rsa_pss_rsae_sha512 (0x0806) > rsa_pkcs1_sha256 (0x0401) > rsa_pkcs1_sha384 (0x0501) > rsa_pkcs1_sha512 (0x0601) > ecdsa_sha224 (0x0303) > ecdsa_sha1 (0x0203) > rsa_pkcs1_sha224 (0x0301) > rsa_pkcs1_sha1 (0x0201) > dsa_sha224 (0x0302) > dsa_sha1 (0x0202) > dsa_sha256 (0x0402) > dsa_sha384 (0x0502) > dsa_sha512 (0x0602) > extension_type=supported_versions(43), length=9 > TLS 1.3 (772) > TLS 1.2 (771) > TLS 1.1 (770) > TLS 1.0 (769) > extension_type=psk_key_exchange_modes(45), length=2 > psk_dhe_ke (1) > extension_type=key_share(51), length=71 > NamedGroup: secp256r1 (P-256) (23) > key_exchange: (len=65): 04942A4A721CA99765B0FBEF01CB5B79C88011CCCECE4B93FA082CF7DBD3992D4602BBAC27DF4355243FC4B33C801A989BEC3BB1E818262CED50B7448DAF4C65B1 > extension_type=padding(21), length=191 > 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 000f - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 001e - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 002d - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 003c - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 004b - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 005a - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0069 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0078 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0087 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0096 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00a5 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00b4 - 00 00 00 00 00 00 00 00-00 00 00 ........... > > Received Record > Header: > Version = TLS 1.2 (0x303) > Content Type = ChangeCipherSpec (20) > Length = 1 > > ------------------------------------------------------------ > S8 server side: > Received Record > Header: > Version = TLS 1.0 (0x301) > Content Type = Handshake (22) > Length = 512 > ClientHello, Length=508 > client_version=0x303 (TLS 1.2) > Random: > gmt_unix_time=0x2CE5293F > random_bytes (len=28): 60F8FD89D6BFFC32D30870CF534B271108BD7E00452949D9E2CECD7D > session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 > cipher_suites (len=62) > {0x13, 0x02} TLS_AES_256_GCM_SHA384 > {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 > {0x13, 0x01} TLS_AES_128_GCM_SHA256 > {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 > {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 > {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA > {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA > {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA > {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA > {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 > {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 > {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 > {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 > {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA > {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA > {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV > compression_methods (len=1) > No Compression (0x00) > extensions, length = 373 > extension_type=ec_point_formats(11), length=4 > uncompressed (0) > ansiX962_compressed_prime (1) > ansiX962_compressed_char2 (2) > extension_type=supported_groups(10), length=12 > ecdh_x25519 (29) > secp256r1 (P-256) (23) > ecdh_x448 (30) > secp521r1 (P-521) (25) > secp384r1 (P-384) (24) > extension_type=encrypt_then_mac(22), length=0 > extension_type=extended_master_secret(23), length=0 > extension_type=signature_algorithms(13), length=48 > ecdsa_secp256r1_sha256 (0x0403) > ecdsa_secp384r1_sha384 (0x0503) > ecdsa_secp521r1_sha512 (0x0603) > ed25519 (0x0807) > ed448 (0x0808) > rsa_pss_pss_sha256 (0x0809) > rsa_pss_pss_sha384 (0x080a) > rsa_pss_pss_sha512 (0x080b) > rsa_pss_rsae_sha256 (0x0804) > rsa_pss_rsae_sha384 (0x0805) > rsa_pss_rsae_sha512 (0x0806) > rsa_pkcs1_sha256 (0x0401) > rsa_pkcs1_sha384 (0x0501) > rsa_pkcs1_sha512 (0x0601) > ecdsa_sha224 (0x0303) > ecdsa_sha1 (0x0203) > rsa_pkcs1_sha224 (0x0301) > rsa_pkcs1_sha1 (0x0201) > dsa_sha224 (0x0302) > dsa_sha1 (0x0202) > dsa_sha256 (0x0402) > dsa_sha384 (0x0502) > dsa_sha512 (0x0602) > extension_type=supported_versions(43), length=9 > TLS 1.3 (772) > TLS 1.2 (771) > TLS 1.1 (770) > TLS 1.0 (769) > extension_type=psk_key_exchange_modes(45), length=2 > psk_dhe_ke (1) > extension_type=key_share(51), length=38 > NamedGroup: ecdh_x25519 (29) > key_exchange: (len=32): 3E7E05E66F3F978082E7445E0A6FA9C73F4F4C1E6423AA3FAB7B80C8E521F629 > extension_type=padding(21), length=224 > 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 000f - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 001e - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 002d - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 003c - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 004b - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 005a - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0069 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0078 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0087 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 0096 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00a5 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00b4 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00c3 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ............... > 00d2 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 .............. > > Sent Record > Header: > Version = TLS 1.2 (0x303) > Content Type = Handshake (22) > Length = 88 > ServerHello, Length=84 > server_version=0x303 (TLS 1.2) > Random: > gmt_unix_time=0xCF21AD74 > random_bytes (len=28): E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C > session_id (len=32): E028F6D32F2F0FB8CC112794C7AA4E97AD76EDF6B955F49B51CA837F6115ABE2 > cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384 > compression_method: No Compression (0x00) > extensions, length = 12 > extension_type=supported_versions(43), length=2 > TLS 1.3 (772) > extension_type=key_share(51), length=2 > NamedGroup: secp256r1 (P-256) (23) > > Sent Record > Header: > Version = TLS 1.2 (0x303) > Content Type = ChangeCipherSpec (20) > Length = 1 > change_cipher_spec (1) > From ca+ssl-users at esmtp.org Tue May 19 14:56:22 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Tue, 19 May 2020 16:56:22 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> Message-ID: <20200519145622.GA14132@kiel.esmtp.org> On Tue, May 19, 2020, Matt Caswell wrote: > > SSL_accept:error in TLSv1.3 early data > This comes from this code in the info callback which you lifted from s_cb.c: > Please could you modify this as follows: > + ERR_print_errors(bio_err); That's basically already in the code: while ((l = ERR_get_error_line_data((const char **) &file, &line, (const char **) &data, &flags)) != 0) log it ... but that does not generate any output. Even if I add the line you suggested there's no extra output (to make sure there would be something I also added an BIO_fprintf() and that output is shown, so it's not a problem with the BIO). I guess I have to figure out how to use wireshark for this. From matt at openssl.org Wed May 20 08:52:05 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 May 2020 09:52:05 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200519145622.GA14132@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> Message-ID: <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> On 19/05/2020 15:56, Claus Assmann wrote: > That's basically already in the code: > while ((l = ERR_get_error_line_data((const char **) &file, &line, > (const char **) &data, &flags)) != 0) > log it ... > but that does not generate any output. Even if I add > the line you suggested there's no extra output > (to make sure there would be something I also added > an BIO_fprintf() and that output is shown, so it's not > a problem with the BIO). > > I guess I have to figure out how to use wireshark for this. > I doubt wireshark will tell you much more than the SSL_trace output (although it is possible that it could). After you see this on the server side: SSL_accept:TLSv1.3 early data info_callback where=0x2002, ret=-1 SSL_accept:error in TLSv1.3 early data What happens in the application code? What was the function being called (SSL_accept?) and what return value do you get? What does SSL_get_error() return at this point? Matt From ca+ssl-users at esmtp.org Wed May 20 12:44:13 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Wed, 20 May 2020 14:44:13 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> Message-ID: <20200520124413.GA37224@kiel.esmtp.org> On Wed, May 20, 2020, Matt Caswell wrote: > SSL_accept:TLSv1.3 early data > What happens in the application code? What was the function being called > (SSL_accept?) and what return value do you get? What does > SSL_get_error() return at this point? It's: r = SSL_accept(srv_ssl); if (r <= 0) ssl_err = SSL_get_error(srv_ssl, r); return value=-1 ssl_err=5 SSL_ERROR_SYSCALL errno=0 It seems to me server and client get "out of sync" at the I/O layer if I understand the SSL traces correctly: S8: sends 2 records at the end: - handshake - ChangeCipherSpec M1: receives handshake but seemingly not ChangeCipherSpec Instead it sends only its own ChangeCipherSpec then its handshake again and only then it receives ChangeCipherSpec and S8 seemingly tries to interprete the out-of-sync data as TLSv1.3 early data and fails, thus returning an error from SSL_accept(). If that analysis is correct (can someone check please?), then I need to look at the I/O layers of both programs -- they are rather different :-( From matt at openssl.org Wed May 20 13:01:59 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 May 2020 14:01:59 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200520124413.GA37224@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> Message-ID: On 20/05/2020 13:44, Claus Assmann wrote: > On Wed, May 20, 2020, Matt Caswell wrote: > >> SSL_accept:TLSv1.3 early data > >> What happens in the application code? What was the function being called >> (SSL_accept?) and what return value do you get? What does >> SSL_get_error() return at this point? > > It's: > r = SSL_accept(srv_ssl); > if (r <= 0) > ssl_err = SSL_get_error(srv_ssl, r); > > return value=-1 > ssl_err=5 SSL_ERROR_SYSCALL > errno=0 > > It seems to me server and client get "out of sync" at the I/O layer > if I understand the SSL traces correctly: > > S8: sends 2 records at the end: > - handshake > - ChangeCipherSpec > > M1: receives > handshake > but seemingly not > ChangeCipherSpec > Instead it sends only its own > ChangeCipherSpec > then its handshake again > and only then it receives ChangeCipherSpec > > and S8 seemingly tries to interprete the out-of-sync data as TLSv1.3 > early data and fails, thus returning an error from SSL_accept(). > > If that analysis is correct (can someone check please?), then I > need to look at the I/O layers of both programs -- they are rather > different :-( > The "early data" here is a red herring. It is normal for the internal libssl state machine to (briefly) transition through the "early data" state even though there is no early data being sent. In this case the early data state is the last state that occurs after having written change cipher spec, but before reading the second Client Hello following an HRR. I *think* what is happening here is that the server side state machine has finished its writing tasks, and is now attempting to read data from the client again (i.e. the 2nd ClientHello). Normally what would happen at this point is that it would read the header of the next record that is received from the client to check that the message type it has received is sane. It is expecting the ClientHello message type, and only at that point will it move the state machine on from the "early data" state into the "SSLv3/TLS read client hello" state. For some reason it is experiencing a failure while reading the client hello from the client. Therefore it never makes the state transition out of the "early data" state. The SSL_ERROR_SYSCALL return suggests to me that the underlying system call to read the data has failed for some reason. However errno being 0 indicates otherwise. There is actually a known scenario in 1.1.1 where this can occur: if EOF is unexpectedly encountered on the socket. We briefly fixed this (you should never normally get SSL_ERROR_SYSCALL with errno == 0) but had to back the fix out because it broke some applications which were written to expect this buggy behaviour. I wonder if there could be some middlebox in between these two peers that is interfering with the connection in some way and arbitrarily closing it down? Matt From ca+ssl-users at esmtp.org Wed May 20 13:24:30 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Wed, 20 May 2020 15:24:30 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> Message-ID: <20200520132430.GA94776@kiel.esmtp.org> On Wed, May 20, 2020, Matt Caswell wrote: > I wonder if there could be some middlebox in between these two peers > that is interfering with the connection in some way and arbitrarily > closing it down? No, it's being tested on localhost. And it works fine if I use a different server (e.g., openssl s_server) or a different client, i.e., it is (so far) only this specific combination (M1 -> S8) which does not work. From matt at openssl.org Wed May 20 15:08:39 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 May 2020 16:08:39 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200520132430.GA94776@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> Message-ID: <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> On 20/05/2020 14:24, Claus Assmann wrote: > On Wed, May 20, 2020, Matt Caswell wrote: > >> I wonder if there could be some middlebox in between these two peers >> that is interfering with the connection in some way and arbitrarily >> closing it down? > > No, it's being tested on localhost. And it works fine if I use a > different server (e.g., openssl s_server) or a different client, > i.e., it is (so far) only this specific combination (M1 -> S8) > which does not work. > Can you test the underlying socket to see if it has been closed down in an orderly way (i.e. recv() should return 0 on the socket if so)? That would confirm or deny the EOF theory. Matt From ca+ssl-users at esmtp.org Wed May 20 16:52:48 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Wed, 20 May 2020 18:52:48 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> Message-ID: <20200520165248.GA71495@kiel.esmtp.org> On Wed, May 20, 2020, Matt Caswell wrote: [Thanks for still helping me with this!] > Can you test the underlying socket to see if it has been closed down in > an orderly way (i.e. recv() should return 0 on the socket if so)? That Yes, that what happens. So I added some debugging to the client and it shows: SSL info: read server hello write change cipher spec write client hello and I/O layer (only last/relevant part): want_write=523, want_read=5 ... write ... and then want_read=5 -< read=OK, num_read=5 want_write=0, want_read=1 want_read=1 -> read=OK, num_read=1 want_write=0, want_read=5 want_read=5 -> read=TIMEOUT, num_read=0 Explanation: want_write = BIO_ctrl_pending(network_bio) want_read = BIO_ctrl_get_read_request(network_bio) I didn't instrument the write part, only the read part. want_read>0 -> invoke read, check result: read=STATUS, num_read=N So the last read does not get the data the library wants, and hence the client fails and closes the connection. In that moment the server fails in SSL_accept and issues the misleading error message. Now the question seems to be: did the server actually not send the data (not sure how to check that, maybe looking at tcpdump?) or has the client a bug not reading the data? From matt at openssl.org Wed May 20 20:21:25 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 May 2020 21:21:25 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200520165248.GA71495@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> Message-ID: <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> On 20/05/2020 17:52, Claus Assmann wrote: > On Wed, May 20, 2020, Matt Caswell wrote: > > [Thanks for still helping me with this!] > >> Can you test the underlying socket to see if it has been closed down in >> an orderly way (i.e. recv() should return 0 on the socket if so)? That > > Yes, that what happens. > > So I added some debugging to the client and it shows: > > SSL info: > read server hello > write change cipher spec > write client hello So the client has written the first clientHello, read the serverhello, and then written the CCS and 2nd clientHello. The next thing it will expect to do is read the serverhello again. > > and I/O layer (only last/relevant part): > want_write=523, want_read=5 > ... write ... and then > want_read=5 -< read=OK, num_read=5 > want_write=0, want_read=1 > want_read=1 -> read=OK, num_read=1 > want_write=0, want_read=5 > want_read=5 -> read=TIMEOUT, num_read=0 So presumably this is an attempt to read the header data of the next message (a TLS record header is 5 bytes in length), i.e. the next ServerHello. But we already know from your earlier analysis that this is never going to come because the server has already given up before it gets that far. > > Explanation: > want_write = BIO_ctrl_pending(network_bio) > want_read = BIO_ctrl_get_read_request(network_bio) > > I didn't instrument the write part, only the read part. > want_read>0 -> invoke read, check result: read=STATUS, num_read=N > So the last read does not get the data the library wants, > and hence the client fails and closes the connection. This sounds odd. Why does the client fail because it hasn't read the expected data yet? Normally (with non-blocking sockets), a failure to read the expected data will result in SSL_get_error() returning SSL_ERROR_WANT_READ - indicating that the data is not currently available and we should retry again later. That isn't a fatal error, so the connection should not be closed. So - when you say the client fails - what exactly happens? What does SSL_get_error() return at that point? Matt From openssl-users at dukhovni.org Wed May 20 20:36:23 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 20 May 2020 16:36:23 -0400 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> References: <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> Message-ID: <20200520203623.GU68966@straasha.imrryr.org> On Wed, May 20, 2020 at 09:21:25PM +0100, Matt Caswell wrote: > > Explanation: > > want_write = BIO_ctrl_pending(network_bio) > > want_read = BIO_ctrl_get_read_request(network_bio) > > > > I didn't instrument the write part, only the read part. > > want_read>0 -> invoke read, check result: read=STATUS, num_read=N > > So the last read does not get the data the library wants, > > and hence the client fails and closes the connection. > > This sounds odd. Why does the client fail because it hasn't read the > expected data yet? Normally (with non-blocking sockets), a failure to > read the expected data will result in SSL_get_error() returning > SSL_ERROR_WANT_READ - indicating that the data is not currently > available and we should retry again later. That isn't a fatal error, so > the connection should not be closed. > > So - when you say the client fails - what exactly happens? What does > SSL_get_error() return at that point? Speaking of which, I've recently discovered (a documented interface landmine) that: status = SSL_read(ssl, ...); err = SSL_get_error(ssl, status); is an anti-pattern, because the "correct" usage is: ERR_clear_error(); status = SSL_read(ssl, ...); err = SSL_get_error(ssl, status); without ERR_clear_error(), SSL_get_error() can randomly indicate false positive connection failures, depending on what's left over on the error stack: http://postfix.1071664.n5.nabble.com/quot-SSL-Shutdown-shutdown-while-in-init-quot-while-sending-and-receiving-td105822.html My take is that this is a sufficiently nasty problem to warrant some changes in SSL_read(), SSL_write, SSL_accept(), ... to internally memoize the error status before returning, in a manner that does not depend on the prior state of the error stack, and that then SSL_get_error() must look only at the given (SSL *) handle and not at the error stack. -- Viktor. From matt at openssl.org Wed May 20 20:40:35 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 May 2020 21:40:35 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200520203623.GU68966@straasha.imrryr.org> References: <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> <20200520203623.GU68966@straasha.imrryr.org> Message-ID: <24b1ed40-559a-d936-b2cc-01180a5636ab@openssl.org> On 20/05/2020 21:36, Viktor Dukhovni wrote: > My take is that this is a sufficiently nasty problem to warrant some > changes in SSL_read(), SSL_write, SSL_accept(), ... to internally > memoize the error status before returning, in a manner that does not > depend on the prior state of the error stack, and that then > SSL_get_error() must look only at the given (SSL *) handle and > not at the error stack. We actually have always cleared the error stack on entering the libssl state machine. It appears we don't do that on IO functions that don't enter the state machine (such as SSL_read()/SSL_write()). Matt From openssl-users at dukhovni.org Wed May 20 20:46:27 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 20 May 2020 16:46:27 -0400 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <24b1ed40-559a-d936-b2cc-01180a5636ab@openssl.org> References: <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> <20200520203623.GU68966@straasha.imrryr.org> <24b1ed40-559a-d936-b2cc-01180a5636ab@openssl.org> Message-ID: <20200520204627.GV68966@straasha.imrryr.org> On Wed, May 20, 2020 at 09:40:35PM +0100, Matt Caswell wrote: > On 20/05/2020 21:36, Viktor Dukhovni wrote: > > My take is that this is a sufficiently nasty problem to warrant some > > changes in SSL_read(), SSL_write, SSL_accept(), ... to internally > > memoize the error status before returning, in a manner that does not > > depend on the prior state of the error stack, and that then > > SSL_get_error() must look only at the given (SSL *) handle and > > not at the error stack. > > We actually have always cleared the error stack on entering the libssl > state machine. It appears we don't do that on IO functions that don't > enter the state machine (such as SSL_read()/SSL_write()). Glad to hear that at least handshakes are less prone to unexpected issues of that sort. I'd be interested to hear your thoughts (perhaps a separate thread) on what to do about SSL_read() and SSL_write(). In the mean-time, if Clauss is trying to complete a handshake, rather than move data, his issue is then likely something different? -- Viktor. From matt at openssl.org Wed May 20 20:49:51 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 May 2020 21:49:51 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200520204627.GV68966@straasha.imrryr.org> References: <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> <20200520203623.GU68966@straasha.imrryr.org> <24b1ed40-559a-d936-b2cc-01180a5636ab@openssl.org> <20200520204627.GV68966@straasha.imrryr.org> Message-ID: <49cb8ddc-98c7-9651-6028-fb4cab48a373@openssl.org> On 20/05/2020 21:46, Viktor Dukhovni wrote: > Glad to hear that at least handshakes are less prone to unexpected > issues of that sort. I'd be interested to hear your thoughts (perhaps a > separate thread) on what to do about SSL_read() and SSL_write(). Perhaps open a github issue for this? > > In the mean-time, if Clauss is trying to complete a handshake, rather > than move data, his issue is then likely something different? > Correct - the error stack should be being cleared in this case, so the problem is unlikely to be related to stale errors. Matt From rsalz at akamai.com Wed May 20 21:39:39 2020 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 20 May 2020 21:39:39 +0000 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200520203623.GU68966@straasha.imrryr.org> References: <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> <20200520203623.GU68966@straasha.imrryr.org> Message-ID: > Speaking of which, I've recently discovered (a documented interface landmine) that: status = SSL_read(ssl, ...); err = SSL_get_error(ssl, status); > is an anti-pattern, because the "correct" usage is: It's not unlike checking errno without knowing if the syscall actually failed. From ddpatel at rfideas.com Wed May 20 23:27:23 2020 From: ddpatel at rfideas.com (Deep D. Patel) Date: Wed, 20 May 2020 23:27:23 +0000 Subject: Help using OpenSSL 1.1.1f source code Message-ID: Hello Developers, I am working on an embedded project. My target is Arm Cortex m3 microcontroller (32-bit). I need cryptography(encryption/decryption) support for my application. Thus, I want to add part of openssl 1.1.1f source code to support AES algorithms (modes cbc-mac, ctr128) in my existing project to build the executable. What are the relevant files of the source code shall I use ? Thanks. Appreciate your help. [RF IDeas] Deep Patel Embedded Software Engineer D: 224-333-2084 P: 847-870-1723 Ext 437 E: ddpatel at rfideas.com A: 4020 Winnetka Ave., Rolling Meadows, IL 60008 [cid:image005.png at 01D62ED4.4D3212C0][Blog] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 2512 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 174 bytes Desc: image005.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.png Type: image/png Size: 1491 bytes Desc: image006.png URL: From ca+ssl-users at esmtp.org Thu May 21 12:28:41 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Thu, 21 May 2020 14:28:41 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> References: <20200519104957.GB49472@kiel.esmtp.org> <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> Message-ID: <20200521122841.GA28264@kiel.esmtp.org> On Wed, May 20, 2020, Matt Caswell wrote: > This sounds odd. Why does the client fail because it hasn't read the > expected data yet? Normally (with non-blocking sockets), a failure to Sorry, I should have written that the read call is timing out (doesn't matter whether the timeout is 5s or 20s). I spent a lot of time debugging the I/O layer which is basically stdio from Chris Torek/*BSD with timeouts. It seems there is a problem but I'm not sure whether that's a bug in the code or it is just not supposed to be used that way (the buffering layer discards data when it switches from read to write - in case someone is interested: *wsetup clears the read buffer). I need some more time to understand the internals of that code, but it looks like this is not an OpenSSL/TLSv1.3 problem (it just triggers the problem in the I/O layer). Thanks for all the help and finally getting me to look at the "right" place, I appreciate the patience and feedback (and I learned a lot about the low level debugging and available callbacks to show data at the various stages). From ca+ssl-users at esmtp.org Thu May 21 13:44:21 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Thu, 21 May 2020 15:44:21 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200521122841.GA28264@kiel.esmtp.org> References: <186cacfa-6c16-75a1-e644-628279beabd0@openssl.org> <20200519145622.GA14132@kiel.esmtp.org> <7e647fa1-eaf1-daf5-afba-3c3afc764a4a@openssl.org> <20200520124413.GA37224@kiel.esmtp.org> <20200520132430.GA94776@kiel.esmtp.org> <1c2a0a9e-ca04-12ac-d0c7-cc57e4ec8985@openssl.org> <20200520165248.GA71495@kiel.esmtp.org> <46a6e091-dada-cd59-d6e4-2b2b2371ef9c@openssl.org> <20200521122841.GA28264@kiel.esmtp.org> Message-ID: <20200521134421.GA89980@kiel.esmtp.org> Sorry for just another (intermediate) update: further debugging shows the I/O laywer (unsurprisingly) wasn't the problem. I have to take some steps back and start over :-( From paul at roubekas.org Thu May 21 22:53:39 2020 From: paul at roubekas.org (paul h. roubekas) Date: Thu, 21 May 2020 18:53:39 -0400 Subject: How to get all certs into a .der file. Message-ID: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> I am a complete newbie to this list. I wanted to search the archive but found no such page. I have a requirement to convert all certs in a *.p12 file to a *.der file for use in the curl command. The first hop to a *.pem file has all the certs. But the second hop only has one cert. The I read the docs but found nothing that looked even close. Hop 1 openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password {redacted} Hop 2 openssl x509 -outform der -in ww_temp.pem -out ww_temp.der The Question) How do I get all the certs in the .der file? -------------- next part -------------- An HTML attachment was scrubbed... URL: From aerowolf at gmail.com Fri May 22 00:06:55 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Thu, 21 May 2020 19:06:55 -0500 Subject: How to get all certs into a .der file. In-Reply-To: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> Message-ID: If you need multiple certificates in a single DER structure, you're looking for something to create a "PKIpath". I've never heard of curl requiring such, though. Chances are it will handle the PEM chain just fine. What curl command line are you trying to use? -Kyle H On Thu, May 21, 2020, 18:00 paul h. roubekas wrote: > I am a complete newbie to this list. > > I wanted to search the archive but found no such page. > > > > I have a requirement to convert all certs in a *.p12 file to a *.der file > for use in the curl command. > > The first hop to a *.pem file has all the certs. > > But the second hop only has one cert. The I read the docs but found > nothing that looked even close. > > Hop 1 > > openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password { > *redacted*} > > > > Hop 2 > > openssl x509 -outform der -in ww_temp.pem -out ww_temp.der > > > > The Question) How do I get all the certs in the .der file? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri May 22 05:55:02 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 22 May 2020 07:55:02 +0200 Subject: How to get all certs into a .der file. In-Reply-To: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> Message-ID: <87imgotsy1.wl-levitte@openssl.org> Generally speaking, OpenSSL hasn't exactly encouraged multiple objects in one DER file. While it's theoretically possible to have several objects in such a file file, there is code in OpenSSL where that's simply not considered. For example, this snippet in the man-page 'X509_LOOKUP_file' is quite clear: Functions X509_load_cert_file and X509_load_crl_file can load both PEM and DER formats depending of type value. Because DER format cannot contain more than one certificate or CRL object (while PEM can contain several concatenated PEM objects) X509_load_cert_crl_file with FILETYPE_ASN1 is equivalent to X509_load_cert_file. The functions described there are also used by functions like X509_LOOKUP_load_file(). Note that this may change going forward, as OSSL_STORE is gradually entering the scene, and does provide a bit better flexibility in this regard. (We have recently added an X509_LOOKUP variant that uses OSSL_STORE for its object retrieval, see the section 'OSSL_STORE Method' in doc/man3/X509_LOOKUP_hash_dir.pod in recent OpenSSL source, such as the alpha releases) Cheers, Richard On Fri, 22 May 2020 00:53:39 +0200, paul h. roubekas wrote: > I am a complete newbie to this list. > > I wanted to search the archive but found no such page. > > I have a requirement to convert all certs in a *.p12 file to a *.der file for use in the curl > command. > > The first hop to a *.pem file has all the certs. > > But the second hop only has one cert. The I read the docs but found nothing that looked even > close. > > Hop 1 > > openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password {redacted} > > Hop 2 > > openssl x509 -outform der -in ww_temp.pem -out ww_temp.der > > The Question) How do I get all the certs in the .der file? > > -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From aerowolf at gmail.com Fri May 22 07:41:53 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Fri, 22 May 2020 02:41:53 -0500 Subject: How to get all certs into a .der file. In-Reply-To: <87imgotsy1.wl-levitte@openssl.org> References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> <87imgotsy1.wl-levitte@openssl.org> Message-ID: There is a format that puts all DER certificates into a single DER-formatted structure. It is called PKIpath, and it's defined as `SEQUENCE OF Certificate`. The problem with it is that its order was standardized by X.509 2001 TC1 to begin with the root and continue to the leaf, which is backwards from how TLS present the certificate chain. (Java's JCA/JCE were specified before that corrigendum issued, and its PKIpath validation goes by the convention in use at the time to put the leaf certificate first, like pem-certificate-chain.) I don't have my computer open to get you the PKIX-WG RFCs which define it and specify the same order as the TC1, but if you're curious you can chase them down by looking up IANA's list of media types and searching for "application/pkix-pkipath". -Kyle H On Fri, May 22, 2020, 00:55 Richard Levitte wrote: > Generally speaking, OpenSSL hasn't exactly encouraged multiple objects > in one DER file. While it's theoretically possible to have several > objects in such a file file, there is code in OpenSSL where that's > simply not considered. For example, this snippet in the man-page > 'X509_LOOKUP_file' is quite clear: > > Functions X509_load_cert_file and X509_load_crl_file can load both PEM > and DER formats depending of type value. Because DER format cannot > contain more than one certificate or CRL object (while PEM can contain > several concatenated PEM objects) X509_load_cert_crl_file with > FILETYPE_ASN1 is equivalent to X509_load_cert_file. > > The functions described there are also used by functions like > X509_LOOKUP_load_file(). > > Note that this may change going forward, as OSSL_STORE is gradually > entering the scene, and does provide a bit better flexibility in this > regard. > (We have recently added an X509_LOOKUP variant that uses OSSL_STORE > for its object retrieval, see the section 'OSSL_STORE Method' in > doc/man3/X509_LOOKUP_hash_dir.pod in recent OpenSSL source, such as > the alpha releases) > > Cheers, > Richard > > On Fri, 22 May 2020 00:53:39 +0200, > paul h. roubekas wrote: > > I am a complete newbie to this list. > > > > I wanted to search the archive but found no such page. > > > > I have a requirement to convert all certs in a *.p12 file to a *.der > file for use in the curl > > command. > > > > The first hop to a *.pem file has all the certs. > > > > But the second hop only has one cert. The I read the docs but found > nothing that looked even > > close. > > > > Hop 1 > > > > openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password > {redacted} > > > > Hop 2 > > > > openssl x509 -outform der -in ww_temp.pem -out ww_temp.der > > > > The Question) How do I get all the certs in the .der file? > > > > > -- > Richard Levitte levitte at openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dnsands at sandia.gov Fri May 22 09:13:21 2020 From: dnsands at sandia.gov (Sands, Daniel) Date: Fri, 22 May 2020 09:13:21 +0000 Subject: [EXTERNAL] How to get all certs into a .der file. In-Reply-To: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> Message-ID: <54eb5038ad2f4d1cb549ede26863d739@ES08AMSNLNT.srn.sandia.gov> According to the documentation, cURL can use p12 files just fine. curl --cert bob.p12:bobspassword --cert-type p12 https://some.secure.site Or you can omit the password part and use -key mykey with your password in the mykey file, in order to hide the password from PS queries. From: openssl-users On Behalf Of paul h. roubekas Sent: Thursday, May 21, 2020 4:54 PM To: openssl-users at openssl.org Subject: [EXTERNAL] How to get all certs into a .der file. I am a complete newbie to this list. I wanted to search the archive but found no such page. I have a requirement to convert all certs in a *.p12 file to a *.der file for use in the curl command. The first hop to a *.pem file has all the certs. But the second hop only has one cert. The I read the docs but found nothing that looked even close. Hop 1 openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password {redacted} Hop 2 openssl x509 -outform der -in ww_temp.pem -out ww_temp.der The Question) How do I get all the certs in the .der file? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ca+ssl-users at esmtp.org Fri May 22 12:09:13 2020 From: ca+ssl-users at esmtp.org (Claus Assmann) Date: Fri, 22 May 2020 14:09:13 +0200 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200519104957.GB49472@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> Message-ID: <20200522120913.GA4411@kiel.esmtp.org> On Tue, May 19, 2020, Claus Assmann wrote: Here's another (confusing) note: the (failing) S8 trace log: > Sent Record > Header: > Version = TLS 1.2 (0x303) > Content Type = Handshake (22) ... > extensions, length = 12 > extension_type=supported_versions(43), length=2 > TLS 1.3 (772) > extension_type=key_share(51), length=2 > NamedGroup: secp256r1 (P-256) (23) If I enable SSL_CTX_set_ecdh_auto() in S8 (-DLTS_EC=2) (instead of using EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) then this changes to NamedGroup: ecdh_x25519 (29) and the handshake does not fail. That's somehow weird, because a different client uses secp256r1 too and that handshake (with S8) does not fail. Of course it would be nice if the TLS handshake provides a better error message for this case. Since I cannot change all the S8 servers out there, it seems I have to figure out what is wrong(?) in M1 for this case. From matt at openssl.org Fri May 22 12:30:36 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2020 13:30:36 +0100 Subject: How to debug a TLSv1.3 protocol problem? In-Reply-To: <20200522120913.GA4411@kiel.esmtp.org> References: <20200518165959.GA11129@kiel.esmtp.org> <20200518201531.GM68966@straasha.imrryr.org> <20200519104957.GB49472@kiel.esmtp.org> <20200522120913.GA4411@kiel.esmtp.org> Message-ID: On 22/05/2020 13:09, Claus Assmann wrote: > On Tue, May 19, 2020, Claus Assmann wrote: > > Here's another (confusing) note: the (failing) S8 trace log: > >> Sent Record >> Header: >> Version = TLS 1.2 (0x303) >> Content Type = Handshake (22) > ... >> extensions, length = 12 >> extension_type=supported_versions(43), length=2 >> TLS 1.3 (772) >> extension_type=key_share(51), length=2 >> NamedGroup: secp256r1 (P-256) (23) > > If I enable SSL_CTX_set_ecdh_auto() in S8 (-DLTS_EC=2) > (instead of using EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) > then this changes to > NamedGroup: ecdh_x25519 (29) > and the handshake does not fail. SSL_CTX_set_ecdh_auto() is a no-op in 1.1.1g: # define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) Its actually the default anyway - there is no need to call it. I assume you were you previously calling SSL_CTX_set_tmp_ecdh()? That would make more sense. Don't call SSL_CTX_set_tmp_ecdh(). That's a legacy function and probably isn't what you want to do. It sets precisely one supported ECDH group, rather than the list of supported groups that you get normally (which includes both X25519, P-256 and some others). > That's somehow weird, because a different client uses secp256r1 > too and that handshake (with S8) does not fail. > Of course it would be nice if the TLS handshake provides a > better error message for this case. > Since I cannot change all the S8 servers out there, it seems I have > to figure out what is wrong(?) in M1 for this case. TLSv1.3 clients select the (EC)DH group (aka curve) that they're going to offer. Your M1 client is offering X25519: extension_type=key_share(51), length=38 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): 3E7E05E66F3F978082E7445E0A6FA9C73F4F4C1E6423AA3FAB7B80C8E521F629 Your S8 server (before the change you just made) has been configured to not support X25519. Therefore the server forces a HelloRetryRequest - effectively telling the client to retry with P-256 this time. It is after this HRR that the client seems to go wrong. Following the change you just made the server suddenly supports both X25519 and P-256 and can accept the first ClientHello that the client offers. Therefore there is no need to send the HRR, and it seems that the client can complete the handshake successfully in that case. It suggests to me that the bug is still there, its just being avoided due to the lack of an HRR. Matt From levitte at openssl.org Fri May 22 17:37:18 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 22 May 2020 19:37:18 +0200 Subject: How to get all certs into a .der file. In-Reply-To: References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> <87imgotsy1.wl-levitte@openssl.org> Message-ID: <87d06vub01.wl-levitte@openssl.org> I'm pretty sure I can find it on my own. Not saying that I won't thankfully receive links to interesting information, mind you! That being said, there is currently no support (no deserializer) for PKIpath in OpenSSL. (BTW, since it's a SEQUENCE OF, the outermost object in such a DER file amounts to only one, even though it then contains a series of certificates, so that's not really part of the discussion here) Cheers, Richard On Fri, 22 May 2020 09:41:53 +0200, Kyle Hamilton wrote: > > There is a format that puts all DER certificates into a single DER-formatted structure.? It is > called PKIpath, and it's defined as `SEQUENCE OF Certificate`.? The problem with it is that its > order was standardized by X.509 2001 TC1 to begin with the root and continue to the leaf, which is > backwards from how TLS present the certificate chain.? (Java's JCA/JCE were specified before that > corrigendum issued, and its PKIpath validation goes by the convention in use at the time to put > the leaf certificate first, like pem-certificate-chain.) > > I don't have my computer open to get you the PKIX-WG RFCs which define it and specify the same > order as the TC1, but if you're curious you can chase them down by looking up IANA's list of media > types and searching for "application/pkix-pkipath". > > -Kyle H > > On Fri, May 22, 2020, 00:55 Richard Levitte wrote: > > Generally speaking, OpenSSL hasn't exactly encouraged multiple objects > in one DER file.? While it's theoretically possible to have several > objects in such a file file, there is code in OpenSSL where that's > simply not considered.? For example, this snippet in the man-page > 'X509_LOOKUP_file' is quite clear: > > ? ?Functions X509_load_cert_file and X509_load_crl_file can load both PEM > ? ?and DER formats depending of type value. Because DER format cannot > ? ?contain more than one certificate or CRL object (while PEM can contain > ? ?several concatenated PEM objects) X509_load_cert_crl_file with > ? ?FILETYPE_ASN1 is equivalent to X509_load_cert_file. > > The functions described there are also used by functions like > X509_LOOKUP_load_file(). > > Note that this may change going forward, as OSSL_STORE is gradually > entering the scene, and does provide a bit better flexibility in this > regard. > (We have recently added an X509_LOOKUP variant that uses OSSL_STORE > for its object retrieval, see the section 'OSSL_STORE Method' in > doc/man3/X509_LOOKUP_hash_dir.pod in recent OpenSSL source, such as > the alpha releases) > > Cheers, > Richard > > On Fri, 22 May 2020 00:53:39 +0200, > paul h. roubekas wrote: > > I am a complete newbie to this list. > > > > I wanted to search the archive but found no such page. > > > > I have a requirement to convert all certs in a *.p12 file to a *.der file for use in the > curl > > command. > > > > The first hop to a *.pem file has all the certs. > > > > But the second hop only has one cert.? The I read the docs but found nothing that looked > even > > close. > > > > Hop 1 > > > > openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem? -password {redacted} > > > > Hop 2 > > > > openssl x509 -outform der -in ww_temp.pem -out ww_temp.der > > > > The Question) How do I get all the certs in the .der file? > > > > > -- > Richard Levitte? ? ? ? ?levitte at openssl.org > OpenSSL Project? ? ? ? ?http://www.openssl.org/~levitte/ > > -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From openssl-users at dukhovni.org Fri May 22 18:57:03 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 22 May 2020 14:57:03 -0400 Subject: How to get all certs into a .der file. In-Reply-To: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> Message-ID: <20200522185703.GZ68966@straasha.imrryr.org> On Thu, May 21, 2020 at 06:53:39PM -0400, paul h. roubekas wrote: > I have a requirement to convert all certs in a *.p12 file to a *.der file > for use in the curl command. Perhaps I can crystalise some of the replies for you. The basic issue is that **DER is not a file format**, rather: * DER is binary encoding for a single data structure (object, a.k.a. PDU or Protocol Data Unit), generally used only for objects with a standardised ASN.1 schema. One can of course write a DER serialied data structure to a file, transmit it in network packet, ... But, what one can't do (in contrast with PEM) is just concatenate multiple DER objects together to get a meaningful multi-object store. For that, you need a standardised container structure that can be written in DER form, that *internally* holds multiple objects. Ideally, something less bletcherous than PKCS#12 (inflicted on humanity by some sadistic deity as punishment for ancestral sins). -- Viktor. From aerowolf at gmail.com Fri May 22 21:31:02 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Fri, 22 May 2020 16:31:02 -0500 Subject: How to get all certs into a .der file. In-Reply-To: <20200522185703.GZ68966@straasha.imrryr.org> References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> <20200522185703.GZ68966@straasha.imrryr.org> Message-ID: application/pkix-pkipath Defined in RFC4366 (section 8) and RFC6066 (section 10.1) PkiPath ::= SEQUENCE OF Certificate Within the sequence, the order of certificates is such that the subject of the first certificate is the issuer of the second certificate, etc. (It's also defined in ITU-T Recommendation X.509(2000) Corrigendum 1(2001) | ISI/IEC 9594-82001/Cor.1:2002, Technical Corrigendum 1 to ISO/IEC 9594:8:2001. However, the assignment of the application/pkix-pkipath identifier was done in RFC4366 anf RFC6066.) -Kyle H On Fri, May 22, 2020, 13:57 Viktor Dukhovni wrote: > On Thu, May 21, 2020 at 06:53:39PM -0400, paul h. roubekas wrote: > > > I have a requirement to convert all certs in a *.p12 file to a *.der file > > for use in the curl command. > > Perhaps I can crystalise some of the replies for you. The basic issue > is that **DER is not a file format**, rather: > > * DER is binary encoding for a single data structure (object, a.k.a. > PDU or Protocol Data Unit), generally used only for objects with a > standardised ASN.1 schema. > > One can of course write a DER serialied data structure to a file, > transmit it in network packet, ... > > But, what one can't do (in contrast with PEM) is just concatenate > multiple DER objects together to get a meaningful multi-object store. > For that, you need a standardised container structure that can be > written in DER form, that *internally* holds multiple objects. > > Ideally, something less bletcherous than PKCS#12 (inflicted on humanity > by some sadistic deity as punishment for ancestral sins). > > -- > Viktor. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Fri May 22 21:56:10 2020 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 22 May 2020 17:56:10 -0400 Subject: How to get all certs into a .der file. In-Reply-To: References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> <20200522185703.GZ68966@straasha.imrryr.org> Message-ID: <20200522215610.GA68966@straasha.imrryr.org> On Fri, May 22, 2020 at 04:31:02PM -0500, Kyle Hamilton wrote: > application/pkix-pkipath > Defined in RFC4366 (section 8) and RFC6066 (section 10.1) > > PkiPath ::= SEQUENCE OF Certificate > > Within the sequence, the order of certificates is such that the subject of > the first certificate is the issuer of the second certificate, etc. One can also use PKCS#7 (Microsft uses the .SPC file extension): $ openssl crl2pkcs7 -nocrl -certfile certs.pem -outform DER That's perhaps more likely to be what the OP wants, if indeed he wants a commonly used DER-form multi-cert (no keys) object: https://www.file-extensions.org/spc-file-extension-pkcs-7-certificate -- Viktor. From rsalz at akamai.com Fri May 22 22:48:17 2020 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 22 May 2020 22:48:17 +0000 Subject: How to get all certs into a .der file. In-Reply-To: References: <006f01d62fc2$abd237d0$0376a770$@roubekas.org> <20200522185703.GZ68966@straasha.imrryr.org> Message-ID: * application/pkix-pkipath * Defined in RFC4366 (section 8) and RFC6066 (section 10.1) I doubt that it is worth doing this. First, because OpenSSL doesn?t support it now, then CURL (what the original poster was talking about) can?t use it when using OpenSSL. Instead, as others have pointed out, they should use a text file that has a bunch of PEM blobs concatenated. Do we know any application that needs this? -------------- next part -------------- An HTML attachment was scrubbed... URL: From uri at ll.mit.edu Fri May 22 22:53:03 2020 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Fri, 22 May 2020 22:53:03 +0000 Subject: How to get all certs into a .der file. In-Reply-To: References: Message-ID: <5B3EAE2A-F659-4452-AB27-43EB6A527015@ll.mit.edu> As far as I know, CURL (app and library) is perfectly happy to use a text file comprised of concatenated PEM certificates. I really wonder if there?s a real use case. On May 22, 2020, at 18:49, Salz, Rich via openssl-users wrote: ? application/pkix-pkipath Defined in RFC4366 (section 8) and RFC6066 (section 10.1) I doubt that it is worth doing this. First, because OpenSSL doesn?t support it now, then CURL (what the original poster was talking about) can?t use it when using OpenSSL. Instead, as others have pointed out, they should use a text file that has a bunch of PEM blobs concatenated. Do we know any application that needs this? -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5874 bytes Desc: not available URL: From dlenski at gmail.com Sat May 23 20:08:21 2020 From: dlenski at gmail.com (Daniel Lenski) Date: Sat, 23 May 2020 13:08:21 -0700 Subject: checking for enable-weak-ssl-ciphers at runtime? Message-ID: Hi all, What I'm trying to figure out: what's the best way to check whether 3DES/RC4 support are available in the OpenSSL build we're using, so that we can give users a clearer explanation of why a connection to an ancient server fails? Background: I'm one of the developers of OpenConnect and recently I've been working on some tests and CI to ensure that we don't mysteriously break the ability to connect to old VPN servers with new TLS library versions (either OpenSSL or GnuTLS): https://gitlab.com/openconnect/openconnect/-/merge_requests/114 Obviously this isn't news to the OpenSSL developers, but 3DES is old, bad, insecure, and disabled by default as of OpenSSL 1.1.0 (https://www.openssl.org/blog/blog/2016/08/24/sweet32/). Unfortunately, there are still a good number of unpatched corporate VPN servers out there which can't do any better than TLS 1.0 with 3DES or RC4. They shouldn't be considered secure in any way, but many users still need to be able to connect to them and often can't get their IT departments to update them. When OpenConnect is explicitly requested to connect to an ancient server, what I am currently trying to do is SSL_CTX_set_cipher_list(ctx, "DEFAULT:+3DES:+RC4"). However, this fails silently on subsequent connection if 3DES/RC4 support isn't available. Other than looping through all of the ciphers with SSL_get_ciphers() right after this? is there a better way to check for 3DES/RC4 support right at startup, so we can give immediate feedback that connecting to such a server cannot succeed? Thanks, Dan Lenski From dlenski at gmail.com Sat May 23 23:23:56 2020 From: dlenski at gmail.com (Daniel Lenski) Date: Sat, 23 May 2020 16:23:56 -0700 Subject: checking for enable-weak-ssl-ciphers at runtime? In-Reply-To: References: Message-ID: > Other than looping through all of the ciphers with SSL_get_ciphers() > right after this? is there a better way to check for 3DES/RC4 support > right at startup, so we can give immediate feedback that connecting to > such a server cannot succeed? It was suggested that I should try EVP_get_ciphername(). I tested both EVP_get_cipherbyname("DES-EDE3-CBC") == NULL, and EVP_des_ede3_cbc() == NULL, but unfortunately both of those APIs appear insensitive to whether or not 3DES is actually supported by the library. Is there another approach to check for 3DES support before actually creating an SSL_CTX? On Sat, May 23, 2020 at 1:08 PM Daniel Lenski wrote: > > Hi all, > > What I'm trying to figure out: what's the best way to check whether > 3DES/RC4 support are available in the OpenSSL build we're using, so > that we can give users a clearer explanation of why a connection to an > ancient server fails? > > Background: > > I'm one of the developers of OpenConnect and recently I've been > working on some tests and CI to ensure that we don't mysteriously > break the ability to connect to old VPN servers with new TLS library > versions (either OpenSSL or GnuTLS): > https://gitlab.com/openconnect/openconnect/-/merge_requests/114 > > Obviously this isn't news to the OpenSSL developers, but 3DES is old, > bad, insecure, and disabled by default as of OpenSSL 1.1.0 > (https://www.openssl.org/blog/blog/2016/08/24/sweet32/). > > Unfortunately, there are still a good number of unpatched corporate > VPN servers out there which can't do any better than TLS 1.0 with 3DES > or RC4. They shouldn't be considered secure in any way, but many users > still need to be able to connect to them and often can't get their IT > departments to update them. > > When OpenConnect is explicitly requested to connect to an ancient > server, what I am currently trying to do is > SSL_CTX_set_cipher_list(ctx, "DEFAULT:+3DES:+RC4"). However, this > fails silently on subsequent connection if 3DES/RC4 support isn't > available. > > Other than looping through all of the ciphers with SSL_get_ciphers() > right after this? is there a better way to check for 3DES/RC4 support > right at startup, so we can give immediate feedback that connecting to > such a server cannot succeed? > > Thanks, > Dan Lenski From openssl at eckner.net Sun May 24 09:58:42 2020 From: openssl at eckner.net (Erich Eckner) Date: Sun, 24 May 2020 11:58:42 +0200 (CEST) Subject: distributed secret key Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, we're looking into setting up a CA with openssl, but we would like to distribute the secret key amongst multiple persons. We're aware of Shamir's secret sharing algorithm, but we'd like to know if there is some algorithm supported by openssl, that fulfills the following requirements (2 and 3 are not fulfilled by Shamir's algorithm): 1. Secret key shared amongst N persons, M Hi, I am working with an application that uses OpenSSL version 1.0.2h, Where application need to be certified and code signing by Microsoft Secure boot compatibility(UEFI). These openssl libraries ssleay32.lib and libeay32.lib also need to be certified. Can we send these openssl libraries for certification to Microsoft directly? or Do we have any Openssl binaries which are certified and code signed by Microsoft?. Thanks Suresh kotte -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From mcr at sandelman.ca Sun May 24 16:20:11 2020 From: mcr at sandelman.ca (Michael Richardson) Date: Sun, 24 May 2020 12:20:11 -0400 Subject: distributed secret key In-Reply-To: References: Message-ID: <10773.1590337211@localhost> Erich Eckner wrote: > we're looking into setting up a CA with openssl, but we would like to > distribute the secret key amongst multiple persons. We're aware of > Shamir's secret sharing algorithm, but we'd like to know if there is some > algorithm supported by openssl, that fulfills the following requirements > (2 and 3 are not fulfilled by Shamir's algorithm): > 1. Secret key shared amongst N persons, M the key. > 2. No secret material (or parts thereof) needs to be sent around, > preferably not even during creation of the key. So you want to split a secret, but then not send anything to anyone? I don't really understand this at all. I don't think it's physically possible. Maybe you could restate your requirement in another way. > 3. Secret key will not be assembled from the shares for the acutal > operation. E.g. each share operates independently, and the intermediate > result is sent around, after M keyparts operated on it, the signature is > complete and can be used. I guess you want a system where the shares can be added after "exponentiation" rather than before. > If this is not supported by openssl, we're also open for suggestions of > other (open source, free-to-use) software, that can achieve this and > creates standard X.509 certificates (not sure if I termed that correctly). I believe that Phillip Hallam-Baker's Threshold Modes in Elliptic Curves draft-hallambaker-threshold-02 may fullfil your needs. It might even satisfy (2), but I'm not sure it satisfies (1). It may be that you don't need to satisfy (1). I know that Phil has running code, but I don't think it's based upon openssl. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 487 bytes Desc: not available URL: From aerowolf at gmail.com Sun May 24 16:29:01 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Sun, 24 May 2020 11:29:01 -0500 Subject: distributed secret key In-Reply-To: References: Message-ID: There are two ways to handle multiple authorizations needed: 1) Secret data is shared across multiple locations/holders, or 2) Secret data is stored in a trusted system which itself requires multiple authorizations. You could perhaps put together multiple trusted systems, each of which has a share of the secret data, and then have single authorizations for each of those multiple systems. But that that point, you're opening up a huge can of logistical worms that you seriously need to examine through the lens of a threat model evaluation, particularly against potentially rogue system administrators and backup operators. There is no possible way to have a distributed secret key without distributing secret data across multiple entities/systems, though. Whether those entities are in the custody of those who possess the authority to use them is unimportant, but if they are not then your threat model must include attacks by those whose custody those entities/systems are actually in. (Multiple encrypted containers/home directories for those shares might work on the same system, but you still need to "send the secret data around" to each of them.) In any case, I am unaware of any existing system which meets your requirement 3. Admittedly, I haven't specifically searched for such. -Kyle H On Sun, May 24, 2020, 05:04 Erich Eckner wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi, > > we're looking into setting up a CA with openssl, but we would like to > distribute the secret key amongst multiple persons. We're aware of > Shamir's secret sharing algorithm, but we'd like to know if there is some > algorithm supported by openssl, that fulfills the following requirements > (2 and 3 are not fulfilled by Shamir's algorithm): > > 1. Secret key shared amongst N persons, M the key. > > 2. No secret material (or parts thereof) needs to be sent around, > preferably not even during creation of the key. > > 3. Secret key will not be assembled from the shares for the acutal > operation. E.g. each share operates independently, and the intermediate > result is sent around, after M keyparts operated on it, the signature is > complete and can be used. > > If this is not supported by openssl, we're also open for suggestions of > other (open source, free-to-use) software, that can achieve this and > creates standard X.509 certificates (not sure if I termed that correctly). > > Thank you in advance! > > Regards, > Erich > > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7KRVMACgkQCu7JB1Xa > e1rhyBAAvzJUrwcyRLpdme/mWsF/ftuA8nqv/ccw4be9Q1Y/S72MU/7UhKW2dBE0 > jp2tBV4zq5D3i37ElCy+Mco97cCQ+Ikg3pOtYaMYkK0hoybBlyX6onX0Y7jQhP2W > N2v07HaN5RxtunxJgh7wUkWMy5arigKY9e645vJh5c8Ii5pwBb8QMwwMUJfb/1Hv > 5yrF4x8la3lmqQSsAwkj0FFhAAmh+Xe/v4D+uoEzmTHY7vi9hGJsAAYNmJkwsIAb > M/lK43wZRAXVbotFOVrud10wchBOSUtY0w6T5apmNJ/ArA61EbuFVtUUjjBYiv87 > oVxr+3pydjJLDW4WczcKLKQdNbhGPhmmz4DDHxvhLXSTrtFAPUm4Qb3VeM1AO0it > Gs943eoBkUrga6813sBmulbtM3fnfDbJro0/ZqQnh4/vRKQUy6LvMj2W/M/8Fn1C > M8um53J35/BAakZhOHaNvDrVty4bEJ0y1fNs7JNNpQfB+WjL8C04g2uExNJmAKgG > 0dmZxDNGrPLKrltz+R39j0gbA4P1hnYkcgAYFcGho0z468IV5sgleHN3FhAp1qr5 > /TAuD2rwuPxT9wXf726n09iYJpq6jVhpBuF74mBNbyDdTzeeJtVq9mqngmhWqOCw > KJcTXIhIem2wTA2yfhzf1PNK58hU55/lB36TnRryapp1rXLu1uU= > =+60v > -----END PGP SIGNATURE----- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Sun May 24 16:54:04 2020 From: rsalz at akamai.com (Salz, Rich) Date: Sun, 24 May 2020 16:54:04 +0000 Subject: distributed secret key In-Reply-To: References: Message-ID: * In any case, I am unaware of any existing system which meets your requirement 3. Admittedly, I haven't specifically searched for such. CertCo (now defunct, don?t know who has the intellectual property) had a patent that did ALL of the things. RSA keygen, split the key, each key signs the data, looks like an RSA signature, then when enough have been done, combine them and it matches the original pre-split public key. That, and the followon patents, are cool. Don?t know if they?re expired or not. To answer the main question: OpenSSL doesn?t do anything remotely in this area. The closest is multi-prime RSA. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aerowolf at gmail.com Sun May 24 19:59:26 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Sun, 24 May 2020 14:59:26 -0500 Subject: distributed secret key In-Reply-To: References: Message-ID: >From glancing at the abstract, https://patents.google.com/patent/US5799086 looks like it might be the one? It also says that it is expired, expiration having been anticipated on 2014-01-13. -Kyle H On Sun, May 24, 2020, 11:54 Salz, Rich wrote: > > - In any case, I am unaware of any existing system which meets your > requirement 3. Admittedly, I haven't specifically searched for such. > > > > CertCo (now defunct, don?t know who has the intellectual property) had a > patent that did ALL of the things. RSA keygen, split the key, each key > signs the data, looks like an RSA signature, then when enough have been > done, combine them and it matches the original pre-split public key. That, > and the followon patents, are cool. Don?t know if they?re expired or not. > > > > To answer the main question: OpenSSL doesn?t do anything remotely in this > area. The closest is multi-prime RSA. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aerowolf at gmail.com Sun May 24 20:05:14 2020 From: aerowolf at gmail.com (Kyle Hamilton) Date: Sun, 24 May 2020 15:05:14 -0500 Subject: distributed secret key In-Reply-To: References: Message-ID: Actually, I was wrong about the prior one. https://patents.google.com/patent/US6411716 looks like it has a distributed CA function with multi-step, multi-fragment signatures. (This looks fascinating, and I'm going to study it over the weekend -- still in a lockdown, so no real Memorial Day party for me.) -Kyle H On Sun, May 24, 2020, 14:59 Kyle Hamilton wrote: > From glancing at the abstract, https://patents.google.com/patent/US5799086 > looks like it might be the one? It also says that it is expired, > expiration having been anticipated on 2014-01-13. > > -Kyle H > > On Sun, May 24, 2020, 11:54 Salz, Rich wrote: > >> >> - In any case, I am unaware of any existing system which meets your >> requirement 3. Admittedly, I haven't specifically searched for such. >> >> >> >> CertCo (now defunct, don?t know who has the intellectual property) had a >> patent that did ALL of the things. RSA keygen, split the key, each key >> signs the data, looks like an RSA signature, then when enough have been >> done, combine them and it matches the original pre-split public key. That, >> and the followon patents, are cool. Don?t know if they?re expired or not. >> >> >> >> To answer the main question: OpenSSL doesn?t do anything remotely in this >> area. The closest is multi-prime RSA. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at eckner.net Sun May 24 20:16:55 2020 From: openssl at eckner.net (Erich Eckner) Date: Sun, 24 May 2020 22:16:55 +0200 (CEST) Subject: distributed secret key In-Reply-To: References: <10773.1590337211@localhost> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Phillip, On Sun, 24 May 2020, Phillip Hallam-Baker wrote: > > In short, yes, I have stuff that works for this and I think it would be > particularly useful for code signing and for inside CAs. But it does need > some additional work to apply it to that application. this sounds promising. :-) > > > I do indeed have running code but not (necessarily) for this particular > variant (yet). > > What I have right now is a scheme that allows > > 1)? An existing secret key to be split into (n,t) shares where the threshold > t < number of shares. I suppose, this includes also the part to use/reconstruct the secret key? May I ask, what we need to do to sign something with the splitted key? > > 2) A group of people who each have a secret to jointly create a composite > key with n shares and a threshold of n[*]. Is this a typo or is here really t=n? I'm asking, because we're actually more concerned about redundancy (t1) - though we do prefer a distributed key (e.g. t>1), if that is feasible. > > These are currently specified for Ed448 or Ed25519 but conversion to the > NIST curves is straightforward? This might be a stupid question, but: Are there any restrictions imposed, what algorithms are allowed to be used by a (root) CA? Or is this mainly a matter of "taste"? > > I do not currently have a version that supports t people coming together > with a set of Shamir secret parameters and jointly creating n Shamir secret > parameters. There is a proposal (FROST) to do that but the authors are not > ready for it to be used. Ok, so we will probably say good bye to the separately-created-key approach and split a given secret key which we will afterwards securely erase (and only keep the parts). > > > [*] The particular concern here is that it is necessary to defeat a > malicious contribution attack in which Alice Bob and Mallet jointly create a > key but Mallet goes last and instead of contributing to the shared secret, > he instead generates a new key pair and calculates the public value that > will trick Alice and Bob into accepting his as the valid one. Whether this > attack is relevant or not depends on your intended protocol.? > > For example, lets say Alice and Bob's key pairs are {a.P, a}, {b.P, b}. > Mallet is supposed to contribute m.P from {m.P, m} and the composite key > will be {x.P, x} where x = a+b+m. > > Instead Mallet contributes (z-a-b).P which he can calculate by generating z > and calculating z.P-a.P-B.P so the composite key x = a+b+m = a+b+z-a-b = z. > So Mallet knows the secret key and only Mallet can use it. > > > For the set of applications I care about, this attack is not actually that > important because while Mallet knows the secret key, he is the only person > who does. And so he won't be able to respond to any composite signature > request with a valid answer.? But he can still sign anything he wants, right? Or does he never see the csr, but only the "preprocessed" csr, so he cannot sign it? > > So for PKIX type applications, this is self defeating as only Mallet can > generate the CSR. Why would they want to create CSRs? In our case, this is intended to be the Root CA. Regards, Erich > > > On Sun, May 24, 2020 at 12:20 PM Michael Richardson > wrote: > > Erich Eckner wrote: > ? ? > we're looking into setting up a CA with openssl, but we > would like to > ? ? > distribute the secret key amongst multiple persons. We're > aware of > ? ? > Shamir's secret sharing algorithm, but we'd like to know > if there is some > ? ? > algorithm supported by openssl, that fulfills the > following requirements > ? ? > (2 and 3 are not fulfilled by Shamir's algorithm): > > ? ? > 1. Secret key shared amongst N persons, M sufficient for using > ? ? > the key. > > ? ? > 2. No secret material (or parts thereof) needs to be sent > around, > ? ? > preferably not even during creation of the key. > > So you want to split a secret, but then not send anything to > anyone? > I don't really understand this at all.? I don't think it's > physically > possible.? Maybe you could restate your requirement in another > way. > > ? ? > 3. Secret key will not be assembled from the shares for > the acutal > ? ? > operation. E.g. each share operates independently, and the > intermediate > ? ? > result is sent around, after M keyparts operated on it, > the signature is > ? ? > complete and can be used. > > I guess you want a system where the shares can be added after > "exponentiation" rather than before. > > ? ? > If this is not supported by openssl, we're also open for > suggestions of > ? ? > other (open source, free-to-use) software, that can > achieve this and > ? ? > creates standard X.509 certificates (not sure if I termed > that correctly). > > I believe that Phillip Hallam-Baker's > ? ? ? ? ? ? ? ? ? ?Threshold Modes in Elliptic Curves > ? ? ? ? ? ? ? ? ? ? ?draft-hallambaker-threshold-02 > > may fullfil your needs.? It might even satisfy (2), but I'm not > sure it > satisfies (1).? It may be that you don't need to satisfy (1). > > I know that Phil has running code, but I don't think it's based > upon openssl. > > -- > ]? ? ? ? ? ? ? ?Never tell me the odds!? ? ? ? ? ? ? ? ?| ipv6 > mesh networks [ > ]? ?Michael Richardson, Sandelman Software Works? ? ? ? |? ? IoT > architect? ?[ > ]? ? ?mcr at sandelman.ca? http://www.sandelman.ca/? ? ? ? |? ?ruby > on rails? ? [ > > > > -- > Website: http://hallambaker.com/ > > -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7K1jkACgkQCu7JB1Xa e1qTFw//fpz+GzA9C/JZ14LjNuhbi6mVtGwUAxEugFuStpeMASIgqtXT2Lje7o+Z RUAliQ3UGaOllK0yssmv73SA3ZCs/Wm4CZ+bdIsLxkKDxpJOv80sM8A6dS62/nBK zaqftxj9Aj7DUa9mZ4Vu4JdGwdNADU0czHRxbVH1ljsJYFdTYNdTnEuOk5vO5u+5 5JDcd/dxisav/Ivv1mw101UQyrQZ0lR9TZXgdOPw8sanViSEjAp/lJM7jutjH8Rm mWqtIvds+DS50u1mh/Y/fG3Q7tVNrqOoT2m6heY2l1Ve4gVpfQYiIEFNQqaQ9zF2 OKWuiwmq7Drc5vuiIEuIjMER2VhbFdSqsJmPWyQgmnXiNDLxFIYirs1+7bb5yCbE OwGPqTS8goCPVRMwyhxnHQkxvD42uz9L6A1cxhVnZEy1RSfnMIC+ttVKsMTbifzv YVo8tNoEraQfXdu07d/ulJscKZHhFp6z5nP7rm3OIUyGObZJQyaiAnHRtYqI4KL5 ZhGh9X0gFXl04ZF63ypc5F54WL8qEAuxm8rJpVO4XbSoaX9AwEnNoP400fajYUwI UmO78qLyXSdHvMEfFdLAZubmcP3jeG5TL+ffTmJUJw60glnkb4JtOnoBNopGm8ej N4FbncsltkGfG8W58rEqkLz+Y4dxF9RrsE+WzBBg0YR9wX9Bkg8= =ntAn -----END PGP SIGNATURE----- From Michael.Wojcik at microfocus.com Sun May 24 20:49:46 2020 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sun, 24 May 2020 20:49:46 +0000 Subject: checking for enable-weak-ssl-ciphers at runtime? In-Reply-To: References: Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of > Daniel Lenski > Sent: Saturday, May 23, 2020 17:24 > > > Other than looping through all of the ciphers with SSL_get_ciphers() > > right after this? is there a better way to check for 3DES/RC4 support > > right at startup, so we can give immediate feedback that connecting to > > such a server cannot succeed? > > It was suggested that I should try EVP_get_ciphername(). > > I tested both EVP_get_cipherbyname("DES-EDE3-CBC") == NULL, and > EVP_des_ede3_cbc() == NULL, but unfortunately both of those APIs > appear insensitive to whether or not 3DES is actually supported by the > library. > > Is there another approach to check for 3DES support before actually > creating an SSL_CTX? Actually trying to encrypt something using 3DES and the EVP API? Maybe it would even fail on EVP_CipherInit. It's been a while since I used that, but something like: static const unsigned char dummy[192] = {1}; unsigned char dummy_out[8]; int outlen = 0; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); int tdes_enabled = EVP_CipherInit(ctx, EVP_des_ede3_cbc(), dummy, dummy) && EVP_EncryptUpdate(ctx, dummy_out, &outlen, dummy, 1) && EVP_EncryptFinal(ctx, dummy_out, &outlen); EVP_CIPHER_CTX_free(ctx); Untested. -- Michael Wojcik Distinguished Engineer, Micro Focus From matt at openssl.org Sun May 24 21:48:41 2020 From: matt at openssl.org (Matt Caswell) Date: Sun, 24 May 2020 22:48:41 +0100 Subject: checking for enable-weak-ssl-ciphers at runtime? In-Reply-To: References: Message-ID: <6256a909-93b9-85f7-acae-0099454efc41@openssl.org> On 23/05/2020 21:08, Daniel Lenski wrote: > When OpenConnect is explicitly requested to connect to an ancient > server, what I am currently trying to do is > SSL_CTX_set_cipher_list(ctx, "DEFAULT:+3DES:+RC4"). However, this > fails silently on subsequent connection if 3DES/RC4 support isn't > available. As long as at least one cipher is successfully set then this command will succeed. By setting "DEFAULT" you're getting all the ciphersuites in the default list and hence the command succeeds. If you want to test if you have any 3DES ciphersuites available then you can try this: SSL_CTX_set_cipher_list(ctx, "3DES") This will succeed if at least one 3DES cipersuite is available, and fail otherwise. Or you could do: SSL_CTX_set_cipher_list(ctx, "3DES:RC4") Which will succeed if there is at least one ciphersuite based on 3DES or RC4 available, and fail otherwise. > It was suggested that I should try EVP_get_ciphername(). The ciphers available via the EVP API are only indirectly related to the ciphersuites available in libssl. If there are no 3DES based ciphers available via EVP then there won't be any libssl 3DES based ciphersuites. But the reverse is not true, i.e. 3DES may not be available in libssl, but it is via EVP. So this is not a great test for your purposes. Matt From arne at cyber.ee Mon May 25 06:03:09 2020 From: arne at cyber.ee (Arne Ansper) Date: Mon, 25 May 2020 09:03:09 +0300 (FLE Daylight Time) Subject: distributed secret key In-Reply-To: References: Message-ID: It probably doesn't help you, because it requires complex deployment and is not open-source, but I thought that it might be interesting to know that there is a multi-prime RSA based technology that is actively used in practice. It is used for mobile authentication and digital signatures and has ~2.7M active users. Keys are generated in a distributed manner and no secrets are shared between the parties during the process. Signature creation is also an interactive process that implements several additional protection measures to pass the Common Criteria evaluation at EAL4+ level. In EU this technology can be used to create qualified digital signatures. There is a whitepaper available at https://cyber.ee/products/digital-identity/materials/splitkey-whitepaper.pdf Arne From logout at free.fr Mon May 25 11:20:28 2020 From: logout at free.fr (Emmanuel Deloget) Date: Mon, 25 May 2020 13:20:28 +0200 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions Message-ID: Hello everybody, I'm pretty sure this has already been discussed somewhere but grepping through the whole openssl-user list does not gave me the answer I'm searching for, so here am I. In my development I'm using a idiom that's not as widely used as I thought (as I get it after multiple days of searching out there). In order to securely distribute a binary, I encrypt it using an AES key and the AES key itself is encrypted using a /private/ RSA key I own. Only owners of the /public/ key (which, as it is a publilc key, may leak) can decrypt the AES key, and therefore the binary. The reason why I do this is that I cannot encrypt using the recipient public key because I don't know how many different recipient I have when I generate the encrypted binary ; and generate the binary on request is not feasible. With this idiom, recipient can check that I crypted the binary, and the binary itself cannot be decrypted unless you're a recipient (i.e. you have the public key). This has worked well for a few years. Of course, in order to do this I rely on RSA_private_encrypt() and RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() cannot be used(*). So, after that long introduction, here is my question : is there any OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private key and decrypt using a public key? While I fully understand the need to streamline the library interface and to remove the low-level RSA functions, it seems to me that not allowing this is going to be problematic for those who, like me, rely on public key decryption in their process. I also fully understand that it's not the prefered way to do it but I (and some others, I guess) deal with a use case which is not ideal here, and the possibility to use asymetric crypto in this way really saves me. Best regards, -- Emmanuel Deloget (*) tests on OpenSSL 1.0.2 (Ubuntu 16.04) and OpenSSL 1.1.1c (Ubuntu 19.04) shows that it segfaults in EVP_PKEY_decrypt() when feeded with a public key. In OpenSSL 3.0, EVP_PKEY_decrypt() does not appear to be able to decrypt using a RSA public key (it calls RSA_private_decrypt() internally, via rsa_decrypt()). From tmraz at redhat.com Mon May 25 12:12:09 2020 From: tmraz at redhat.com (Tomas Mraz) Date: Mon, 25 May 2020 14:12:09 +0200 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: References: Message-ID: On Mon, 2020-05-25 at 13:20 +0200, Emmanuel Deloget wrote: > Hello everybody, > > I'm pretty sure this has already been discussed somewhere but > grepping > through the whole openssl-user list does not gave me the answer I'm > searching for, so here am I. > > In my development I'm using a idiom that's not as widely used as I > thought (as I get it after multiple days of searching out there). In > order to securely distribute a binary, I encrypt it using an AES key > and the AES key itself is encrypted using a /private/ RSA key I own. > Only owners of the /public/ key (which, as it is a publilc key, may > leak) can decrypt the AES key, and therefore the binary. The reason > why I do this is that I cannot encrypt using the recipient public key > because I don't know how many different recipient I have when I > generate the encrypted binary ; and generate the binary on request is > not feasible. > > With this idiom, recipient can check that I crypted the binary, and > the binary itself cannot be decrypted unless you're a recipient (i.e. > you have the public key). This has worked well for a few years. > > Of course, in order to do this I rely on RSA_private_encrypt() and > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > cannot be used(*). > > So, after that long introduction, here is my question : is there any > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > key and decrypt using a public key? > > While I fully understand the need to streamline the library interface > and to remove the low-level RSA functions, it seems to me that not > allowing this is going to be problematic for those who, like me, rely > on public key decryption in their process. I also fully understand > that it's not the prefered way to do it but I (and some others, I > guess) deal with a use case which is not ideal here, and the > possibility to use asymetric crypto in this way really saves me. > > Best regards, > > -- Emmanuel Deloget > > (*) tests on OpenSSL 1.0.2 (Ubuntu 16.04) and OpenSSL 1.1.1c (Ubuntu > 19.04) shows that it segfaults in EVP_PKEY_decrypt() when feeded with > a public key. In OpenSSL 3.0, EVP_PKEY_decrypt() does not appear to > be > able to decrypt using a RSA public key (it calls > RSA_private_decrypt() > internally, via rsa_decrypt()). The proper protocol would be to just sign the binary by your private RSA key and encrypt it with a symmetric key, that you directly pre- distribute to your recipients via the same channel that you now use to distribute your public RSA key. It would have practically the same properties and would not use the RSA private encryption directly. -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From paul.dale at oracle.com Mon May 25 12:20:56 2020 From: paul.dale at oracle.com (Dr Paul Dale) Date: Mon, 25 May 2020 22:20:56 +1000 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: References: Message-ID: <566300F4-9CAA-4350-A465-44A55DC67359@oracle.com> I?ll note that encryption is _not_ an integrity check. Depending on how the AES encryption is done, this could be a significant hole. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 25 May 2020, at 10:12 pm, Tomas Mraz wrote: > > On Mon, 2020-05-25 at 13:20 +0200, Emmanuel Deloget wrote: >> Hello everybody, >> >> I'm pretty sure this has already been discussed somewhere but >> grepping >> through the whole openssl-user list does not gave me the answer I'm >> searching for, so here am I. >> >> In my development I'm using a idiom that's not as widely used as I >> thought (as I get it after multiple days of searching out there). In >> order to securely distribute a binary, I encrypt it using an AES key >> and the AES key itself is encrypted using a /private/ RSA key I own. >> Only owners of the /public/ key (which, as it is a publilc key, may >> leak) can decrypt the AES key, and therefore the binary. The reason >> why I do this is that I cannot encrypt using the recipient public key >> because I don't know how many different recipient I have when I >> generate the encrypted binary ; and generate the binary on request is >> not feasible. >> >> With this idiom, recipient can check that I crypted the binary, and >> the binary itself cannot be decrypted unless you're a recipient (i.e. >> you have the public key). This has worked well for a few years. >> >> Of course, in order to do this I rely on RSA_private_encrypt() and >> RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() >> cannot be used(*). >> >> So, after that long introduction, here is my question : is there any >> OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private >> key and decrypt using a public key? >> >> While I fully understand the need to streamline the library interface >> and to remove the low-level RSA functions, it seems to me that not >> allowing this is going to be problematic for those who, like me, rely >> on public key decryption in their process. I also fully understand >> that it's not the prefered way to do it but I (and some others, I >> guess) deal with a use case which is not ideal here, and the >> possibility to use asymetric crypto in this way really saves me. >> >> Best regards, >> >> -- Emmanuel Deloget >> >> (*) tests on OpenSSL 1.0.2 (Ubuntu 16.04) and OpenSSL 1.1.1c (Ubuntu >> 19.04) shows that it segfaults in EVP_PKEY_decrypt() when feeded with >> a public key. In OpenSSL 3.0, EVP_PKEY_decrypt() does not appear to >> be >> able to decrypt using a RSA public key (it calls >> RSA_private_decrypt() >> internally, via rsa_decrypt()). > > The proper protocol would be to just sign the binary by your private > RSA key and encrypt it with a symmetric key, that you directly pre- > distribute to your recipients via the same channel that you now use to > distribute your public RSA key. > > It would have practically the same properties and would not use the RSA > private encryption directly. > > > -- > Tom?? Mr?z > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > From Matthias.St.Pierre at ncp-e.com Mon May 25 12:34:41 2020 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Mon, 25 May 2020 12:34:41 +0000 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: References: Message-ID: > The proper protocol would be to just sign the binary by your private > RSA key and encrypt it with a symmetric key, that you directly pre- > distribute to your recipients via the same channel that you now use to > distribute your public RSA key. I agree with Tom??, just would like to emphasize that the order of operation matters: It should be encrypt-then-sign, not vice versa. This ensures that the recipient can check the integrity of the binary before attempting to decrypt it. Matthias From levitte at openssl.org Mon May 25 16:14:38 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 25 May 2020 18:14:38 +0200 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: References: Message-ID: <878shgt2j5.wl-levitte@openssl.org> On Mon, 25 May 2020 13:20:28 +0200, Emmanuel Deloget wrote: > In my development I'm using a idiom that's not as widely used as I > thought (as I get it after multiple days of searching out there). In > order to securely distribute a binary, I encrypt it using an AES key > and the AES key itself is encrypted using a /private/ RSA key I own. That's a perfectly viable thing to do, and is usually called "signing", and what you're signing here is the AES key. > Only owners of the /public/ key (which, as it is a publilc key, may > leak) can decrypt the AES key, and therefore the binary. Which is usually called "verifying the signature". This looks like object signing to me. > Of course, in order to do this I rely on RSA_private_encrypt() and > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > cannot be used(*). EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to use. However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover() (if I read you correctly, that's the function you need, rather than a mere EVP_PKEY_verify()). > So, after that long introduction, here is my question : is there any > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > key and decrypt using a public key? Yes, see above. Those functions have been around for a while, I think you can start playing with them in any current OpenSSL version. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From dlenski at gmail.com Tue May 26 06:23:01 2020 From: dlenski at gmail.com (Daniel Lenski) Date: Mon, 25 May 2020 23:23:01 -0700 Subject: checking for enable-weak-ssl-ciphers at runtime? In-Reply-To: <6256a909-93b9-85f7-acae-0099454efc41@openssl.org> References: <6256a909-93b9-85f7-acae-0099454efc41@openssl.org> Message-ID: Aha, thanks Matt. The code I resorted to using does SSL_CTX_new(), SSL_new(), SSL_CTX_set_cipher_list(), and then iterates through SSL_get1_supported_ciphers() looking for anything with 3DES/RC4. So it seems I can simplify that down to just SSL_CTX_new() and SSL_CTX_set_cipher_list(). I know that supporting obsolete, insecure crypto isn't a high priority for OpenSSL (though unfortunately a necessary one for OpenConnect), but it does seem that having a simple general-purpose API for checking "is this cipher(suite) known and can we actually use it?" would be a desirable feature. This particular case was a bit frustrating to me because with OpenSSL 1.0.x, there is a much simpler way to check if particular ciphers can be instantiated with the SSL_METHOD API exposed? /* XX: Based on my reading of the SSL_METHOD API * ( https://github.com/openssl/openssl/blob/5a5530a29abcf5d7ab7194d73b3807d568b06cbd/ssl/ssl_local.h ) * and the constants in the ssl3.h header * ( https://github.com/openssl/openssl/blob/master/include/openssl/ssl3.h#L45-L50 ), * as well as the way that the 3DES/RC4 ciphers do or don't get compiled in * (https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c#L166-L182) * * This is the most reasonable way to figure out whether the library can * actually instantiate a cipher. The other would be to iterate through * the ciphers (using m->num_ciphers() and m->get_cipher(num)) and * compare them by name. */ int can_enable_insecure_crypto() { const SSL_METHOD *m = SSLv23_client_method(); unsigned char ch_SSL3_CK_RSA_DES_192_CBC3_SHA[2] = { 0x00, 0x0a }; unsigned char ch_SSL3_CK_RSA_RC4_128_SHA[2] = { 0x00, 0x05 }; if (!m) return -ENOMEM; /* XX: static, should never happen */ if (m->get_cipher_by_char(ch_SSL3_CK_RSA_DES_192_CBC3_SHA) && m->get_cipher_by_char(ch_SSL3_CK_RSA_RC4_128_SHA)) return 0; return -ENOENT; } On Sun, May 24, 2020 at 2:49 PM Matt Caswell wrote: > > > On 23/05/2020 21:08, Daniel Lenski wrote: > > When OpenConnect is explicitly requested to connect to an ancient > > server, what I am currently trying to do is > > SSL_CTX_set_cipher_list(ctx, "DEFAULT:+3DES:+RC4"). However, this > > fails silently on subsequent connection if 3DES/RC4 support isn't > > available. > > As long as at least one cipher is successfully set then this command > will succeed. By setting "DEFAULT" you're getting all the ciphersuites > in the default list and hence the command succeeds. If you want to test > if you have any 3DES ciphersuites available then you can try this: > > SSL_CTX_set_cipher_list(ctx, "3DES") > > This will succeed if at least one 3DES cipersuite is available, and fail > otherwise. Or you could do: > > SSL_CTX_set_cipher_list(ctx, "3DES:RC4") > > Which will succeed if there is at least one ciphersuite based on 3DES or > RC4 available, and fail otherwise. > > > > It was suggested that I should try EVP_get_ciphername(). > > > The ciphers available via the EVP API are only indirectly related to the > ciphersuites available in libssl. If there are no 3DES based ciphers > available via EVP then there won't be any libssl 3DES based > ciphersuites. But the reverse is not true, i.e. 3DES may not be > available in libssl, but it is via EVP. So this is not a great test for > your purposes. > > Matt > -------------- next part -------------- An HTML attachment was scrubbed... URL: From logout at free.fr Tue May 26 08:25:03 2020 From: logout at free.fr (Emmanuel Deloget) Date: Tue, 26 May 2020 10:25:03 +0200 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: <878shgt2j5.wl-levitte@openssl.org> References: <878shgt2j5.wl-levitte@openssl.org> Message-ID: Hello Richard and everybody, First, thanks all for your valuable responses ; be sure that I heard you and I fully understand your remarks (for the record, I do generate a signature on the binary using yet another key pair and I fully get that encrypting the AES key in my case is a bit overkill given the fact that it does not provide any added security). On Mon, May 25, 2020 at 6:14 PM Richard Levitte wrote: > > On Mon, 25 May 2020 13:20:28 +0200, > Emmanuel Deloget wrote: > > In my development I'm using a idiom that's not as widely used as I > > thought (as I get it after multiple days of searching out there). In > > order to securely distribute a binary, I encrypt it using an AES key > > and the AES key itself is encrypted using a /private/ RSA key I own. > > That's a perfectly viable thing to do, and is usually called "signing", > and what you're signing here is the AES key. > > > Only owners of the /public/ key (which, as it is a publilc key, may > > leak) can decrypt the AES key, and therefore the binary. > > Which is usually called "verifying the signature". > > This looks like object signing to me. It definitely looks like this, yes. > > Of course, in order to do this I rely on RSA_private_encrypt() and > > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > > cannot be used(*). > > EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to > use. However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover() > (if I read you correctly, that's the function you need, rather than a > mere EVP_PKEY_verify()). > > > So, after that long introduction, here is my question : is there any > > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > > key and decrypt using a public key? > > Yes, see above. Those functions have been around for a while, I think > you can start playing with them in any current OpenSSL version. The _recover() function was the missing piece in my understanding of the library. I'll check that as soon as possible. Thanks a lot ! BTW, maybe this information should be made more easily available (on the man page for RSA_private_encrypt()/RSA_public_decrypt() maybe ?) > Cheers, > Richard > > -- > Richard Levitte levitte at openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ Best regards, -- Emmanuel Deloget From uri at ll.mit.edu Tue May 26 17:59:02 2020 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Tue, 26 May 2020 17:59:02 +0000 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: References: <878shgt2j5.wl-levitte@openssl.org> Message-ID: Emmanuel, Would you mind explaining why you choose to continue encrypting the AES key, which - admittedly - is an unnecessary overkill? Is it merely to preserve the established process itself? ?On 5/26/20, 04:26, "openssl-users on behalf of Emmanuel Deloget" wrote: Hello Richard and everybody, First, thanks all for your valuable responses ; be sure that I heard you and I fully understand your remarks (for the record, I do generate a signature on the binary using yet another key pair and I fully get that encrypting the AES key in my case is a bit overkill given the fact that it does not provide any added security). On Mon, May 25, 2020 at 6:14 PM Richard Levitte wrote: > > On Mon, 25 May 2020 13:20:28 +0200, > Emmanuel Deloget wrote: > > In my development I'm using a idiom that's not as widely used as I > > thought (as I get it after multiple days of searching out there). In > > order to securely distribute a binary, I encrypt it using an AES key > > and the AES key itself is encrypted using a /private/ RSA key I own. > > That's a perfectly viable thing to do, and is usually called "signing", > and what you're signing here is the AES key. > > > Only owners of the /public/ key (which, as it is a publilc key, may > > leak) can decrypt the AES key, and therefore the binary. > > Which is usually called "verifying the signature". > > This looks like object signing to me. It definitely looks like this, yes. > > Of course, in order to do this I rely on RSA_private_encrypt() and > > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > > cannot be used(*). > > EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to > use. However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover() > (if I read you correctly, that's the function you need, rather than a > mere EVP_PKEY_verify()). > > > So, after that long introduction, here is my question : is there any > > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > > key and decrypt using a public key? > > Yes, see above. Those functions have been around for a while, I think > you can start playing with them in any current OpenSSL version. The _recover() function was the missing piece in my understanding of the library. I'll check that as soon as possible. Thanks a lot ! BTW, maybe this information should be made more easily available (on the man page for RSA_private_encrypt()/RSA_public_decrypt() maybe ?) > Cheers, > Richard > > -- > Richard Levitte levitte at openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ Best regards, -- Emmanuel Deloget -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5249 bytes Desc: not available URL: From logout at free.fr Wed May 27 21:29:35 2020 From: logout at free.fr (Emmanuel Deloget) Date: Wed, 27 May 2020 23:29:35 +0200 Subject: Asymetric crypto and OpenSSL 3.0 deprecated functions In-Reply-To: References: <878shgt2j5.wl-levitte@openssl.org> Message-ID: Hello Uri, On Tue, May 26, 2020 at 7:59 PM Blumenthal, Uri - 0553 - MITLL wrote: > > Emmanuel, > > Would you mind explaining why you choose to continue encrypting the AES key, which - admittedly - is an unnecessary overkill? Is it merely to preserve the established process itself? I'm afraid that's the only reason: this is part of an automatic update process that I'm not willing to break; changing it at version N would means that version N+1 might be incompatible with version N-1 and I cannot make sure that I am able to update every recipient each time (some may skip a few updates for various reasons). Fortunately the process errs on the side of caution and does not reduce it's overall security is not impacted, so let's say that it's a case of "if it's not broken, don't touch it". Of course, there is a small processing penalty but removing the penalty would be quite a headache -- and I already have tons of headaches :) Best regards, -- Emmanuel Deloget > ?On 5/26/20, 04:26, "openssl-users on behalf of Emmanuel Deloget" wrote: > > Hello Richard and everybody, > > First, thanks all for your valuable responses ; be sure that I heard > you and I fully understand your remarks (for the record, I do generate > a signature on the binary using yet another key pair and I fully get > that encrypting the AES key in my case is a bit overkill given the > fact that it does not provide any added security). > > On Mon, May 25, 2020 at 6:14 PM Richard Levitte wrote: > > > > On Mon, 25 May 2020 13:20:28 +0200, > > Emmanuel Deloget wrote: > > > In my development I'm using a idiom that's not as widely used as I > > > thought (as I get it after multiple days of searching out there). In > > > order to securely distribute a binary, I encrypt it using an AES key > > > and the AES key itself is encrypted using a /private/ RSA key I own. > > > > That's a perfectly viable thing to do, and is usually called "signing", > > and what you're signing here is the AES key. > > > > > Only owners of the /public/ key (which, as it is a publilc key, may > > > leak) can decrypt the AES key, and therefore the binary. > > > > Which is usually called "verifying the signature". > > > > This looks like object signing to me. > > It definitely looks like this, yes. > > > > Of course, in order to do this I rely on RSA_private_encrypt() and > > > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > > > cannot be used(*). > > > > EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to > > use. However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover() > > (if I read you correctly, that's the function you need, rather than a > > mere EVP_PKEY_verify()). > > > > > So, after that long introduction, here is my question : is there any > > > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > > > key and decrypt using a public key? > > > > Yes, see above. Those functions have been around for a while, I think > > you can start playing with them in any current OpenSSL version. > > The _recover() function was the missing piece in my understanding of > the library. I'll check that as soon as possible. Thanks a lot ! > > BTW, maybe this information should be made more easily available (on > the man page for RSA_private_encrypt()/RSA_public_decrypt() maybe ?) > > > Cheers, > > Richard > > > > -- > > Richard Levitte levitte at openssl.org > > OpenSSL Project http://www.openssl.org/~levitte/ > > Best regards, > > -- Emmanuel Deloget From prashsh1 at in.ibm.com Thu May 28 06:12:57 2020 From: prashsh1 at in.ibm.com (Prashant Sharma31) Date: Thu, 28 May 2020 06:12:57 +0000 Subject: OpenSSL in FIPS mode, does FIPS mode provide any extra set of ciphersuites? In-Reply-To: References: Message-ID: An HTML attachment was scrubbed... URL: From hotshotta1000 at gmail.com Thu May 28 11:20:02 2020 From: hotshotta1000 at gmail.com (Johnny Black) Date: Thu, 28 May 2020 14:20:02 +0300 Subject: Building OpenSSL Message-ID: Hi, I'm having problems installing openssl. I downloaded 1.1.1 version from the website and I followed all the instructions but when I run the "nmake" command I get an error. It says, I quote: "ias -d debug -o crypto\aes\aes-ia64.obj "crypto\aes\aes-ia64.asm" "NMAKE : fatal error U1077: 'ias' : return code '0x1'" "'ias' is not recognized as an internal or external command" Perhaps you might know why I'm getting this error ? If so, would you be so kind to provide me with the information to solve this ? Thanks in advance. Kind regards, Johnny -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu May 28 12:05:27 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 28 May 2020 14:05:27 +0200 Subject: Building OpenSSL In-Reply-To: References: Message-ID: <87sgfks1rs.wl-levitte@openssl.org> On Thu, 28 May 2020 13:20:02 +0200, Johnny Black wrote: > Hi,? > > I'm having problems installing openssl. > I downloaded 1.1.1 version from the website and > I followed all the instructions but > when I run the "nmake" command I get an error. > It says, I quote: > "ias ? -d debug -o crypto\aes\aes-ia64.obj "crypto\aes\aes-ia64.asm" > "NMAKE : fatal error U1077: 'ias' : return code '0x1'" > "'ias' is not recognized as an internal or external command" > Perhaps you might know why I'm getting this error ? > If so, would you be so kind to?provide me with the information to solve this ? > Thanks in advance. 'ias' is Intel's Itanium assembler, which you must download and install separately. The other option is to configure without assembler code; that's done with the configuration option 'no-asm', so for example: perl Configure VC-WIN64I no-asm Also, just in case you made a mistake and are running on a regular x86_64 CPU (Intel or AMD, doesn't matter), you should use the config target 'VC-WIN64A' instead of 'VC-WIN64I'. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From rsalz at akamai.com Thu May 28 14:46:16 2020 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 28 May 2020 14:46:16 +0000 Subject: OpenSSL in FIPS mode, does FIPS mode provide any extra set of ciphersuites? In-Reply-To: References: Message-ID: <381CA91A-A161-41A4-B501-BDF25B0E41C3@akamai.com> Are you asking about the current (outdated) 2.0 module or the 3.0 module that is still being developed? In 2.0, once you enter FIPS mode you cannot leave it. In 3.0 you can switch among FIPS and non-FIPS as you need to. See https://www.openssl.org/docs/OpenSSL300Design.html for a description of 3.0 FIPS ciphers are a subset of the ciphers that OpenSSL supports. -------------- next part -------------- An HTML attachment was scrubbed... URL: From prashsh1 at in.ibm.com Thu May 28 15:12:12 2020 From: prashsh1 at in.ibm.com (Prashant Sharma31) Date: Thu, 28 May 2020 15:12:12 +0000 Subject: OpenSSL in FIPS mode, does FIPS mode provide any extra set of ciphersuites? In-Reply-To: <381CA91A-A161-41A4-B501-BDF25B0E41C3@akamai.com> References: <381CA91A-A161-41A4-B501-BDF25B0E41C3@akamai.com>, Message-ID: An HTML attachment was scrubbed... URL: From rsalz at akamai.com Thu May 28 15:51:21 2020 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 28 May 2020 15:51:21 +0000 Subject: OpenSSL in FIPS mode, does FIPS mode provide any extra set of ciphersuites? In-Reply-To: References: <381CA91A-A161-41A4-B501-BDF25B0E41C3@akamai.com> Message-ID: <91593009-1B29-4357-A26B-2C6CEA6FACE9@akamai.com> * >FIPS ciphers are a subset of the ciphers that OpenSSL supports. * Is this true of both OpenSSL 2.0 FIPS version and OpenSSL 3.0 FIPS version. (I suppose yes). But still your confirmation will be helpful. Yes it is true for both. * Also, current version is considered outdated, even before new version is ready. This is true. But you got it for free. -------------- next part -------------- An HTML attachment was scrubbed... URL: From phani2004 at gmail.com Fri May 29 07:34:32 2020 From: phani2004 at gmail.com (Phani 2004) Date: Fri, 29 May 2020 13:04:32 +0530 Subject: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA support Message-ID: Hi Team, I am using openssl with dpdk. I try to run s_server and s_client application. When we use dpdk how do we mention dpdk that we need to use tls protocol. Is there any flag which indicates this. Because when we use this cipher suite for tls 1.1 and 1.2 we need to skip the first 16 bytes for generation auth but should encrypt it with other bytes. We are using the Mac-then-encrypt. For example for a typical finish msg will have the following data when feeding for encryption. 13 bytes AAD 16 bytes of data which will be encrypted only but not used while generating hmac 16 bytes fin record 20 byte hmac generated using 13 bytes AAD + 16 bytes Fin record 12 bytes padding. How do we tell dpdk that the protocol used is tls. Regards Phani -------------- next part -------------- An HTML attachment was scrubbed... URL: From doctor at doctor.nl2k.ab.ca Mon May 25 12:12:35 2020 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Mon, 25 May 2020 12:12:35 -0000 Subject: Openssl 3 alpha gone sideways Message-ID: <20200525121218.GA71359@doctor.nl2k.ab.ca> Hopefully this attachment can tell you why. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism The cure for worry is not worry. -unknown -------------- next part -------------- Script started on Sun May 24 05:59:07 2020 You have mail. root at border:/usr/source/openssh-SNAP-20200524 # cp ../openssh-8.1p1/configsshd . 2. cp: ../openssh-8.1p2/configsshd: No such file or directory root at border:/usr/source/openssh-SNAP-20200524 # cp ../openssh-8.1p2/configsshd . 2p1. root at border:/usr/source/openssh-SNAP-20200524 # vi configsshd [?1h=#!/usr/local/bin/bash CC=/usr/local/bin/clang10 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-zlib=/usr --with-ssl-dir=/usr/local/ --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 --with-pid-dir=/var/run --with-mantype=man ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~configsshd: unmodified: line 1CC=/usr/local/bin/clang ./configure --prefix=/usr --sysconfdir=/etc --localst tedir=/var --with-zlib=/usr --with-ssl-dir=/usr/local/[?1l>   [?1l>root at border:/usr/source/openssh-SNAP-20200524 # /usr/local/bin/opevi configsshd [?1h=#!/usr/local/bin/bash CC=/usr/local/bin/clang10 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-zlib=/usr --with-ssl-dir=/usr/local/ --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 --with-pid-dir=/var/run --with-mantype=man ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~configsshd: unmodified: line 1CC=/usr/local/bin/clang ./configure --prefix=/usr --sysconfdir=/etc --localst tedir=/var --with-zlib=/usr --with-ssl-dir=/usr/loca$openss/ --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 --with-pid-dir=/var/run --with-mantype=manl/ --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 --with-pid-dir=/var/run --with-mantype=man3/ --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 --with-pid-dir=/var/run --with-mantype=man Copying file for recovery...  configsshd: 2 lines, 314 characters[?1l>   [?1l>root at border:/usr/source/openssh-SNAP-20200524 # /usr/lopenssl3/bin/openssl versio n -a OpenSSL 3.0.0-alpha3-dev (Library: OpenSSL 3.0.0-alpha2-dev ) built on: Mon Apr 27 06:29:27 2020 UTC platform: BSD-x86_64 options: bn(64,64) compiler: /usr/local/bin/clang10 -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -Wall -O3 -DL_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DZLIB -DZLIB_SHARED -DNDEBUG OPENSSLDIR: "/usr/ssl" ENGINESDIR: "/usr//lib/engines-3" MODULESDIR: "/usr//lib/ossl-modules" Seeding source: os-specific CPUINFO: OPENSSL_ia32cap=0x29ee3ffffebffff:0x0 root at border:/usr/source/openssh-SNAP-20200524 # /bin/sh ./configsshd checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether /usr/local/bin/clang10 accepts -g... yes checking for /usr/local/bin/clang10 option to accept ISO C89... none needed checking build system type... x86_64-unknown-freebsd12.1 checking host system type... x86_64-unknown-freebsd12.1 checking how to run the C preprocessor... /usr/local/bin/clang10 -E checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking whether byte ordering is bigendian... no checking for gawk... no checking for mawk... no checking for nawk... nawk checking how to run the C preprocessor... /usr/local/bin/clang10 -E checking for ranlib... ranlib checking for a BSD-compatible install... /usr/bin/install -c checking for egrep... (cached) /usr/bin/grep -E checking for a thread-safe mkdir -p... ./install-sh -c -d checking for ar... ar checking for cat... /bin/cat checking for kill... /bin/kill checking for sed... /usr/bin/sed checking for ent... no checking for bash... /bin/bash checking for ksh... (cached) /bin/bash checking for sh... (cached) /bin/bash checking for sh... /bin/sh checking for groff... /usr/local/bin/groff checking for nroff... /usr/local/bin/nroff checking for mandoc... /usr/bin/mandoc checking for groupadd... groupadd checking for useradd... useradd checking for pkgmk... no checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking for passwd... /usr/bin/passwd checking for inline... inline checking whether LLONG_MAX is declared... yes checking whether LONG_LONG_MAX is declared... no checking whether SYSTR_POLICY_KILL is declared... no checking whether RLIMIT_NPROC is declared... yes checking whether PR_SET_NO_NEW_PRIVS is declared... no checking whether OpenSSL will be used for cryptography... yes checking if /usr/local/bin/clang10 supports -Werror... yes checking if /usr/local/bin/clang10 supports compile flag -pipe... yes checking if /usr/local/bin/clang10 supports compile flag -Wunknown-warning-option... yes checking if /usr/local/bin/clang10 supports compile flag -Wno-error=format-truncation... no checking if /usr/local/bin/clang10 supports compile flag -Qunused-arguments... yes checking if /usr/local/bin/clang10 supports compile flag -Wall... yes checking if /usr/local/bin/clang10 supports compile flag -Wextra... no checking if /usr/local/bin/clang10 supports compile flag -Wpointer-arith... yes checking if /usr/local/bin/clang10 supports compile flag -Wuninitialized... yes checking if /usr/local/bin/clang10 supports compile flag -Wsign-compare... yes checking if /usr/local/bin/clang10 supports compile flag -Wformat-security... yes checking if /usr/local/bin/clang10 supports compile flag -Wsizeof-pointer-memaccess... yes checking if /usr/local/bin/clang10 supports compile flag -Wpointer-sign... yes checking if /usr/local/bin/clang10 supports compile flag -Wunused-result... yes checking if /usr/local/bin/clang10 supports compile flag -Wimplicit-fallthrough... yes checking if /usr/local/bin/clang10 supports compile flag -fno-strict-aliasing... yes checking if /usr/local/bin/clang10 supports compile flag -mretpoline... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,retpolineplt... yes checking if /usr/local/bin/clang10 supports compile flag -D_FORTIFY_SOURCE=2... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,relro... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,now... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,noexecstack... yes checking if /usr/local/bin/clang10 supports compile flag -ftrapv and linking succeeds... yes checking gcc version... checking if /usr/local/bin/clang10 accepts -fno-builtin-memset... yes checking if /usr/local/bin/clang10 supports -fstack-protector-strong... yes checking if -fstack-protector-strong works... yes checking if compiler allows __attribute__ on return types... yes checking if compiler allows __attribute__ prototype args... yes checking blf.h usability... no checking blf.h presence... no checking for blf.h... no checking bstring.h usability... no checking bstring.h presence... no checking for bstring.h... no checking crypt.h usability... no checking crypt.h presence... no checking for crypt.h... no checking crypto/sha2.h usability... no checking crypto/sha2.h presence... no checking for crypto/sha2.h... no checking dirent.h usability... yes checking dirent.h presence... yes checking for dirent.h... yes checking endian.h usability... no checking endian.h presence... no checking for endian.h... no checking elf.h usability... yes checking elf.h presence... yes checking for elf.h... yes checking err.h usability... yes checking err.h presence... yes checking for err.h... yes checking features.h usability... no checking features.h presence... no checking for features.h... no checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking floatingpoint.h usability... yes checking floatingpoint.h presence... yes checking for floatingpoint.h... yes checking fnmatch.h usability... yes checking fnmatch.h presence... yes checking for fnmatch.h... yes checking getopt.h usability... yes checking getopt.h presence... yes checking for getopt.h... yes checking glob.h usability... yes checking glob.h presence... yes checking for glob.h... yes checking ia.h usability... no checking ia.h presence... no checking for ia.h... no checking iaf.h usability... no checking iaf.h presence... no checking for iaf.h... no checking ifaddrs.h usability... yes checking ifaddrs.h presence... yes checking for ifaddrs.h... yes checking for inttypes.h... (cached) yes checking langinfo.h usability... yes checking langinfo.h presence... yes checking for langinfo.h... yes checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking login.h usability... no checking login.h presence... no checking for login.h... no checking maillock.h usability... no checking maillock.h presence... no checking for maillock.h... no checking ndir.h usability... no checking ndir.h presence... no checking for ndir.h... no checking net/if_tun.h usability... yes checking net/if_tun.h presence... yes checking for net/if_tun.h... yes checking netdb.h usability... yes checking netdb.h presence... yes checking for netdb.h... yes checking netgroup.h usability... no checking netgroup.h presence... no checking for netgroup.h... no checking pam/pam_appl.h usability... no checking pam/pam_appl.h presence... no checking for pam/pam_appl.h... no checking paths.h usability... yes checking paths.h presence... yes checking for paths.h... yes checking poll.h usability... yes checking poll.h presence... yes checking for poll.h... yes checking pty.h usability... no checking pty.h presence... no checking for pty.h... no checking readpassphrase.h usability... yes checking readpassphrase.h presence... yes checking for readpassphrase.h... yes checking rpc/types.h usability... yes checking rpc/types.h presence... yes checking for rpc/types.h... yes checking security/pam_appl.h usability... yes checking security/pam_appl.h presence... yes checking for security/pam_appl.h... yes checking sha2.h usability... no checking sha2.h presence... no checking for sha2.h... no checking shadow.h usability... no checking shadow.h presence... no checking for shadow.h... no checking stddef.h usability... yes checking stddef.h presence... yes checking for stddef.h... yes checking for stdint.h... (cached) yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sys/bitypes.h usability... no checking sys/bitypes.h presence... no checking for sys/bitypes.h... no checking sys/byteorder.h usability... no checking sys/byteorder.h presence... no checking for sys/byteorder.h... no checking sys/bsdtty.h usability... no checking sys/bsdtty.h presence... no checking for sys/bsdtty.h... no checking sys/cdefs.h usability... yes checking sys/cdefs.h presence... yes checking for sys/cdefs.h... yes checking sys/dir.h usability... yes checking sys/dir.h presence... yes checking for sys/dir.h... yes checking sys/file.h usability... yes checking sys/file.h presence... yes checking for sys/file.h... yes checking sys/mman.h usability... yes checking sys/mman.h presence... yes checking for sys/mman.h... yes checking sys/label.h usability... no checking sys/label.h presence... no checking for sys/label.h... no checking sys/ndir.h usability... no checking sys/ndir.h presence... no checking for sys/ndir.h... no checking sys/poll.h usability... yes checking sys/poll.h presence... yes checking for sys/poll.h... yes checking sys/prctl.h usability... no checking sys/prctl.h presence... no checking for sys/prctl.h... no checking sys/pstat.h usability... no checking sys/pstat.h presence... no checking for sys/pstat.h... no checking sys/ptrace.h usability... yes checking sys/ptrace.h presence... yes checking for sys/ptrace.h... yes checking sys/random.h usability... yes checking sys/random.h presence... yes checking for sys/random.h... yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking for sys/stat.h... (cached) yes checking sys/stream.h usability... no checking sys/stream.h presence... no checking for sys/stream.h... no checking sys/stropts.h usability... no checking sys/stropts.h presence... no checking for sys/stropts.h... no checking sys/strtio.h usability... no checking sys/strtio.h presence... no checking for sys/strtio.h... no checking sys/statvfs.h usability... yes checking sys/statvfs.h presence... yes checking for sys/statvfs.h... yes checking sys/sysmacros.h usability... no checking sys/sysmacros.h presence... no checking for sys/sysmacros.h... no checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking sys/timers.h usability... yes checking sys/timers.h presence... yes checking for sys/timers.h... yes checking sys/vfs.h usability... no checking sys/vfs.h presence... no checking for sys/vfs.h... no checking time.h usability... yes checking time.h presence... yes checking for time.h... yes checking tmpdir.h usability... no checking tmpdir.h presence... no checking for tmpdir.h... no checking ttyent.h usability... yes checking ttyent.h presence... yes checking for ttyent.h... yes checking ucred.h usability... no checking ucred.h presence... no checking for ucred.h... no checking for unistd.h... (cached) yes checking usersec.h usability... no checking usersec.h presence... no checking for usersec.h... no checking util.h usability... no checking util.h presence... no checking for util.h... no checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking utmp.h usability... no checking utmp.h presence... no checking for utmp.h... no checking utmpx.h usability... yes checking utmpx.h presence... yes checking for utmpx.h... yes checking vis.h usability... yes checking vis.h presence... yes checking for vis.h... yes checking wchar.h usability... yes checking wchar.h presence... yes checking for wchar.h... yes checking for sys/audit.h... no checking for sys/capsicum.h... yes checking for net/route.h... yes checking for sys/sysctl.h... yes checking for lastlog.h... no checking for sys/ptms.h... no checking for login_cap.h... yes checking for sys/mount.h... yes checking for sys/un.h... yes checking net/if_tap.h usability... yes checking net/if_tap.h presence... yes checking for net/if_tap.h... yes checking compiler and flags for sanity... yes checking for setsockopt... yes checking for dirname... yes checking libgen.h usability... yes checking libgen.h presence... yes checking for libgen.h... yes checking for getspnam... no checking for getspnam in -lgen... no checking for library containing basename... none required checking for zlib... yes checking zlib.h usability... yes checking zlib.h presence... yes checking for zlib.h... yes checking for deflate in -lz... yes checking for possibly buggy zlib... no checking for strcasecmp... yes checking for utimes... yes checking bsd/libutil.h usability... no checking bsd/libutil.h presence... no checking for bsd/libutil.h... no checking libutil.h usability... yes checking libutil.h presence... yes checking for libutil.h... yes checking for library containing fmt_scaled... no checking for library containing scan_scaled... no checking for library containing login... no checking for library containing logout... no checking for library containing logwtmp... no checking for library containing openpty... -lutil checking for library containing updwtmp... no checking for fmt_scaled... no checking for scan_scaled... no checking for login... no checking for logout... no checking for openpty... yes checking for updwtmp... no checking for logwtmp... no checking for library containing inet_ntop... none required checking for library containing gethostbyname... none required checking for strftime... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible malloc... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible realloc... yes checking if calloc(0, N) returns non-null... yes checking for GLOB_ALTDIRFUNC support... yes checking for gl_matchc field in glob_t... yes checking for gl_statv and GLOB_KEEPSTAT extensions for glob... no checking whether GLOB_NOMATCH is declared... yes checking whether VIS_ALL is declared... no checking whether struct dirent allocates space for d_name... yes checking for /proc/pid/fd directory... no checking if /usr/local/bin/clang10 supports compile flag -fPIE... yes checking if /usr/local/bin/clang10 supports link flag -pie... yes checking whether both -fPIE and -pie are supported... yes checking whether -fPIC is accepted... yes checking for Blowfish_initstate... no checking for Blowfish_expandstate... no checking for Blowfish_expand0state... no checking for Blowfish_stream2word... no checking for SHA256Update... no checking for SHA384Update... no checking for SHA512Update... no checking for asprintf... yes checking for b64_ntop... no checking for __b64_ntop... yes checking for b64_pton... no checking for __b64_pton... yes checking for bcopy... yes checking for bcrypt_pbkdf... no checking for bindresvport_sa... yes checking for blf_enc... no checking for bzero... yes checking for cap_rights_limit... yes checking for clock... yes checking for closefrom... yes checking for dirfd... yes checking for endgrent... yes checking for err... yes checking for errx... yes checking for explicit_bzero... yes checking for fchmod... yes checking for fchmodat... yes checking for fchown... yes checking for fchownat... yes checking for flock... yes checking for fnmatch... yes checking for freeaddrinfo... yes checking for freezero... no checking for fstatfs... yes checking for fstatvfs... yes checking for futimes... yes checking for getaddrinfo... yes checking for getcwd... yes checking for getgrouplist... yes checking for getline... yes checking for getnameinfo... yes checking for getopt... yes checking for getpagesize... yes checking for getpeereid... yes checking for getpeerucred... no checking for getpgid... yes checking for _getpty... no checking for getrlimit... yes checking for getrandom... yes checking for getsid... yes checking for getttyent... yes checking for glob... yes checking for group_from_gid... yes checking for inet_aton... yes checking for inet_ntoa... yes checking for inet_ntop... yes checking for innetgr... yes checking for llabs... yes checking for localtime_r... yes checking for login_getcapbool... yes checking for md5_crypt... no checking for memmem... yes checking for memmove... yes checking for memset_s... yes checking for mkdtemp... yes checking for ngetaddrinfo... no checking for nsleep... no checking for ogetaddrinfo... no checking for openlog_r... no checking for pledge... no checking for poll... yes checking for prctl... no checking for pstat... no checking for raise... yes checking for readpassphrase... yes checking for reallocarray... yes checking for realpath... yes checking for recvmsg... yes checking for recallocarray... no checking for rresvport_af... yes checking for sendmsg... yes checking for setdtablesize... no checking for setegid... yes checking for setenv... yes checking for seteuid... yes checking for setgroupent... yes checking for setgroups... yes checking for setlinebuf... yes checking for setlogin... yes checking for setpassent... yes checking for setpcred... no checking for setproctitle... yes checking for setregid... yes checking for setreuid... yes checking for setrlimit... yes checking for setsid... yes checking for setvbuf... yes checking for sigaction... yes checking for sigvec... yes checking for snprintf... yes checking for socketpair... yes checking for statfs... yes checking for statvfs... yes checking for strcasestr... yes checking for strdup... yes checking for strerror... yes checking for strlcat... yes checking for strlcpy... yes checking for strmode... yes checking for strndup... yes checking for strnlen... yes checking for strnvis... yes checking for strptime... yes checking for strsignal... yes checking for strtonum... yes checking for strtoll... yes checking for strtoul... yes checking for strtoull... yes checking for swap32... no checking for sysconf... yes checking for tcgetpgrp... yes checking for timingsafe_bcmp... yes checking for truncate... yes checking for unsetenv... yes checking for updwtmpx... no checking for utimensat... yes checking for user_from_uid... yes checking for usleep... yes checking for vasprintf... yes checking for vsnprintf... yes checking for waitpid... yes checking for warn... yes checking whether bzero is declared... yes checking whether memmem is declared... yes checking for mblen... yes checking for mbtowc... yes checking for nl_langinfo... yes checking for wcwidth... yes checking for utf8 locale support... yes checking for library containing dlopen... none required checking for dlopen... yes checking whether RTLD_NOW is declared... yes checking for gai_strerror... yes checking for library containing nanosleep... none required checking for library containing clock_gettime... none required checking whether localtime_r is declared... yes checking whether strsep is declared... yes checking for strsep... yes checking whether tcsendbreak is declared... yes checking whether h_errno is declared... yes checking whether SHUT_RD is declared... yes checking whether getpeereid is declared... yes checking whether O_NONBLOCK is declared... yes checking whether readv is declared... yes checking whether writev is declared... yes checking whether MAXSYMLINKS is declared... yes checking whether offsetof is declared... yes checking whether howmany is declared... yes checking whether NFDBITS is declared... yes checking for fd_mask... yes checking for setresuid... yes checking if setresuid seems to work... yes checking for setresgid... yes checking if setresgid seems to work... yes checking for working fflush(NULL)... yes checking for gettimeofday... yes checking for time... yes checking for endutent... no checking for getutent... no checking for getutid... no checking for getutline... no checking for pututline... no checking for setutent... no checking for utmpname... no checking for endutxent... yes checking for getutxent... yes checking for getutxid... yes checking for getutxline... yes checking for getutxuser... yes checking for pututxline... yes checking for setutxdb... yes checking for setutxent... yes checking for utmpxname... no checking for getlastlogxbyname... no checking for daemon... yes checking for getpagesize... (cached) yes checking whether snprintf correctly terminates long strings... yes checking whether snprintf understands %zu... yes checking whether vsnprintf returns correct values on overflow... yes checking whether snprintf can declare const char *fmt... yes checking for (overly) strict mkstemp... no checking whether AI_NUMERICSERV is declared... yes checking for working strnvis... no checking if SA_RESTARTed signals interrupt select()... yes checking for getpgrp... yes checking if getpgrp accepts zero args... yes checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking OpenSSL header version... 30000000 (OpenSSL 3.0.0-alpha3-dev ) checking for OpenSSL_version... yes checking for OpenSSL_version_num... yes checking OpenSSL library version... 30000000 (OpenSSL 3.0.0-alpha2-dev ) checking whether OpenSSL's headers match the library... yes checking if programs using OpenSSL functions will link... yes checking for BN_is_prime_ex... yes checking for DSA_generate_parameters_ex... yes checking for EVP_CIPHER_CTX_ctrl... yes checking for EVP_DigestFinal_ex... yes checking for EVP_DigestInit_ex... yes checking for EVP_MD_CTX_cleanup... no checking for EVP_MD_CTX_copy_ex... yes checking for EVP_MD_CTX_init... no checking for HMAC_CTX_init... no checking for RSA_generate_key_ex... yes checking for RSA_get_default_method... yes checking for OpenSSL_add_all_algorithms... no checking whether OpenSSL_add_all_algorithms is declared... yes checking for OPENSSL_init_crypto... yes checking for DH_get0_key... yes checking for DH_get0_pqg... yes checking for DH_set0_key... yes checking for DH_set_length... yes checking for DH_set0_pqg... yes checking for DSA_get0_key... yes checking for DSA_get0_pqg... yes checking for DSA_set0_key... yes checking for DSA_set0_pqg... yes checking for DSA_SIG_get0... yes checking for DSA_SIG_set0... yes checking for ECDSA_SIG_get0... yes checking for ECDSA_SIG_set0... yes checking for EVP_CIPHER_CTX_iv... yes checking for EVP_CIPHER_CTX_iv_noconst... yes checking for EVP_CIPHER_CTX_get_iv... no checking for EVP_CIPHER_CTX_set_iv... no checking for RSA_get0_crt_params... yes checking for RSA_get0_factors... yes checking for RSA_get0_key... yes checking for RSA_set0_crt_params... yes checking for RSA_set0_factors... yes checking for RSA_set0_key... yes checking for RSA_meth_free... yes checking for RSA_meth_dup... yes checking for RSA_meth_set1_name... yes checking for RSA_meth_get_finish... yes checking for RSA_meth_set_priv_enc... yes checking for RSA_meth_set_priv_dec... yes checking for RSA_meth_set_finish... yes checking for EVP_PKEY_get0_RSA... yes checking for EVP_MD_CTX_new... yes checking for EVP_MD_CTX_free... yes checking for EVP_chacha20... yes checking for OpenSSL ENGINE support... yes checking whether OpenSSL has crippled AES support... no checking whether OpenSSL has AES CTR via EVP... yes checking whether OpenSSL has AES GCM via EVP... yes checking if EVP_DigestUpdate returns an int... yes checking for crypt in -lcrypt... yes checking for crypt... yes checking for DES_crypt... yes checking for EVP_sha256... yes checking for EVP_sha384... yes checking for EVP_sha512... yes checking whether OpenSSL has NID_X9_62_prime256v1... yes checking whether OpenSSL has NID_secp384r1... yes checking whether OpenSSL has NID_secp521r1... yes checking if OpenSSL's NID_secp521r1 is functional... yes checking for EC_KEY_METHOD_new... yes checking whether to enable PKCS11... yes checking whether to enable U2F... yes checking for arc4random... yes checking for arc4random_buf... yes checking for arc4random_stir... no checking for arc4random_uniform... yes checking for ia_openinfo in -liaf... no checking whether OpenSSL's PRNG is internally seeded... yes checking for dlopen in -ldl... yes checking for pam_set_item in -lpam... yes checking for pam_getenvlist... yes checking for pam_putenv... yes checking whether pam_strerror takes only one argument... no checking if select works with descriptor rlimit... yes checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... yes checking if setrlimit RLIMIT_FSIZE works... yes checking for long long... yes checking for unsigned long long... yes checking for long double... yes checking size of short int... 2 checking size of int... 4 checking size of long int... 8 checking size of long long int... 8 checking whether UINT32_MAX is declared... yes checking for u_int type... yes checking for intXX_t types... yes checking for int64_t type... yes checking for u_intXX_t types... yes checking for u_int64_t types... yes checking for uintXX_t types in stdint.h... yes checking for uintXX_t types in inttypes.h... yes checking for u_char... yes checking for intmax_t... yes checking for uintmax_t... yes checking for socklen_t... yes checking for sig_atomic_t... yes checking for fsblkcnt_t... yes checking for fsfilcnt_t... yes checking for struct statfs.f_files... yes checking for struct statfs.f_flags... yes checking for in_addr_t... yes checking for in_port_t... yes checking for size_t... yes checking for ssize_t... yes checking for clock_t... yes checking for sa_family_t... yes checking for pid_t... yes checking for mode_t... yes checking for struct sockaddr_storage... yes checking for struct sockaddr_in6... yes checking for struct in6_addr... yes checking for struct sockaddr_in6.sin6_scope_id... yes checking for struct addrinfo... yes checking whether time.h and sys/time.h may both be included... yes checking for struct timeval... yes checking for struct timespec... yes checking for ut_host field in utmp.h... no checking for ut_host field in utmpx.h... yes checking for syslen field in utmpx.h... no checking for ut_pid field in utmp.h... no checking for ut_type field in utmp.h... no checking for ut_type field in utmpx.h... yes checking for ut_tv field in utmp.h... no checking for ut_id field in utmp.h... no checking for ut_id field in utmpx.h... yes checking for ut_addr field in utmp.h... no checking for ut_addr field in utmpx.h... no checking for ut_addr_v6 field in utmp.h... no checking for ut_addr_v6 field in utmpx.h... no checking for ut_exit field in utmp.h... no checking for ut_time field in utmp.h... no checking for ut_time field in utmpx.h... no checking for ut_tv field in utmpx.h... yes checking for struct stat.st_blksize... yes checking for struct stat.st_mtim... yes checking for struct stat.st_mtime... yes checking for struct passwd.pw_gecos... yes checking for struct passwd.pw_class... yes checking for struct passwd.pw_change... yes checking for struct passwd.pw_expire... yes checking for struct __res_state.retrans... yes checking for ss_family field in struct sockaddr_storage... yes checking for __ss_family field in struct sockaddr_storage... no checking for msg_accrights field in struct msghdr... no checking if struct statvfs.f_fsid is integral type... yes checking for msg_control field in struct msghdr... yes checking if libc defines __progname... yes checking whether /usr/local/bin/clang10 implements __FUNCTION__... yes checking whether /usr/local/bin/clang10 implements __func__... yes checking whether va_copy exists... yes checking whether __va_copy exists... yes checking whether getopt has optreset support... yes checking if libc defines sys_errlist... yes checking if libc defines sys_nerr... yes checking for library containing getrrsetbyname... no checking for library containing res_query... none required checking for library containing dn_expand... none required checking if res_query will link... yes checking for _getshort... yes checking for _getlong... yes checking whether _getshort is declared... no checking whether _getlong is declared... no checking for HEADER.ad... yes checking if struct __res_state _res is an extern... yes checking for "/dev/ptmx"... no checking for "/dev/ptc"... no checking if the systems has expire shadow information... no checking for "/etc/default/login"... no configure: WARNING: Make sure the path to scp is in /etc/login.conf checking if we need to convert IPv4 in IPv6-mapped addresses... yes checking if your system defines LASTLOG_FILE... no checking if your system defines _PATH_LASTLOG... no configure: WARNING: ** Cannot find lastlog ** checking if your system defines UTMP_FILE... no checking if your system defines WTMP_FILE... no checking if your system defines WTMPX_FILE... no checking for struct lastlog.ll_line... no checking for struct utmp.ut_line... no checking whether BROKEN_GETADDRINFO is declared... no configure: creating ./config.status config.status: creating Makefile config.status: creating buildpkg.sh config.status: creating opensshd.init config.status: creating openssh.xml config.status: creating openbsd-compat/Makefile config.status: creating openbsd-compat/regress/Makefile config.status: creating survey.sh config.status: creating config.h OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc Askpass program: /usr/libexec/ssh-askpass Manual pages: /usr/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty At runtime, sshd will use the path defined in /etc/login.conf Make sure the path to scp is present, otherwise scp will not work Manpage format: man PAM support: yes OSF SIA support: no KerberosV support: no SELinux support: no MD5 password support: no libedit support: no libldns support: no Solaris process contract support: no Solaris project support: no Solaris privilege support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Privsep sandbox style: capsicum PKCS#11 support: yes U2F/FIDO support: yes Host: x86_64-unknown-freebsd12.1 Compiler: /usr/local/bin/clang10 Compiler flags: -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE Preprocessor flags: -I/usr/openssl3//include -I/usr/include Linker flags: -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie Libraries: -lcrypto -lutil -lz -lcrypt +for sshd: -lpam -ldl PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory root at border:/usr/source/openssh-SNAP-20200524 # make test make: don't know how to make test. Stop make: stopped in /usr/source/openssh-SNAP-20200524 root at border:/usr/source/openssh-SNAP-20200524 # make tests ./install-sh -c -d `pwd`/regress/unittests/test_helper ./install-sh -c -d `pwd`/regress/unittests/sshbuf ./install-sh -c -d `pwd`/regress/unittests/sshkey ./install-sh -c -d `pwd`/regress/unittests/bitmap ./install-sh -c -d `pwd`/regress/unittests/conversion ./install-sh -c -d `pwd`/regress/unittests/hostkeys ./install-sh -c -d `pwd`/regress/unittests/kex ./install-sh -c -d `pwd`/regress/unittests/match ./install-sh -c -d `pwd`/regress/unittests/utf8 ./install-sh -c -d `pwd`/regress/misc/kexfuzz ./install-sh -c -d `pwd`/regress/misc/sk-dummy [ -f `pwd`/regress/Makefile ] || ln -s `cd . && pwd`/regress/Makefile `pwd`/regress/Makefile (cd openbsd-compat && make) /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c arc4random.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-asprintf.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-closefrom.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-cygwin_util.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-err.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-flock.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-getline.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-getpagesize.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-getpeereid.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-malloc.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-misc.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-nextstep.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-openpty.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-poll.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-setres_id.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-signal.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-snprintf.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-statvfs.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bsd-waitpid.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c fake-rfc2553.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c getrrsetbyname-ldns.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c kludge-fd_set.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c openssl-compat.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c libressl-api-compat.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c xcrypt.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c base64.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c basename.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bcrypt_pbkdf.c bcrypt_pbkdf.c:94:40: warning: expression does not compute the number of elements in this array; element type is 'uint32_t' (aka 'unsigned int'), not 'uint64_t' (aka 'unsigned long') [-Wsizeof-array-div] blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));  ~~~~~ ^ bcrypt_pbkdf.c:75:11: note: array 'cdata' declared here uint32_t cdata[BCRYPT_WORDS];  ^ bcrypt_pbkdf.c:94:40: note: place parentheses around the 'sizeof(uint64_t)' expression to silence this warning blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));  ^ 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c bindresvport.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c blowfish.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c daemon.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c dirname.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c explicit_bzero.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c fmt_scaled.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c freezero.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c fnmatch.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c getcwd.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c getgrouplist.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c getopt_long.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c getrrsetbyname.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c glob.c glob.c:325:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case COMMA:  ^ glob.c:325:3: note: insert '__attribute__((fallthrough));' to silence this warning case COMMA:  ^  __attribute__((fallthrough)); glob.c:325:3: note: insert 'break;' to avoid fall-through case COMMA:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c inet_aton.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c inet_ntoa.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c inet_ntop.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c md5.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c memmem.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c mktemp.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c pwcache.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c readpassphrase.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c reallocarray.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c recallocarray.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c rresvport.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c setenv.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c setproctitle.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c sha1.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c sha2.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c sigact.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strcasestr.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strlcat.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strlcpy.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strmode.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strndup.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strnlen.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strptime.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strsep.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strtoll.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strtonum.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strtoull.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c strtoul.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c timingsafe_bcmp.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c vis.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c port-aix.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c port-irix.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c port-linux.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c port-solaris.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c port-net.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr/openssl3//include -I/usr/include -DHAVE_CONFIG_H -c port-uw.c ar rv libopenbsd-compat.a arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-err.o bsd-flock.o bsd-getline.o bsd-getpagesize.o bsd-getpeereid.o bsd-malloc.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o getrrsetbyname-ldns.o kludge-fd_set.o openssl-compat.o libressl-api-compat.o xcrypt.o base64.o basename.o bcrypt_pbkdf.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o explicit_bzero.o fmt_scaled.o freezero.o fnmatch.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o md5.o memmem.o mktemp.o pwcache.o readpassphrase.o reallocarray.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strndup.o strnlen.o strptime.o strsep.o strtoll.o strtonum.o strtoull.o strtoul.o timingsafe_bcmp.o vis.o port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o ar: warning: creating libopenbsd-compat.a a - arc4random.o a - bsd-asprintf.o a - bsd-closefrom.o a - bsd-cygwin_util.o a - bsd-err.o a - bsd-flock.o a - bsd-getline.o a - bsd-getpagesize.o a - bsd-getpeereid.o a - bsd-malloc.o a - bsd-misc.o a - bsd-nextstep.o a - bsd-openpty.o a - bsd-poll.o a - bsd-setres_id.o a - bsd-signal.o a - bsd-snprintf.o a - bsd-statvfs.o a - bsd-waitpid.o a - fake-rfc2553.o a - getrrsetbyname-ldns.o a - kludge-fd_set.o a - openssl-compat.o a - libressl-api-compat.o a - xcrypt.o a - base64.o a - basename.o a - bcrypt_pbkdf.o a - bcrypt_pbkdf.o a - bindresvport.o a - blowfish.o a - daemon.o a - dirname.o a - explicit_bzero.o a - fmt_scaled.o a - freezero.o a - fnmatch.o a - getcwd.o a - getgrouplist.o a - getopt_long.o a - getrrsetbyname.o a - glob.o a - inet_aton.o a - inet_ntoa.o a - inet_ntop.o a - md5.o a - memmem.o a - mktemp.o a - pwcache.o a - readpassphrase.o a - reallocarray.o a - recallocarray.o a - rresvport.o a - setenv.o a - setproctitle.o a - sha1.o a - sha2.o a - sigact.o a - strcasestr.o a - strlcat.o a - strlcpy.o a - strmode.o a - strndup.o a - strnlen.o a - strptime.o a - strsep.o a - strtoll.o a - strtonum.o a - strtoull.o a - strtoul.o a - timingsafe_bcmp.o a - vis.o a - port-aix.o a - port-irix.o a - port-linux.o a - port-solaris.o a - port-net.o a - port-uw.o ranlib libopenbsd-compat.a /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh_api.c -o ssh_api.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssherr.c -o ssherr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf.c -o sshbuf.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c -o sshkey.o sshkey.c:636:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA:  ^ sshkey.c:636:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA:  ^  __attribute__((fallthrough)); sshkey.c:636:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA:  ^  break; sshkey.c:649:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ED25519:  ^ sshkey.c:649:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ED25519:  ^  __attribute__((fallthrough)); sshkey.c:649:2: note: insert 'break;' to avoid fall-through case KEY_ED25519:  ^  break; sshkey.c:745:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA_CERT:  ^ sshkey.c:745:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:745:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA_CERT:  ^  break; sshkey.c:767:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ED25519:  ^ sshkey.c:767:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ED25519:  ^  __attribute__((fallthrough)); sshkey.c:767:2: note: insert 'break;' to avoid fall-through case KEY_ED25519:  ^  break; sshkey.c:1595:7: warning: 'RSA_generate_key_ex' is deprecated [-Wdeprecated-declarations] !RSA_generate_key_ex(private, bits, f4, NULL)) {  ^ /usr/openssl3//include/openssl/rsa.h:249:1: note: 'RSA_generate_key_ex' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ sshkey.c:1623:7: warning: 'DSA_generate_parameters_ex' is deprecated [-Wdeprecated-declarations] if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,  ^ /usr/openssl3//include/openssl/dsa.h:150:1: note: 'DSA_generate_parameters_ex' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int DSA_generate_parameters_ex(DSA *dsa, int bits, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ sshkey.c:1624:22: warning: 'DSA_generate_key' is deprecated [-Wdeprecated-declarations] NULL, NULL) || !DSA_generate_key(private)) {  ^ /usr/openssl3//include/openssl/dsa.h:156:1: note: 'DSA_generate_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int DSA_generate_key(DSA *a)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ sshkey.c:2379:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_RSA:  ^ sshkey.c:2379:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_RSA:  ^  __attribute__((fallthrough)); sshkey.c:2379:2: note: insert 'break;' to avoid fall-through case KEY_RSA:  ^  break; sshkey.c:2407:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA:  ^ sshkey.c:2407:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA:  ^  __attribute__((fallthrough)); sshkey.c:2407:2: note: insert 'break;' to avoid fall-through case KEY_DSA:  ^  break; sshkey.c:2442:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA:  ^ sshkey.c:2442:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA:  ^  __attribute__((fallthrough)); sshkey.c:2442:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA:  ^  break; sshkey.c:2506:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ED25519:  ^ sshkey.c:2506:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ED25519:  ^  __attribute__((fallthrough)); sshkey.c:2506:2: note: insert 'break;' to avoid fall-through case KEY_ED25519:  ^  break; sshkey.c:3440:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA_CERT:  ^ sshkey.c:3440:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:3440:2: note: insert 'break;' to avoid fall-through case KEY_DSA_CERT:  ^  break; sshkey.c:3469:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA_CERT:  ^ sshkey.c:3469:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:3469:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA_CERT:  ^  break; sshkey.c:3540:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_RSA_CERT:  ^ sshkey.c:3540:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_RSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:3540:2: note: insert 'break;' to avoid fall-through case KEY_RSA_CERT:  ^  break; sshkey.c:3704:6: warning: 'EC_POINT_get_affine_coordinates_GFp' is deprecated [-Wdeprecated-declarations] EC_POINT_get_affine_coordinates_GFp(group, public,  ^ /usr/openssl3//include/openssl/ec.h:580:1: note:  'EC_POINT_get_affine_coordinates_GFp' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ sshkey.c:3794:6: warning: 'EC_POINT_get_affine_coordinates_GFp' is deprecated [-Wdeprecated-declarations] if (EC_POINT_get_affine_coordinates_GFp(group, point,  ^ /usr/openssl3//include/openssl/ec.h:580:1: note:  'EC_POINT_get_affine_coordinates_GFp' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 16 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-getput-basic.c -o sshbuf-getput-basic.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-misc.c -o sshbuf-misc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-getput-crypto.c -o sshbuf-getput-crypto.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c krl.c -o krl.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c bitmap.c -o bitmap.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-xmss.c -o ssh-xmss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey-xmss.c -o sshkey-xmss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_commons.c -o xmss_commons.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_fast.c -o xmss_fast.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_hash.c -o xmss_hash.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_hash_address.c -o xmss_hash_address.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_wots.c -o xmss_wots.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c authfd.c -o authfd.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c authfile.c -o authfile.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c canohost.c -o canohost.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c channels.c -o channels.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher.c -o cipher.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aesctr.c -o cipher-aesctr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-ctr.c -o cipher-ctr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cleanup.c -o cleanup.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c compat.c -o compat.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c fatal.c -o fatal.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hostfile.c -o hostfile.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c log.c -o log.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c match.c -o match.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c moduli.c -o moduli.o moduli.c:753:14: warning: 'BN_is_prime_ex' is deprecated [-Wdeprecated-declarations] is_prime = BN_is_prime_ex(q, 1, NULL, NULL);  ^ /usr/openssl3//include/openssl/bn.h:358:1: note: 'BN_is_prime_ex' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CT... ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ moduli.c:769:14: warning: 'BN_is_prime_ex' is deprecated [-Wdeprecated-declarations] is_prime = BN_is_prime_ex(p, trials, NULL, NULL);  ^ /usr/openssl3//include/openssl/bn.h:358:1: note: 'BN_is_prime_ex' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CT... ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ moduli.c:779:14: warning: 'BN_is_prime_ex' is deprecated [-Wdeprecated-declarations] is_prime = BN_is_prime_ex(q, trials - 1, NULL, NULL);  ^ /usr/openssl3//include/openssl/bn.h:358:1: note: 'BN_is_prime_ex' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CT... ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c nchan.c -o nchan.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c packet.c -o packet.o packet.c:1874:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case SSH_ERR_NO_CIPHER_ALG_MATCH:  ^ packet.c:1874:2: note: insert '__attribute__((fallthrough));' to silence this warning case SSH_ERR_NO_CIPHER_ALG_MATCH:  ^  __attribute__((fallthrough)); packet.c:1874:2: note: insert 'break;' to avoid fall-through case SSH_ERR_NO_CIPHER_ALG_MATCH:  ^  break; packet.c:1887:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ packet.c:1887:2: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); packet.c:1887:2: note: insert 'break;' to avoid fall-through default:  ^  break; 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c readpass.c -o readpass.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ttymodes.c -o ttymodes.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmalloc.c -o xmalloc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c addrmatch.c -o addrmatch.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c atomicio.c -o atomicio.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c dispatch.c -o dispatch.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c mac.c -o mac.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c misc.c -o misc.o misc.c:1832:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ misc.c:1832:4: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); misc.c:1832:4: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c utf8.c -o utf8.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c monitor_fdpass.c -o monitor_fdpass.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c rijndael.c -o rijndael.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-dss.c -o ssh-dss.o ssh-dss.c:77:13: warning: 'DSA_do_sign' is deprecated [-Wdeprecated-declarations] if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {  ^ /usr/openssl3//include/openssl/dsa.h:99:1: note: 'DSA_do_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-dss.c:184:10: warning: 'DSA_do_verify' is deprecated [-Wdeprecated-declarations] switch (DSA_do_verify(digest, dlen, sig, key->dsa)) {  ^ /usr/openssl3//include/openssl/dsa.h:101:1: note: 'DSA_do_verify' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int DSA_do_verify(const unsigned char *dgst, int dgst_len, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ecdsa.c -o ssh-ecdsa.o ssh-ecdsa.c:77:13: warning: 'ECDSA_do_sign' is deprecated [-Wdeprecated-declarations] if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) {  ^ /usr/openssl3//include/openssl/ec.h:1251:1: note: 'ECDSA_do_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-ecdsa.c:177:10: warning: 'ECDSA_do_verify' is deprecated [-Wdeprecated-declarations] switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) {  ^ /usr/openssl3//include/openssl/ec.h:1277:1: note: 'ECDSA_do_verify' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ecdsa-sk.c -o ssh-ecdsa-sk.o ssh-ecdsa-sk.c:175:10: warning: 'ECDSA_do_verify' is deprecated [-Wdeprecated-declarations] switch (ECDSA_do_verify(sighash, sizeof(sighash), sig, key->ecdsa)) {  ^ /usr/openssl3//include/openssl/ec.h:1277:1: note: 'ECDSA_do_verify' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ed25519-sk.c -o ssh-ed25519-sk.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-rsa.c -o ssh-rsa.o ssh-rsa.c:189:9: warning: 'RSA_size' is deprecated [-Wdeprecated-declarations] slen = RSA_size(key->rsa);  ^ /usr/openssl3//include/openssl/rsa.h:210:1: note: 'RSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-rsa.c:206:6: warning: 'RSA_sign' is deprecated [-Wdeprecated-declarations] if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) {  ^ /usr/openssl3//include/openssl/rsa.h:332:1: note: 'RSA_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-rsa.c:297:11: warning: 'RSA_size' is deprecated [-Wdeprecated-declarations] modlen = RSA_size(key->rsa);  ^ /usr/openssl3//include/openssl/rsa.h:210:1: note: 'RSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-rsa.c:419:12: warning: 'RSA_size' is deprecated [-Wdeprecated-declarations] rsasize = RSA_size(rsa);  ^ /usr/openssl3//include/openssl/rsa.h:210:1: note: 'RSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-rsa.c:429:13: warning: 'RSA_public_decrypt' is deprecated [-Wdeprecated-declarations] if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,  ^ /usr/openssl3//include/openssl/rsa.h:274:1: note: 'RSA_public_decrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 5 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c dh.c -o dh.o dh.c:291:6: warning: 'DH_generate_key' is deprecated [-Wdeprecated-declarations] if (DH_generate_key(dh) == 0)  ^ /usr/openssl3//include/openssl/dh.h:179:1: note: 'DH_generate_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int DH_generate_key(DH *dh)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c msg.c -o msg.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c progressmeter.c -o progressmeter.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c dns.c -o dns.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c entropy.c -o entropy.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c gss-genr.c -o gss-genr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c umac.c -o umac.o umac.c:197:9: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(in_buf, out_buf, key);  ^ umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ umac.c:204:9: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(in_buf, out_buf, key);  ^ umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ umac.c:228:5: warning: 'AES_set_encrypt_key' is deprecated [-Wdeprecated-declarations] aes_key_setup(buf, pc->prf_key);  ^ umac.c:167:3: note: expanded from macro 'aes_key_setup' AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)  ^ /usr/openssl3//include/openssl/aes.h:51:1: note: 'AES_set_encrypt_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ umac.c:232:5: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(pc->nonce, pc->cache, pc->prf_key);  ^ umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ umac.c:265:9: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(pc->nonce, pc->cache, pc->prf_key);  ^ umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ umac.c:1232:9: warning: 'AES_set_encrypt_key' is deprecated [-Wdeprecated-declarations] aes_key_setup(key, prf_key);  ^ umac.c:167:3: note: expanded from macro 'aes_key_setup' AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)  ^ /usr/openssl3//include/openssl/aes.h:51:1: note: 'AES_set_encrypt_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 6 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c umac128.c -o umac128.o In file included from umac128.c:10: ./umac.c:197:9: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(in_buf, out_buf, key);  ^ ./umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ In file included from umac128.c:10: ./umac.c:204:9: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(in_buf, out_buf, key);  ^ ./umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ In file included from umac128.c:10: ./umac.c:228:5: warning: 'AES_set_encrypt_key' is deprecated [-Wdeprecated-declarations] aes_key_setup(buf, pc->prf_key);  ^ ./umac.c:167:3: note: expanded from macro 'aes_key_setup' AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)  ^ /usr/openssl3//include/openssl/aes.h:51:1: note: 'AES_set_encrypt_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ In file included from umac128.c:10: ./umac.c:232:5: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(pc->nonce, pc->cache, pc->prf_key);  ^ ./umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ In file included from umac128.c:10: ./umac.c:265:9: warning: 'AES_encrypt' is deprecated [-Wdeprecated-declarations] aes_encryption(pc->nonce, pc->cache, pc->prf_key);  ^ ./umac.c:165:3: note: expanded from macro 'aes_encryption' AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)  ^ /usr/openssl3//include/openssl/aes.h:58:1: note: 'AES_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ In file included from umac128.c:10: ./umac.c:1232:9: warning: 'AES_set_encrypt_key' is deprecated [-Wdeprecated-declarations] aes_key_setup(key, prf_key);  ^ ./umac.c:167:3: note: expanded from macro 'aes_key_setup' AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)  ^ /usr/openssl3//include/openssl/aes.h:51:1: note: 'AES_set_encrypt_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 6 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-pkcs11.c -o ssh-pkcs11.o ssh-pkcs11.c:432:13: warning: 'RSA_get_ex_data' is deprecated [-Wdeprecated-declarations] if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) {  ^ /usr/openssl3//include/openssl/rsa.h:440:1: note: 'RSA_get_ex_data' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:444:9: warning: 'RSA_size' is deprecated [-Wdeprecated-declarations] tlen = RSA_size(rsa);  ^ /usr/openssl3//include/openssl/rsa.h:210:1: note: 'RSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:468:15: warning: 'RSA_meth_dup' is deprecated [-Wdeprecated-declarations] rsa_method = RSA_meth_dup(RSA_get_default_method());  ^ /usr/openssl3//include/openssl/rsa.h:471:1: note: 'RSA_meth_dup' has been explicitly marked deprecated here DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:468:28: warning: 'RSA_get_default_method' is deprecated [-Wdeprecated-declarations] rsa_method = RSA_meth_dup(RSA_get_default_method());  ^ /usr/openssl3//include/openssl/rsa.h:288:1: note: 'RSA_get_default_method' has been explicitly marked deprecated here DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:475:7: warning: 'RSA_meth_set1_name' is deprecated [-Wdeprecated-declarations] if (!RSA_meth_set1_name(rsa_method, "pkcs11") ||  ^ /usr/openssl3//include/openssl/rsa.h:473:1: note: 'RSA_meth_set1_name' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:476:7: warning: 'RSA_meth_set_priv_enc' is deprecated [-Wdeprecated-declarations] !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) ||  ^ /usr/openssl3//include/openssl/rsa.h:495:1: note: 'RSA_meth_set_priv_enc' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:477:7: warning: 'RSA_meth_set_priv_dec' is deprecated [-Wdeprecated-declarations] !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) {  ^ /usr/openssl3//include/openssl/rsa.h:502:1: note: 'RSA_meth_set_priv_dec' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:505:2: warning: 'RSA_set_method' is deprecated [-Wdeprecated-declarations] RSA_set_method(rsa, rsa_method);  ^ /usr/openssl3//include/openssl/rsa.h:291:1: note: 'RSA_set_method' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:506:2: warning: 'RSA_set_ex_data' is deprecated [-Wdeprecated-declarations] RSA_set_ex_data(rsa, rsa_idx, k11);  ^ /usr/openssl3//include/openssl/rsa.h:439:1: note: 'RSA_set_ex_data' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:538:11: warning: 'ECDSA_size' is deprecated [-Wdeprecated-declarations] siglen = ECDSA_size(ec);  ^ /usr/openssl3//include/openssl/ec.h:1341:1: note: 'ECDSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:591:18: warning: 'EC_KEY_METHOD_new' is deprecated [-Wdeprecated-declarations] ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());  ^ /usr/openssl3//include/openssl/ec.h:1347:1: note: 'EC_KEY_METHOD_new' has been explicitly marked deprecated here DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:594:2: warning: 'EC_KEY_METHOD_get_sign' is deprecated [-Wdeprecated-declarations] EC_KEY_METHOD_get_sign(ec_key_method, &orig_sign, NULL, NULL);  ^ /usr/openssl3//include/openssl/ec.h:1418:1: note: 'EC_KEY_METHOD_get_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11.c:595:2: warning: 'EC_KEY_METHOD_set_sign' is deprecated [-Wdeprecated-declarations] EC_KEY_METHOD_set_sign(ec_key_method, orig_sign, NULL, ecdsa_do_sign);  ^ /usr/openssl3//include/openssl/ec.h:1370:1: note: 'EC_KEY_METHOD_set_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 13 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c smult_curve25519_ref.c -o smult_curve25519_ref.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c poly1305.c -o poly1305.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c chacha.c -o chacha.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-chachapoly.c -o cipher-chachapoly.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-chachapoly-libcrypto.c -o cipher-chachapoly-libcrypto.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ed25519.c -o ssh-ed25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c digest-openssl.c -o digest-openssl.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c digest-libc.c -o digest-libc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hmac.c -o hmac.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sc25519.c -o sc25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ge25519.c -o ge25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c fe25519.c -o fe25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ed25519.c -o ed25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c verify.c -o verify.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hash.c -o hash.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kex.c -o kex.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexdh.c -o kexdh.o kexdh.c:92:9: warning: 'DH_size' is deprecated [-Wdeprecated-declarations] klen = DH_size(kex->dh);  ^ /usr/openssl3//include/openssl/dh.h:150:1: note: 'DH_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int DH_size(const DH *dh)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ kexdh.c:98:14: warning: 'DH_compute_key' is deprecated [-Wdeprecated-declarations] if ((kout = DH_compute_key(kbuf, dh_pub, kex->dh)) < 0 ||  ^ /usr/openssl3//include/openssl/dh.h:180:1: note: 'DH_compute_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgex.c -o kexgex.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexecdh.c -o kexecdh.o kexecdh.c:179:6: warning: 'ECDH_compute_key' is deprecated [-Wdeprecated-declarations] if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||  ^ /usr/openssl3//include/openssl/ec.h:1185:1: note: 'ECDH_compute_key' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexc25519.c -o kexc25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgexc.c -o kexgexc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgexs.c -o kexgexs.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sntrup4591761.c -o sntrup4591761.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexsntrup4591761x25519.c -o kexsntrup4591761x25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgen.c -o kexgen.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-realpath.c -o sftp-realpath.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform-pledge.c -o platform-pledge.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform-tracing.c -o platform-tracing.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform-misc.c -o platform-misc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-io.c -o sshbuf-io.o ar rv libssh.a ssh_api.o ssherr.o sshbuf.o sshkey.o sshbuf-getput-basic.o sshbuf-misc.o sshbuf-getput-crypto.o krl.o bitmap.o ssh-xmss.o sshkey-xmss.o xmss_commons.o xmss_fast.o xmss_hash.o xmss_hash_address.o xmss_wots.o authfd.o authfile.o canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o cipher-ctr.o cleanup.o compat.o fatal.o hostfile.o log.o match.o moduli.o nchan.o packet.o readpass.o ttymodes.o xmalloc.o addrmatch.o atomicio.o dispatch.o mac.o misc.o utf8.o monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o ssh-ed25519-sk.o ssh-rsa.o dh.o msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o ssh-pkcs11.o smult_curve25519_ref.o poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o kexgexc.o kexgexs.o sntrup4591761.o kexsntrup4591761x25519.o kexgen.o sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o sshbuf-io.o ar: warning: creating libssh.a a - ssh_api.o a - ssherr.o a - sshbuf.o a - sshkey.o a - sshbuf-getput-basic.o a - sshbuf-misc.o a - sshbuf-getput-crypto.o a - krl.o a - bitmap.o a - ssh-xmss.o a - sshkey-xmss.o a - xmss_commons.o a - xmss_fast.o a - xmss_hash.o a - xmss_hash_address.o a - xmss_wots.o a - authfd.o a - authfile.o a - canohost.o a - channels.o a - cipher.o a - cipher-aes.o a - cipher-aesctr.o a - cipher-ctr.o a - cleanup.o a - compat.o a - fatal.o a - hostfile.o a - log.o a - match.o a - moduli.o a - nchan.o a - packet.o a - readpass.o a - ttymodes.o a - xmalloc.o a - addrmatch.o a - atomicio.o a - dispatch.o a - mac.o a - misc.o a - utf8.o a - monitor_fdpass.o a - rijndael.o a - ssh-dss.o a - ssh-ecdsa.o a - ssh-ecdsa-sk.o a - ssh-ed25519-sk.o a - ssh-rsa.o a - dh.o a - msg.o a - progressmeter.o a - dns.o a - entropy.o a - gss-genr.o a - umac.o a - umac128.o a - ssh-pkcs11.o a - smult_curve25519_ref.o a - poly1305.o a - chacha.o a - cipher-chachapoly.o a - cipher-chachapoly-libcrypto.o a - ssh-ed25519.o a - digest-openssl.o a - digest-libc.o a - hmac.o a - sc25519.o a - ge25519.o a - fe25519.o a - ed25519.o a - verify.o a - hash.o a - kex.o a - kexdh.o a - kexgex.o a - kexecdh.o a - kexc25519.o a - kexgexc.o a - kexgexs.o a - sntrup4591761.o a - kexsntrup4591761x25519.o a - kexgen.o a - sftp-realpath.o a - platform-pledge.o a - platform-tracing.o a - platform-misc.o a - sshbuf-io.o ranlib libssh.a /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/modpipe ./regress/modpipe.c -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/setuid-allowed ./regress/setuid-allowed.c -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/netcat ./regress/netcat.c -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/check-perm ./regress/check-perm.c -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/mkdtemp ./regress/mkdtemp.c -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/misc/sk-dummy/sk-dummy.c -o regress/misc/sk-dummy/sk-dummy.lo regress/misc/sk-dummy/sk-dummy.c:357:13: warning: 'ECDSA_do_sign' is deprecated [-Wdeprecated-declarations] if ((sig = ECDSA_do_sign(sighash, sizeof(sighash), ec)) == NULL) {  ^ /usr/openssl3//include/openssl/ec.h:1251:1: note: 'ECDSA_do_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/misc/sk-dummy/fatal.c -o regress/misc/sk-dummy/fatal.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ed25519.c -o ed25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hash.c -o hash.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ge25519.c -o ge25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c fe25519.c -o fe25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sc25519.c -o sc25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c verify.c -o verify.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -fPIC -shared -o regress/misc/sk-dummy/sk-dummy.so regress/misc/sk-dummy/sk-dummy.lo regress/misc/sk-dummy/fatal.lo ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo -L. -Lopenbsd-compat -lopenbsd-compat -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh.c -o ssh.o ssh.c:555:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ ssh.c:555:2: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); ssh.c:555:2: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c readconf.c -o readconf.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c clientloop.c -o clientloop.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshtty.c -o sshtty.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect.c -o sshconnect.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect2.c -o sshconnect2.o sshconnect2.c:1494:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ sshconnect2.c:1494:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); sshconnect2.c:1494:3: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c mux.c -o mux.o mux.c:1503:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case EINTR:  ^ mux.c:1503:4: note: insert '__attribute__((fallthrough));' to silence this warning case EINTR:  ^  __attribute__((fallthrough)); mux.c:1503:4: note: insert 'break;' to avoid fall-through case EINTR:  ^  break; mux.c:1552:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case EINTR:  ^ mux.c:1552:4: note: insert '__attribute__((fallthrough));' to silence this warning case EINTR:  ^  __attribute__((fallthrough)); mux.c:1552:4: note: insert 'break;' to avoid fall-through case EINTR:  ^  break; mux.c:2314:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case SSHCTL_MASTER_NO:  ^ mux.c:2314:2: note: insert 'break;' to avoid fall-through case SSHCTL_MASTER_NO:  ^  break; 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk-client.c -o ssh-sk-client.o /usr/local/bin/clang10 -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshd.c -o sshd.o sshd.c:639:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA:  ^ sshd.c:639:3: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA:  ^  __attribute__((fallthrough)); sshd.c:639:3: note: insert 'break;' to avoid fall-through case KEY_DSA:  ^  break; sshd.c:660:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA_CERT:  ^ sshd.c:660:3: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA_CERT:  ^  __attribute__((fallthrough)); sshd.c:660:3: note: insert 'break;' to avoid fall-through case KEY_DSA_CERT:  ^  break; sshd.c:710:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ sshd.c:710:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); sshd.c:710:3: note: insert 'break;' to avoid fall-through default:  ^  break; sshd.c:1177:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 0:  ^ sshd.c:1177:4: note: insert '__attribute__((fallthrough));' to silence this warning case 0:  ^  __attribute__((fallthrough)); sshd.c:1177:4: note: insert 'break;' to avoid fall-through case 0:  ^  break; sshd.c:1566:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 'e':  ^ sshd.c:1566:3: note: insert '__attribute__((fallthrough));' to silence this warning case 'e':  ^  __attribute__((fallthrough)); sshd.c:1566:3: note: insert 'break;' to avoid fall-through case 'e':  ^  break; 5 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-rhosts.c -o auth-rhosts.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-passwd.c -o auth-passwd.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c audit.c -o audit.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c audit-bsm.c -o audit-bsm.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c audit-linux.c -o audit-linux.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform.c -o platform.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshpty.c -o sshpty.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshlogin.c -o sshlogin.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c servconf.c -o servconf.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c serverloop.c -o serverloop.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth.c -o auth.o auth.c:1145:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 0:  ^ auth.c:1145:3: note: insert '__attribute__((fallthrough));' to silence this warning case 0:  ^  __attribute__((fallthrough)); auth.c:1145:3: note: insert 'break;' to avoid fall-through case 0:  ^  break; auth.c:1171:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 0:  ^ auth.c:1171:3: note: insert '__attribute__((fallthrough));' to silence this warning case 0:  ^  __attribute__((fallthrough)); auth.c:1171:3: note: insert 'break;' to avoid fall-through case 0:  ^  break; 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2.c -o auth2.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-options.c -o auth-options.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c session.c -o session.o session.c:513:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ session.c:513:2: note: insert 'break;' to avoid fall-through default:  ^  break; session.c:637:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ session.c:637:2: note: insert 'break;' to avoid fall-through default:  ^  break; session.c:1284:5: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers] nl = login_getcapstr(lc, "nologin", def_nl, def_nl);  ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-chall.c -o auth2-chall.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c groupaccess.c -o groupaccess.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-bsdauth.c -o auth-bsdauth.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-hostbased.c -o auth2-hostbased.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-kbdint.c -o auth2-kbdint.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-none.c -o auth2-none.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-passwd.c -o auth2-passwd.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-pubkey.c -o auth2-pubkey.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c monitor.c -o monitor.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c monitor_wrap.c -o monitor_wrap.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-krb5.c -o auth-krb5.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-gss.c -o auth2-gss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c gss-serv.c -o gss-serv.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c gss-serv-krb5.c -o gss-serv-krb5.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c loginrec.c -o loginrec.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-pam.c -o auth-pam.o auth-pam.c:876:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case PAM_AUTH_ERR:  ^ auth-pam.c:876:3: note: insert '__attribute__((fallthrough));' to silence this warning case PAM_AUTH_ERR:  ^  __attribute__((fallthrough)); auth-pam.c:876:3: note: insert 'break;' to avoid fall-through case PAM_AUTH_ERR:  ^  break; auth-pam.c:889:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case PAM_SUCCESS:  ^ auth-pam.c:889:3: note: insert '__attribute__((fallthrough));' to silence this warning case PAM_SUCCESS:  ^  __attribute__((fallthrough)); auth-pam.c:889:3: note: insert 'break;' to avoid fall-through case PAM_SUCCESS:  ^  break; auth-pam.c:919:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ auth-pam.c:919:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); auth-pam.c:919:3: note: insert 'break;' to avoid fall-through default:  ^  break; 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-shadow.c -o auth-shadow.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-sia.c -o auth-sia.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c md5crypt.c -o md5crypt.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-server.c -o sftp-server.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-common.c -o sftp-common.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-null.c -o sandbox-null.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-rlimit.c -o sandbox-rlimit.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-systrace.c -o sandbox-systrace.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-darwin.c -o sandbox-darwin.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-seccomp-filter.c -o sandbox-seccomp-filter.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-capsicum.c -o sandbox-capsicum.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-pledge.c -o sandbox-pledge.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-solaris.c -o sandbox-solaris.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c uidswap.c -o uidswap.o /usr/local/bin/clang10 -o sshd sshd.o auth-rhosts.o auth-passwd.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth2.o auth-options.o session.o auth2-chall.o groupaccess.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor.o monitor_wrap.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o sftp-server.o sftp-common.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o sandbox-solaris.o uidswap.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lpam -ldl -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-add.c -o ssh-add.o /usr/local/bin/clang10 -o ssh-add ssh-add.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-keygen.c -o ssh-keygen.o ssh-keygen.c:1211:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ ssh-keygen.c:1211:2: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); ssh-keygen.c:1211:2: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshsig.c -o sshsig.o /usr/local/bin/clang10 -o ssh-keygen ssh-keygen.o sshsig.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-keyscan.c -o ssh-keyscan.o /usr/local/bin/clang10 -o ssh-keyscan ssh-keyscan.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-keysign.c -o ssh-keysign.o /usr/local/bin/clang10 -o ssh-keysign ssh-keysign.o readconf.o uidswap.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-pkcs11-helper.c -o ssh-pkcs11-helper.o ssh-pkcs11-helper.c:211:12: warning: 'RSA_size' is deprecated [-Wdeprecated-declarations] slen = RSA_size(key->rsa);  ^ /usr/openssl3//include/openssl/rsa.h:210:1: note: 'RSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-helper.c:213:11: warning: 'RSA_private_encrypt' is deprecated [-Wdeprecated-declarations] ret = RSA_private_encrypt(dlen, data, signature,  ^ /usr/openssl3//include/openssl/rsa.h:271:1: note: 'RSA_private_encrypt' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-helper.c:221:19: warning: 'ECDSA_size' is deprecated [-Wdeprecated-declarations] u_int xslen = ECDSA_size(key->ecdsa);  ^ /usr/openssl3//include/openssl/ec.h:1341:1: note: 'ECDSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-helper.c:225:11: warning: 'ECDSA_sign' is deprecated [-Wdeprecated-declarations] ret = ECDSA_sign(-1, data, dlen, signature,  ^ /usr/openssl3//include/openssl/ec.h:1300:1: note: 'ECDSA_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 4 warnings generated. /usr/local/bin/clang10 -o ssh-pkcs11-helper ssh-pkcs11-helper.o ssh-pkcs11.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-agent.c -o ssh-agent.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-pkcs11-client.c -o ssh-pkcs11-client.o ssh-pkcs11-client.c:153:23: warning: 'RSA_size' is deprecated [-Wdeprecated-declarations] if (slen <= (size_t)RSA_size(rsa)) {  ^ /usr/openssl3//include/openssl/rsa.h:210:1: note: 'RSA_size' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:235:3: warning: 'RSA_set_method' is deprecated [-Wdeprecated-declarations] RSA_set_method(k->rsa, helper_rsa);  ^ /usr/openssl3//include/openssl/rsa.h:291:1: note: 'RSA_set_method' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:255:17: warning: 'EC_KEY_METHOD_new' is deprecated [-Wdeprecated-declarations] helper_ecdsa = EC_KEY_METHOD_new(EC_KEY_OpenSSL());  ^ /usr/openssl3//include/openssl/ec.h:1347:1: note: 'EC_KEY_METHOD_new' has been explicitly marked deprecated here DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:258:2: warning: 'EC_KEY_METHOD_get_sign' is deprecated [-Wdeprecated-declarations] EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);  ^ /usr/openssl3//include/openssl/ec.h:1418:1: note: 'EC_KEY_METHOD_get_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:259:2: warning: 'EC_KEY_METHOD_set_sign' is deprecated [-Wdeprecated-declarations] EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);  ^ /usr/openssl3//include/openssl/ec.h:1370:1: note: 'EC_KEY_METHOD_set_sign' has been explicitly marked deprecated here DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:262:20: warning: 'RSA_meth_dup' is deprecated [-Wdeprecated-declarations] if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)  ^ /usr/openssl3//include/openssl/rsa.h:471:1: note: 'RSA_meth_dup' has been explicitly marked deprecated here DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:262:33: warning: 'RSA_get_default_method' is deprecated [-Wdeprecated-declarations] if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)  ^ /usr/openssl3//include/openssl/rsa.h:288:1: note: 'RSA_get_default_method' has been explicitly marked deprecated here DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:264:7: warning: 'RSA_meth_set1_name' is deprecated [-Wdeprecated-declarations] if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||  ^ /usr/openssl3//include/openssl/rsa.h:473:1: note: 'RSA_meth_set1_name' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)) ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ ssh-pkcs11-client.c:265:7: warning: 'RSA_meth_set_priv_enc' is deprecated [-Wdeprecated-declarations] !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt))  ^ /usr/openssl3//include/openssl/rsa.h:495:1: note: 'RSA_meth_set_priv_enc' has been explicitly marked deprecated here DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa, ^ /usr/openssl3//include/openssl/macros.h:141:38: note: expanded from macro 'DEPRECATEDIN_3_0' # define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f)  ^ /usr/openssl3//include/openssl/macros.h:38:57: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));  ^ 9 warnings generated. /usr/local/bin/clang10 -o ssh-agent ssh-agent.o ssh-pkcs11-client.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c scp.c -o scp.o scp.c:1106:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ scp.c:1106:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); scp.c:1106:3: note: insert 'break;' to avoid fall-through default:  ^  break; scp.c:1566:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 1: /* error, followed by error msg */  ^ scp.c:1566:2: note: insert '__attribute__((fallthrough));' to silence this warning case 1: /* error, followed by error msg */  ^  __attribute__((fallthrough)); scp.c:1566:2: note: insert 'break;' to avoid fall-through case 1: /* error, followed by error msg */  ^  break; 2 warnings generated. /usr/local/bin/clang10 -o scp scp.o progressmeter.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-server-main.c -o sftp-server-main.o /usr/local/bin/clang10 -o sftp-server sftp-common.o sftp-server.o sftp-server-main.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp.c -o sftp.o sftp.c:1437:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_CHDIR:  ^ sftp.c:1437:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_CHDIR:  ^  __attribute__((fallthrough)); sftp.c:1437:2: note: insert 'break;' to avoid fall-through case I_CHDIR:  ^  break; sftp.c:1476:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_SHELL:  ^ sftp.c:1476:2: note: insert 'break;' to avoid fall-through case I_SHELL:  ^  break; sftp.c:1483:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_CHOWN:  ^ sftp.c:1483:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_CHOWN:  ^  __attribute__((fallthrough)); sftp.c:1483:2: note: insert 'break;' to avoid fall-through case I_CHOWN:  ^  break; sftp.c:1568:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_GET:  ^ sftp.c:1568:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_GET:  ^  __attribute__((fallthrough)); sftp.c:1568:2: note: insert 'break;' to avoid fall-through case I_GET:  ^  break; sftp.c:1575:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_PUT:  ^ sftp.c:1575:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_PUT:  ^  __attribute__((fallthrough)); sftp.c:1575:2: note: insert 'break;' to avoid fall-through case I_PUT:  ^  break; sftp.c:1587:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_LINK:  ^ sftp.c:1587:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_LINK:  ^  __attribute__((fallthrough)); sftp.c:1587:2: note: insert 'break;' to avoid fall-through case I_LINK:  ^  break; 6 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-client.c -o sftp-client.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-glob.c -o sftp-glob.o /usr/local/bin/clang10 -o sftp sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk-helper.c -o ssh-sk-helper.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk.c -o ssh-sk.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr/openssl3//include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sk-usbhid.c -o sk-usbhid.o /usr/local/bin/clang10 -o ssh-sk-helper ssh-sk-helper.o ssh-sk.o sk-usbhid.o -L. -Lopenbsd-compat/ -L/usr/openssl3//lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt BUILDDIR=`pwd`; cd ./regress || exit $?; EGREP='/usr/bin/grep -E' make .OBJDIR="${BUILDDIR}/regress" .CURDIR="`pwd`" BUILDDIR="${BUILDDIR}" OBJ="${BUILDDIR}/regress/" PATH="${BUILDDIR}:${PATH}" TEST_ENV=MALLOC_OPTIONS="AJRX" TEST_MALLOC_OPTIONS="AJRX" TEST_SSH_SCP="${BUILDDIR}/scp" TEST_SSH_SSH="${BUILDDIR}/ssh" TEST_SSH_SSHD="${BUILDDIR}/sshd" TEST_SSH_SSHAGENT="${BUILDDIR}/ssh-agent" TEST_SSH_SSHADD="${BUILDDIR}/ssh-add" TEST_SSH_SSHKEYGEN="${BUILDDIR}/ssh-keygen" TEST_SSH_SSHPKCS11HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SSHKEYSCAN="${BUILDDIR}/ssh-keyscan" TEST_SSH_SFTP="${BUILDDIR}/sftp" TEST_SSH_PKCS11_HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SK_HELPER="${BUILDDIR}/ssh-sk-helper" TEST_SSH_SFTPSERVER="${BUILDDIR}/sftp-server" TEST_SSH_PLINK="plink" TEST_SSH_PUTTYGEN="puttygen" TEST_SSH_CONCH="conch" TEST_SSH_IPV6="yes" TEST_SSH_UTF8="yes" TEST_SSH_ECC="yes" TEST_SHELL="sh" EXEEXT="" file-tests && echo all file-tests passed /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2.prv | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv tr '\n' '\r' /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_cr.prv /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_cr.prv | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv awk '{print $0 "\r"}' /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2.prv > /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_crnl.prv /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_crnl.prv | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv cat /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv > /usr/source/openssh-SNAP-20200524/regress//t2.out chmod 600 /usr/source/openssh-SNAP-20200524/regress//t2.out /usr/source/openssh-SNAP-20200524/ssh-keygen -yf /usr/source/openssh-SNAP-20200524/regress//t2.out | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub /usr/source/openssh-SNAP-20200524/ssh-keygen -ef /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub >/usr/source/openssh-SNAP-20200524/regress//t3.out /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress//t3.out | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub /usr/source/openssh-SNAP-20200524/ssh-keygen -E md5 -lf /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub | awk '{print $2}' | diff - /usr/source/openssh-SNAP-20200524/regress/t4.ok /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub | awk '{print $2}' | diff - /usr/source/openssh-SNAP-20200524/regress/t5.ok /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/dsa_ssh2.prv > /usr/source/openssh-SNAP-20200524/regress//t6.out1 /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/dsa_ssh2.pub > /usr/source/openssh-SNAP-20200524/regress//t6.out2 chmod 600 /usr/source/openssh-SNAP-20200524/regress//t6.out1 /usr/source/openssh-SNAP-20200524/ssh-keygen -yf /usr/source/openssh-SNAP-20200524/regress//t6.out1 | diff - /usr/source/openssh-SNAP-20200524/regress//t6.out2 /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t rsa -N '' -f /usr/source/openssh-SNAP-20200524/regress//t7.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t7.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t7.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t dsa -N '' -f /usr/source/openssh-SNAP-20200524/regress//t8.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t8.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t8.out > /dev/null test "yes" != yes || /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t ecdsa -N '' -f /usr/source/openssh-SNAP-20200524/regress//t9.out test "yes" != yes || /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t9.out > /dev/null test "yes" != yes || /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t9.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t ed25519 -N '' -f /usr/source/openssh-SNAP-20200524/regress//t10.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t10.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t10.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -E sha256 -lf /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub | awk '{print $2}' | diff - /usr/source/openssh-SNAP-20200524/regress/t11.ok /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t ed25519 -N '' -C 'test-comment-1234' -f /usr/source/openssh-SNAP-20200524/regress//t12.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t12.out.pub | grep test-comment-1234 >/dev/null all file-tests passed BUILDDIR=`pwd`; cd ./regress || exit $?; EGREP='/usr/bin/grep -E' make .OBJDIR="${BUILDDIR}/regress" .CURDIR="`pwd`" BUILDDIR="${BUILDDIR}" OBJ="${BUILDDIR}/regress/" PATH="${BUILDDIR}:${PATH}" TEST_ENV=MALLOC_OPTIONS="AJRX" TEST_MALLOC_OPTIONS="AJRX" TEST_SSH_SCP="${BUILDDIR}/scp" TEST_SSH_SSH="${BUILDDIR}/ssh" TEST_SSH_SSHD="${BUILDDIR}/sshd" TEST_SSH_SSHAGENT="${BUILDDIR}/ssh-agent" TEST_SSH_SSHADD="${BUILDDIR}/ssh-add" TEST_SSH_SSHKEYGEN="${BUILDDIR}/ssh-keygen" TEST_SSH_SSHPKCS11HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SSHKEYSCAN="${BUILDDIR}/ssh-keyscan" TEST_SSH_SFTP="${BUILDDIR}/sftp" TEST_SSH_PKCS11_HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SK_HELPER="${BUILDDIR}/ssh-sk-helper" TEST_SSH_SFTPSERVER="${BUILDDIR}/sftp-server" TEST_SSH_PLINK="plink" TEST_SSH_PUTTYGEN="puttygen" TEST_SSH_CONCH="conch" TEST_SSH_IPV6="yes" TEST_SSH_UTF8="yes" TEST_SSH_ECC="yes" TEST_SHELL="sh" EXEEXT="" t-exec && echo all t-exec passed run test connect.sh ... ssh direct connect failed ssh proxycommand connect failed failed simple connect *** Error code 1 Stop. make[1]: stopped in /usr/source/openssh-SNAP-20200524/regress *** Error code 1 Stop. make: stopped in /usr/source/openssh-SNAP-20200524 root at border:/usr/source/openssh-SNAP-20200524 # make distclean if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then (cd regress && make clean) fi for F in *.core actual agent-key.* authorized_keys_root authorized_keys_root.* authorized_principals_root banner.in banner.out cert_host_key* cert_user_key* copy.1 copy.2 data ed25519-agent ed25519-agent* ed25519-agent.pub ed25519 ed25519.pub empty.in expect failed-regress.log failed-ssh.log failed-sshd.log hkr.* host.ecdsa-sha2-nistp256 host.ecdsa-sha2-nistp384 host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* key.dsa-* key.ecdsa-* key.ed25519-512 key.ed25519-512.pub key.rsa-* keys-command-args kh.* known_hosts known_hosts-cert known_hosts.* krl-* ls.copy modpipe netcat no_identity_config pidfile putty.rsa2 ready regress.log remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe scp-ssh-wrapper.scp setuid-allowed sftp-server.log sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log ssh-rsa_oldfmt ssh_config ssh_config.* ssh_proxy ssh_proxy_bak ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub t9.out t9.out.pub testdata user_*key* user_ca* user_key*; do rm -f $F; done rm -rf .putty rm -f *.o *.a ssh sshd ssh-add ssh-keygen ssh-keyscan ssh-keysign ssh-pkcs11-helper ssh-agent scp sftp-server sftp ssh-sk-helper logintest config.cache config.log rm -f *.out core opensshd.init openssh.xml rm -f Makefile buildpkg.sh config.h config.status rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache rm -f regress/check-perm rm -f regress/mkdtemp rm -f regress/unittests/test_helper/*.a rm -f regress/unittests/test_helper/*.o rm -f regress/unittests/sshbuf/*.o rm -f regress/unittests/sshbuf/test_sshbuf rm -f regress/unittests/sshkey/*.o rm -f regress/unittests/sshkey/test_sshkey rm -f regress/unittests/bitmap/*.o rm -f regress/unittests/bitmap/test_bitmap rm -f regress/unittests/conversion/*.o rm -f regress/unittests/conversion/test_conversion rm -f regress/unittests/hostkeys/*.o rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o rm -f regress/unittests/kex/test_kex rm -f regress/unittests/match/*.o rm -f regress/unittests/match/test_match rm -f regress/unittests/utf8/*.o rm -f regress/unittests/utf8/test_utf8 rm -f regress/misc/kexfuzz/*.o rm -f regress/misc/kexfuzz/kexfuzz (cd openbsd-compat && make distclean) rm -f *.o *.a core rm -f Makefile *~ if test -d pkg ; then rm -fr pkg ; fi root at border:/usr/source/openssh-SNAP-20200524 # !vi vi configsshd [?1h=#!/usr/local/bin/bash CC=/usr/local/bin/clang10 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-zlib=/usr --with-ssl-dir=/usr/openssl3/ --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 --with-pid-dir=/var/run --with-mantype=man ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~configsshd: unmodified: line 1/openssl3  Copying file for recovery... / --with-ssl-engine --with-pie --with-pam --with-xauth=/usr/local/bin/xauth --with-maildir=/var/mail --with-4in6 configsshd: 2 lines, 306 characters[?1l>   [?1l>root at border:/usr/source/openssh-SNAP-20200524 # openssl version -a OpenSSL 1.1.1h-dev xx XXX xxxx built on: Sun May 24 11:29:59 2020 UTC platform: BSD-x86_64 options: bn(64,64) rc4(16x,int) des(int) blowfish(ptr) compiler: /usr/local/bin/clang10 -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -Wall -O3 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_THREAD_SAFE -D_REENTRANT -DZLIB -DZLIB_SHARED -DNDEBUG OPENSSLDIR: "/usr/ssl" ENGINESDIR: "/usr//lib/engines-1.1" Seeding source: os-specific root at border:/usr/source/openssh-SNAP-20200524 # /bin/sh ./configsshd checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether /usr/local/bin/clang10 accepts -g... yes checking for /usr/local/bin/clang10 option to accept ISO C89... none needed checking build system type... x86_64-unknown-freebsd12.1 checking host system type... x86_64-unknown-freebsd12.1 checking how to run the C preprocessor... /usr/local/bin/clang10 -E checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking whether byte ordering is bigendian... no checking for gawk... no checking for mawk... no checking for nawk... nawk checking how to run the C preprocessor... /usr/local/bin/clang10 -E checking for ranlib... ranlib checking for a BSD-compatible install... /usr/bin/install -c checking for egrep... (cached) /usr/bin/grep -E checking for a thread-safe mkdir -p... ./install-sh -c -d checking for ar... ar checking for cat... /bin/cat checking for kill... /bin/kill checking for sed... /usr/bin/sed checking for ent... no checking for bash... /bin/bash checking for ksh... (cached) /bin/bash checking for sh... (cached) /bin/bash checking for sh... /bin/sh checking for groff... /usr/local/bin/groff checking for nroff... /usr/local/bin/nroff checking for mandoc... /usr/bin/mandoc checking for groupadd... groupadd checking for useradd... useradd checking for pkgmk... no checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking for passwd... /usr/bin/passwd checking for inline... inline checking whether LLONG_MAX is declared... yes checking whether LONG_LONG_MAX is declared... no checking whether SYSTR_POLICY_KILL is declared... no checking whether RLIMIT_NPROC is declared... yes checking whether PR_SET_NO_NEW_PRIVS is declared... no checking whether OpenSSL will be used for cryptography... yes checking if /usr/local/bin/clang10 supports -Werror... yes checking if /usr/local/bin/clang10 supports compile flag -pipe... yes checking if /usr/local/bin/clang10 supports compile flag -Wunknown-warning-option... yes checking if /usr/local/bin/clang10 supports compile flag -Wno-error=format-truncation... no checking if /usr/local/bin/clang10 supports compile flag -Qunused-arguments... yes checking if /usr/local/bin/clang10 supports compile flag -Wall... yes checking if /usr/local/bin/clang10 supports compile flag -Wextra... no checking if /usr/local/bin/clang10 supports compile flag -Wpointer-arith... yes checking if /usr/local/bin/clang10 supports compile flag -Wuninitialized... yes checking if /usr/local/bin/clang10 supports compile flag -Wsign-compare... yes checking if /usr/local/bin/clang10 supports compile flag -Wformat-security... yes checking if /usr/local/bin/clang10 supports compile flag -Wsizeof-pointer-memaccess... yes checking if /usr/local/bin/clang10 supports compile flag -Wpointer-sign... yes checking if /usr/local/bin/clang10 supports compile flag -Wunused-result... yes checking if /usr/local/bin/clang10 supports compile flag -Wimplicit-fallthrough... yes checking if /usr/local/bin/clang10 supports compile flag -fno-strict-aliasing... yes checking if /usr/local/bin/clang10 supports compile flag -mretpoline... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,retpolineplt... yes checking if /usr/local/bin/clang10 supports compile flag -D_FORTIFY_SOURCE=2... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,relro... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,now... yes checking if /usr/local/bin/clang10 supports link flag -Wl,-z,noexecstack... yes checking if /usr/local/bin/clang10 supports compile flag -ftrapv and linking succeeds... yes checking gcc version... checking if /usr/local/bin/clang10 accepts -fno-builtin-memset... yes checking if /usr/local/bin/clang10 supports -fstack-protector-strong... yes checking if -fstack-protector-strong works... yes checking if compiler allows __attribute__ on return types... yes checking if compiler allows __attribute__ prototype args... yes checking blf.h usability... no checking blf.h presence... no checking for blf.h... no checking bstring.h usability... no checking bstring.h presence... no checking for bstring.h... no checking crypt.h usability... no checking crypt.h presence... no checking for crypt.h... no checking crypto/sha2.h usability... no checking crypto/sha2.h presence... no checking for crypto/sha2.h... no checking dirent.h usability... yes checking dirent.h presence... yes checking for dirent.h... yes checking endian.h usability... no checking endian.h presence... no checking for endian.h... no checking elf.h usability... yes checking elf.h presence... yes checking for elf.h... yes checking err.h usability... yes checking err.h presence... yes checking for err.h... yes checking features.h usability... no checking features.h presence... no checking for features.h... no checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking floatingpoint.h usability... yes checking floatingpoint.h presence... yes checking for floatingpoint.h... yes checking fnmatch.h usability... yes checking fnmatch.h presence... yes checking for fnmatch.h... yes checking getopt.h usability... yes checking getopt.h presence... yes checking for getopt.h... yes checking glob.h usability... yes checking glob.h presence... yes checking for glob.h... yes checking ia.h usability... no checking ia.h presence... no checking for ia.h... no checking iaf.h usability... no checking iaf.h presence... no checking for iaf.h... no checking ifaddrs.h usability... yes checking ifaddrs.h presence... yes checking for ifaddrs.h... yes checking for inttypes.h... (cached) yes checking langinfo.h usability... yes checking langinfo.h presence... yes checking for langinfo.h... yes checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking login.h usability... no checking login.h presence... no checking for login.h... no checking maillock.h usability... no checking maillock.h presence... no checking for maillock.h... no checking ndir.h usability... no checking ndir.h presence... no checking for ndir.h... no checking net/if_tun.h usability... yes checking net/if_tun.h presence... yes checking for net/if_tun.h... yes checking netdb.h usability... yes checking netdb.h presence... yes checking for netdb.h... yes checking netgroup.h usability... no checking netgroup.h presence... no checking for netgroup.h... no checking pam/pam_appl.h usability... no checking pam/pam_appl.h presence... no checking for pam/pam_appl.h... no checking paths.h usability... yes checking paths.h presence... yes checking for paths.h... yes checking poll.h usability... yes checking poll.h presence... yes checking for poll.h... yes checking pty.h usability... no checking pty.h presence... no checking for pty.h... no checking readpassphrase.h usability... yes checking readpassphrase.h presence... yes checking for readpassphrase.h... yes checking rpc/types.h usability... yes checking rpc/types.h presence... yes checking for rpc/types.h... yes checking security/pam_appl.h usability... yes checking security/pam_appl.h presence... yes checking for security/pam_appl.h... yes checking sha2.h usability... no checking sha2.h presence... no checking for sha2.h... no checking shadow.h usability... no checking shadow.h presence... no checking for shadow.h... no checking stddef.h usability... yes checking stddef.h presence... yes checking for stddef.h... yes checking for stdint.h... (cached) yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sys/bitypes.h usability... no checking sys/bitypes.h presence... no checking for sys/bitypes.h... no checking sys/byteorder.h usability... no checking sys/byteorder.h presence... no checking for sys/byteorder.h... no checking sys/bsdtty.h usability... no checking sys/bsdtty.h presence... no checking for sys/bsdtty.h... no checking sys/cdefs.h usability... yes checking sys/cdefs.h presence... yes checking for sys/cdefs.h... yes checking sys/dir.h usability... yes checking sys/dir.h presence... yes checking for sys/dir.h... yes checking sys/file.h usability... yes checking sys/file.h presence... yes checking for sys/file.h... yes checking sys/mman.h usability... yes checking sys/mman.h presence... yes checking for sys/mman.h... yes checking sys/label.h usability... no checking sys/label.h presence... no checking for sys/label.h... no checking sys/ndir.h usability... no checking sys/ndir.h presence... no checking for sys/ndir.h... no checking sys/poll.h usability... yes checking sys/poll.h presence... yes checking for sys/poll.h... yes checking sys/prctl.h usability... no checking sys/prctl.h presence... no checking for sys/prctl.h... no checking sys/pstat.h usability... no checking sys/pstat.h presence... no checking for sys/pstat.h... no checking sys/ptrace.h usability... yes checking sys/ptrace.h presence... yes checking for sys/ptrace.h... yes checking sys/random.h usability... yes checking sys/random.h presence... yes checking for sys/random.h... yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking for sys/stat.h... (cached) yes checking sys/stream.h usability... no checking sys/stream.h presence... no checking for sys/stream.h... no checking sys/stropts.h usability... no checking sys/stropts.h presence... no checking for sys/stropts.h... no checking sys/strtio.h usability... no checking sys/strtio.h presence... no checking for sys/strtio.h... no checking sys/statvfs.h usability... yes checking sys/statvfs.h presence... yes checking for sys/statvfs.h... yes checking sys/sysmacros.h usability... no checking sys/sysmacros.h presence... no checking for sys/sysmacros.h... no checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking sys/timers.h usability... yes checking sys/timers.h presence... yes checking for sys/timers.h... yes checking sys/vfs.h usability... no checking sys/vfs.h presence... no checking for sys/vfs.h... no checking time.h usability... yes checking time.h presence... yes checking for time.h... yes checking tmpdir.h usability... no checking tmpdir.h presence... no checking for tmpdir.h... no checking ttyent.h usability... yes checking ttyent.h presence... yes checking for ttyent.h... yes checking ucred.h usability... no checking ucred.h presence... no checking for ucred.h... no checking for unistd.h... (cached) yes checking usersec.h usability... no checking usersec.h presence... no checking for usersec.h... no checking util.h usability... no checking util.h presence... no checking for util.h... no checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking utmp.h usability... no checking utmp.h presence... no checking for utmp.h... no checking utmpx.h usability... yes checking utmpx.h presence... yes checking for utmpx.h... yes checking vis.h usability... yes checking vis.h presence... yes checking for vis.h... yes checking wchar.h usability... yes checking wchar.h presence... yes checking for wchar.h... yes checking for sys/audit.h... no checking for sys/capsicum.h... yes checking for net/route.h... yes checking for sys/sysctl.h... yes checking for lastlog.h... no checking for sys/ptms.h... no checking for login_cap.h... yes checking for sys/mount.h... yes checking for sys/un.h... yes checking net/if_tap.h usability... yes checking net/if_tap.h presence... yes checking for net/if_tap.h... yes checking compiler and flags for sanity... yes checking for setsockopt... yes checking for dirname... yes checking libgen.h usability... yes checking libgen.h presence... yes checking for libgen.h... yes checking for getspnam... no checking for getspnam in -lgen... no checking for library containing basename... none required checking for zlib... yes checking zlib.h usability... yes checking zlib.h presence... yes checking for zlib.h... yes checking for deflate in -lz... yes checking for possibly buggy zlib... no checking for strcasecmp... yes checking for utimes... yes checking bsd/libutil.h usability... no checking bsd/libutil.h presence... no checking for bsd/libutil.h... no checking libutil.h usability... yes checking libutil.h presence... yes checking for libutil.h... yes checking for library containing fmt_scaled... no checking for library containing scan_scaled... no checking for library containing login... no checking for library containing logout... no checking for library containing logwtmp... no checking for library containing openpty... -lutil checking for library containing updwtmp... no checking for fmt_scaled... no checking for scan_scaled... no checking for login... no checking for logout... no checking for openpty... yes checking for updwtmp... no checking for logwtmp... no checking for library containing inet_ntop... none required checking for library containing gethostbyname... none required checking for strftime... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible malloc... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible realloc... yes checking if calloc(0, N) returns non-null... yes checking for GLOB_ALTDIRFUNC support... yes checking for gl_matchc field in glob_t... yes checking for gl_statv and GLOB_KEEPSTAT extensions for glob... no checking whether GLOB_NOMATCH is declared... yes checking whether VIS_ALL is declared... no checking whether struct dirent allocates space for d_name... yes checking for /proc/pid/fd directory... no checking if /usr/local/bin/clang10 supports compile flag -fPIE... yes checking if /usr/local/bin/clang10 supports link flag -pie... yes checking whether both -fPIE and -pie are supported... yes checking whether -fPIC is accepted... yes checking for Blowfish_initstate... no checking for Blowfish_expandstate... no checking for Blowfish_expand0state... no checking for Blowfish_stream2word... no checking for SHA256Update... no checking for SHA384Update... no checking for SHA512Update... no checking for asprintf... yes checking for b64_ntop... no checking for __b64_ntop... yes checking for b64_pton... no checking for __b64_pton... yes checking for bcopy... yes checking for bcrypt_pbkdf... no checking for bindresvport_sa... yes checking for blf_enc... no checking for bzero... yes checking for cap_rights_limit... yes checking for clock... yes checking for closefrom... yes checking for dirfd... yes checking for endgrent... yes checking for err... yes checking for errx... yes checking for explicit_bzero... yes checking for fchmod... yes checking for fchmodat... yes checking for fchown... yes checking for fchownat... yes checking for flock... yes checking for fnmatch... yes checking for freeaddrinfo... yes checking for freezero... no checking for fstatfs... yes checking for fstatvfs... yes checking for futimes... yes checking for getaddrinfo... yes checking for getcwd... yes checking for getgrouplist... yes checking for getline... yes checking for getnameinfo... yes checking for getopt... yes checking for getpagesize... yes checking for getpeereid... yes checking for getpeerucred... no checking for getpgid... yes checking for _getpty... no checking for getrlimit... yes checking for getrandom... yes checking for getsid... yes checking for getttyent... yes checking for glob... yes checking for group_from_gid... yes checking for inet_aton... yes checking for inet_ntoa... yes checking for inet_ntop... yes checking for innetgr... yes checking for llabs... yes checking for localtime_r... yes checking for login_getcapbool... yes checking for md5_crypt... no checking for memmem... yes checking for memmove... yes checking for memset_s... yes checking for mkdtemp... yes checking for ngetaddrinfo... no checking for nsleep... no checking for ogetaddrinfo... no checking for openlog_r... no checking for pledge... no checking for poll... yes checking for prctl... no checking for pstat... no checking for raise... yes checking for readpassphrase... yes checking for reallocarray... yes checking for realpath... yes checking for recvmsg... yes checking for recallocarray... no checking for rresvport_af... yes checking for sendmsg... yes checking for setdtablesize... no checking for setegid... yes checking for setenv... yes checking for seteuid... yes checking for setgroupent... yes checking for setgroups... yes checking for setlinebuf... yes checking for setlogin... yes checking for setpassent... yes checking for setpcred... no checking for setproctitle... yes checking for setregid... yes checking for setreuid... yes checking for setrlimit... yes checking for setsid... yes checking for setvbuf... yes checking for sigaction... yes checking for sigvec... yes checking for snprintf... yes checking for socketpair... yes checking for statfs... yes checking for statvfs... yes checking for strcasestr... yes checking for strdup... yes checking for strerror... yes checking for strlcat... yes checking for strlcpy... yes checking for strmode... yes checking for strndup... yes checking for strnlen... yes checking for strnvis... yes checking for strptime... yes checking for strsignal... yes checking for strtonum... yes checking for strtoll... yes checking for strtoul... yes checking for strtoull... yes checking for swap32... no checking for sysconf... yes checking for tcgetpgrp... yes checking for timingsafe_bcmp... yes checking for truncate... yes checking for unsetenv... yes checking for updwtmpx... no checking for utimensat... yes checking for user_from_uid... yes checking for usleep... yes checking for vasprintf... yes checking for vsnprintf... yes checking for waitpid... yes checking for warn... yes checking whether bzero is declared... yes checking whether memmem is declared... yes checking for mblen... yes checking for mbtowc... yes checking for nl_langinfo... yes checking for wcwidth... yes checking for utf8 locale support... yes checking for library containing dlopen... none required checking for dlopen... yes checking whether RTLD_NOW is declared... yes checking for gai_strerror... yes checking for library containing nanosleep... none required checking for library containing clock_gettime... none required checking whether localtime_r is declared... yes checking whether strsep is declared... yes checking for strsep... yes checking whether tcsendbreak is declared... yes checking whether h_errno is declared... yes checking whether SHUT_RD is declared... yes checking whether getpeereid is declared... yes checking whether O_NONBLOCK is declared... yes checking whether readv is declared... yes checking whether writev is declared... yes checking whether MAXSYMLINKS is declared... yes checking whether offsetof is declared... yes checking whether howmany is declared... yes checking whether NFDBITS is declared... yes checking for fd_mask... yes checking for setresuid... yes checking if setresuid seems to work... yes checking for setresgid... yes checking if setresgid seems to work... yes checking for working fflush(NULL)... yes checking for gettimeofday... yes checking for time... yes checking for endutent... no checking for getutent... no checking for getutid... no checking for getutline... no checking for pututline... no checking for setutent... no checking for utmpname... no checking for endutxent... yes checking for getutxent... yes checking for getutxid... yes checking for getutxline... yes checking for getutxuser... yes checking for pututxline... yes checking for setutxdb... yes checking for setutxent... yes checking for utmpxname... no checking for getlastlogxbyname... no checking for daemon... yes checking for getpagesize... (cached) yes checking whether snprintf correctly terminates long strings... yes checking whether snprintf understands %zu... yes checking whether vsnprintf returns correct values on overflow... yes checking whether snprintf can declare const char *fmt... yes checking for (overly) strict mkstemp... no checking whether AI_NUMERICSERV is declared... yes checking for working strnvis... no checking if SA_RESTARTed signals interrupt select()... yes checking for getpgrp... yes checking if getpgrp accepts zero args... yes checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking OpenSSL header version... 10101080 (OpenSSL 1.1.1h-dev xx XXX xxxx) checking for OpenSSL_version... yes checking for OpenSSL_version_num... yes checking OpenSSL library version... 10101080 (OpenSSL 1.1.1h-dev xx XXX xxxx) checking whether OpenSSL's headers match the library... yes checking if programs using OpenSSL functions will link... yes checking for BN_is_prime_ex... yes checking for DSA_generate_parameters_ex... yes checking for EVP_CIPHER_CTX_ctrl... yes checking for EVP_DigestFinal_ex... yes checking for EVP_DigestInit_ex... yes checking for EVP_MD_CTX_cleanup... no checking for EVP_MD_CTX_copy_ex... yes checking for EVP_MD_CTX_init... no checking for HMAC_CTX_init... no checking for RSA_generate_key_ex... yes checking for RSA_get_default_method... yes checking for OpenSSL_add_all_algorithms... no checking whether OpenSSL_add_all_algorithms is declared... yes checking for OPENSSL_init_crypto... yes checking for DH_get0_key... yes checking for DH_get0_pqg... yes checking for DH_set0_key... yes checking for DH_set_length... yes checking for DH_set0_pqg... yes checking for DSA_get0_key... yes checking for DSA_get0_pqg... yes checking for DSA_set0_key... yes checking for DSA_set0_pqg... yes checking for DSA_SIG_get0... yes checking for DSA_SIG_set0... yes checking for ECDSA_SIG_get0... yes checking for ECDSA_SIG_set0... yes checking for EVP_CIPHER_CTX_iv... yes checking for EVP_CIPHER_CTX_iv_noconst... yes checking for EVP_CIPHER_CTX_get_iv... no checking for EVP_CIPHER_CTX_set_iv... no checking for RSA_get0_crt_params... yes checking for RSA_get0_factors... yes checking for RSA_get0_key... yes checking for RSA_set0_crt_params... yes checking for RSA_set0_factors... yes checking for RSA_set0_key... yes checking for RSA_meth_free... yes checking for RSA_meth_dup... yes checking for RSA_meth_set1_name... yes checking for RSA_meth_get_finish... yes checking for RSA_meth_set_priv_enc... yes checking for RSA_meth_set_priv_dec... yes checking for RSA_meth_set_finish... yes checking for EVP_PKEY_get0_RSA... yes checking for EVP_MD_CTX_new... yes checking for EVP_MD_CTX_free... yes checking for EVP_chacha20... yes checking for OpenSSL ENGINE support... yes checking whether OpenSSL has crippled AES support... no checking whether OpenSSL has AES CTR via EVP... yes checking whether OpenSSL has AES GCM via EVP... yes checking if EVP_DigestUpdate returns an int... yes checking for crypt in -lcrypt... yes checking for crypt... yes checking for DES_crypt... yes checking for EVP_sha256... yes checking for EVP_sha384... yes checking for EVP_sha512... yes checking whether OpenSSL has NID_X9_62_prime256v1... yes checking whether OpenSSL has NID_secp384r1... yes checking whether OpenSSL has NID_secp521r1... yes checking if OpenSSL's NID_secp521r1 is functional... yes checking for EC_KEY_METHOD_new... yes checking whether to enable PKCS11... yes checking whether to enable U2F... yes checking for arc4random... yes checking for arc4random_buf... yes checking for arc4random_stir... no checking for arc4random_uniform... yes checking for ia_openinfo in -liaf... no checking whether OpenSSL's PRNG is internally seeded... yes checking for dlopen in -ldl... yes checking for pam_set_item in -lpam... yes checking for pam_getenvlist... yes checking for pam_putenv... yes checking whether pam_strerror takes only one argument... no checking if select works with descriptor rlimit... yes checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... yes checking if setrlimit RLIMIT_FSIZE works... yes checking for long long... yes checking for unsigned long long... yes checking for long double... yes checking size of short int... 2 checking size of int... 4 checking size of long int... 8 checking size of long long int... 8 checking whether UINT32_MAX is declared... yes checking for u_int type... yes checking for intXX_t types... yes checking for int64_t type... yes checking for u_intXX_t types... yes checking for u_int64_t types... yes checking for uintXX_t types in stdint.h... yes checking for uintXX_t types in inttypes.h... yes checking for u_char... yes checking for intmax_t... yes checking for uintmax_t... yes checking for socklen_t... yes checking for sig_atomic_t... yes checking for fsblkcnt_t... yes checking for fsfilcnt_t... yes checking for struct statfs.f_files... yes checking for struct statfs.f_flags... yes checking for in_addr_t... yes checking for in_port_t... yes checking for size_t... yes checking for ssize_t... yes checking for clock_t... yes checking for sa_family_t... yes checking for pid_t... yes checking for mode_t... yes checking for struct sockaddr_storage... yes checking for struct sockaddr_in6... yes checking for struct in6_addr... yes checking for struct sockaddr_in6.sin6_scope_id... yes checking for struct addrinfo... yes checking whether time.h and sys/time.h may both be included... yes checking for struct timeval... yes checking for struct timespec... yes checking for ut_host field in utmp.h... no checking for ut_host field in utmpx.h... yes checking for syslen field in utmpx.h... no checking for ut_pid field in utmp.h... no checking for ut_type field in utmp.h... no checking for ut_type field in utmpx.h... yes checking for ut_tv field in utmp.h... no checking for ut_id field in utmp.h... no checking for ut_id field in utmpx.h... yes checking for ut_addr field in utmp.h... no checking for ut_addr field in utmpx.h... no checking for ut_addr_v6 field in utmp.h... no checking for ut_addr_v6 field in utmpx.h... no checking for ut_exit field in utmp.h... no checking for ut_time field in utmp.h... no checking for ut_time field in utmpx.h... no checking for ut_tv field in utmpx.h... yes checking for struct stat.st_blksize... yes checking for struct stat.st_mtim... yes checking for struct stat.st_mtime... yes checking for struct passwd.pw_gecos... yes checking for struct passwd.pw_class... yes checking for struct passwd.pw_change... yes checking for struct passwd.pw_expire... yes checking for struct __res_state.retrans... yes checking for ss_family field in struct sockaddr_storage... yes checking for __ss_family field in struct sockaddr_storage... no checking for msg_accrights field in struct msghdr... no checking if struct statvfs.f_fsid is integral type... yes checking for msg_control field in struct msghdr... yes checking if libc defines __progname... yes checking whether /usr/local/bin/clang10 implements __FUNCTION__... yes checking whether /usr/local/bin/clang10 implements __func__... yes checking whether va_copy exists... yes checking whether __va_copy exists... yes checking whether getopt has optreset support... yes checking if libc defines sys_errlist... yes checking if libc defines sys_nerr... yes checking for library containing getrrsetbyname... no checking for library containing res_query... none required checking for library containing dn_expand... none required checking if res_query will link... yes checking for _getshort... yes checking for _getlong... yes checking whether _getshort is declared... no checking whether _getlong is declared... no checking for HEADER.ad... yes checking if struct __res_state _res is an extern... yes checking for "/dev/ptmx"... no checking for "/dev/ptc"... no checking if the systems has expire shadow information... no checking for "/etc/default/login"... no configure: WARNING: Make sure the path to scp is in /etc/login.conf checking if we need to convert IPv4 in IPv6-mapped addresses... yes checking if your system defines LASTLOG_FILE... no checking if your system defines _PATH_LASTLOG... no configure: WARNING: ** Cannot find lastlog ** checking if your system defines UTMP_FILE... no checking if your system defines WTMP_FILE... no checking if your system defines WTMPX_FILE... no checking for struct lastlog.ll_line... no checking for struct utmp.ut_line... no checking whether BROKEN_GETADDRINFO is declared... no configure: creating ./config.status config.status: creating Makefile config.status: creating buildpkg.sh config.status: creating opensshd.init config.status: creating openssh.xml config.status: creating openbsd-compat/Makefile config.status: creating openbsd-compat/regress/Makefile config.status: creating survey.sh config.status: creating config.h OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc Askpass program: /usr/libexec/ssh-askpass Manual pages: /usr/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty At runtime, sshd will use the path defined in /etc/login.conf Make sure the path to scp is present, otherwise scp will not work Manpage format: man PAM support: yes OSF SIA support: no KerberosV support: no SELinux support: no MD5 password support: no libedit support: no libldns support: no Solaris process contract support: no Solaris project support: no Solaris privilege support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Privsep sandbox style: capsicum PKCS#11 support: yes U2F/FIDO support: yes Host: x86_64-unknown-freebsd12.1 Compiler: /usr/local/bin/clang10 Compiler flags: -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE Preprocessor flags: -I/usr///include -I/usr/include Linker flags: -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie Libraries: -lcrypto -lutil -lz -lcrypt +for sshd: -lpam -ldl PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory root at border:/usr/source/openssh-SNAP-20200524 # make tests ./install-sh -c -d `pwd`/regress/unittests/test_helper ./install-sh -c -d `pwd`/regress/unittests/sshbuf ./install-sh -c -d `pwd`/regress/unittests/sshkey ./install-sh -c -d `pwd`/regress/unittests/bitmap ./install-sh -c -d `pwd`/regress/unittests/conversion ./install-sh -c -d `pwd`/regress/unittests/hostkeys ./install-sh -c -d `pwd`/regress/unittests/kex ./install-sh -c -d `pwd`/regress/unittests/match ./install-sh -c -d `pwd`/regress/unittests/utf8 ./install-sh -c -d `pwd`/regress/misc/kexfuzz ./install-sh -c -d `pwd`/regress/misc/sk-dummy [ -f `pwd`/regress/Makefile ] || ln -s `cd . && pwd`/regress/Makefile `pwd`/regress/Makefile (cd openbsd-compat && make) /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c arc4random.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-asprintf.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-closefrom.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-cygwin_util.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-err.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-flock.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-getline.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-getpagesize.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-getpeereid.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-malloc.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-misc.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-nextstep.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-openpty.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-poll.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-setres_id.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-signal.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-snprintf.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-statvfs.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bsd-waitpid.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c fake-rfc2553.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c getrrsetbyname-ldns.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c kludge-fd_set.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c openssl-compat.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c libressl-api-compat.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c xcrypt.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c base64.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c basename.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bcrypt_pbkdf.c bcrypt_pbkdf.c:94:40: warning: expression does not compute the number of elements in this array; element type is 'uint32_t' (aka 'unsigned int'), not 'uint64_t' (aka 'unsigned long') [-Wsizeof-array-div] blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));  ~~~~~ ^ bcrypt_pbkdf.c:75:11: note: array 'cdata' declared here uint32_t cdata[BCRYPT_WORDS];  ^ bcrypt_pbkdf.c:94:40: note: place parentheses around the 'sizeof(uint64_t)' expression to silence this warning blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));  ^ 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c bindresvport.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c blowfish.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c daemon.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c dirname.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c explicit_bzero.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c fmt_scaled.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c freezero.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c fnmatch.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c getcwd.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c getgrouplist.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c getopt_long.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c getrrsetbyname.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c glob.c glob.c:325:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case COMMA:  ^ glob.c:325:3: note: insert '__attribute__((fallthrough));' to silence this warning case COMMA:  ^  __attribute__((fallthrough)); glob.c:325:3: note: insert 'break;' to avoid fall-through case COMMA:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c inet_aton.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c inet_ntoa.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c inet_ntop.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c md5.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c memmem.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c mktemp.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c pwcache.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c readpassphrase.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c reallocarray.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c recallocarray.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c rresvport.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c setenv.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c setproctitle.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c sha1.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c sha2.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c sigact.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strcasestr.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strlcat.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strlcpy.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strmode.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strndup.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strnlen.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strptime.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strsep.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strtoll.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strtonum.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strtoull.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c strtoul.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c timingsafe_bcmp.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c vis.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c port-aix.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c port-irix.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c port-linux.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c port-solaris.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c port-net.c /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -I/usr///include -I/usr/include -DHAVE_CONFIG_H -c port-uw.c ar rv libopenbsd-compat.a arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-err.o bsd-flock.o bsd-getline.o bsd-getpagesize.o bsd-getpeereid.o bsd-malloc.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o getrrsetbyname-ldns.o kludge-fd_set.o openssl-compat.o libressl-api-compat.o xcrypt.o base64.o basename.o bcrypt_pbkdf.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o explicit_bzero.o fmt_scaled.o freezero.o fnmatch.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o md5.o memmem.o mktemp.o pwcache.o readpassphrase.o reallocarray.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strndup.o strnlen.o strptime.o strsep.o strtoll.o strtonum.o strtoull.o strtoul.o timingsafe_bcmp.o vis.o port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o ar: warning: creating libopenbsd-compat.a a - arc4random.o a - bsd-asprintf.o a - bsd-closefrom.o a - bsd-cygwin_util.o a - bsd-err.o a - bsd-flock.o a - bsd-getline.o a - bsd-getpagesize.o a - bsd-getpeereid.o a - bsd-malloc.o a - bsd-misc.o a - bsd-nextstep.o a - bsd-openpty.o a - bsd-poll.o a - bsd-setres_id.o a - bsd-signal.o a - bsd-snprintf.o a - bsd-statvfs.o a - bsd-waitpid.o a - fake-rfc2553.o a - getrrsetbyname-ldns.o a - kludge-fd_set.o a - openssl-compat.o a - libressl-api-compat.o a - xcrypt.o a - base64.o a - basename.o a - bcrypt_pbkdf.o a - bcrypt_pbkdf.o a - bindresvport.o a - blowfish.o a - daemon.o a - dirname.o a - explicit_bzero.o a - fmt_scaled.o a - freezero.o a - fnmatch.o a - getcwd.o a - getgrouplist.o a - getopt_long.o a - getrrsetbyname.o a - glob.o a - inet_aton.o a - inet_ntoa.o a - inet_ntop.o a - md5.o a - memmem.o a - mktemp.o a - pwcache.o a - readpassphrase.o a - reallocarray.o a - recallocarray.o a - rresvport.o a - setenv.o a - setproctitle.o a - sha1.o a - sha2.o a - sigact.o a - strcasestr.o a - strlcat.o a - strlcpy.o a - strmode.o a - strndup.o a - strnlen.o a - strptime.o a - strsep.o a - strtoll.o a - strtonum.o a - strtoull.o a - strtoul.o a - timingsafe_bcmp.o a - vis.o a - port-aix.o a - port-irix.o a - port-linux.o a - port-solaris.o a - port-net.o a - port-uw.o ranlib libopenbsd-compat.a /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh_api.c -o ssh_api.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssherr.c -o ssherr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf.c -o sshbuf.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c -o sshkey.o sshkey.c:636:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA:  ^ sshkey.c:636:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA:  ^  __attribute__((fallthrough)); sshkey.c:636:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA:  ^  break; sshkey.c:649:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ED25519:  ^ sshkey.c:649:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ED25519:  ^  __attribute__((fallthrough)); sshkey.c:649:2: note: insert 'break;' to avoid fall-through case KEY_ED25519:  ^  break; sshkey.c:745:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA_CERT:  ^ sshkey.c:745:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:745:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA_CERT:  ^  break; sshkey.c:767:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ED25519:  ^ sshkey.c:767:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ED25519:  ^  __attribute__((fallthrough)); sshkey.c:767:2: note: insert 'break;' to avoid fall-through case KEY_ED25519:  ^  break; sshkey.c:2379:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_RSA:  ^ sshkey.c:2379:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_RSA:  ^  __attribute__((fallthrough)); sshkey.c:2379:2: note: insert 'break;' to avoid fall-through case KEY_RSA:  ^  break; sshkey.c:2407:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA:  ^ sshkey.c:2407:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA:  ^  __attribute__((fallthrough)); sshkey.c:2407:2: note: insert 'break;' to avoid fall-through case KEY_DSA:  ^  break; sshkey.c:2442:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA:  ^ sshkey.c:2442:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA:  ^  __attribute__((fallthrough)); sshkey.c:2442:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA:  ^  break; sshkey.c:2506:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ED25519:  ^ sshkey.c:2506:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ED25519:  ^  __attribute__((fallthrough)); sshkey.c:2506:2: note: insert 'break;' to avoid fall-through case KEY_ED25519:  ^  break; sshkey.c:3440:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA_CERT:  ^ sshkey.c:3440:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:3440:2: note: insert 'break;' to avoid fall-through case KEY_DSA_CERT:  ^  break; sshkey.c:3469:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_ECDSA_CERT:  ^ sshkey.c:3469:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_ECDSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:3469:2: note: insert 'break;' to avoid fall-through case KEY_ECDSA_CERT:  ^  break; sshkey.c:3540:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_RSA_CERT:  ^ sshkey.c:3540:2: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_RSA_CERT:  ^  __attribute__((fallthrough)); sshkey.c:3540:2: note: insert 'break;' to avoid fall-through case KEY_RSA_CERT:  ^  break; 11 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-getput-basic.c -o sshbuf-getput-basic.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-misc.c -o sshbuf-misc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-getput-crypto.c -o sshbuf-getput-crypto.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c krl.c -o krl.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c bitmap.c -o bitmap.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-xmss.c -o ssh-xmss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey-xmss.c -o sshkey-xmss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_commons.c -o xmss_commons.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_fast.c -o xmss_fast.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_hash.c -o xmss_hash.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_hash_address.c -o xmss_hash_address.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmss_wots.c -o xmss_wots.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c authfd.c -o authfd.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c authfile.c -o authfile.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c canohost.c -o canohost.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c channels.c -o channels.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher.c -o cipher.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aesctr.c -o cipher-aesctr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-ctr.c -o cipher-ctr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cleanup.c -o cleanup.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c compat.c -o compat.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c fatal.c -o fatal.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hostfile.c -o hostfile.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c log.c -o log.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c match.c -o match.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c moduli.c -o moduli.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c nchan.c -o nchan.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c packet.c -o packet.o packet.c:1874:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case SSH_ERR_NO_CIPHER_ALG_MATCH:  ^ packet.c:1874:2: note: insert '__attribute__((fallthrough));' to silence this warning case SSH_ERR_NO_CIPHER_ALG_MATCH:  ^  __attribute__((fallthrough)); packet.c:1874:2: note: insert 'break;' to avoid fall-through case SSH_ERR_NO_CIPHER_ALG_MATCH:  ^  break; packet.c:1887:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ packet.c:1887:2: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); packet.c:1887:2: note: insert 'break;' to avoid fall-through default:  ^  break; 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c readpass.c -o readpass.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ttymodes.c -o ttymodes.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c xmalloc.c -o xmalloc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c addrmatch.c -o addrmatch.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c atomicio.c -o atomicio.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c dispatch.c -o dispatch.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c mac.c -o mac.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c misc.c -o misc.o misc.c:1832:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ misc.c:1832:4: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); misc.c:1832:4: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c utf8.c -o utf8.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c monitor_fdpass.c -o monitor_fdpass.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c rijndael.c -o rijndael.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-dss.c -o ssh-dss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ecdsa.c -o ssh-ecdsa.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ecdsa-sk.c -o ssh-ecdsa-sk.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ed25519-sk.c -o ssh-ed25519-sk.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-rsa.c -o ssh-rsa.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c dh.c -o dh.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c msg.c -o msg.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c progressmeter.c -o progressmeter.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c dns.c -o dns.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c entropy.c -o entropy.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c gss-genr.c -o gss-genr.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c umac.c -o umac.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c umac128.c -o umac128.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-pkcs11.c -o ssh-pkcs11.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c smult_curve25519_ref.c -o smult_curve25519_ref.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c poly1305.c -o poly1305.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c chacha.c -o chacha.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-chachapoly.c -o cipher-chachapoly.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-chachapoly-libcrypto.c -o cipher-chachapoly-libcrypto.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-ed25519.c -o ssh-ed25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c digest-openssl.c -o digest-openssl.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c digest-libc.c -o digest-libc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hmac.c -o hmac.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sc25519.c -o sc25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ge25519.c -o ge25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c fe25519.c -o fe25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ed25519.c -o ed25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c verify.c -o verify.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hash.c -o hash.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kex.c -o kex.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexdh.c -o kexdh.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgex.c -o kexgex.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexecdh.c -o kexecdh.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexc25519.c -o kexc25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgexc.c -o kexgexc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgexs.c -o kexgexs.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sntrup4591761.c -o sntrup4591761.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexsntrup4591761x25519.c -o kexsntrup4591761x25519.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kexgen.c -o kexgen.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-realpath.c -o sftp-realpath.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform-pledge.c -o platform-pledge.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform-tracing.c -o platform-tracing.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform-misc.c -o platform-misc.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshbuf-io.c -o sshbuf-io.o ar rv libssh.a ssh_api.o ssherr.o sshbuf.o sshkey.o sshbuf-getput-basic.o sshbuf-misc.o sshbuf-getput-crypto.o krl.o bitmap.o ssh-xmss.o sshkey-xmss.o xmss_commons.o xmss_fast.o xmss_hash.o xmss_hash_address.o xmss_wots.o authfd.o authfile.o canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o cipher-ctr.o cleanup.o compat.o fatal.o hostfile.o log.o match.o moduli.o nchan.o packet.o readpass.o ttymodes.o xmalloc.o addrmatch.o atomicio.o dispatch.o mac.o misc.o utf8.o monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o ssh-ed25519-sk.o ssh-rsa.o dh.o msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o ssh-pkcs11.o smult_curve25519_ref.o poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o kexgexc.o kexgexs.o sntrup4591761.o kexsntrup4591761x25519.o kexgen.o sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o sshbuf-io.o ar: warning: creating libssh.a a - ssh_api.o a - ssherr.o a - sshbuf.o a - sshkey.o a - sshbuf-getput-basic.o a - sshbuf-misc.o a - sshbuf-getput-crypto.o a - krl.o a - bitmap.o a - ssh-xmss.o a - sshkey-xmss.o a - xmss_commons.o a - xmss_fast.o a - xmss_hash.o a - xmss_hash_address.o a - xmss_wots.o a - authfd.o a - authfile.o a - canohost.o a - channels.o a - cipher.o a - cipher-aes.o a - cipher-aesctr.o a - cipher-ctr.o a - cleanup.o a - compat.o a - fatal.o a - hostfile.o a - log.o a - match.o a - moduli.o a - nchan.o a - packet.o a - readpass.o a - ttymodes.o a - xmalloc.o a - addrmatch.o a - atomicio.o a - dispatch.o a - mac.o a - misc.o a - utf8.o a - monitor_fdpass.o a - rijndael.o a - ssh-dss.o a - ssh-ecdsa.o a - ssh-ecdsa-sk.o a - ssh-ed25519-sk.o a - ssh-rsa.o a - dh.o a - msg.o a - progressmeter.o a - dns.o a - entropy.o a - gss-genr.o a - umac.o a - umac128.o a - ssh-pkcs11.o a - smult_curve25519_ref.o a - poly1305.o a - chacha.o a - cipher-chachapoly.o a - cipher-chachapoly-libcrypto.o a - ssh-ed25519.o a - digest-openssl.o a - digest-libc.o a - hmac.o a - sc25519.o a - ge25519.o a - fe25519.o a - ed25519.o a - verify.o a - hash.o a - kex.o a - kexdh.o a - kexgex.o a - kexecdh.o a - kexc25519.o a - kexgexc.o a - kexgexs.o a - sntrup4591761.o a - kexsntrup4591761x25519.o a - kexgen.o a - sftp-realpath.o a - platform-pledge.o a - platform-tracing.o a - platform-misc.o a - sshbuf-io.o ranlib libssh.a /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/modpipe ./regress/modpipe.c -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/setuid-allowed ./regress/setuid-allowed.c -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/netcat ./regress/netcat.c -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/check-perm ./regress/check-perm.c -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -o regress/mkdtemp ./regress/mkdtemp.c -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/misc/sk-dummy/sk-dummy.c -o regress/misc/sk-dummy/sk-dummy.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/misc/sk-dummy/fatal.c -o regress/misc/sk-dummy/fatal.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ed25519.c -o ed25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c hash.c -o hash.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ge25519.c -o ge25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c fe25519.c -o fe25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sc25519.c -o sc25519.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c verify.c -o verify.lo /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -fPIC -shared -o regress/misc/sk-dummy/sk-dummy.so regress/misc/sk-dummy/sk-dummy.lo regress/misc/sk-dummy/fatal.lo ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo -L. -Lopenbsd-compat -lopenbsd-compat -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh.c -o ssh.o ssh.c:555:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ ssh.c:555:2: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); ssh.c:555:2: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c readconf.c -o readconf.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c clientloop.c -o clientloop.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshtty.c -o sshtty.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect.c -o sshconnect.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect2.c -o sshconnect2.o sshconnect2.c:1494:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ sshconnect2.c:1494:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); sshconnect2.c:1494:3: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c mux.c -o mux.o mux.c:1503:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case EINTR:  ^ mux.c:1503:4: note: insert '__attribute__((fallthrough));' to silence this warning case EINTR:  ^  __attribute__((fallthrough)); mux.c:1503:4: note: insert 'break;' to avoid fall-through case EINTR:  ^  break; mux.c:1552:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case EINTR:  ^ mux.c:1552:4: note: insert '__attribute__((fallthrough));' to silence this warning case EINTR:  ^  __attribute__((fallthrough)); mux.c:1552:4: note: insert 'break;' to avoid fall-through case EINTR:  ^  break; mux.c:2314:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case SSHCTL_MASTER_NO:  ^ mux.c:2314:2: note: insert 'break;' to avoid fall-through case SSHCTL_MASTER_NO:  ^  break; 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk-client.c -o ssh-sk-client.o /usr/local/bin/clang10 -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshd.c -o sshd.o sshd.c:639:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA:  ^ sshd.c:639:3: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA:  ^  __attribute__((fallthrough)); sshd.c:639:3: note: insert 'break;' to avoid fall-through case KEY_DSA:  ^  break; sshd.c:660:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case KEY_DSA_CERT:  ^ sshd.c:660:3: note: insert '__attribute__((fallthrough));' to silence this warning case KEY_DSA_CERT:  ^  __attribute__((fallthrough)); sshd.c:660:3: note: insert 'break;' to avoid fall-through case KEY_DSA_CERT:  ^  break; sshd.c:710:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ sshd.c:710:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); sshd.c:710:3: note: insert 'break;' to avoid fall-through default:  ^  break; sshd.c:1177:4: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 0:  ^ sshd.c:1177:4: note: insert '__attribute__((fallthrough));' to silence this warning case 0:  ^  __attribute__((fallthrough)); sshd.c:1177:4: note: insert 'break;' to avoid fall-through case 0:  ^  break; sshd.c:1566:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 'e':  ^ sshd.c:1566:3: note: insert '__attribute__((fallthrough));' to silence this warning case 'e':  ^  __attribute__((fallthrough)); sshd.c:1566:3: note: insert 'break;' to avoid fall-through case 'e':  ^  break; 5 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-rhosts.c -o auth-rhosts.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-passwd.c -o auth-passwd.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c audit.c -o audit.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c audit-bsm.c -o audit-bsm.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c audit-linux.c -o audit-linux.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c platform.c -o platform.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshpty.c -o sshpty.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshlogin.c -o sshlogin.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c servconf.c -o servconf.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c serverloop.c -o serverloop.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth.c -o auth.o auth.c:1145:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 0:  ^ auth.c:1145:3: note: insert '__attribute__((fallthrough));' to silence this warning case 0:  ^  __attribute__((fallthrough)); auth.c:1145:3: note: insert 'break;' to avoid fall-through case 0:  ^  break; auth.c:1171:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 0:  ^ auth.c:1171:3: note: insert '__attribute__((fallthrough));' to silence this warning case 0:  ^  __attribute__((fallthrough)); auth.c:1171:3: note: insert 'break;' to avoid fall-through case 0:  ^  break; 2 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2.c -o auth2.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-options.c -o auth-options.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c session.c -o session.o session.c:513:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ session.c:513:2: note: insert 'break;' to avoid fall-through default:  ^  break; session.c:637:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ session.c:637:2: note: insert 'break;' to avoid fall-through default:  ^  break; session.c:1284:5: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers] nl = login_getcapstr(lc, "nologin", def_nl, def_nl);  ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-chall.c -o auth2-chall.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c groupaccess.c -o groupaccess.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-bsdauth.c -o auth-bsdauth.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-hostbased.c -o auth2-hostbased.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-kbdint.c -o auth2-kbdint.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-none.c -o auth2-none.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-passwd.c -o auth2-passwd.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-pubkey.c -o auth2-pubkey.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c monitor.c -o monitor.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c monitor_wrap.c -o monitor_wrap.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-krb5.c -o auth-krb5.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth2-gss.c -o auth2-gss.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c gss-serv.c -o gss-serv.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c gss-serv-krb5.c -o gss-serv-krb5.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c loginrec.c -o loginrec.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-pam.c -o auth-pam.o auth-pam.c:876:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case PAM_AUTH_ERR:  ^ auth-pam.c:876:3: note: insert '__attribute__((fallthrough));' to silence this warning case PAM_AUTH_ERR:  ^  __attribute__((fallthrough)); auth-pam.c:876:3: note: insert 'break;' to avoid fall-through case PAM_AUTH_ERR:  ^  break; auth-pam.c:889:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case PAM_SUCCESS:  ^ auth-pam.c:889:3: note: insert '__attribute__((fallthrough));' to silence this warning case PAM_SUCCESS:  ^  __attribute__((fallthrough)); auth-pam.c:889:3: note: insert 'break;' to avoid fall-through case PAM_SUCCESS:  ^  break; auth-pam.c:919:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ auth-pam.c:919:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); auth-pam.c:919:3: note: insert 'break;' to avoid fall-through default:  ^  break; 3 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-shadow.c -o auth-shadow.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-sia.c -o auth-sia.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c md5crypt.c -o md5crypt.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-server.c -o sftp-server.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-common.c -o sftp-common.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-null.c -o sandbox-null.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-rlimit.c -o sandbox-rlimit.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-systrace.c -o sandbox-systrace.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-darwin.c -o sandbox-darwin.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-seccomp-filter.c -o sandbox-seccomp-filter.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-capsicum.c -o sandbox-capsicum.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-pledge.c -o sandbox-pledge.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sandbox-solaris.c -o sandbox-solaris.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c uidswap.c -o uidswap.o /usr/local/bin/clang10 -o sshd sshd.o auth-rhosts.o auth-passwd.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth2.o auth-options.o session.o auth2-chall.o groupaccess.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor.o monitor_wrap.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o sftp-server.o sftp-common.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o sandbox-solaris.o uidswap.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lpam -ldl -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-add.c -o ssh-add.o /usr/local/bin/clang10 -o ssh-add ssh-add.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-keygen.c -o ssh-keygen.o ssh-keygen.c:1211:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ ssh-keygen.c:1211:2: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); ssh-keygen.c:1211:2: note: insert 'break;' to avoid fall-through default:  ^  break; 1 warning generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshsig.c -o sshsig.o /usr/local/bin/clang10 -o ssh-keygen ssh-keygen.o sshsig.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-keyscan.c -o ssh-keyscan.o /usr/local/bin/clang10 -o ssh-keyscan ssh-keyscan.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-keysign.c -o ssh-keysign.o /usr/local/bin/clang10 -o ssh-keysign ssh-keysign.o readconf.o uidswap.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-pkcs11-helper.c -o ssh-pkcs11-helper.o /usr/local/bin/clang10 -o ssh-pkcs11-helper ssh-pkcs11-helper.o ssh-pkcs11.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-agent.c -o ssh-agent.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-pkcs11-client.c -o ssh-pkcs11-client.o /usr/local/bin/clang10 -o ssh-agent ssh-agent.o ssh-pkcs11-client.o ssh-sk-client.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c scp.c -o scp.o scp.c:1106:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] default:  ^ scp.c:1106:3: note: insert '__attribute__((fallthrough));' to silence this warning default:  ^  __attribute__((fallthrough)); scp.c:1106:3: note: insert 'break;' to avoid fall-through default:  ^  break; scp.c:1566:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case 1: /* error, followed by error msg */  ^ scp.c:1566:2: note: insert '__attribute__((fallthrough));' to silence this warning case 1: /* error, followed by error msg */  ^  __attribute__((fallthrough)); scp.c:1566:2: note: insert 'break;' to avoid fall-through case 1: /* error, followed by error msg */  ^  break; 2 warnings generated. /usr/local/bin/clang10 -o scp scp.o progressmeter.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-server-main.c -o sftp-server-main.o /usr/local/bin/clang10 -o sftp-server sftp-common.o sftp-server.o sftp-server-main.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp.c -o sftp.o sftp.c:1437:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_CHDIR:  ^ sftp.c:1437:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_CHDIR:  ^  __attribute__((fallthrough)); sftp.c:1437:2: note: insert 'break;' to avoid fall-through case I_CHDIR:  ^  break; sftp.c:1476:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_SHELL:  ^ sftp.c:1476:2: note: insert 'break;' to avoid fall-through case I_SHELL:  ^  break; sftp.c:1483:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_CHOWN:  ^ sftp.c:1483:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_CHOWN:  ^  __attribute__((fallthrough)); sftp.c:1483:2: note: insert 'break;' to avoid fall-through case I_CHOWN:  ^  break; sftp.c:1568:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_GET:  ^ sftp.c:1568:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_GET:  ^  __attribute__((fallthrough)); sftp.c:1568:2: note: insert 'break;' to avoid fall-through case I_GET:  ^  break; sftp.c:1575:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_PUT:  ^ sftp.c:1575:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_PUT:  ^  __attribute__((fallthrough)); sftp.c:1575:2: note: insert 'break;' to avoid fall-through case I_PUT:  ^  break; sftp.c:1587:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] case I_LINK:  ^ sftp.c:1587:2: note: insert '__attribute__((fallthrough));' to silence this warning case I_LINK:  ^  __attribute__((fallthrough)); sftp.c:1587:2: note: insert 'break;' to avoid fall-through case I_LINK:  ^  break; 6 warnings generated. /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-client.c -o sftp-client.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sftp-glob.c -o sftp-glob.o /usr/local/bin/clang10 -o sftp sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk-helper.c -o ssh-sk-helper.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk.c -o ssh-sk.o /usr/local/bin/clang10 -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -I/usr///include -I/usr/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sk-usbhid.c -o sk-usbhid.o /usr/local/bin/clang10 -o ssh-sk-helper ssh-sk-helper.o ssh-sk.o sk-usbhid.o -L. -Lopenbsd-compat/ -L/usr///lib -L/usr/lib -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lutil -lz -lcrypt BUILDDIR=`pwd`; cd ./regress || exit $?; EGREP='/usr/bin/grep -E' make .OBJDIR="${BUILDDIR}/regress" .CURDIR="`pwd`" BUILDDIR="${BUILDDIR}" OBJ="${BUILDDIR}/regress/" PATH="${BUILDDIR}:${PATH}" TEST_ENV=MALLOC_OPTIONS="AJRX" TEST_MALLOC_OPTIONS="AJRX" TEST_SSH_SCP="${BUILDDIR}/scp" TEST_SSH_SSH="${BUILDDIR}/ssh" TEST_SSH_SSHD="${BUILDDIR}/sshd" TEST_SSH_SSHAGENT="${BUILDDIR}/ssh-agent" TEST_SSH_SSHADD="${BUILDDIR}/ssh-add" TEST_SSH_SSHKEYGEN="${BUILDDIR}/ssh-keygen" TEST_SSH_SSHPKCS11HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SSHKEYSCAN="${BUILDDIR}/ssh-keyscan" TEST_SSH_SFTP="${BUILDDIR}/sftp" TEST_SSH_PKCS11_HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SK_HELPER="${BUILDDIR}/ssh-sk-helper" TEST_SSH_SFTPSERVER="${BUILDDIR}/sftp-server" TEST_SSH_PLINK="plink" TEST_SSH_PUTTYGEN="puttygen" TEST_SSH_CONCH="conch" TEST_SSH_IPV6="yes" TEST_SSH_UTF8="yes" TEST_SSH_ECC="yes" TEST_SHELL="sh" EXEEXT="" file-tests && echo all file-tests passed /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2.prv | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv tr '\n' '\r' /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_cr.prv /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_cr.prv | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv awk '{print $0 "\r"}' /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2.prv > /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_crnl.prv /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/rsa_ssh2_crnl.prv | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv cat /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.prv > /usr/source/openssh-SNAP-20200524/regress//t2.out chmod 600 /usr/source/openssh-SNAP-20200524/regress//t2.out /usr/source/openssh-SNAP-20200524/ssh-keygen -yf /usr/source/openssh-SNAP-20200524/regress//t2.out | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub /usr/source/openssh-SNAP-20200524/ssh-keygen -ef /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub >/usr/source/openssh-SNAP-20200524/regress//t3.out /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress//t3.out | diff - /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub /usr/source/openssh-SNAP-20200524/ssh-keygen -E md5 -lf /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub | awk '{print $2}' | diff - /usr/source/openssh-SNAP-20200524/regress/t4.ok /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub | awk '{print $2}' | diff - /usr/source/openssh-SNAP-20200524/regress/t5.ok /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/dsa_ssh2.prv > /usr/source/openssh-SNAP-20200524/regress//t6.out1 /usr/source/openssh-SNAP-20200524/ssh-keygen -if /usr/source/openssh-SNAP-20200524/regress/dsa_ssh2.pub > /usr/source/openssh-SNAP-20200524/regress//t6.out2 chmod 600 /usr/source/openssh-SNAP-20200524/regress//t6.out1 /usr/source/openssh-SNAP-20200524/ssh-keygen -yf /usr/source/openssh-SNAP-20200524/regress//t6.out1 | diff - /usr/source/openssh-SNAP-20200524/regress//t6.out2 /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t rsa -N '' -f /usr/source/openssh-SNAP-20200524/regress//t7.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t7.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t7.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t dsa -N '' -f /usr/source/openssh-SNAP-20200524/regress//t8.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t8.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t8.out > /dev/null test "yes" != yes || /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t ecdsa -N '' -f /usr/source/openssh-SNAP-20200524/regress//t9.out test "yes" != yes || /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t9.out > /dev/null test "yes" != yes || /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t9.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t ed25519 -N '' -f /usr/source/openssh-SNAP-20200524/regress//t10.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t10.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -Bf /usr/source/openssh-SNAP-20200524/regress//t10.out > /dev/null /usr/source/openssh-SNAP-20200524/ssh-keygen -E sha256 -lf /usr/source/openssh-SNAP-20200524/regress/rsa_openssh.pub | awk '{print $2}' | diff - /usr/source/openssh-SNAP-20200524/regress/t11.ok /usr/source/openssh-SNAP-20200524/ssh-keygen -q -t ed25519 -N '' -C 'test-comment-1234' -f /usr/source/openssh-SNAP-20200524/regress//t12.out /usr/source/openssh-SNAP-20200524/ssh-keygen -lf /usr/source/openssh-SNAP-20200524/regress//t12.out.pub | grep test-comment-1234 >/dev/null all file-tests passed BUILDDIR=`pwd`; cd ./regress || exit $?; EGREP='/usr/bin/grep -E' make .OBJDIR="${BUILDDIR}/regress" .CURDIR="`pwd`" BUILDDIR="${BUILDDIR}" OBJ="${BUILDDIR}/regress/" PATH="${BUILDDIR}:${PATH}" TEST_ENV=MALLOC_OPTIONS="AJRX" TEST_MALLOC_OPTIONS="AJRX" TEST_SSH_SCP="${BUILDDIR}/scp" TEST_SSH_SSH="${BUILDDIR}/ssh" TEST_SSH_SSHD="${BUILDDIR}/sshd" TEST_SSH_SSHAGENT="${BUILDDIR}/ssh-agent" TEST_SSH_SSHADD="${BUILDDIR}/ssh-add" TEST_SSH_SSHKEYGEN="${BUILDDIR}/ssh-keygen" TEST_SSH_SSHPKCS11HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SSHKEYSCAN="${BUILDDIR}/ssh-keyscan" TEST_SSH_SFTP="${BUILDDIR}/sftp" TEST_SSH_PKCS11_HELPER="${BUILDDIR}/ssh-pkcs11-helper" TEST_SSH_SK_HELPER="${BUILDDIR}/ssh-sk-helper" TEST_SSH_SFTPSERVER="${BUILDDIR}/sftp-server" TEST_SSH_PLINK="plink" TEST_SSH_PUTTYGEN="puttygen" TEST_SSH_CONCH="conch" TEST_SSH_IPV6="yes" TEST_SSH_UTF8="yes" TEST_SSH_ECC="yes" TEST_SHELL="sh" EXEEXT="" t-exec && echo all t-exec passed run test connect.sh ... ok simple connect run test proxy-connect.sh ... plain username comp=no plain username comp=yes username with style ok proxy connect run test connect-privsep.sh ... ok proxy connect with privsep run test connect-uri.sh ... uri connect: no trailing slash uri connect: trailing slash uri connect: with path name ok uri connect run test proto-version.sh ... ok sshd version with different protocol combinations run test proto-mismatch.sh ... ok protocol version mismatch run test exit-status.sh ... test remote exit status: status 0 test remote exit status: status 1 test remote exit status: status 4 test remote exit status: status 5 test remote exit status: status 44 ok remote exit status run test envpass.sh ... test environment passing: pass env, don't accept test environment passing: don't pass env, accept test environment passing: pass single env, accept single env test environment passing: pass multiple env, accept multiple env ok environment passing run test transfer.sh ... ok transfer data run test banner.sh ... test banner: missing banner file test banner: size 0 test banner: size 10 test banner: size 100 test banner: size 1000 test banner: size 10000 test banner: size 100000 test banner: suppress banner (-q) ok banner run test rekey.sh ... client rekey KexAlgorithms=diffie-hellman-group1-sha1 client rekey KexAlgorithms=diffie-hellman-group14-sha1 client rekey KexAlgorithms=diffie-hellman-group14-sha256 client rekey KexAlgorithms=diffie-hellman-group16-sha512 client rekey KexAlgorithms=diffie-hellman-group18-sha512 client rekey KexAlgorithms=diffie-hellman-group-exchange-sha1 client rekey KexAlgorithms=diffie-hellman-group-exchange-sha256 client rekey KexAlgorithms=ecdh-sha2-nistp256 client rekey KexAlgorithms=ecdh-sha2-nistp384 client rekey KexAlgorithms=ecdh-sha2-nistp521 client rekey KexAlgorithms=curve25519-sha256 client rekey KexAlgorithms=curve25519-sha256 at libssh.org client rekey KexAlgorithms=sntrup4591761x25519-sha512 at tinyssh.org client rekey Ciphers=3des-cbc client rekey Ciphers=aes128-cbc client rekey Ciphers=aes192-cbc client rekey Ciphers=aes256-cbc client rekey Ciphers=rijndael-cbc at lysator.liu.se client rekey Ciphers=aes128-ctr client rekey Ciphers=aes192-ctr client rekey Ciphers=aes256-ctr client rekey Ciphers=aes128-gcm at openssh.com client rekey Ciphers=aes256-gcm at openssh.com client rekey Ciphers=chacha20-poly1305 at openssh.com client rekey MACs=hmac-sha1 client rekey MACs=hmac-sha1-96 client rekey MACs=hmac-sha2-256 client rekey MACs=hmac-sha2-512 client rekey MACs=hmac-md5 client rekey MACs=hmac-md5-96 client rekey MACs=umac-64 at openssh.com client rekey MACs=umac-128 at openssh.com client rekey MACs=hmac-sha1-etm at openssh.com client rekey MACs=hmac-sha1-96-etm at openssh.com client rekey MACs=hmac-sha2-256-etm at openssh.com client rekey MACs=hmac-sha2-512-etm at openssh.com client rekey MACs=hmac-md5-etm at openssh.com client rekey MACs=hmac-md5-96-etm at openssh.com client rekey MACs=umac-64-etm at openssh.com client rekey MACs=umac-128-etm at openssh.com client rekey aes128-gcm at openssh.com diffie-hellman-group1-sha1 client rekey aes128-gcm at openssh.com diffie-hellman-group14-sha1 client rekey aes128-gcm at openssh.com diffie-hellman-group14-sha256 client rekey aes128-gcm at openssh.com diffie-hellman-group16-sha512 client rekey aes128-gcm at openssh.com diffie-hellman-group18-sha512 client rekey aes128-gcm at openssh.com diffie-hellman-group-exchange-sha1 client rekey aes128-gcm at openssh.com diffie-hellman-group-exchange-sha256 client rekey aes128-gcm at openssh.com ecdh-sha2-nistp256 client rekey aes128-gcm at openssh.com ecdh-sha2-nistp384 client rekey aes128-gcm at openssh.com ecdh-sha2-nistp521 client rekey aes128-gcm at openssh.com curve25519-sha256 client rekey aes128-gcm at openssh.com curve25519-sha256 at libssh.org client rekey aes128-gcm at openssh.com sntrup4591761x25519-sha512 at tinyssh.org client rekey aes256-gcm at openssh.com diffie-hellman-group1-sha1 client rekey aes256-gcm at openssh.com diffie-hellman-group14-sha1 client rekey aes256-gcm at openssh.com diffie-hellman-group14-sha256 client rekey aes256-gcm at openssh.com diffie-hellman-group16-sha512 client rekey aes256-gcm at openssh.com diffie-hellman-group18-sha512 client rekey aes256-gcm at openssh.com diffie-hellman-group-exchange-sha1 client rekey aes256-gcm at openssh.com diffie-hellman-group-exchange-sha256 client rekey aes256-gcm at openssh.com ecdh-sha2-nistp256 client rekey aes256-gcm at openssh.com ecdh-sha2-nistp384 client rekey aes256-gcm at openssh.com ecdh-sha2-nistp521 client rekey aes256-gcm at openssh.com curve25519-sha256 client rekey aes256-gcm at openssh.com curve25519-sha256 at libssh.org client rekey aes256-gcm at openssh.com sntrup4591761x25519-sha512 at tinyssh.org client rekey chacha20-poly1305 at openssh.com diffie-hellman-group1-sha1 client rekey chacha20-poly1305 at openssh.com diffie-hellman-group14-sha1 client rekey chacha20-poly1305 at openssh.com diffie-hellman-group14-sha256 client rekey chacha20-poly1305 at openssh.com diffie-hellman-group16-sha512 client rekey chacha20-poly1305 at openssh.com diffie-hellman-group18-sha512 client rekey chacha20-poly1305 at openssh.com diffie-hellman-group-exchange-sha1 client rekey chacha20-poly1305 at openssh.com diffie-hellman-group-exchange-sha256 client rekey chacha20-poly1305 at openssh.com ecdh-sha2-nistp256 client rekey chacha20-poly1305 at openssh.com ecdh-sha2-nistp384 client rekey chacha20-poly1305 at openssh.com ecdh-sha2-nistp521 client rekey chacha20-poly1305 at openssh.com curve25519-sha256 client rekey chacha20-poly1305 at openssh.com curve25519-sha256 at libssh.org client rekey chacha20-poly1305 at openssh.com sntrup4591761x25519-sha512 at tinyssh.org client rekeylimit 16 client rekeylimit 1k client rekeylimit 128k client rekeylimit 256k client rekeylimit default 5 client rekeylimit default 10 client rekeylimit default 5 no data client rekeylimit default 10 no data server rekeylimit 16 server rekeylimit 1k server rekeylimit 128k server rekeylimit 256k server rekeylimit default 5 no data server rekeylimit default 10 no data rekeylimit parsing ok rekey run test dhgex.sh ... dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-gcm at openssh.com dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-gcm at openssh.com dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-gcm at openssh.com dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-gcm at openssh.com dhgex bits 8192 diffie-hellman-group-exchange-sha1 rijndael-cbc at lysator.liu.se dhgex bits 8192 diffie-hellman-group-exchange-sha256 rijndael-cbc at lysator.liu.se dhgex bits 8192 diffie-hellman-group-exchange-sha1 chacha20-poly1305 at openssh.com dhgex bits 8192 diffie-hellman-group-exchange-sha256 chacha20-poly1305 at openssh.com ok dhgex run test stderr-data.sh ... test stderr data transfer: () test stderr data transfer: (-n) ok stderr data transfer run test stderr-after-eof.sh ... ok stderr data after eof run test broken-pipe.sh ... ok broken pipe test run test try-ciphers.sh ... test try ciphers: cipher 3des-cbc mac hmac-sha1 test try ciphers: cipher 3des-cbc mac hmac-sha1-96 test try ciphers: cipher 3des-cbc mac hmac-sha2-256 test try ciphers: cipher 3des-cbc mac hmac-sha2-512 test try ciphers: cipher 3des-cbc mac hmac-md5 test try ciphers: cipher 3des-cbc mac hmac-md5-96 test try ciphers: cipher 3des-cbc mac umac-64 at openssh.com test try ciphers: cipher 3des-cbc mac umac-128 at openssh.com test try ciphers: cipher 3des-cbc mac hmac-sha1-etm at openssh.com test try ciphers: cipher 3des-cbc mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher 3des-cbc mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher 3des-cbc mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher 3des-cbc mac hmac-md5-etm at openssh.com test try ciphers: cipher 3des-cbc mac hmac-md5-96-etm at openssh.com test try ciphers: cipher 3des-cbc mac umac-64-etm at openssh.com test try ciphers: cipher 3des-cbc mac umac-128-etm at openssh.com test try ciphers: cipher aes128-cbc mac hmac-sha1 test try ciphers: cipher aes128-cbc mac hmac-sha1-96 test try ciphers: cipher aes128-cbc mac hmac-sha2-256 test try ciphers: cipher aes128-cbc mac hmac-sha2-512 test try ciphers: cipher aes128-cbc mac hmac-md5 test try ciphers: cipher aes128-cbc mac hmac-md5-96 test try ciphers: cipher aes128-cbc mac umac-64 at openssh.com test try ciphers: cipher aes128-cbc mac umac-128 at openssh.com test try ciphers: cipher aes128-cbc mac hmac-sha1-etm at openssh.com test try ciphers: cipher aes128-cbc mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher aes128-cbc mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher aes128-cbc mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher aes128-cbc mac hmac-md5-etm at openssh.com test try ciphers: cipher aes128-cbc mac hmac-md5-96-etm at openssh.com test try ciphers: cipher aes128-cbc mac umac-64-etm at openssh.com test try ciphers: cipher aes128-cbc mac umac-128-etm at openssh.com test try ciphers: cipher aes192-cbc mac hmac-sha1 test try ciphers: cipher aes192-cbc mac hmac-sha1-96 test try ciphers: cipher aes192-cbc mac hmac-sha2-256 test try ciphers: cipher aes192-cbc mac hmac-sha2-512 test try ciphers: cipher aes192-cbc mac hmac-md5 test try ciphers: cipher aes192-cbc mac hmac-md5-96 test try ciphers: cipher aes192-cbc mac umac-64 at openssh.com test try ciphers: cipher aes192-cbc mac umac-128 at openssh.com test try ciphers: cipher aes192-cbc mac hmac-sha1-etm at openssh.com test try ciphers: cipher aes192-cbc mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher aes192-cbc mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher aes192-cbc mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher aes192-cbc mac hmac-md5-etm at openssh.com test try ciphers: cipher aes192-cbc mac hmac-md5-96-etm at openssh.com test try ciphers: cipher aes192-cbc mac umac-64-etm at openssh.com test try ciphers: cipher aes192-cbc mac umac-128-etm at openssh.com test try ciphers: cipher aes256-cbc mac hmac-sha1 test try ciphers: cipher aes256-cbc mac hmac-sha1-96 test try ciphers: cipher aes256-cbc mac hmac-sha2-256 test try ciphers: cipher aes256-cbc mac hmac-sha2-512 test try ciphers: cipher aes256-cbc mac hmac-md5 test try ciphers: cipher aes256-cbc mac hmac-md5-96 test try ciphers: cipher aes256-cbc mac umac-64 at openssh.com test try ciphers: cipher aes256-cbc mac umac-128 at openssh.com test try ciphers: cipher aes256-cbc mac hmac-sha1-etm at openssh.com test try ciphers: cipher aes256-cbc mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher aes256-cbc mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher aes256-cbc mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher aes256-cbc mac hmac-md5-etm at openssh.com test try ciphers: cipher aes256-cbc mac hmac-md5-96-etm at openssh.com test try ciphers: cipher aes256-cbc mac umac-64-etm at openssh.com test try ciphers: cipher aes256-cbc mac umac-128-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha1 test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha1-96 test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha2-256 test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha2-512 test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-md5 test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-md5-96 test try ciphers: cipher rijndael-cbc at lysator.liu.se mac umac-64 at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac umac-128 at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha1-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-md5-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac hmac-md5-96-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac umac-64-etm at openssh.com test try ciphers: cipher rijndael-cbc at lysator.liu.se mac umac-128-etm at openssh.com test try ciphers: cipher aes128-ctr mac hmac-sha1 test try ciphers: cipher aes128-ctr mac hmac-sha1-96 test try ciphers: cipher aes128-ctr mac hmac-sha2-256 test try ciphers: cipher aes128-ctr mac hmac-sha2-512 test try ciphers: cipher aes128-ctr mac hmac-md5 test try ciphers: cipher aes128-ctr mac hmac-md5-96 test try ciphers: cipher aes128-ctr mac umac-64 at openssh.com test try ciphers: cipher aes128-ctr mac umac-128 at openssh.com test try ciphers: cipher aes128-ctr mac hmac-sha1-etm at openssh.com test try ciphers: cipher aes128-ctr mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher aes128-ctr mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher aes128-ctr mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher aes128-ctr mac hmac-md5-etm at openssh.com test try ciphers: cipher aes128-ctr mac hmac-md5-96-etm at openssh.com test try ciphers: cipher aes128-ctr mac umac-64-etm at openssh.com test try ciphers: cipher aes128-ctr mac umac-128-etm at openssh.com test try ciphers: cipher aes192-ctr mac hmac-sha1 test try ciphers: cipher aes192-ctr mac hmac-sha1-96 test try ciphers: cipher aes192-ctr mac hmac-sha2-256 test try ciphers: cipher aes192-ctr mac hmac-sha2-512 test try ciphers: cipher aes192-ctr mac hmac-md5 test try ciphers: cipher aes192-ctr mac hmac-md5-96 test try ciphers: cipher aes192-ctr mac umac-64 at openssh.com test try ciphers: cipher aes192-ctr mac umac-128 at openssh.com test try ciphers: cipher aes192-ctr mac hmac-sha1-etm at openssh.com test try ciphers: cipher aes192-ctr mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher aes192-ctr mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher aes192-ctr mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher aes192-ctr mac hmac-md5-etm at openssh.com test try ciphers: cipher aes192-ctr mac hmac-md5-96-etm at openssh.com test try ciphers: cipher aes192-ctr mac umac-64-etm at openssh.com test try ciphers: cipher aes192-ctr mac umac-128-etm at openssh.com test try ciphers: cipher aes256-ctr mac hmac-sha1 test try ciphers: cipher aes256-ctr mac hmac-sha1-96 test try ciphers: cipher aes256-ctr mac hmac-sha2-256 test try ciphers: cipher aes256-ctr mac hmac-sha2-512 test try ciphers: cipher aes256-ctr mac hmac-md5 test try ciphers: cipher aes256-ctr mac hmac-md5-96 test try ciphers: cipher aes256-ctr mac umac-64 at openssh.com test try ciphers: cipher aes256-ctr mac umac-128 at openssh.com test try ciphers: cipher aes256-ctr mac hmac-sha1-etm at openssh.com test try ciphers: cipher aes256-ctr mac hmac-sha1-96-etm at openssh.com test try ciphers: cipher aes256-ctr mac hmac-sha2-256-etm at openssh.com test try ciphers: cipher aes256-ctr mac hmac-sha2-512-etm at openssh.com test try ciphers: cipher aes256-ctr mac hmac-md5-etm at openssh.com test try ciphers: cipher aes256-ctr mac hmac-md5-96-etm at openssh.com test try ciphers: cipher aes256-ctr mac umac-64-etm at openssh.com test try ciphers: cipher aes256-ctr mac umac-128-etm at openssh.com test try ciphers: cipher aes128-gcm at openssh.com mac hmac-sha1 test try ciphers: cipher aes256-gcm at openssh.com mac hmac-sha1 test try ciphers: cipher chacha20-poly1305 at openssh.com mac hmac-sha1 ok try ciphers run test yes-head.sh ... ok yes pipe head run test login-timeout.sh ... ok connect after login grace timeout run test agent.sh ... Identity added: /usr/source/openssh-SNAP-20200524/regress/ssh-ed25519-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ssh-ed25519-agent-cert.pub (ssh-ed25519 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ssh-ed25519-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ssh-ed25519-agent-cert.pub (ssh-ed25519 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/sk-ssh-ed25519 at openssh.com-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/sk-ssh-ed25519 at openssh.com-agent-cert.pub (sk-ssh-ed25519 at openssh.com cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/sk-ssh-ed25519 at openssh.com-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/sk-ssh-ed25519 at openssh.com-agent-cert.pub (sk-ssh-ed25519 at openssh.com cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ssh-rsa-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ssh-rsa-agent-cert.pub (ssh-rsa cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ssh-rsa-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ssh-rsa-agent-cert.pub (ssh-rsa cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ssh-dss-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ssh-dss-agent-cert.pub (ssh-dss cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ssh-dss-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ssh-dss-agent-cert.pub (ssh-dss cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp256-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp256-agent-cert.pub (ecdsa-sha2-nistp256 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp256-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp256-agent-cert.pub (ecdsa-sha2-nistp256 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp384-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp384-agent-cert.pub (ecdsa-sha2-nistp384 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp384-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp384-agent-cert.pub (ecdsa-sha2-nistp384 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp521-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp521-agent-cert.pub (ecdsa-sha2-nistp521 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp521-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/ecdsa-sha2-nistp521-agent-cert.pub (ecdsa-sha2-nistp521 cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/sk-ecdsa-sha2-nistp256 at openssh.com-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/sk-ecdsa-sha2-nistp256 at openssh.com-agent-cert.pub (sk-ecdsa-sha2-nistp256 at openssh.com cert) Identity added: /usr/source/openssh-SNAP-20200524/regress/sk-ecdsa-sha2-nistp256 at openssh.com-agent (root at border.nk.ca) Certificate added: /usr/source/openssh-SNAP-20200524/regress/sk-ecdsa-sha2-nistp256 at openssh.com-agent-cert.pub (sk-ecdsa-sha2-nistp256 at openssh.com cert) ok simple agent test run test agent-getpeereid.sh ... need SUDO to switch to uid nobody SKIPPED run test agent-timeout.sh ... ok agent timeout test run test agent-ptrace.sh ... Skipped: running as root run test keyscan.sh ... ok keyscan run test keygen-change.sh ... ok change passphrase for key run test keygen-convert.sh ... ok convert keys run test keygen-moduli.sh ... ok keygen moduli run test key-options.sh ... key option command="echo bar" key option no-pty,command="echo bar" key option pty default key option pty no-pty key option pty restrict key option pty restrict,pty key option environment key option from="127.0.0.1" key option from="127.0.0.0/8" key option expiry-time default key option expiry-time invalid key option expiry-time expired key option expiry-time valid ok key options run test scp.sh ... scp: simple copy local file to local file scp: simple copy local file to remote file scp: simple copy remote file to local file scp: simple copy local file to remote dir scp: simple copy local file to local dir scp: simple copy remote file to local dir scp: recursive local dir to remote dir scp: recursive local dir to local dir scp: recursive remote dir to local dir scp: shell metacharacters scp: disallow bad server #0 scp: disallow bad server #1 scp: disallow bad server #2 scp: disallow bad server #3 scp: disallow bad server #4 scp: disallow bad server #5 scp: disallow bad server #6 scp: disallow bad server #7 scp: detect non-directory target /usr/source/openssh-SNAP-20200524/regress/copy2: Not a directory ok scp run test scp-uri.sh ... scp-uri: simple copy local file to remote file scp-uri: simple copy remote file to local file scp-uri: simple copy local file to remote dir scp-uri: simple copy remote file to local dir scp-uri: recursive local dir to remote dir scp-uri: recursive remote dir to local dir ok scp-uri run test sftp.sh ... test basic sftp put/get: buffer_size 5 num_requests 1 test basic sftp put/get: buffer_size 5 num_requests 2 test basic sftp put/get: buffer_size 5 num_requests 10 test basic sftp put/get: buffer_size 1000 num_requests 1 test basic sftp put/get: buffer_size 1000 num_requests 2 test basic sftp put/get: buffer_size 1000 num_requests 10 test basic sftp put/get: buffer_size 32000 num_requests 1 test basic sftp put/get: buffer_size 32000 num_requests 2 test basic sftp put/get: buffer_size 32000 num_requests 10 test basic sftp put/get: buffer_size 64000 num_requests 1 test basic sftp put/get: buffer_size 64000 num_requests 2 test basic sftp put/get: buffer_size 64000 num_requests 10 ok basic sftp put/get run test sftp-chroot.sh ... test sftp in chroot: get ok sftp in chroot run test sftp-cmds.sh ... sftp commands: lls sftp commands: lls w/path sftp commands: ls sftp commands: shell sftp commands: pwd sftp commands: lpwd sftp commands: quit sftp commands: help sftp commands: get sftp commands: get quoted sftp commands: get filename with quotes sftp commands: get filename with spaces sftp commands: get filename with glob metacharacters sftp commands: get to directory sftp commands: glob get to directory sftp commands: get to local dir sftp commands: glob get to local dir sftp commands: put sftp commands: put filename with quotes sftp commands: put filename with spaces sftp commands: put to directory sftp commands: glob put to directory sftp commands: put to local dir sftp commands: glob put to local dir sftp commands: rename sftp commands: rename directory sftp commands: ln sftp commands: ln -s sftp commands: mkdir sftp commands: chdir sftp commands: rmdir sftp commands: lmkdir sftp commands: lchdir ok sftp commands run test sftp-badcmds.sh ... sftp invalid commands: get nonexistent sftp invalid commands: glob get to nonexistent directory sftp invalid commands: put nonexistent sftp invalid commands: glob put to nonexistent directory sftp invalid commands: rename nonexistent sftp invalid commands: rename target exists (directory) sftp invalid commands: glob put files to local file ok sftp invalid commands run test sftp-batch.sh ... sftp batchfile: good commands sftp batchfile: bad commands sftp batchfile: comments and blanks sftp batchfile: junk command ok sftp batchfile run test sftp-glob.sh ... sftp glob: file glob sftp glob: dir glob sftp glob: quoted glob sftp glob: escaped glob sftp glob: escaped quote sftp glob: quoted quote sftp glob: single-quoted quote sftp glob: escaped space sftp glob: quoted space sftp glob: escaped slash sftp glob: quoted slash sftp glob: escaped slash at EOL sftp glob: quoted slash at EOL sftp glob: escaped slash+quote sftp glob: quoted slash+quote ok sftp glob run test sftp-perm.sh ... sftp permissions: read-only upload sftp permissions: read-only setstat sftp permissions: read-only rm sftp permissions: read-only mkdir sftp permissions: read-only rmdir sftp permissions: read-only posix-rename sftp permissions: read-only oldrename sftp permissions: read-only symlink sftp permissions: read-only hardlink sftp permissions: explicit open sftp permissions: explicit read sftp permissions: explicit write sftp permissions: explicit lstat sftp permissions: explicit opendir sftp permissions: explicit readdir sftp permissions: explicit setstat sftp permissions: explicit remove sftp permissions: explicit mkdir sftp permissions: explicit rmdir sftp permissions: explicit posix-rename sftp permissions: explicit rename sftp permissions: explicit symlink sftp permissions: explicit hardlink sftp permissions: explicit statvfs ok sftp permissions run test sftp-uri.sh ... sftp-uri: non-interactive fetch to local file Connection closed. sftp-uri: non-interactive fetch to local dir Connection closed. sftp-uri: put to remote directory (trailing slash) sftp-uri: put to remote directory (no slash) ok sftp-uri run test reconfigure.sh ... ok simple connect after reconfigure run test dynamic-forward.sh ... ok dynamic forwarding run test forwarding.sh ... failed copy of /bin/ls cmp: EOF on /usr/source/openssh-SNAP-20200524/regress/copy corrupted copy of /bin/ls failed local and remote forwarding *** Error code 1 Stop. make[1]: stopped in /usr/source/openssh-SNAP-20200524/regress *** Error code 1 Stop. make: stopped in /usr/source/openssh-SNAP-20200524 root at border:/usr/source/openssh-SNAP-20200524 # amke install;ldconfig amke: Command not found. root at border:/usr/source/openssh-SNAP-20200524 # ^am^ma make install ; ldconfig conffile=`echo sshd_config.out | sed 's/.out$//'`; /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ./${conffile} > sshd_config.out conffile=`echo ssh_config.out | sed 's/.out$//'`; /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ./${conffile} > ssh_config.out conffile=`echo moduli.out | sed 's/.out$//'`; /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ./${conffile} > moduli.out if test "man" = "cat"; then manpage=./`echo moduli.5.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo moduli.5.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > moduli.5.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > moduli.5.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo scp.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo scp.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > scp.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > scp.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-add.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-add.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-add.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-add.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-agent.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-agent.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-agent.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-agent.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-keygen.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-keygen.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-keygen.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-keygen.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-keyscan.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-keyscan.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-keyscan.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-keyscan.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo sshd.8.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo sshd.8.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > sshd.8.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > sshd.8.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo sftp-server.8.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo sftp-server.8.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > sftp-server.8.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > sftp-server.8.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo sftp.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo sftp.1.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > sftp.1.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > sftp.1.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-keysign.8.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-keysign.8.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-keysign.8.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-keysign.8.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-pkcs11-helper.8.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-pkcs11-helper.8.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-pkcs11-helper.8.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-pkcs11-helper.8.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh-sk-helper.8.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh-sk-helper.8.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh-sk-helper.8.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh-sk-helper.8.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo sshd_config.5.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo sshd_config.5.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > sshd_config.5.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > sshd_config.5.out; fi Badly placed ()'s. if test "man" = "cat"; then manpage=./`echo ssh_config.5.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo ssh_config.5.out | sed 's/\.out$//'`; fi; if test "man" = "man"; then /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed | nawk -f ./mdoc2man.awk > ssh_config.5.out; else /usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/moduli|g' -e 's|/etc/ssh/moduli|/etc/moduli|g' -e 's|/etc/ssh/sshrc|/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/local/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin||g' ${manpage} | /bin/tcsh ./fixalgorithms /usr/bin/sed > ssh_config.5.out; fi Badly placed ()'s. (cd openbsd-compat && make) ./install-sh -c -d /usr/bin ./install-sh -c -d /usr/sbin ./install-sh -c -d /usr/share/man/man1 ./install-sh -c -d /usr/share/man/man5 ./install-sh -c -d /usr/share/man/man8 ./install-sh -c -d /usr/libexec ./install-sh -c -d -m 0755 /var/empty /usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh /usr/bin/install -c -m 0755 -s scp /usr/bin/scp /usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add /usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent /usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen /usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan /usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd /usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign /usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper /usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/libexec/ssh-sk-helper /usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp /usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server /usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1 /usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1 /usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1 /usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1 /usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1 /usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1 /usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5 /usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5 /usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5 /usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8 /usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1 /usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8 /usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8 /usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8 /usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/share/man/man8/ssh-sk-helper.8 ./install-sh -c -d /etc /etc/ssh_config already exists, install will not overwrite /etc/sshd_config already exists, install will not overwrite /etc/moduli already exists, install will not overwrite /usr/sbin/sshd -t -f /etc/sshd_config root at border:/usr/source/openssh-SNAP-20200524 # service sshd restart Performing sanity check on sshd configuration. Stopping sshd. Waiting for PIDS: 49354exi, 49354. Performing sanity check on sshd configuration. Starting sshd. root at border:/usr/source/openssh-SNAP-20200524 # exit exit Script done on Sun May 24 06:34:17 2020