From 5c495ee639d768e50c86afcdcf6770b6c8d81a22 Mon Sep 17 00:00:00 2001 From: shangxiaoyang <15063566195@163.com> Date: Thu, 9 Mar 2023 14:52:19 +0800 Subject: [PATCH] =?UTF-8?q?=E5=90=8C=E6=AD=A5=E9=AB=98=E7=89=88=E6=9C=AC?= =?UTF-8?q?=E8=A1=A5=E4=B8=81=E5=8F=8A=E6=89=93=E5=8C=85=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Configurations/10-main.conf | 2 +- Configurations/20-debian.conf | 169 + Configurations/shared-info.pl | 2 +- Configurations/unix-Makefile.tmpl | 5 +- Configure | 2 +- apps/openssl.cnf | 8 +- crypto/conf/conf_ssl.c | 35 +- crypto/des/asm/desboth.pl | 17 +- crypto/perlasm/cbc.pl | 24 +- crypto/perlasm/x86gas.pl | 16 + crypto/x86cpuid.pl | 10 +- debian/README.Debian | 8 - debian/README.debian | 8 + debian/changelog | 2 +- debian/control | 9 +- debian/copyright | 9014 +---------------- debian/gbp.conf | 4 +- debian/libssl3.postinst | 226 - debian/libssl3.symbols | 6 +- debian/libssl3.templates | 42 - debian/not-installed | 4 + debian/openssl.install | 1 + ...able-ktls-if-target-does-not-start-w.patch | 14 +- ...tests-for-new-default-security-level.patch | 1390 +++ .../patches/Remove-the-provider-section.patch | 40 + ...vide-a-default-openssl.cnf-for-tests.patch | 386 - debian/patches/c_rehash-compat.patch | 61 +- ...rialize-allocation-free-of-ssl_names.patch | 102 + debian/patches/debian-targets.patch | 90 +- debian/patches/man-section.patch | 4 +- debian/patches/series | 9 + .../patches/skip_tls1.1_seclevel3_tests.patch | 59 - debian/patches/tests-use-seclevel-1.patch | 260 - debian/patches/tls1.2-min-seclevel2.patch | 74 - debian/rules | 24 +- debian/tests/control | 2 +- debian/upstream/signing-key.asc | 905 +- debian/watch | 2 +- test/ssl-tests/12-ct.cnf | 24 +- test/ssl-tests/12-ct.cnf.in | 12 + test/ssl-tests/14-curves.cnf | 220 +- test/ssl-tests/14-curves.cnf.in | 9 +- test/ssl-tests/22-compression.cnf | 32 +- test/ssl-tests/22-compression.cnf.in | 16 + test/sslapitest.c | 24 +- tools/c_rehash.in | 19 +- 46 files changed, 2671 insertions(+), 10721 deletions(-) create mode 100644 Configurations/20-debian.conf delete mode 100644 debian/README.Debian delete mode 100644 debian/libssl3.postinst delete mode 100644 debian/libssl3.templates create mode 100644 debian/not-installed create mode 100644 debian/patches/Fix-tests-for-new-default-security-level.patch create mode 100644 debian/patches/Remove-the-provider-section.patch delete mode 100644 debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch create mode 100644 debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch create mode 100644 debian/patches/series delete mode 100644 debian/patches/skip_tls1.1_seclevel3_tests.patch delete mode 100644 debian/patches/tests-use-seclevel-1.patch delete mode 100644 debian/patches/tls1.2-min-seclevel2.patch diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index b578a3c..b3b21d3 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -697,7 +697,7 @@ my %targets = ( shared_target => "linux-shared", shared_cflag => "-fPIC", shared_ldflag => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" }, - enable => [ "afalgeng" ], + enable => [ "afalgeng", "ktls" ], }, "linux-latomic" => { inherit_from => [ "linux-generic32" ], diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf new file mode 100644 index 0000000..c6860ed --- /dev/null +++ b/Configurations/20-debian.conf @@ -0,0 +1,169 @@ +my %targets = ( + "debian" => { + cflags => add("-Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2"), + }, + "debian-alpha" => { + inherit_from => [ "linux-alpha-gcc", "debian" ], + }, + "debian-alpha-ev4" => { + inherit_from => [ "debian-alpha" ], + cflags => add("-mcpu=ev4"), + }, + "debian-alpha-ev5" => { + inherit_from => [ "debian-alpha" ], + cflags => add("-mcpu=ev5"), + }, + "debian-arc" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-arm64" => { + inherit_from => [ "linux-aarch64", "debian" ], + }, + "debian-arm64ilp32" => { + inherit_from => [ "linux-arm64ilp32", "debian" ], + }, + "debian-armel" => { + inherit_from => [ "linux-armv4", "debian" ], + }, + "debian-armhf" => { + inherit_from => [ "linux-armv4", "debian" ], + }, + "debian-amd64" => { + inherit_from => [ "linux-x86_64", "debian" ], + }, + "debian-i386" => { + inherit_from => [ "linux-elf", "debian" ], + }, + "debian-avr32" => { + inherit_from => [ "linux-generic32", "debian" ], + }, + "debian-kfreebsd-amd64" => { + inherit_from => [ "debian-amd64" ], + enable => [ ], + }, + "debian-kfreebsd-i386" => { + inherit_from => [ "debian-i386" ], + enable => [ ], + }, + "debian-hppa" => { + inherit_from => [ "linux-generic32", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-hurd-i386" => { + inherit_from => [ "hurd-x86", "debian" ], + }, + "debian-ia64" => { + inherit_from => [ "linux-ia64", "debian" ], + cflags => add("-fzero-call-used-regs=skip"), + }, + "debian-loong64" => { + inherit_from => [ "linux64-loongarch64", "debian" ], + }, + "debian-m68k" => { + inherit_from => [ "linux-latomic", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-mips" => { + inherit_from => [ "linux-mips32", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-mipsel" => { + inherit_from => [ "linux-mips32", "debian" ], + cflags => add("-DL_ENDIAN"), + }, + "debian-mipsn32" => { + inherit_from => [ "linux-mips64", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-mipsn32el" => { + inherit_from => [ "linux-mips64", "debian" ], + cflags => add("-DL_ENDIAN"), + }, + "debian-mips64" => { + inherit_from => [ "linux64-mips64", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-mips64el" => { + inherit_from => [ "linux64-mips64", "debian" ], + cflags => add("-DL_ENDIAN"), + }, + + "debian-musl-linux-arm64" => { + inherit_from => [ "linux-aarch64", "debian" ], + }, + "debian-musl-linux-armhf" => { + inherit_from => [ "linux-armv4", "debian" ], + }, + "debian-musl-linux-i386" => { + inherit_from => [ "linux-elf", "debian" ], + }, + "debian-musl-linux-mips" => { + inherit_from => [ "linux-mips32", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-musl-linux-mipsel" => { + inherit_from => [ "linux-mips32", "debian" ], + cflags => add("-DL_ENDIAN"), + }, + + "debian-nios2" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-powerpc" => { + inherit_from => [ "linux-ppc", "debian" ], + }, + "debian-powerpcspe" => { + inherit_from => [ "linux-ppc", "debian" ], + }, + "debian-ppc64" => { + inherit_from => [ "linux-generic64", "debian", ], + asm_arch => 'ppc64', + cflags => add("-DB_ENDIAN"), + perlasm_scheme => "linux64", + }, + "debian-ppc64el" => { + inherit_from => [ "linux-ppc64le", "debian" ], + }, + "debian-riscv64" => { + inherit_from => [ "linux-generic64", "debian" ], + }, + "debian-s390" => { + inherit_from => [ "linux-generic32", "debian" ], + }, + "debian-s390x" => { + inherit_from => [ "linux64-s390x", "debian" ], + }, + "debian-sh3" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sh3eb" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sh4" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sh4eb" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-m32r" => { + inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sparc" => { + inherit_from => [ "linux-latomic", "debian", ], + asm_arch => 'sparcv9', + cflags => add("-DB_ENDIAN -DBN_DIV2W"), + }, + "debian-sparc64" => { + inherit_from => [ "linux-generic64", "debian" ], + asm_arch => 'sparcv9', + cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), + bn_ops => "BN_LLONG RC4_CHAR", + ex_libs => add("-latomic"), + }, + "debian-tilegx" => { + inherit_from => [ "linux-generic64", "debian" ], + }, + "debian-x32" => { + inherit_from => [ "linux-x32", "debian" ], + }, +); diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index edd16f4..c9e4a88 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -25,7 +25,7 @@ sub detect_gnu_cc { my %shared_info; %shared_info = ( 'gnu-shared' => { - shared_ldflag => '-shared -Wl,-Bsymbolic', + shared_ldflag => '-shared', shared_sonameflag => '-Wl,-soname=', }, 'linux-shared' => sub { diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index ebf2096..5b7e317 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -318,7 +318,8 @@ HTMLDIR=$(DOCDIR)/html # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -MANSUFFIX=ossl +MANSUFFIX=ssl +MANSECTION=SSL HTMLSUFFIX=html # For "optional" echo messages, to get "real" silence @@ -1537,7 +1538,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: $pod - pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ + pod2man --name=$name --section=$section\$(MANSECTION) --center=OpenSSL \\ --release=\$(VERSION) $pod >\$\@ EOF } elsif (platform->isdef($args{src})) { diff --git a/Configure b/Configure index 5ac4b52..978414d 100755 --- a/Configure +++ b/Configure @@ -1715,7 +1715,7 @@ unless ($disabled{devcryptoeng}) { unless ($disabled{ktls}) { $config{ktls}=""; my $cc = $config{CROSS_COMPILE}.$config{CC}; - if ($target =~ m/^linux/) { + if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); if ($? != 0) { disable('too-old-kernel', 'ktls'); diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 03330e0..215768b 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -51,11 +51,11 @@ tsa_policy3 = 1.2.3.4.5.7 # .include fipsmodule.cnf [openssl_init] -providers = provider_sect +# providers = provider_sect # List of providers to load -[provider_sect] -default = default_sect +# [provider_sect] +# default = default_sect # The fips section name should match the section name inside the # included fipsmodule.cnf. # fips = fips_sect @@ -68,7 +68,7 @@ default = default_sect # becomes unavailable in openssl. As a consequence applications depending on # OpenSSL may not work correctly which could lead to significant system # problems including inability to remotely access the system. -[default_sect] +# [default_sect] # activate = 1 diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c index 84c5b2a..d6596e6 100644 --- a/crypto/conf/conf_ssl.c +++ b/crypto/conf/conf_ssl.c @@ -12,6 +12,7 @@ #include #include #include "internal/sslconf.h" +#include "internal/thread_once.h" #include "conf_local.h" /* @@ -35,12 +36,25 @@ struct ssl_conf_cmd_st { char *arg; }; +static CRYPTO_ONCE init_ssl_names_lock = CRYPTO_ONCE_STATIC_INIT; +static CRYPTO_RWLOCK *ssl_names_lock; static struct ssl_conf_name_st *ssl_names; static size_t ssl_names_count; -static void ssl_module_free(CONF_IMODULE *md) +DEFINE_RUN_ONCE_STATIC(do_init_ssl_names_lock) +{ + ssl_names_lock = CRYPTO_THREAD_lock_new(); + if (ssl_names_lock == NULL) { + ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} + +static void ssl_module_free_unlocked(CONF_IMODULE *md) { size_t i, j; + if (ssl_names == NULL) return; for (i = 0; i < ssl_names_count; i++) { @@ -58,6 +72,14 @@ static void ssl_module_free(CONF_IMODULE *md) ssl_names_count = 0; } +static void ssl_module_free(CONF_IMODULE *md) +{ + if (!CRYPTO_THREAD_write_lock(ssl_names_lock)) + return; + ssl_module_free_unlocked(md); + CRYPTO_THREAD_unlock(ssl_names_lock); +} + static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) { size_t i, j, cnt; @@ -65,6 +87,12 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) const char *ssl_conf_section; STACK_OF(CONF_VALUE) *cmd_lists; + if (!RUN_ONCE(&init_ssl_names_lock, do_init_ssl_names_lock)) + return 0; + + if (!CRYPTO_THREAD_write_lock(ssl_names_lock)) + return 0; + ssl_conf_section = CONF_imodule_get_value(md); cmd_lists = NCONF_get_section(cnf, ssl_conf_section); if (sk_CONF_VALUE_num(cmd_lists) <= 0) { @@ -77,7 +105,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) goto err; } cnt = sk_CONF_VALUE_num(cmd_lists); - ssl_module_free(md); + ssl_module_free_unlocked(md); ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); if (ssl_names == NULL) goto err; @@ -126,7 +154,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) rv = 1; err: if (rv == 0) - ssl_module_free(md); + ssl_module_free_unlocked(md); + CRYPTO_THREAD_unlock(ssl_names_lock); return rv; } diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl index afffd20..b50e85c 100644 --- a/crypto/des/asm/desboth.pl +++ b/crypto/des/asm/desboth.pl @@ -23,6 +23,11 @@ sub DES_encrypt3 &push("edi"); + &call (&label("pic_point0")); + &set_label("pic_point0"); + &blindpop("ebp"); + &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &comment(""); &comment("Load the data words"); &mov($L,&DWP(0,"ebx","",0)); @@ -54,15 +59,21 @@ sub DES_encrypt3 &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "eax"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); &mov(&swtmp(1), "edi"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "esi"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl index ef09e0f..fe6ff45 100644 --- a/crypto/perlasm/cbc.pl +++ b/crypto/perlasm/cbc.pl @@ -129,7 +129,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($enc_func); + &call (&label("pic_point0")); + &set_label("pic_point0"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &call("$enc_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); @@ -199,7 +203,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($enc_func); + &call (&label("pic_point1")); + &set_label("pic_point1"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); + &call("$enc_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); @@ -232,7 +240,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($dec_func); + &call (&label("pic_point2")); + &set_label("pic_point2"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); + &call("$dec_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # @@ -275,7 +287,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($dec_func); + &call (&label("pic_point3")); + &set_label("pic_point3"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); + &call("$dec_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl index 1b2b27c..a62c01b 100644 --- a/crypto/perlasm/x86gas.pl +++ b/crypto/perlasm/x86gas.pl @@ -171,6 +171,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } + if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } } push(@out,$initseg) if ($initseg); if ($::elf) { @@ -249,8 +250,23 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init +___ + if ($::pic) + { $initseg.=<<___; + pushl %ebx + call .pic_point0 +.pic_point0: + popl %ebx + addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx + call $f\@PLT + popl %ebx +___ + } + else + { $initseg.=<<___; call $f ___ + } } elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index a7bcb27..6688a1f 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -16,6 +16,8 @@ $output = pop and open STDOUT,">$output"; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +push(@out, ".hidden OPENSSL_ia32cap_P\n"); + &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); @@ -161,9 +163,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); -&external_label("OPENSSL_ia32cap_P"); - -&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_rdtsc"); &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); @@ -177,7 +177,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... -&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_instrument_halt"); &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC @@ -244,7 +244,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &ret (); &function_end_B("OPENSSL_far_spin"); -&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_wipe_cpu"); &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/debian/README.Debian b/debian/README.Debian deleted file mode 100644 index e0453a0..0000000 --- a/debian/README.Debian +++ /dev/null @@ -1,8 +0,0 @@ -openssl for Debian - -Please edit this to provide information specific to -this openssl Debian package. - - (Automatically generated by debmake Version 4.3.1) - - -- Luoyaoming Fri, 06 Jan 2023 20:02:41 +0800 diff --git a/debian/README.debian b/debian/README.debian index c438c5f..5013c4d 100644 --- a/debian/README.debian +++ b/debian/README.debian @@ -11,6 +11,14 @@ Instead of `` please call now `openssl ` eg: instead of `req` please call `openssl req` +TLS protovol version and RSA key size +------------------------------------- +The default system global policy is to support TLSv1.2+ and security level two. +Please see + https://www.openssl.org/docs/man1.1.1/man5/config.html + https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR +for configurations details of `MinProtocol' and `CipherString' in +/etc/ssl/openssl.cnf case you really require to support legacy systems. PATENT ISSUES ------------- diff --git a/debian/changelog b/debian/changelog index bffa070..260c7a2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openssl (3.0.8-ok1) yangtze; urgency=medium * merge upstream 3.0.8. - -- shangxiaoyang Thu, 09 Mar 2023 14:39:56 +0800 + -- shangxiaoyang Wed, 08 Mar 2023 15:48:31 +0800 openssl (3.0.2-ok2) yangtze; urgency=medium diff --git a/debian/control b/debian/control index 68bcf3c..4250e3f 100644 --- a/debian/control +++ b/debian/control @@ -1,13 +1,13 @@ Source: openssl -Build-Depends: debhelper-compat (= 12), m4, bc, dpkg-dev (>= 1.15.7) +Build-Depends: debhelper-compat (= 13), m4, bc, dpkg-dev (>= 1.15.7) Section: utils Priority: optional Maintainer: Openkylin Developers XSBC-Original-Maintainer: Debian OpenSSL Team Uploaders: Openkylin Developers -Standards-Version: 4.5.0 -Vcs-Browser: https://gitee/openkylin/openssl -Vcs-Git: https://gitee/openkylin/openssl.git +Standards-Version: 4.6.2 +Vcs-Browser: https://gitee.com/openkylin/openssl3 +Vcs-Git: https://gitee.com/openkylin/openssl3.git Homepage: https://www.openssl.org/ Rules-Requires-Root: no @@ -74,7 +74,6 @@ Architecture: any Multi-Arch: same Suggests: libssl-doc Depends: libssl3 (= ${binary:Version}), ${misc:Depends} -Conflicts: libssl1.0-dev Description: Secure Sockets Layer toolkit - development files This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the diff --git a/debian/copyright b/debian/copyright index fbba536..3883f88 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,8946 +1,70 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: openssl -Source: -# -# Please double check copyright with the licensecheck(1) command. - -Files: VMS/VMSify-conf.pl - VMS/translatesyms.pl - apps/asn1parse.c - apps/ca.c - apps/ciphers.c - apps/cmp.c - apps/crl.c - apps/crl2pkcs7.c - apps/dgst.c - apps/dhparam.c - apps/dsa.c - apps/dsaparam.c - apps/ec.c - apps/ecparam.c - apps/enc.c - apps/errstr.c - apps/fipsinstall.c - apps/gendsa.c - apps/genpkey.c - apps/genrsa.c - apps/include/app_libctx.h - apps/include/app_params.h - apps/include/apps.h - apps/include/apps_ui.h - apps/include/cmp_mock_srv.h - apps/include/ec_common.h - apps/include/engine_loader.h - apps/include/function.h - apps/include/http_server.h - apps/include/names.h - apps/include/opt.h - apps/include/platform.h - apps/include/s_apps.h - apps/include/vms_term_sock.h - apps/info.c - apps/kdf.c - apps/lib/app_libctx.c - apps/lib/app_params.c - apps/lib/app_provider.c - apps/lib/app_rand.c - apps/lib/app_x509.c - apps/lib/apps.c - apps/lib/apps_ui.c - apps/lib/columns.c - apps/lib/fmt.c - apps/lib/names.c - apps/lib/s_cb.c - apps/lib/s_socket.c - apps/lib/vms_decc_argv.c - apps/lib/vms_term_sock.c - apps/lib/win32_init.c - apps/mac.c - apps/nseq.c - apps/ocsp.c - apps/openssl.c - apps/passwd.c - apps/pkcs12.c - apps/pkcs7.c - apps/pkcs8.c - apps/pkey.c - apps/pkeyparam.c - apps/pkeyutl.c - apps/prime.c - apps/rand.c - apps/rehash.c - apps/req.c - apps/rsautl.c - apps/s_client.c - apps/s_server.c - apps/s_time.c - apps/sess_id.c - apps/speed.c - apps/spkac.c - apps/storeutl.c - apps/testdsa.h - apps/testrsa.h - apps/timeouts.h - apps/ts.c - apps/tsget.in - apps/verify.c - apps/version.c - apps/vms_decc_init.c - apps/x509.c - config - crypto/aes/aes_cfb.c - crypto/aes/aes_ecb.c - crypto/aes/aes_ige.c - crypto/aes/aes_local.h - crypto/aes/aes_misc.c - crypto/aes/aes_ofb.c - crypto/aes/aes_wrap.c - crypto/aes/aes_x86core.c - crypto/aes/asm/aes-586.pl - crypto/aes/asm/aes-armv4.pl - crypto/aes/asm/aes-c64xplus.pl - crypto/aes/asm/aes-ia64.S - crypto/aes/asm/aes-mips.pl - crypto/aes/asm/aes-parisc.pl - crypto/aes/asm/aes-ppc.pl - crypto/aes/asm/aes-s390x.pl - crypto/aes/asm/aes-sparcv9.pl - crypto/aes/asm/aes-x86_64.pl - crypto/aes/asm/aesfx-sparcv9.pl - crypto/aes/asm/aesni-mb-x86_64.pl - crypto/aes/asm/aesni-sha1-x86_64.pl - crypto/aes/asm/aesni-sha256-x86_64.pl - crypto/aes/asm/aesni-x86.pl - crypto/aes/asm/aesni-x86_64.pl - crypto/aes/asm/aesp8-ppc.pl - crypto/aes/asm/aest4-sparcv9.pl - crypto/aes/asm/aesv8-armx.pl - crypto/aes/asm/bsaes-armv7.pl - crypto/alphacpuid.pl - crypto/arm_arch.h - crypto/armcap.c - crypto/asn1/a_bitstr.c - crypto/asn1/a_d2i_fp.c - crypto/asn1/a_dup.c - crypto/asn1/a_i2d_fp.c - crypto/asn1/a_int.c - crypto/asn1/a_mbstr.c - crypto/asn1/a_object.c - crypto/asn1/a_octet.c - crypto/asn1/a_print.c - crypto/asn1/a_sign.c - crypto/asn1/a_strex.c - crypto/asn1/a_strnid.c - crypto/asn1/a_type.c - crypto/asn1/a_utctm.c - crypto/asn1/a_utf8.c - crypto/asn1/a_verify.c - crypto/asn1/asn1_err.c - crypto/asn1/asn1_gen.c - crypto/asn1/asn1_item_list.h - crypto/asn1/asn1_lib.c - crypto/asn1/asn1_parse.c - crypto/asn1/asn_mime.c - crypto/asn1/asn_moid.c - crypto/asn1/asn_mstbl.c - crypto/asn1/asn_pack.c - crypto/asn1/bio_ndef.c - crypto/asn1/charmap.h - crypto/asn1/charmap.pl - crypto/asn1/d2i_param.c - crypto/asn1/evp_asn1.c - crypto/asn1/f_int.c - crypto/asn1/f_string.c - crypto/asn1/n_pkey.c - crypto/asn1/nsseq.c - crypto/asn1/p5_pbe.c - crypto/asn1/p5_pbev2.c - crypto/asn1/p5_scrypt.c - crypto/asn1/p8_pkey.c - crypto/asn1/t_bitst.c - crypto/asn1/t_pkey.c - crypto/asn1/t_spki.c - crypto/asn1/tasn_dec.c - crypto/asn1/tasn_enc.c - crypto/asn1/tasn_fre.c - crypto/asn1/tasn_new.c - crypto/asn1/tasn_prn.c - crypto/asn1/tasn_scn.c - crypto/asn1/tasn_typ.c - crypto/asn1/tasn_utl.c - crypto/asn1/x_algor.c - crypto/asn1/x_bignum.c - crypto/asn1/x_info.c - crypto/asn1/x_int64.c - crypto/asn1/x_long.c - crypto/asn1/x_pkey.c - crypto/asn1/x_sig.c - crypto/asn1/x_spki.c - crypto/asn1/x_val.c - crypto/async/arch/async_null.h - crypto/async/arch/async_posix.h - crypto/async/async_err.c - crypto/bf/asm/bf-586.pl - crypto/bf/bf_local.h - crypto/bf/bf_pi.h - crypto/bio/bf_buff.c - crypto/bio/bf_lbuf.c - crypto/bio/bf_nbio.c - crypto/bio/bf_null.c - crypto/bio/bf_prefix.c - crypto/bio/bf_readbuff.c - crypto/bio/bio_addr.c - crypto/bio/bio_cb.c - crypto/bio/bio_dump.c - crypto/bio/bio_err.c - crypto/bio/bio_lib.c - crypto/bio/bio_local.h - crypto/bio/bio_meth.c - crypto/bio/bio_print.c - crypto/bio/bio_sock.c - crypto/bio/bio_sock2.c - crypto/bio/bss_acpt.c - crypto/bio/bss_conn.c - crypto/bio/bss_core.c - crypto/bio/bss_dgram.c - crypto/bio/bss_fd.c - crypto/bio/bss_file.c - crypto/bio/bss_log.c - crypto/bio/bss_mem.c - crypto/bio/bss_null.c - crypto/bio/bss_sock.c - crypto/bio/ossl_core_bio.c - crypto/bn/asm/alpha-mont.pl - crypto/bn/asm/armv4-gf2m.pl - crypto/bn/asm/armv4-mont.pl - crypto/bn/asm/armv8-mont.pl - crypto/bn/asm/bn-586.pl - crypto/bn/asm/bn-c64xplus.asm - crypto/bn/asm/c64xplus-gf2m.pl - crypto/bn/asm/co-586.pl - crypto/bn/asm/ia64-mont.pl - crypto/bn/asm/ia64.S - crypto/bn/asm/mips-mont.pl - crypto/bn/asm/mips.pl - crypto/bn/asm/parisc-mont.pl - crypto/bn/asm/ppc-mont.pl - crypto/bn/asm/ppc64-mont-fixed.pl - crypto/bn/asm/ppc64-mont.pl - crypto/bn/asm/s390x-gf2m.pl - crypto/bn/asm/s390x-mont.pl - crypto/bn/asm/s390x.S - crypto/bn/asm/sparct4-mont.pl - crypto/bn/asm/sparcv8.S - crypto/bn/asm/sparcv8plus.S - crypto/bn/asm/sparcv9-gf2m.pl - crypto/bn/asm/sparcv9-mont.pl - crypto/bn/asm/sparcv9a-mont.pl - crypto/bn/asm/via-mont.pl - crypto/bn/asm/vis3-mont.pl - crypto/bn/asm/x86-gf2m.pl - crypto/bn/asm/x86-mont.pl - crypto/bn/asm/x86_64-gcc.c - crypto/bn/asm/x86_64-gf2m.pl - crypto/bn/asm/x86_64-mont.pl - crypto/bn/asm/x86_64-mont5.pl - crypto/bn/bn_add.c - crypto/bn/bn_asm.c - crypto/bn/bn_blind.c - crypto/bn/bn_const.c - crypto/bn/bn_conv.c - crypto/bn/bn_ctx.c - crypto/bn/bn_dh.c - crypto/bn/bn_div.c - crypto/bn/bn_err.c - crypto/bn/bn_exp.c - crypto/bn/bn_exp2.c - crypto/bn/bn_gcd.c - crypto/bn/bn_gf2m.c - crypto/bn/bn_intern.c - crypto/bn/bn_kron.c - crypto/bn/bn_lib.c - crypto/bn/bn_local.h - crypto/bn/bn_mod.c - crypto/bn/bn_mpi.c - crypto/bn/bn_mul.c - crypto/bn/bn_nist.c - crypto/bn/bn_ppc.c - crypto/bn/bn_prime.c - crypto/bn/bn_prime.h - crypto/bn/bn_prime.pl - crypto/bn/bn_print.c - crypto/bn/bn_rand.c - crypto/bn/bn_recp.c - crypto/bn/bn_shift.c - crypto/bn/bn_sparc.c - crypto/bn/bn_sqr.c - crypto/bn/bn_sqrt.c - crypto/bn/bn_srp.c - crypto/bn/bn_word.c - crypto/bn/bn_x931p.c - crypto/bsearch.c - crypto/buffer/buf_err.c - crypto/buffer/buffer.c - crypto/c64xpluscpuid.pl - crypto/camellia/asm/cmll-x86.pl - crypto/camellia/asm/cmll-x86_64.pl - crypto/camellia/asm/cmllt4-sparcv9.pl - crypto/camellia/camellia.c - crypto/camellia/cmll_local.h - crypto/cast/cast_local.h - crypto/cast/cast_s.h - crypto/chacha/asm/chacha-armv4.pl - crypto/chacha/asm/chacha-armv8.pl - crypto/chacha/asm/chacha-c64xplus.pl - crypto/chacha/asm/chacha-ppc.pl - crypto/chacha/asm/chacha-s390x.pl - crypto/chacha/asm/chacha-x86.pl - crypto/chacha/asm/chacha-x86_64.pl - crypto/chacha/chacha_ppc.c - crypto/cmp/cmp_asn.c - crypto/cmp/cmp_client.c - crypto/cmp/cmp_ctx.c - crypto/cmp/cmp_err.c - crypto/cmp/cmp_http.c - crypto/cmp/cmp_local.h - crypto/cmp/cmp_protect.c - crypto/cmp/cmp_util.c - crypto/cms/cms_asn1.c - crypto/cms/cms_att.c - crypto/cms/cms_cd.c - crypto/cms/cms_dd.c - crypto/cms/cms_dh.c - crypto/cms/cms_ec.c - crypto/cms/cms_enc.c - crypto/cms/cms_env.c - crypto/cms/cms_err.c - crypto/cms/cms_ess.c - crypto/cms/cms_io.c - crypto/cms/cms_lib.c - crypto/cms/cms_local.h - crypto/cms/cms_pwri.c - crypto/cms/cms_rsa.c - crypto/cms/cms_sd.c - crypto/cms/cms_smime.c - crypto/comp/c_zlib.c - crypto/comp/comp_err.c - crypto/comp/comp_lib.c - crypto/comp/comp_local.h - crypto/conf/conf_def.h - crypto/conf/conf_err.c - crypto/conf/conf_lib.c - crypto/conf/conf_local.h - crypto/conf/conf_sap.c - crypto/conf/conf_ssl.c - crypto/conf/keysets.pl - crypto/context.c - crypto/core_algorithm.c - crypto/core_fetch.c - crypto/core_namemap.c - crypto/cpt_err.c - crypto/cpuid.c - crypto/crmf/crmf_err.c - crypto/cryptlib.c - crypto/ct/ct_b64.c - crypto/ct/ct_err.c - crypto/ct/ct_local.h - crypto/ct/ct_log.c - crypto/ct/ct_oct.c - crypto/ct/ct_policy.c - crypto/ct/ct_prn.c - crypto/ct/ct_sct.c - crypto/ct/ct_sct_ctx.c - crypto/ct/ct_vfy.c - crypto/ct/ct_x509v3.c - crypto/ctype.c - crypto/cversion.c - crypto/der_writer.c - crypto/des/asm/des_enc.m4 - crypto/des/asm/desboth.pl - crypto/des/asm/dest4-sparcv9.pl - crypto/des/des_local.h - crypto/des/spr.h - crypto/dh/dh_err.c - crypto/dh/dh_local.h - crypto/dllmain.c - crypto/dsa/dsa_err.c - crypto/dsa/dsa_local.h - crypto/dso/dso_dl.c - crypto/dso/dso_err.c - crypto/dso/dso_lib.c - crypto/dso/dso_local.h - crypto/dso/dso_openssl.c - crypto/dso/dso_vms.c - crypto/dso/dso_win32.c - crypto/ebcdic.c - crypto/ec/asm/ecp_nistp521-ppc64.pl - crypto/ec/asm/ecp_nistz256-armv4.pl - crypto/ec/asm/ecp_nistz256-armv8.pl - crypto/ec/asm/ecp_nistz256-ppc64.pl - crypto/ec/asm/ecp_nistz256-sparcv9.pl - crypto/ec/asm/ecp_nistz256-x86.pl - crypto/ec/asm/x25519-ppc64.pl - crypto/ec/asm/x25519-x86_64.pl - crypto/ec/curve448/curve448_local.h - crypto/ec/ec_backend.c - crypto/ec/ec_err.c - crypto/ec/ec_key.c - crypto/ec/ec_lib.c - crypto/ec/ec_local.h - crypto/ec/ec_print.c - crypto/ec/eck_prn.c - crypto/ec/ecp_ppc.c - crypto/ec/ecp_s390x_nistp.c - crypto/ec/ecx_backend.c - crypto/ec/ecx_backend.h - crypto/ec/ecx_key.c - crypto/ec/ecx_s390x.c - crypto/encode_decode/decoder_err.c - crypto/encode_decode/decoder_lib.c - crypto/encode_decode/decoder_meth.c - crypto/encode_decode/decoder_pkey.c - crypto/encode_decode/encoder_err.c - crypto/encode_decode/encoder_lib.c - crypto/encode_decode/encoder_local.h - crypto/encode_decode/encoder_meth.c - crypto/encode_decode/encoder_pkey.c - crypto/engine/eng_all.c - crypto/engine/eng_err.c - crypto/engine/eng_lib.c - crypto/engine/eng_local.h - crypto/engine/eng_table.c - crypto/err/err.c - crypto/err/err_all.c - crypto/err/err_blocks.c - crypto/err/err_local.h - crypto/err/err_prn.c - crypto/ess/ess_asn1.c - crypto/ess/ess_err.c - crypto/ess/ess_lib.c - crypto/evp/asymcipher.c - crypto/evp/bio_b64.c - crypto/evp/bio_enc.c - crypto/evp/bio_md.c - crypto/evp/c_allc.c - crypto/evp/c_alld.c - crypto/evp/cmeth_lib.c - crypto/evp/dh_ctrl.c - crypto/evp/dh_support.c - crypto/evp/dsa_ctrl.c - crypto/evp/e_aria.c - crypto/evp/e_chacha20_poly1305.c - crypto/evp/e_null.c - crypto/evp/e_old.c - crypto/evp/e_sm4.c - crypto/evp/ec_ctrl.c - crypto/evp/ec_support.c - crypto/evp/encode.c - crypto/evp/evp_cnf.c - crypto/evp/evp_err.c - crypto/evp/evp_fetch.c - crypto/evp/evp_key.c - crypto/evp/evp_lib.c - crypto/evp/evp_local.h - crypto/evp/evp_pbe.c - crypto/evp/evp_pkey.c - crypto/evp/evp_rand.c - crypto/evp/exchange.c - crypto/evp/kdf_lib.c - crypto/evp/kdf_meth.c - crypto/evp/kem.c - crypto/evp/keymgmt_lib.c - crypto/evp/keymgmt_meth.c - crypto/evp/legacy_blake2.c - crypto/evp/legacy_meth.h - crypto/evp/m_null.c - crypto/evp/m_sigver.c - crypto/evp/mac_lib.c - crypto/evp/mac_meth.c - crypto/evp/names.c - crypto/evp/p5_crpt.c - crypto/evp/p5_crpt2.c - crypto/evp/p_legacy.c - crypto/evp/p_open.c - crypto/evp/p_seal.c - crypto/evp/p_sign.c - crypto/evp/p_verify.c - crypto/evp/pbe_scrypt.c - crypto/evp/pmeth_check.c - crypto/evp/pmeth_gn.c - crypto/evp/signature.c - crypto/ex_data.c - crypto/ffc/ffc_backend.c - crypto/ffc/ffc_dh.c - crypto/ffc/ffc_key_generate.c - crypto/ffc/ffc_key_validate.c - crypto/ffc/ffc_params.c - crypto/getenv.c - crypto/hmac/hmac_local.h - crypto/http/http_client.c - crypto/http/http_err.c - crypto/http/http_lib.c - crypto/idea/idea_local.h - crypto/info.c - crypto/initthread.c - crypto/kdf/kdf_err.c - crypto/lhash/lh_stats.c - crypto/lhash/lhash.c - crypto/lhash/lhash_local.h - crypto/md4/md4_local.h - crypto/md5/asm/md5-sparcv9.pl - crypto/md5/md5_local.h - crypto/mem.c - crypto/mem_clr.c - crypto/mips_arch.h - crypto/modes/asm/aes-gcm-armv8_64.pl - crypto/modes/asm/aesni-gcm-x86_64.pl - crypto/modes/asm/ghash-alpha.pl - crypto/modes/asm/ghash-armv4.pl - crypto/modes/asm/ghash-c64xplus.pl - crypto/modes/asm/ghash-ia64.pl - crypto/modes/asm/ghash-parisc.pl - crypto/modes/asm/ghash-s390x.pl - crypto/modes/asm/ghash-sparcv9.pl - crypto/modes/asm/ghash-x86.pl - crypto/modes/asm/ghash-x86_64.pl - crypto/modes/asm/ghashp8-ppc.pl - crypto/modes/asm/ghashv8-armx.pl - crypto/modes/cbc128.c - crypto/modes/ccm128.c - crypto/modes/cfb128.c - crypto/modes/ctr128.c - crypto/modes/cts128.c - crypto/modes/gcm128.c - crypto/modes/ocb128.c - crypto/modes/ofb128.c - crypto/modes/siv128.c - crypto/modes/xts128.c - crypto/o_dir.c - crypto/o_fopen.c - crypto/o_init.c - crypto/o_str.c - crypto/o_time.c - crypto/objects/o_names.c - crypto/objects/obj_compat.h - crypto/objects/obj_dat.c - crypto/objects/obj_dat.pl - crypto/objects/obj_err.c - crypto/objects/obj_lib.c - crypto/objects/obj_local.h - crypto/objects/obj_xref.c - crypto/objects/obj_xref.h - crypto/objects/objects.pl - crypto/objects/objxref.pl - crypto/ocsp/ocsp_asn.c - crypto/ocsp/ocsp_cl.c - crypto/ocsp/ocsp_err.c - crypto/ocsp/ocsp_ext.c - crypto/ocsp/ocsp_http.c - crypto/ocsp/ocsp_lib.c - crypto/ocsp/ocsp_local.h - crypto/ocsp/ocsp_prn.c - crypto/ocsp/ocsp_srv.c - crypto/ocsp/ocsp_vfy.c - crypto/ocsp/v3_ocsp.c - crypto/packet.c - crypto/param_build.c - crypto/params.c - crypto/params_dup.c - crypto/params_from_text.c - crypto/passphrase.c - crypto/pem/pem_err.c - crypto/pem/pem_local.h - crypto/pem/pem_oth.c - crypto/pem/pem_pk8.c - crypto/pem/pem_sign.c - crypto/pem/pem_x509.c - crypto/pem/pem_xaux.c - crypto/perlasm/arm-xlate.pl - crypto/perlasm/cbc.pl - crypto/perlasm/ppc-xlate.pl - crypto/perlasm/s390x.pm - crypto/perlasm/x86_64-support.pl - crypto/perlasm/x86_64-xlate.pl - crypto/perlasm/x86gas.pl - crypto/perlasm/x86masm.pl - crypto/perlasm/x86nasm.pl - crypto/pkcs12/p12_add.c - crypto/pkcs12/p12_asn.c - crypto/pkcs12/p12_attr.c - crypto/pkcs12/p12_crpt.c - crypto/pkcs12/p12_crt.c - crypto/pkcs12/p12_decr.c - crypto/pkcs12/p12_init.c - crypto/pkcs12/p12_key.c - crypto/pkcs12/p12_kiss.c - crypto/pkcs12/p12_local.h - crypto/pkcs12/p12_npas.c - crypto/pkcs12/p12_p8d.c - crypto/pkcs12/p12_p8e.c - crypto/pkcs12/p12_sbag.c - crypto/pkcs12/p12_utl.c - crypto/pkcs12/pk12err.c - crypto/pkcs7/bio_pk7.c - crypto/pkcs7/pk7_asn1.c - crypto/pkcs7/pk7_attr.c - crypto/pkcs7/pk7_doit.c - crypto/pkcs7/pk7_lib.c - crypto/pkcs7/pk7_local.h - crypto/pkcs7/pk7_mime.c - crypto/pkcs7/pkcs7err.c - crypto/poly1305/asm/poly1305-armv4.pl - crypto/poly1305/asm/poly1305-armv8.pl - crypto/poly1305/asm/poly1305-c64xplus.pl - crypto/poly1305/asm/poly1305-mips.pl - crypto/poly1305/asm/poly1305-ppc.pl - crypto/poly1305/asm/poly1305-ppcfp.pl - crypto/poly1305/asm/poly1305-s390x.pl - crypto/poly1305/asm/poly1305-sparcv9.pl - crypto/poly1305/asm/poly1305-x86.pl - crypto/poly1305/asm/poly1305-x86_64.pl - crypto/poly1305/poly1305.c - crypto/poly1305/poly1305_ppc.c - crypto/ppccap.c - crypto/property/defn_cache.c - crypto/property/property.c - crypto/property/property_err.c - crypto/property/property_local.h - crypto/property/property_parse.c - crypto/property/property_query.c - crypto/property/property_string.c - crypto/provider.c - crypto/provider_child.c - crypto/provider_conf.c - crypto/provider_core.c - crypto/provider_local.h - crypto/provider_predefined.c - crypto/punycode.c - crypto/rand/prov_seed.c - crypto/rand/rand_deprecated.c - crypto/rand/rand_egd.c - crypto/rand/rand_err.c - crypto/rand/rand_local.h - crypto/rand/rand_meth.c - crypto/rand/rand_pool.c - crypto/rand/randfile.c - crypto/rc2/rc2_local.h - crypto/rc4/asm/rc4-586.pl - crypto/rc4/asm/rc4-c64xplus.pl - crypto/rc4/asm/rc4-md5-x86_64.pl - crypto/rc4/asm/rc4-parisc.pl - crypto/rc4/asm/rc4-s390x.pl - crypto/rc4/asm/rc4-x86_64.pl - crypto/rc4/rc4_local.h - crypto/rc5/asm/rc5-586.pl - crypto/rc5/rc5_local.h - crypto/ripemd/rmd_local.h - crypto/ripemd/rmdconst.h - crypto/rsa/rsa_acvp_test_params.c - crypto/rsa/rsa_err.c - crypto/rsa/rsa_local.h - crypto/rsa/rsa_mp.c - crypto/rsa/rsa_mp_names.c - crypto/rsa/rsa_schemes.c - crypto/rsa/rsa_sp800_56b_check.c - crypto/rsa/rsa_sp800_56b_gen.c - crypto/s390x_arch.h - crypto/s390xcap.c - crypto/self_test_core.c - crypto/sha/asm/keccak1600-armv4.pl - crypto/sha/asm/keccak1600-armv8.pl - crypto/sha/asm/keccak1600-avx2.pl - crypto/sha/asm/keccak1600-avx512.pl - crypto/sha/asm/keccak1600-avx512vl.pl - crypto/sha/asm/keccak1600-c64x.pl - crypto/sha/asm/keccak1600-mmx.pl - crypto/sha/asm/keccak1600-ppc64.pl - crypto/sha/asm/keccak1600-s390x.pl - crypto/sha/asm/keccak1600-x86_64.pl - crypto/sha/asm/keccak1600p8-ppc.pl - crypto/sha/asm/sha1-586.pl - crypto/sha/asm/sha1-alpha.pl - crypto/sha/asm/sha1-armv4-large.pl - crypto/sha/asm/sha1-armv8.pl - crypto/sha/asm/sha1-c64xplus.pl - crypto/sha/asm/sha1-ia64.pl - crypto/sha/asm/sha1-mb-x86_64.pl - crypto/sha/asm/sha1-mips.pl - crypto/sha/asm/sha1-parisc.pl - crypto/sha/asm/sha1-ppc.pl - crypto/sha/asm/sha1-s390x.pl - crypto/sha/asm/sha1-sparcv9.pl - crypto/sha/asm/sha1-sparcv9a.pl - crypto/sha/asm/sha1-thumb.pl - crypto/sha/asm/sha1-x86_64.pl - crypto/sha/asm/sha256-586.pl - crypto/sha/asm/sha256-armv4.pl - crypto/sha/asm/sha256-c64xplus.pl - crypto/sha/asm/sha256-mb-x86_64.pl - crypto/sha/asm/sha512-586.pl - crypto/sha/asm/sha512-armv4.pl - crypto/sha/asm/sha512-armv8.pl - crypto/sha/asm/sha512-c64xplus.pl - crypto/sha/asm/sha512-ia64.pl - crypto/sha/asm/sha512-mips.pl - crypto/sha/asm/sha512-parisc.pl - crypto/sha/asm/sha512-ppc.pl - crypto/sha/asm/sha512-s390x.pl - crypto/sha/asm/sha512-sparcv9.pl - crypto/sha/asm/sha512-x86_64.pl - crypto/sha/asm/sha512p8-ppc.pl - crypto/sha/keccak1600.c - crypto/sha/sha3.c - crypto/sha/sha_local.h - crypto/sha/sha_ppc.c - crypto/sm2/sm2_err.c - crypto/sm2/sm2_key.c - crypto/sm2/sm2_sign.c - crypto/sm3/legacy_sm3.c - crypto/sm3/sm3.c - crypto/sm3/sm3_local.h - crypto/sm4/sm4.c - crypto/sparccpuid.S - crypto/sparcv9cap.c - crypto/sparse_array.c - crypto/stack/stack.c - crypto/store/store_err.c - crypto/store/store_init.c - crypto/store/store_lib.c - crypto/store/store_local.h - crypto/store/store_meth.c - crypto/store/store_register.c - crypto/store/store_result.c - crypto/store/store_strings.c - crypto/threads_lib.c - crypto/threads_none.c - crypto/threads_pthread.c - crypto/threads_win.c - crypto/trace.c - crypto/ts/ts_asn1.c - crypto/ts/ts_err.c - crypto/ts/ts_lib.c - crypto/ts/ts_req_print.c - crypto/ts/ts_req_utils.c - crypto/ts/ts_rsp_print.c - crypto/ts/ts_rsp_sign.c - crypto/ts/ts_rsp_utils.c - crypto/ts/ts_rsp_verify.c - crypto/ts/ts_verify_ctx.c - crypto/txt_db/txt_db.c - crypto/ui/ui_err.c - crypto/ui/ui_lib.c - crypto/ui/ui_local.h - crypto/ui/ui_null.c - crypto/ui/ui_openssl.c - crypto/ui/ui_util.c - crypto/uid.c - crypto/vms_rms.h - crypto/whrlpool/asm/wp-mmx.pl - crypto/whrlpool/asm/wp-x86_64.pl - crypto/whrlpool/wp_local.h - crypto/x509/by_dir.c - crypto/x509/by_file.c - crypto/x509/by_store.c - crypto/x509/ext_dat.h - crypto/x509/pcy_cache.c - crypto/x509/pcy_data.c - crypto/x509/pcy_lib.c - crypto/x509/pcy_local.h - crypto/x509/pcy_map.c - crypto/x509/pcy_node.c - crypto/x509/pcy_tree.c - crypto/x509/standard_exts.h - crypto/x509/t_crl.c - crypto/x509/t_req.c - crypto/x509/t_x509.c - crypto/x509/v3_admis.c - crypto/x509/v3_admis.h - crypto/x509/v3_akeya.c - crypto/x509/v3_akid.c - crypto/x509/v3_bcons.c - crypto/x509/v3_bitst.c - crypto/x509/v3_cpols.c - crypto/x509/v3_crld.c - crypto/x509/v3_enum.c - crypto/x509/v3_extku.c - crypto/x509/v3_genn.c - crypto/x509/v3_ia5.c - crypto/x509/v3_info.c - crypto/x509/v3_int.c - crypto/x509/v3_ist.c - crypto/x509/v3_ncons.c - crypto/x509/v3_pcons.c - crypto/x509/v3_pku.c - crypto/x509/v3_pmaps.c - crypto/x509/v3_purp.c - crypto/x509/v3_san.c - crypto/x509/v3_skid.c - crypto/x509/v3_sxnet.c - crypto/x509/v3_tlsf.c - crypto/x509/v3_utf8.c - crypto/x509/v3err.c - crypto/x509/x509_att.c - crypto/x509/x509_cmp.c - crypto/x509/x509_d2.c - crypto/x509/x509_def.c - crypto/x509/x509_err.c - crypto/x509/x509_ext.c - crypto/x509/x509_local.h - crypto/x509/x509_lu.c - crypto/x509/x509_meth.c - crypto/x509/x509_obj.c - crypto/x509/x509_r2x.c - crypto/x509/x509_req.c - crypto/x509/x509_set.c - crypto/x509/x509_trust.c - crypto/x509/x509_txt.c - crypto/x509/x509_v3.c - crypto/x509/x509_vfy.c - crypto/x509/x509_vpm.c - crypto/x509/x509cset.c - crypto/x509/x509name.c - crypto/x509/x509rset.c - crypto/x509/x509spki.c - crypto/x509/x509type.c - crypto/x509/x_attrib.c - crypto/x509/x_crl.c - crypto/x509/x_exten.c - crypto/x509/x_name.c - crypto/x509/x_req.c - crypto/x509/x_x509.c - crypto/x509/x_x509a.c - crypto/x86cpuid.pl - demos/bio/client-arg.c - demos/bio/client-conf.c - demos/bio/server-cmod.c - demos/digest/EVP_MD_demo.c - demos/digest/EVP_MD_xof.c - demos/kdf/hkdf.c - demos/kdf/pbkdf2.c - demos/kdf/scrypt.c - demos/keyexch/x25519.c - demos/mac/gmac.c - demos/mac/poly1305.c - demos/mac/siphash.c - demos/pkcs12/pkread.c - demos/pkcs12/pkwrite.c - demos/signature/EVP_Signature_demo.c - demos/signature/rsa_pss_direct.c - demos/signature/rsa_pss_hash.c - e_os.h - engines/asm/e_padlock-x86.pl - engines/asm/e_padlock-x86_64.pl - engines/e_afalg.h - engines/e_afalg_err.c - engines/e_afalg_err.h - engines/e_capi_err.c - engines/e_capi_err.h - engines/e_dasync_err.c - engines/e_dasync_err.h - engines/e_loader_attic_err.c - engines/e_loader_attic_err.h - engines/e_ossltest_err.c - engines/e_ossltest_err.h - fuzz/helper.py - fuzz/mkfuzzoids.pl - fuzz/oids.txt - include/crypto/aes_platform.h - include/crypto/aria.h - include/crypto/asn1.h - include/crypto/asn1_dsa.h - include/crypto/asn1err.h - include/crypto/async.h - include/crypto/asyncerr.h - include/crypto/bioerr.h - include/crypto/bn.h - include/crypto/bn_conf.h.in - include/crypto/bn_dh.h - include/crypto/bn_srp.h - include/crypto/bnerr.h - include/crypto/buffererr.h - include/crypto/chacha.h - include/crypto/cmll_platform.h - include/crypto/cmperr.h - include/crypto/cmserr.h - include/crypto/comperr.h - include/crypto/conferr.h - include/crypto/crmferr.h - include/crypto/cryptlib.h - include/crypto/cryptoerr.h - include/crypto/cterr.h - include/crypto/decoder.h - include/crypto/decodererr.h - include/crypto/des_platform.h - include/crypto/dh.h - include/crypto/dherr.h - include/crypto/dsa.h - include/crypto/dsaerr.h - include/crypto/dso_conf.h.in - include/crypto/ecerr.h - include/crypto/encoder.h - include/crypto/encodererr.h - include/crypto/engine.h - include/crypto/engineerr.h - include/crypto/err.h - include/crypto/ess.h - include/crypto/esserr.h - include/crypto/evp.h - include/crypto/evperr.h - include/crypto/httperr.h - include/crypto/lhash.h - include/crypto/objects.h - include/crypto/objectserr.h - include/crypto/ocsperr.h - include/crypto/pem.h - include/crypto/pemerr.h - include/crypto/pkcs12err.h - include/crypto/pkcs7.h - include/crypto/pkcs7err.h - include/crypto/poly1305.h - include/crypto/ppc_arch.h - include/crypto/punycode.h - include/crypto/rand_pool.h - include/crypto/randerr.h - include/crypto/rsa.h - include/crypto/rsaerr.h - include/crypto/security_bits.h - include/crypto/sha.h - include/crypto/siphash.h - include/crypto/siv.h - include/crypto/sm2.h - include/crypto/sm2err.h - include/crypto/sm4.h - include/crypto/sparc_arch.h - include/crypto/sparse_array.h - include/crypto/store.h - include/crypto/storeerr.h - include/crypto/tserr.h - include/crypto/uierr.h - include/crypto/x509.h - include/crypto/x509err.h - include/crypto/x509v3err.h - include/internal/asn1.h - include/internal/bio.h - include/internal/comp.h - include/internal/conf.h - include/internal/constant_time.h - include/internal/core.h - include/internal/cryptlib.h - include/internal/dane.h - include/internal/der.h - include/internal/dso.h - include/internal/dsoerr.h - include/internal/endian.h - include/internal/err.h - include/internal/ffc.h - include/internal/ktls.h - include/internal/namemap.h - include/internal/nelem.h - include/internal/numbers.h - include/internal/packet.h - include/internal/param_build_set.h - include/internal/passphrase.h - include/internal/property.h - include/internal/propertyerr.h - include/internal/provider.h - include/internal/refcount.h - include/internal/sizes.h - include/internal/sockets.h - include/internal/sslconf.h - include/internal/symhacks.h - include/internal/thread_once.h - include/internal/tlsgroups.h - include/internal/unicode.h - include/openssl/aes.h - include/openssl/asn1.h.in - include/openssl/asn1_mac.h - include/openssl/asn1err.h - include/openssl/asn1t.h.in - include/openssl/async.h - include/openssl/asyncerr.h - include/openssl/bio.h.in - include/openssl/bioerr.h - include/openssl/blowfish.h - include/openssl/bn.h - include/openssl/bnerr.h - include/openssl/buffer.h - include/openssl/buffererr.h - include/openssl/camellia.h - include/openssl/cast.h - include/openssl/cmac.h - include/openssl/cmp.h.in - include/openssl/cmp_util.h - include/openssl/cmperr.h - include/openssl/cms.h.in - include/openssl/cmserr.h - include/openssl/comp.h - include/openssl/comperr.h - include/openssl/conf.h.in - include/openssl/conf_api.h - include/openssl/conferr.h - include/openssl/configuration.h.in - include/openssl/conftypes.h - include/openssl/core.h - include/openssl/core_dispatch.h - include/openssl/core_names.h - include/openssl/core_object.h - include/openssl/crmferr.h - include/openssl/crypto.h.in - include/openssl/cryptoerr.h - include/openssl/ct.h.in - include/openssl/cterr.h - include/openssl/decoder.h - include/openssl/decodererr.h - include/openssl/des.h - include/openssl/dh.h - include/openssl/dherr.h - include/openssl/dsa.h - include/openssl/dsaerr.h - include/openssl/dtls1.h - include/openssl/e_os2.h - include/openssl/ebcdic.h - include/openssl/ec.h - include/openssl/ecdh.h - include/openssl/ecdsa.h - include/openssl/ecerr.h - include/openssl/encoder.h - include/openssl/encodererr.h - include/openssl/engine.h - include/openssl/engineerr.h - include/openssl/err.h.in - include/openssl/ess.h.in - include/openssl/esserr.h - include/openssl/evp.h - include/openssl/evperr.h - include/openssl/fips_names.h - include/openssl/fipskey.h.in - include/openssl/hmac.h - include/openssl/http.h - include/openssl/httperr.h - include/openssl/idea.h - include/openssl/kdf.h - include/openssl/kdferr.h - include/openssl/lhash.h.in - include/openssl/macros.h - include/openssl/md2.h - include/openssl/md4.h - include/openssl/md5.h - include/openssl/mdc2.h - include/openssl/modes.h - include/openssl/obj_mac.h - include/openssl/objects.h - include/openssl/objectserr.h - include/openssl/ocsp.h.in - include/openssl/ocsperr.h - include/openssl/opensslconf.h - include/openssl/opensslv.h.in - include/openssl/ossl_typ.h - include/openssl/param_build.h - include/openssl/params.h - include/openssl/pem.h - include/openssl/pem2.h - include/openssl/pemerr.h - include/openssl/pkcs12.h.in - include/openssl/pkcs12err.h - include/openssl/pkcs7.h.in - include/openssl/pkcs7err.h - include/openssl/prov_ssl.h - include/openssl/proverr.h - include/openssl/provider.h - include/openssl/rand.h - include/openssl/randerr.h - include/openssl/rc2.h - include/openssl/rc4.h - include/openssl/rc5.h - include/openssl/ripemd.h - include/openssl/rsa.h - include/openssl/rsaerr.h - include/openssl/safestack.h.in - include/openssl/self_test.h - include/openssl/sha.h - include/openssl/ssl.h.in - include/openssl/ssl2.h - include/openssl/ssl3.h - include/openssl/sslerr.h - include/openssl/stack.h - include/openssl/store.h - include/openssl/storeerr.h - include/openssl/symhacks.h - include/openssl/tls1.h - include/openssl/trace.h - include/openssl/ts.h - include/openssl/tserr.h - include/openssl/txt_db.h - include/openssl/types.h - include/openssl/ui.h.in - include/openssl/uierr.h - include/openssl/whrlpool.h - include/openssl/x509.h.in - include/openssl/x509_vfy.h.in - include/openssl/x509err.h - include/openssl/x509v3.h.in - include/openssl/x509v3err.h - ms/applink.c - ms/cmp.pl - ms/uplink-common.pl - ms/uplink-ia64.pl - ms/uplink-x86.pl - ms/uplink.c - ms/uplink.h - os-dep/haiku.h - providers/baseprov.c - providers/common/bio_prov.c - providers/common/capabilities.c - providers/common/der/DIGESTS.asn1 - providers/common/der/DSA.asn1 - providers/common/der/EC.asn1 - providers/common/der/ECX.asn1 - providers/common/der/NIST.asn1 - providers/common/der/RSA.asn1 - providers/common/der/SM2.asn1 - providers/common/der/der_digests_gen.c.in - providers/common/der/der_ec_gen.c.in - providers/common/der/der_ec_key.c - providers/common/der/der_ec_sig.c - providers/common/der/der_ecx_gen.c.in - providers/common/der/der_ecx_key.c - providers/common/der/der_rsa_gen.c.in - providers/common/der/der_rsa_sig.c - providers/common/der/der_sm2_gen.c.in - providers/common/der/der_sm2_key.c - providers/common/der/der_sm2_sig.c - providers/common/der/der_wrap_gen.c.in - providers/common/der/oids_to_c.pm - providers/common/der/wrap.asn1 - providers/common/digest_to_nid.c - providers/common/include/prov/bio.h - providers/common/include/prov/der_digests.h.in - providers/common/include/prov/der_dsa.h.in - providers/common/include/prov/der_ec.h.in - providers/common/include/prov/der_ecx.h.in - providers/common/include/prov/der_rsa.h.in - providers/common/include/prov/der_sm2.h.in - providers/common/include/prov/der_wrap.h.in - providers/common/include/prov/proverr.h - providers/common/include/prov/provider_ctx.h - providers/common/include/prov/provider_util.h - providers/common/include/prov/providercommon.h - providers/common/include/prov/securitycheck.h - providers/common/provider_ctx.c - providers/common/provider_err.c - providers/common/provider_seeding.c - providers/common/securitycheck.c - providers/common/securitycheck_default.c - providers/common/securitycheck_fips.c - providers/decoders.inc - providers/defltprov.c - providers/encoders.inc - providers/fips/fips_entry.c - providers/fips/fipsprov.c - providers/fips/self_test.c - providers/fips/self_test.h - providers/fips/self_test_kats.c - providers/implementations/asymciphers/sm2_enc.c - providers/implementations/ciphers/cipher_aes.h - providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h - providers/implementations/ciphers/cipher_aes_ccm.h - providers/implementations/ciphers/cipher_aes_gcm.h - providers/implementations/ciphers/cipher_aes_ocb.h - providers/implementations/ciphers/cipher_aes_siv.h - providers/implementations/ciphers/cipher_aes_xts.h - providers/implementations/ciphers/cipher_aria.h - providers/implementations/ciphers/cipher_aria_ccm.h - providers/implementations/ciphers/cipher_aria_gcm.h - providers/implementations/ciphers/cipher_aria_hw.c - providers/implementations/ciphers/cipher_blowfish.h - providers/implementations/ciphers/cipher_camellia.h - providers/implementations/ciphers/cipher_cast.h - providers/implementations/ciphers/cipher_chacha20.h - providers/implementations/ciphers/cipher_chacha20_poly1305.c - providers/implementations/ciphers/cipher_chacha20_poly1305.h - providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c - providers/implementations/ciphers/cipher_cts.h - providers/implementations/ciphers/cipher_des.h - providers/implementations/ciphers/cipher_idea.h - providers/implementations/ciphers/cipher_null.c - providers/implementations/ciphers/cipher_rc2.h - providers/implementations/ciphers/cipher_rc4.h - providers/implementations/ciphers/cipher_rc4_hmac_md5.c - providers/implementations/ciphers/cipher_rc4_hmac_md5.h - providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c - providers/implementations/ciphers/cipher_rc5.h - providers/implementations/ciphers/cipher_seed.h - providers/implementations/ciphers/cipher_sm4.h - providers/implementations/ciphers/cipher_sm4_hw.c - providers/implementations/ciphers/cipher_tdes.h - providers/implementations/ciphers/cipher_tdes_default.h - providers/implementations/ciphers/ciphercommon_block.c - providers/implementations/ciphers/ciphercommon_ccm_hw.c - providers/implementations/ciphers/ciphercommon_gcm_hw.c - providers/implementations/ciphers/ciphercommon_hw.c - providers/implementations/ciphers/ciphercommon_local.h - providers/implementations/digests/blake2_prov.c - providers/implementations/digests/digestcommon.c - providers/implementations/digests/null_prov.c - providers/implementations/digests/sha3_prov.c - providers/implementations/digests/sm3_prov.c - providers/implementations/encode_decode/decode_epki2pki.c - providers/implementations/encode_decode/decode_spki2typespki.c - providers/implementations/encode_decode/endecoder_common.c - providers/implementations/encode_decode/endecoder_local.h - providers/implementations/exchange/ecx_exch.c - providers/implementations/exchange/kdf_exch.c - providers/implementations/include/prov/blake2.h - providers/implementations/include/prov/ciphercommon.h - providers/implementations/include/prov/ciphercommon_aead.h - providers/implementations/include/prov/ciphercommon_ccm.h - providers/implementations/include/prov/ciphercommon_gcm.h - providers/implementations/include/prov/digestcommon.h - providers/implementations/include/prov/implementations.h - providers/implementations/include/prov/kdfexchange.h - providers/implementations/include/prov/macsignature.h - providers/implementations/include/prov/md5_sha1.h - providers/implementations/include/prov/names.h - providers/implementations/include/prov/seeding.h - providers/implementations/kdfs/pbkdf1.c - providers/implementations/kdfs/pbkdf2.h - providers/implementations/kdfs/pbkdf2_fips.c - providers/implementations/kdfs/pkcs12kdf.c - providers/implementations/kdfs/scrypt.c - providers/implementations/kdfs/sshkdf.c - providers/implementations/kdfs/x942kdf.c - providers/implementations/keymgmt/ec_kmgmt_imexport.inc - providers/implementations/keymgmt/ecx_kmgmt.c - providers/implementations/macs/blake2_mac_impl.c - providers/implementations/macs/gmac_prov.c - providers/implementations/macs/poly1305_prov.c - providers/implementations/macs/siphash_prov.c - providers/implementations/rands/drbg.c - providers/implementations/rands/drbg_ctr.c - providers/implementations/rands/drbg_hash.c - providers/implementations/rands/drbg_hmac.c - providers/implementations/rands/drbg_local.h - providers/implementations/rands/seed_src.c - providers/implementations/rands/seeding/rand_cpu_x86.c - providers/implementations/rands/seeding/rand_tsc.c - providers/implementations/rands/seeding/rand_unix.c - providers/implementations/rands/seeding/rand_vms.c - providers/implementations/rands/seeding/rand_vxworks.c - providers/implementations/rands/seeding/rand_win.c - providers/implementations/rands/test_rng.c - providers/implementations/signature/eddsa_sig.c - providers/implementations/storemgmt/file_store.c - providers/implementations/storemgmt/file_store_local.h - providers/legacyprov.c - providers/nullprov.c - providers/prov_running.c - providers/stores.inc - ssl/bio_ssl.c - ssl/d1_lib.c - ssl/d1_msg.c - ssl/ktls.c - ssl/methods.c - ssl/pqueue.c - ssl/record/dtls1_bitmap.c - ssl/record/rec_layer_d1.c - ssl/record/rec_layer_s3.c - ssl/record/ssl3_buffer.c - ssl/record/ssl3_record.c - ssl/record/ssl3_record_tls13.c - ssl/record/tls_pad.c - ssl/s3_enc.c - ssl/s3_lib.c - ssl/s3_msg.c - ssl/ssl_asn1.c - ssl/ssl_cert.c - ssl/ssl_cert_table.h - ssl/ssl_ciph.c - ssl/ssl_conf.c - ssl/ssl_err.c - ssl/ssl_init.c - ssl/ssl_lib.c - ssl/ssl_local.h - ssl/ssl_mcnf.c - ssl/ssl_rsa.c - ssl/ssl_sess.c - ssl/ssl_stat.c - ssl/ssl_txt.c - ssl/ssl_utst.c - ssl/sslerr.h - ssl/statem/extensions.c - ssl/statem/extensions_clnt.c - ssl/statem/extensions_srvr.c - ssl/statem/statem.c - ssl/statem/statem_clnt.c - ssl/statem/statem_dtls.c - ssl/statem/statem_lib.c - ssl/statem/statem_srvr.c - ssl/t1_enc.c - ssl/t1_lib.c - ssl/t1_trce.c - ssl/tls13_enc.c - test/aborttest.c - test/acvp_test.inc - test/aesgcmtest.c - test/algorithmid_test.c - test/asn1_decode_test.c - test/asn1_dsa_internal_test.c - test/asn1_encode_test.c - test/asn1_string_table_test.c - test/asynctest.c - test/bad_dtls_test.c - test/bio_callback_test.c - test/bio_core_test.c - test/bio_enc_test.c - test/bio_memleak_test.c - test/bio_prefix_text.c - test/bio_readbuffer_test.c - test/bioprinttest.c - test/bn_internal_test.c - test/bn_rand_range.h - test/bntest.c - test/cipher_overhead_test.c - test/clienthellotest.c - test/cmp_asn_test.c - test/cmp_client_test.c - test/cmp_ctx_test.c - test/cmp_hdr_test.c - test/cmp_msg_test.c - test/cmp_protect_test.c - test/cmp_server_test.c - test/cmp_status_test.c - test/cmp_vfy_test.c - test/cmsapitest.c - test/conf_include_test.c - test/confdump.c - test/constant_time_test.c - test/crltest.c - test/ct_test.c - test/ctype_internal_test.c - test/curve448_internal_test.c - test/danetest.c - test/defltfips_test.c - test/dtls_mtu_test.c - test/dtlstest.c - test/dtlsv1listentest.c - test/ecdsatest.h - test/ectest.c - test/endecode_test.c - test/errtest.c - test/evp_kdf_test.c - test/evp_pkey_dparams_test.c - test/evp_pkey_provided_test.c - test/evp_test.c - test/exdatatest.c - test/exptest.c - test/fake_rsaprov.h - test/fatalerrtest.c - test/filterprov.h - test/generate_buildtest.pl - test/gmdifftest.c - test/helpers/cmp_testlib.c - test/helpers/cmp_testlib.h - test/helpers/handshake.c - test/helpers/handshake.h - test/helpers/pkcs12.c - test/helpers/pkcs12.h - test/helpers/predefined_dhparams.c - test/helpers/predefined_dhparams.h - test/helpers/ssl_test_ctx.c - test/helpers/ssl_test_ctx.h - test/helpers/ssltestlib.c - test/helpers/ssltestlib.h - test/http_test.c - test/igetest.c - test/lhash_test.c - test/memleaktest.c - test/namemap_internal_test.c - test/ocspapitest.c - test/ossl_store_test.c - test/packettest.c - test/param_build_test.c - test/params_api_test.c - test/params_conversion_test.c - test/pbelutest.c - test/pbetest.c - test/pemtest.c - test/pkcs12_format_test.c - test/pkcs7_test.c - test/pkey_meth_kdf_test.c - test/pkey_meth_test.c - test/property_test.c - test/prov_config_test.c - test/provfetchtest.c - test/provider_fallback_test.c - test/provider_internal_test.c - test/provider_pkey_test.c - test/provider_status_test.c - test/provider_test.c - test/rand_status_test.c - test/rdrand_sanitytest.c - test/recipes/00-prep_fipsmodule_cnf.t - test/recipes/01-test_abort.t - test/recipes/01-test_sanity.t - test/recipes/01-test_symbol_presence.t - test/recipes/01-test_test.t - test/recipes/02-test_errstr.t - test/recipes/02-test_internal_context.t - test/recipes/02-test_internal_ctype.t - test/recipes/02-test_internal_keymgmt.t - test/recipes/02-test_internal_provider.t - test/recipes/02-test_lhash.t - test/recipes/02-test_ordinals.t - test/recipes/02-test_sparse_array.t - test/recipes/02-test_stack.t - test/recipes/03-test_exdata.t - test/recipes/03-test_fipsinstall.t - test/recipes/03-test_internal_asn1.t - test/recipes/03-test_internal_asn1_dsa.t - test/recipes/03-test_internal_bn.t - test/recipes/03-test_internal_chacha.t - test/recipes/03-test_internal_curve448.t - test/recipes/03-test_internal_ec.t - test/recipes/03-test_internal_ffc.t - test/recipes/03-test_internal_mdc2.t - test/recipes/03-test_internal_modes.t - test/recipes/03-test_internal_namemap.t - test/recipes/03-test_internal_poly1305.t - test/recipes/03-test_internal_rsa_sp800_56b.t - test/recipes/03-test_internal_siphash.t - test/recipes/03-test_internal_sm2.t - test/recipes/03-test_internal_sm3.t - test/recipes/03-test_internal_sm4.t - test/recipes/03-test_internal_ssl_cert_table.t - test/recipes/03-test_internal_x509.t - test/recipes/03-test_params_api.t - test/recipes/03-test_property.t - test/recipes/03-test_ui.t - test/recipes/04-test_asn1_decode.t - test/recipes/04-test_asn1_encode.t - test/recipes/04-test_asn1_string_table.t - test/recipes/04-test_bio_callback.t - test/recipes/04-test_bio_core.t - test/recipes/04-test_bioprint.t - test/recipes/04-test_conf.t - test/recipes/04-test_encoder_decoder.t - test/recipes/04-test_encoder_decoder_legacy.t - test/recipes/04-test_err.t - test/recipes/04-test_hexstring.t - test/recipes/04-test_param_build.t - test/recipes/04-test_params.t - test/recipes/04-test_params_conversion.t - test/recipes/04-test_pem_read_depr.t - test/recipes/04-test_pem_reading.t - test/recipes/04-test_provfetch.t - test/recipes/04-test_provider.t - test/recipes/04-test_provider_fallback.t - test/recipes/04-test_provider_pkey.t - test/recipes/04-test_upcalls.t - test/recipes/05-test_bf.t - test/recipes/05-test_cast.t - test/recipes/05-test_cmac.t - test/recipes/05-test_des.t - test/recipes/05-test_hmac.t - test/recipes/05-test_idea.t - test/recipes/05-test_pbe.t - test/recipes/05-test_rand.t - test/recipes/05-test_rc2.t - test/recipes/05-test_rc4.t - test/recipes/05-test_rc5.t - test/recipes/06-test_algorithmid.t - test/recipes/06-test_rdrand_sanity.t - test/recipes/10-test_bn.t - test/recipes/10-test_bn_data/bnmod.txt - test/recipes/10-test_bn_data/bnmul.txt - test/recipes/10-test_bn_data/bnshift.txt - test/recipes/10-test_exp.t - test/recipes/15-test_dh.t - test/recipes/15-test_dsa.t - test/recipes/15-test_dsaparam.t - test/recipes/15-test_ec.t - test/recipes/15-test_ecdsa.t - test/recipes/15-test_ecparam.t - test/recipes/15-test_gendh.t - test/recipes/15-test_gendhparam.t - test/recipes/15-test_gendsa.t - test/recipes/15-test_genec.t - test/recipes/15-test_genrsa.t - test/recipes/15-test_mp_rsa.t - test/recipes/15-test_out_option.t - test/recipes/15-test_rsa.t - test/recipes/15-test_rsaoaep.t - test/recipes/15-test_rsapss.t - test/recipes/15-test_sha.t - test/recipes/20-test_app.t - test/recipes/20-test_cli_fips.t - test/recipes/20-test_dgst.t - test/recipes/20-test_dhparam.t - test/recipes/20-test_dhparam_check.t - test/recipes/20-test_enc.t - test/recipes/20-test_enc_more.t - test/recipes/20-test_kdf.t - test/recipes/20-test_mac.t - test/recipes/20-test_passwd.t - test/recipes/20-test_pkeyutl.t - test/recipes/20-test_rand_config.t - test/recipes/20-test_spkac.t - test/recipes/25-test_crl.t - test/recipes/25-test_d2i.t - test/recipes/25-test_eai_data.t - test/recipes/25-test_pkcs7.t - test/recipes/25-test_req.t - test/recipes/25-test_rusext.t - test/recipes/25-test_sid.t - test/recipes/25-test_verify.t - test/recipes/25-test_verify_store.t - test/recipes/25-test_x509.t - test/recipes/30-test_acvp.t - test/recipes/30-test_aesgcm.t - test/recipes/30-test_afalg.t - test/recipes/30-test_defltfips.t - test/recipes/30-test_engine.t - test/recipes/30-test_evp.t - test/recipes/30-test_evp_data/evpciph_bf.txt - test/recipes/30-test_evp_data/evpciph_camellia_cts.txt - test/recipes/30-test_evp_data/evpciph_cast5.txt - test/recipes/30-test_evp_data/evpciph_des.txt - test/recipes/30-test_evp_data/evpciph_idea.txt - test/recipes/30-test_evp_data/evpciph_rc4.txt - test/recipes/30-test_evp_data/evpciph_seed.txt - test/recipes/30-test_evp_data/evpciph_sm4.txt - test/recipes/30-test_evp_data/evpmd_md.txt - test/recipes/30-test_evp_data/evpmd_mdc2.txt - test/recipes/30-test_evp_extra.t - test/recipes/30-test_evp_fetch_prov.t - test/recipes/30-test_evp_kdf.t - test/recipes/30-test_evp_libctx.t - test/recipes/30-test_evp_pkey_dparam.t - test/recipes/30-test_evp_pkey_provided.t - test/recipes/30-test_pbelu.t - test/recipes/30-test_pkey_meth.t - test/recipes/30-test_pkey_meth_kdf.t - test/recipes/30-test_prov_config.t - test/recipes/30-test_provider_status.t - test/recipes/40-test_rehash.t - test/recipes/60-test_x509_check_cert_pkey.t - test/recipes/60-test_x509_dup_cert.t - test/recipes/60-test_x509_store.t - test/recipes/60-test_x509_time.t - test/recipes/61-test_bio_prefix.t - test/recipes/61-test_bio_readbuffer.t - test/recipes/65-test_cmp_asn.t - test/recipes/65-test_cmp_client.t - test/recipes/65-test_cmp_ctx.t - test/recipes/65-test_cmp_hdr.t - test/recipes/65-test_cmp_msg.t - test/recipes/65-test_cmp_protect.t - test/recipes/65-test_cmp_server.t - test/recipes/65-test_cmp_status.t - test/recipes/65-test_cmp_vfy.t - test/recipes/66-test_ossl_store.t - test/recipes/70-test_asyncio.t - test/recipes/70-test_bad_dtls.t - test/recipes/70-test_clienthello.t - test/recipes/70-test_comp.t - test/recipes/70-test_key_share.t - test/recipes/70-test_packet.t - test/recipes/70-test_recordlen.t - test/recipes/70-test_renegotiation.t - test/recipes/70-test_servername.t - test/recipes/70-test_sslcbcpadding.t - test/recipes/70-test_sslcertstatus.t - test/recipes/70-test_sslextension.t - test/recipes/70-test_sslmessages.t - test/recipes/70-test_sslrecords.t - test/recipes/70-test_sslsessiontick.t - test/recipes/70-test_sslsigalgs.t - test/recipes/70-test_sslsignature.t - test/recipes/70-test_sslskewith0p.t - test/recipes/70-test_sslversions.t - test/recipes/70-test_sslvertol.t - test/recipes/70-test_tls13alerts.t - test/recipes/70-test_tls13cookie.t - test/recipes/70-test_tls13downgrade.t - test/recipes/70-test_tls13hrr.t - test/recipes/70-test_tls13kexmodes.t - test/recipes/70-test_tls13messages.t - test/recipes/70-test_tls13psk.t - test/recipes/70-test_tlsextms.t - test/recipes/70-test_verify_extra.t - test/recipes/70-test_wpacket.t - test/recipes/71-test_ssl_ctx.t - test/recipes/79-test_http.t - test/recipes/80-test_ca.t - test/recipes/80-test_cipherbytes.t - test/recipes/80-test_cipherlist.t - test/recipes/80-test_ciphername.t - test/recipes/80-test_cmp_http.t - test/recipes/80-test_cms.t - test/recipes/80-test_cmsapi.t - test/recipes/80-test_ct.t - test/recipes/80-test_dane.t - test/recipes/80-test_dtls.t - test/recipes/80-test_dtls_mtu.t - test/recipes/80-test_dtlsv1listen.t - test/recipes/80-test_ocsp.t - test/recipes/80-test_pkcs12.t - test/recipes/80-test_ssl_new.t - test/recipes/80-test_ssl_old.t - test/recipes/80-test_ssl_test_ctx.t - test/recipes/80-test_sslcorrupt.t - test/recipes/80-test_tsa.t - test/recipes/80-test_x509aux.t - test/recipes/81-test_cmp_cli.t - test/recipes/90-test_asn1_time.t - test/recipes/90-test_async.t - test/recipes/90-test_bio_enc.t - test/recipes/90-test_bio_memleak.t - test/recipes/90-test_constant_time.t - test/recipes/90-test_fatalerr.t - test/recipes/90-test_fipsload.t - test/recipes/90-test_gmdiff.t - test/recipes/90-test_ige.t - test/recipes/90-test_memleak.t - test/recipes/90-test_overhead.t - test/recipes/90-test_secmem.t - test/recipes/90-test_shlibload.t - test/recipes/90-test_srp.t - test/recipes/90-test_sslapi.t - test/recipes/90-test_sslbuffers.t - test/recipes/90-test_store.t - test/recipes/90-test_sysdefault.t - test/recipes/90-test_threads.t - test/recipes/90-test_time_offset.t - test/recipes/90-test_tls13ccs.t - test/recipes/90-test_tls13encryption.t - test/recipes/90-test_tls13secrets.t - test/recipes/90-test_v3name.t - test/recipes/91-test_pkey_check.t - test/recipes/95-test_external_gost_engine.t - test/recipes/95-test_external_krb5.t - test/recipes/95-test_external_krb5_data/krb5.sh - test/recipes/95-test_external_pyca.t - test/recipes/99-test_ecstress.t - test/recipes/99-test_fuzz_asn1.t - test/recipes/99-test_fuzz_asn1parse.t - test/recipes/99-test_fuzz_bignum.t - test/recipes/99-test_fuzz_bndiv.t - test/recipes/99-test_fuzz_client.t - test/recipes/99-test_fuzz_cmp.t - test/recipes/99-test_fuzz_cms.t - test/recipes/99-test_fuzz_conf.t - test/recipes/99-test_fuzz_crl.t - test/recipes/99-test_fuzz_ct.t - test/recipes/99-test_fuzz_server.t - test/recipes/99-test_fuzz_x509.t - test/recipes/fuzz.pl - test/recipes/tconversion.pl - test/recordlentest.c - test/run_tests.pl - test/sanitytest.c - test/secmemtest.c - test/servername_test.c - test/sha_test.c - test/shlibloadtest.c - test/simpledynamic.c - test/simpledynamic.h - test/sparse_array_test.c - test/ssl-tests/23-srp.cnf.in - test/ssl-tests/29-dtls-sctp-label-bug.cnf.in - test/ssl_ctx_test.c - test/ssl_old_test.c - test/ssl_test.c - test/sslcorrupttest.c - test/stack_test.c - test/sysdefaulttest.c - test/test_test.c - test/testutil.h - test/testutil/apps_shims.c - test/testutil/basic_output.c - test/testutil/cb.c - test/testutil/driver.c - test/testutil/format_output.c - test/testutil/load.c - test/testutil/main.c - test/testutil/options.c - test/testutil/output.c - test/testutil/output.h - test/testutil/provider.c - test/testutil/random.c - test/testutil/stanza.c - test/testutil/test_cleanup.c - test/testutil/test_options.c - test/testutil/tests.c - test/testutil/testutil_init.c - test/testutil/tu_local.h - test/threadstest.c - test/threadstest.h - test/threadstest_fips.c - test/time_offset_test.c - test/tls-provider.c - test/tls13ccstest.c - test/tls13encryptiontest.c - test/tls13secretstest.c - test/uitest.c - test/upcallstest.c - test/user_property_test.c - test/v3ext.c - test/v3nametest.c - test/verify_extra_test.c - test/versions.c - test/wpackettest.c - test/x509_check_cert_pkey_test.c - test/x509_dup_cert_test.c - tools/c_rehash.in - util/add-depends.pl - util/cavs-to-evptest.pl - util/check-malloc-errs - util/copy.pl - util/find-doc-nits - util/fix-includes - util/mk-fipsmodule-cnf.pl - util/mkbuildinf.pl - util/mkdir-p.pl - util/mkerr.pl - util/mknum.pl - util/mkpod2html.pl - util/mkrc.pl - util/perl/OpenSSL/Config/Query.pm - util/perl/OpenSSL/OID.pm - util/perl/OpenSSL/Ordinals.pm - util/perl/OpenSSL/ParseC.pm - util/perl/OpenSSL/Test.pm - util/perl/OpenSSL/Test/Simple.pm - util/perl/OpenSSL/Test/Utils.pm - util/perl/OpenSSL/Util.pm - util/perl/OpenSSL/Util/Pod.pm - util/perl/OpenSSL/copyright.pm - util/perl/OpenSSL/fallback.pm - util/perl/OpenSSL/stackhash.pm - util/perl/TLSProxy/Alert.pm - util/perl/TLSProxy/Certificate.pm - util/perl/TLSProxy/CertificateRequest.pm - util/perl/TLSProxy/CertificateVerify.pm - util/perl/TLSProxy/ClientHello.pm - util/perl/TLSProxy/EncryptedExtensions.pm - util/perl/TLSProxy/Message.pm - util/perl/TLSProxy/NewSessionTicket.pm - util/perl/TLSProxy/Proxy.pm - util/perl/TLSProxy/Record.pm - util/perl/TLSProxy/ServerHello.pm - util/perl/TLSProxy/ServerKeyExchange.pm - util/perl/checkhandshake.pm - util/su-filter.pl - util/write-man-symlinks -Copyright: 1995-2022 The OpenSSL Project Authors. - 2002 The OpenTSA Project. - 2002-2020 Oracle and/or its affiliates. - 2005 Nokia. - 2007-2020 Nokia - 2013-2014 Timo Teräs - 2015-2020 Siemens AG - 2016 VMS Software, Inc. - 2017 BaishanCloud. - 2017 National Security Research Institute. - 2017 Ribose Inc. - 2017 Ribose Inc. Ported from Ribose contributions from Botan. - 2017 [Ribose Inc.](https://www.ribose.com). - 2018-2019 IBM Corp. - 2021 [UnionTech](https://www.uniontech.com). -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - -Files: ACKNOWLEDGEMENTS.md - AUTHORS.md - Configurations/00-base-templates.conf - Configurations/10-main.conf - Configurations/15-android.conf - Configurations/15-ios.conf - Configurations/50-cppbuilder.conf - Configurations/50-djgpp.conf - Configurations/50-haiku.conf - Configurations/50-masm.conf - Configurations/50-nonstop.conf - Configurations/50-os390.conf - Configurations/50-vms-x86_64.conf - Configurations/50-win-onecore.conf - Configurations/INTERNALS.Configure - Configurations/README-design.md - Configurations/README.md - Configurations/common0.tmpl - Configurations/descrip.mms.tmpl - Configurations/gentemplate.pm - Configurations/platform.pm - Configurations/platform/AIX.pm - Configurations/platform/BASE.pm - Configurations/platform/Cygwin.pm - Configurations/platform/Unix.pm - Configurations/platform/VMS.pm - Configurations/platform/Windows.pm - Configurations/platform/Windows/MSVC.pm - Configurations/platform/Windows/cppbuilder.pm - Configurations/platform/mingw.pm - Configurations/unix-Makefile.tmpl - Configurations/unix-checker.pm - Configurations/windows-checker.pm - Configurations/windows-makefile.tmpl - FAQ.md - HACKING.md - INSTALL.md - NEWS.md - NOTES-ANDROID.md - NOTES-DJGPP.md - NOTES-NONSTOP.md - NOTES-PERL.md - NOTES-UNIX.md - NOTES-VALGRIND.md - NOTES-VMS.md - NOTES-WINDOWS.md - README-FIPS.md - README-PROVIDERS.md - SUPPORT.md - VERSION.dat - VMS/engine.opt - VMS/msg_install.com - VMS/msg_staging.com - VMS/openssl_ivp.com.in - VMS/openssl_shutdown.com.in - VMS/openssl_startup.com.in - VMS/openssl_utils.com.in - VMS/test-includes.com - apps/build.info - apps/ca-cert.srl - apps/ca-key.pem - apps/ca-req.pem - apps/cert.pem - apps/client.pem - apps/ct_log_list.cnf - apps/demoSRP/srp_verifier.txt - apps/demoSRP/srp_verifier.txt.attr - apps/dsa-ca.pem - apps/dsa-pca.pem - apps/dsa1024.pem - apps/dsa512.pem - apps/dsap.pem - apps/insta.ca.crt - apps/lib/build.info - apps/openssl-vms.cnf - apps/openssl.cnf - apps/pca-cert.srl - apps/pca-key.pem - apps/pca-req.pem - apps/privkey.pem - apps/req.pem - apps/rsa8192.pem - apps/s1024key.pem - apps/s1024req.pem - apps/s512-key.pem - apps/s512-req.pem - apps/server.pem - apps/server.srl - apps/server2.pem - apps/testCA.pem - appveyor.yml - build.info - config.com - configdata.pm.in - crypto/README-sparse_array.md - crypto/aes/build.info - crypto/aria/build.info - crypto/asn1/build.info - crypto/async/build.info - crypto/bf/build.info - crypto/bio/build.info - crypto/bn/build.info - crypto/buffer/build.info - crypto/build.info - crypto/camellia/build.info - crypto/cast/build.info - crypto/chacha/asm/chacha-ia64.pl - crypto/chacha/build.info - crypto/cmac/build.info - crypto/cmp/build.info - crypto/cms/build.info - crypto/comp/build.info - crypto/conf/build.info - crypto/crmf/build.info - crypto/ct/build.info - crypto/des/build.info - crypto/dh/build.info - crypto/dsa/build.info - crypto/dso/build.info - crypto/ec/build.info - crypto/encode_decode/build.info - crypto/engine/README.md - crypto/engine/build.info - crypto/err/README.md - crypto/err/build.info - crypto/err/openssl.ec - crypto/ess/build.info - crypto/evp/build.info - crypto/ffc/build.info - crypto/hmac/build.info - crypto/http/build.info - crypto/idea/build.info - crypto/kdf/build.info - crypto/lhash/build.info - crypto/md2/build.info - crypto/md4/build.info - crypto/md5/build.info - crypto/mdc2/build.info - crypto/modes/build.info - crypto/objects/README.md - crypto/objects/build.info - crypto/objects/obj_mac.num - crypto/objects/obj_xref.txt - crypto/objects/objects.txt - crypto/ocsp/build.info - crypto/pem/build.info - crypto/perlasm/README.md - crypto/pkcs12/build.info - crypto/pkcs7/build.info - crypto/poly1305/asm/poly1305-ia64.S - crypto/poly1305/build.info - crypto/property/README.md - crypto/property/build.info - crypto/property/properties.ebnf - crypto/rand/build.info - crypto/rc2/build.info - crypto/rc4/build.info - crypto/rc5/build.info - crypto/ripemd/build.info - crypto/rsa/build.info - crypto/seed/build.info - crypto/sha/build.info - crypto/siphash/build.info - crypto/sm2/build.info - crypto/sm3/build.info - crypto/sm4/build.info - crypto/srp/build.info - crypto/stack/build.info - crypto/store/build.info - crypto/ts/build.info - crypto/txt_db/build.info - crypto/ui/build.info - crypto/whrlpool/build.info - crypto/x509/build.info - demos/README.txt - demos/bio/Makefile - demos/bio/README.txt - demos/bio/accept.cnf - demos/bio/cmod.cnf - demos/bio/connect.cnf - demos/bio/descrip.mms - demos/bio/intca.pem - demos/bio/root.pem - demos/bio/server-ec.pem - demos/bio/server.pem - demos/bio/shared.opt - demos/bio/static.opt - demos/certs/README.txt - demos/certs/apps/apps.cnf - demos/certs/apps/ckey.pem - demos/certs/apps/intkey.pem - demos/certs/apps/mkacerts.sh - demos/certs/apps/mkxcerts.sh - demos/certs/apps/rootkey.pem - demos/certs/apps/skey.pem - demos/certs/apps/skey2.pem - demos/certs/ca.cnf - demos/certs/mkcerts.sh - demos/certs/ocspquery.sh - demos/certs/ocsprun.sh - demos/cipher/Makefile - demos/cms/cacert.pem - demos/cms/cakey.pem - demos/cms/comp.txt - demos/cms/encr.txt - demos/cms/sign.txt - demos/cms/signer.pem - demos/cms/signer2.pem - demos/digest/Makefile - demos/kdf/Makefile - demos/mac/Makefile - demos/pkey/Makefile - demos/signature/Makefile - demos/smime/cacert.pem - demos/smime/cakey.pem - demos/smime/encr.txt - demos/smime/sign.txt - demos/smime/signer.pem - demos/smime/signer2.pem - doc/README.md - doc/build.info - doc/build.info.in - doc/dir-locals.example.el - doc/fingerprints.txt - doc/life-cycles/Makefile - doc/life-cycles/README.md - doc/life-cycles/cipher.dot - doc/life-cycles/digest.dot - doc/life-cycles/kdf.dot - doc/life-cycles/lifecycles.ods - doc/life-cycles/mac.dot - doc/life-cycles/pkey.dot - doc/life-cycles/rand.dot - doc/man1/build.info - doc/man3/ERR_put_error.pod - doc/man7/img/cipher.png - doc/man7/img/digest.png - doc/man7/img/kdf.png - doc/man7/img/mac.png - doc/man7/img/pkey.png - doc/man7/img/rand.png - doc/openssl-c-indent.el - engines/build.info - engines/e_afalg.ec - engines/e_capi.ec - engines/e_dasync.ec - engines/e_loader_attic.ec - engines/e_ossltest.ec - external/perl/Downloaded.txt - external/perl/MODULES.txt - external/perl/Text-Template-1.56/Changes - external/perl/Text-Template-1.56/INSTALL - external/perl/Text-Template-1.56/MANIFEST - external/perl/Text-Template-1.56/META.json - external/perl/Text-Template-1.56/META.yml - external/perl/Text-Template-1.56/Makefile.PL - external/perl/Text-Template-1.56/README - external/perl/Text-Template-1.56/SIGNATURE - external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm - external/perl/Text-Template-1.56/t/author-pod-syntax.t - external/perl/Text-Template-1.56/t/author-signature.t - external/perl/Text-Template-1.56/t/basic.t - external/perl/Text-Template-1.56/t/broken.t - external/perl/Text-Template-1.56/t/delimiters.t - external/perl/Text-Template-1.56/t/error.t - external/perl/Text-Template-1.56/t/exported.t - external/perl/Text-Template-1.56/t/hash.t - external/perl/Text-Template-1.56/t/inline-comment.t - external/perl/Text-Template-1.56/t/nested-tags.t - external/perl/Text-Template-1.56/t/ofh.t - external/perl/Text-Template-1.56/t/out.t - external/perl/Text-Template-1.56/t/prepend.t - external/perl/Text-Template-1.56/t/preprocess.t - external/perl/Text-Template-1.56/t/rt29928.t - external/perl/Text-Template-1.56/t/safe.t - external/perl/Text-Template-1.56/t/safe2.t - external/perl/Text-Template-1.56/t/safe3.t - external/perl/Text-Template-1.56/t/strict.t - external/perl/Text-Template-1.56/t/taint.t - external/perl/Text-Template-1.56/t/template-encoding.t - external/perl/Text-Template-1.56/t/warnings.t - fuzz/README.md - fuzz/build.info - providers/build.info - providers/common/build.info - providers/common/der/build.info - providers/fips-sources.checksums - providers/fips.checksum - providers/fips.module.sources - providers/fips/build.info - providers/implementations/asymciphers/build.info - providers/implementations/build.info - providers/implementations/ciphers/build.info - providers/implementations/digests/build.info - providers/implementations/encode_decode/build.info - providers/implementations/exchange/build.info - providers/implementations/kdfs/build.info - providers/implementations/kem/build.info - providers/implementations/keymgmt/build.info - providers/implementations/macs/build.info - providers/implementations/rands/build.info - providers/implementations/rands/seeding/build.info - providers/implementations/signature/build.info - providers/implementations/storemgmt/build.info - ssl/build.info - ssl/record/README.md - ssl/statem/README.md - test/CAtsa.cnf - test/README-dev.md - test/README-external.md - test/README.md - test/README.ssltest.md - test/build.info - test/ca-and-certs.cnf - test/certs/alt1-cert.pem - test/certs/alt1-key.pem - test/certs/alt2-cert.pem - test/certs/alt2-key.pem - test/certs/alt3-cert.pem - test/certs/alt3-key.pem - test/certs/bad-othername-namec-inter.pem - test/certs/bad-othername-namec-key.pem - test/certs/bad-othername-namec.pem - test/certs/bad-pc3-cert.pem - test/certs/bad-pc3-key.pem - test/certs/bad-pc4-cert.pem - test/certs/bad-pc4-key.pem - test/certs/bad-pc6-cert.pem - test/certs/bad-pc6-key.pem - test/certs/bad.key - test/certs/bad.pem - test/certs/badalt1-cert.pem - test/certs/badalt1-key.pem - test/certs/badalt10-cert.pem - test/certs/badalt10-key.pem - test/certs/badalt2-cert.pem - test/certs/badalt2-key.pem - test/certs/badalt3-cert.pem - test/certs/badalt3-key.pem - test/certs/badalt4-cert.pem - test/certs/badalt4-key.pem - test/certs/badalt5-cert.pem - test/certs/badalt5-key.pem - test/certs/badalt6-cert.pem - test/certs/badalt6-key.pem - test/certs/badalt7-cert.pem - test/certs/badalt7-key.pem - test/certs/badalt8-cert.pem - test/certs/badalt8-key.pem - test/certs/badalt9-cert.pem - test/certs/badalt9-key.pem - test/certs/badcn1-cert.pem - test/certs/badcn1-key.pem - test/certs/ca+anyEKU.pem - test/certs/ca+clientAuth.pem - test/certs/ca+serverAuth.pem - test/certs/ca-anyEKU.pem - test/certs/ca-cert-768.pem - test/certs/ca-cert-768i.pem - test/certs/ca-cert-ec-explicit.pem - test/certs/ca-cert-ec-named.pem - test/certs/ca-cert-md5-any.pem - test/certs/ca-cert-md5.pem - test/certs/ca-cert.pem - test/certs/ca-cert2.pem - test/certs/ca-clientAuth.pem - test/certs/ca-expired.pem - test/certs/ca-key-768.pem - test/certs/ca-key-ec-explicit.pem - test/certs/ca-key-ec-named.pem - test/certs/ca-key.pem - test/certs/ca-key2.pem - test/certs/ca-name2.pem - test/certs/ca-nonbc.pem - test/certs/ca-nonca.pem - test/certs/ca-pss-cert.pem - test/certs/ca-pss-key.pem - test/certs/ca-root2.pem - test/certs/ca-serverAuth.pem - test/certs/cca+anyEKU.pem - test/certs/cca+clientAuth.pem - test/certs/cca+serverAuth.pem - test/certs/cca-anyEKU.pem - test/certs/cca-cert.pem - test/certs/cca-clientAuth.pem - test/certs/cca-serverAuth.pem - test/certs/cert-key-cert.pem - test/certs/client-ed25519-cert.pem - test/certs/client-ed25519-key.pem - test/certs/client-ed448-cert.pem - test/certs/client-ed448-key.pem - test/certs/croot+anyEKU.pem - test/certs/croot+clientAuth.pem - test/certs/croot+serverAuth.pem - test/certs/croot-anyEKU.pem - test/certs/croot-cert.pem - test/certs/croot-clientAuth.pem - test/certs/croot-serverAuth.pem - test/certs/cross-key.pem - test/certs/cross-root.pem - test/certs/ct-server-key-public.pem - test/certs/ct-server-key.pem - test/certs/cyrillic.msb - test/certs/cyrillic.pem - test/certs/cyrillic.utf8 - test/certs/cyrillic_crl.pem - test/certs/cyrillic_crl.utf8 - test/certs/dhk2048.pem - test/certs/dhp2048.pem - test/certs/ec_privkey_with_chain.pem - test/certs/ee+clientAuth.pem - test/certs/ee+serverAuth.pem - test/certs/ee-cert-1024.pem - test/certs/ee-cert-3072.pem - test/certs/ee-cert-4096.pem - test/certs/ee-cert-768.pem - test/certs/ee-cert-768i.pem - test/certs/ee-cert-8192.pem - test/certs/ee-cert-crit-unknown-ext.pem - test/certs/ee-cert-ec-explicit.pem - test/certs/ee-cert-ec-named-explicit.pem - test/certs/ee-cert-ec-named-named.pem - test/certs/ee-cert-md5.pem - test/certs/ee-cert-noncrit-unknown-ext.pem - test/certs/ee-cert-ocsp-nocheck.pem - test/certs/ee-cert.pem - test/certs/ee-cert2.pem - test/certs/ee-client-chain.pem - test/certs/ee-client.pem - test/certs/ee-clientAuth.pem - test/certs/ee-ecdsa-client-chain.pem - test/certs/ee-ecdsa-key.pem - test/certs/ee-ed25519.pem - test/certs/ee-expired.pem - test/certs/ee-key-1024.pem - test/certs/ee-key-3072.pem - test/certs/ee-key-4096.pem - test/certs/ee-key-768.pem - test/certs/ee-key-8192.pem - test/certs/ee-key-ec-explicit.pem - test/certs/ee-key-ec-named-explicit.pem - test/certs/ee-key-ec-named-named.pem - test/certs/ee-key.pem - test/certs/ee-name2.pem - test/certs/ee-pathlen.pem - test/certs/ee-pss-cert.pem - test/certs/ee-pss-sha1-cert.pem - test/certs/ee-pss-sha256-cert.pem - test/certs/ee-pss-wrong1.5-cert.pem - test/certs/ee-self-signed.pem - test/certs/ee-serverAuth.pem - test/certs/ee-ss-with-keyCertSign.pem - test/certs/embeddedSCTs1-key.pem - test/certs/embeddedSCTs1.pem - test/certs/embeddedSCTs1.sct - test/certs/embeddedSCTs1.tlssct - test/certs/embeddedSCTs1_issuer-key.pem - test/certs/embeddedSCTs1_issuer.pem - test/certs/embeddedSCTs3.pem - test/certs/embeddedSCTs3.sct - test/certs/embeddedSCTs3_issuer.pem - test/certs/ext-check.csr - test/certs/fake-gp.pem - test/certs/goodcn1-cert.pem - test/certs/goodcn1-key.pem - test/certs/goodcn2-cert.pem - test/certs/goodcn2-chain.pem - test/certs/goodcn2-key.pem - test/certs/grfc.pem - test/certs/interCA.key - test/certs/interCA.pem - test/certs/invalid-cert.pem - test/certs/key-pass-12345.pem - test/certs/leaf-chain.pem - test/certs/leaf-encrypted.key - test/certs/leaf.key - test/certs/leaf.pem - test/certs/many-constraints.pem - test/certs/many-names1.pem - test/certs/many-names2.pem - test/certs/many-names3.pem - test/certs/nca+anyEKU.pem - test/certs/nca+serverAuth.pem - test/certs/ncca-cert.pem - test/certs/ncca-key.pem - test/certs/ncca1-cert.pem - test/certs/ncca1-key.pem - test/certs/ncca2-cert.pem - test/certs/ncca2-key.pem - test/certs/ncca3-cert.pem - test/certs/ncca3-key.pem - test/certs/nroot+anyEKU.pem - test/certs/nroot+serverAuth.pem - test/certs/p256-server-cert.pem - test/certs/p256-server-key.pem - test/certs/p384-root-key.pem - test/certs/p384-root.pem - test/certs/p384-server-cert.pem - test/certs/p384-server-key.pem - test/certs/pathlen.pem - test/certs/pc1-cert.pem - test/certs/pc1-key.pem - test/certs/pc2-cert.pem - test/certs/pc2-key.pem - test/certs/pc5-cert.pem - test/certs/pc5-key.pem - test/certs/root+anyEKU.pem - test/certs/root+clientAuth.pem - test/certs/root+serverAuth.pem - test/certs/root-anyEKU.pem - test/certs/root-cert-768.pem - test/certs/root-cert-md5.pem - test/certs/root-cert-rsa2.pem - test/certs/root-cert.pem - test/certs/root-cert2.pem - test/certs/root-clientAuth.pem - test/certs/root-cross-cert.pem - test/certs/root-ed25519.pem - test/certs/root-ed25519.privkey.pem - test/certs/root-ed25519.pubkey.pem - test/certs/root-ed448-cert.pem - test/certs/root-ed448-key.pem - test/certs/root-expired.pem - test/certs/root-key-768.pem - test/certs/root-key.pem - test/certs/root-key2.pem - test/certs/root-name2.pem - test/certs/root-nonca.pem - test/certs/root-noserver.pem - test/certs/root-serverAuth.pem - test/certs/root2+clientAuth.pem - test/certs/root2+serverAuth.pem - test/certs/root2-serverAuth.pem - test/certs/rootCA.key - test/certs/rootCA.pem - test/certs/rootcert.pem - test/certs/rootkey.pem - test/certs/roots.pem - test/certs/sca+anyEKU.pem - test/certs/sca+clientAuth.pem - test/certs/sca+serverAuth.pem - test/certs/sca-anyEKU.pem - test/certs/sca-cert.pem - test/certs/sca-clientAuth.pem - test/certs/sca-serverAuth.pem - test/certs/server-cecdsa-cert.pem - test/certs/server-cecdsa-key.pem - test/certs/server-dsa-cert.pem - test/certs/server-dsa-key.pem - test/certs/server-dsa-pubkey.pem - test/certs/server-ecdsa-brainpoolP256r1-cert.pem - test/certs/server-ecdsa-brainpoolP256r1-key.pem - test/certs/server-ecdsa-cert.pem - test/certs/server-ecdsa-key.pem - test/certs/server-ed25519-cert.pem - test/certs/server-ed25519-key.pem - test/certs/server-ed448-cert.pem - test/certs/server-ed448-key.pem - test/certs/server-pss-cert.pem - test/certs/server-pss-key.pem - test/certs/server-pss-restrict-cert.pem - test/certs/server-pss-restrict-key.pem - test/certs/server-trusted.pem - test/certs/servercert.pem - test/certs/serverkey.pem - test/certs/setup.sh - test/certs/sm2-ca-cert.pem - test/certs/sm2-csr.pem - test/certs/sm2-root.crt - test/certs/sm2-root.key - test/certs/sm2.key - test/certs/sm2.pem - test/certs/some-names1.pem - test/certs/some-names2.pem - test/certs/some-names3.pem - test/certs/sroot+anyEKU.pem - test/certs/sroot+clientAuth.pem - test/certs/sroot+serverAuth.pem - test/certs/sroot-anyEKU.pem - test/certs/sroot-cert.pem - test/certs/sroot-clientAuth.pem - test/certs/sroot-serverAuth.pem - test/certs/subinterCA-ss.pem - test/certs/subinterCA.key - test/certs/subinterCA.pem - test/certs/untrusted.pem - test/certs/v3-certs-RC2.p12 - test/certs/v3-certs-TDES.p12 - test/certs/wrongcert.pem - test/certs/wrongkey.pem - test/certs/x509-check-key.pem - test/certs/x509-check.csr - test/ct/log_list.cnf - test/ct/tls1.sct - test/d2i-tests/bad-cms.der - test/d2i-tests/bad-int-pad0.der - test/d2i-tests/bad-int-padminus1.der - test/d2i-tests/bad_bio.der - test/d2i-tests/bad_cert.der - test/d2i-tests/bad_generalname.der - test/d2i-tests/high_tag.der - test/d2i-tests/int0.der - test/d2i-tests/int1.der - test/d2i-tests/intminus1.der - test/danetest.pem - test/data.bin - test/data2.bin - test/default-and-fips.cnf - test/default-and-legacy.cnf - test/default.cnf - test/fips-alt.cnf - test/fips-and-base.cnf - test/fips.cnf - test/insta.priv.pem - test/insta_ca.cert.pem - test/legacy.cnf - test/ocsp-tests/D1.ors - test/ocsp-tests/D1_Cert_EE.pem - test/ocsp-tests/D1_Issuer_ICA.pem - test/ocsp-tests/D2.ors - test/ocsp-tests/D2_Cert_ICA.pem - test/ocsp-tests/D2_Issuer_Root.pem - test/ocsp-tests/D3.ors - test/ocsp-tests/D3_Cert_EE.pem - test/ocsp-tests/D3_Issuer_Root.pem - test/ocsp-tests/ISDOSC_D1.ors - test/ocsp-tests/ISDOSC_D2.ors - test/ocsp-tests/ISDOSC_D3.ors - test/ocsp-tests/ISIC_D1_Issuer_ICA.pem - test/ocsp-tests/ISIC_D2_Issuer_Root.pem - test/ocsp-tests/ISIC_D3_Issuer_Root.pem - test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem - test/ocsp-tests/ISIC_ND2_Issuer_Root.pem - test/ocsp-tests/ISIC_ND3_Issuer_Root.pem - test/ocsp-tests/ISOP_D1.ors - test/ocsp-tests/ISOP_D2.ors - test/ocsp-tests/ISOP_D3.ors - test/ocsp-tests/ISOP_ND1.ors - test/ocsp-tests/ISOP_ND2.ors - test/ocsp-tests/ISOP_ND3.ors - test/ocsp-tests/ND1.ors - test/ocsp-tests/ND1_Cert_EE.pem - test/ocsp-tests/ND1_Cross_Root.pem - test/ocsp-tests/ND1_Issuer_ICA-Cross.pem - test/ocsp-tests/ND1_Issuer_ICA.pem - test/ocsp-tests/ND2.ors - test/ocsp-tests/ND2_Cert_ICA.pem - test/ocsp-tests/ND2_Issuer_Root.pem - test/ocsp-tests/ND3.ors - test/ocsp-tests/ND3_Cert_EE.pem - test/ocsp-tests/ND3_Issuer_Root.pem - test/ocsp-tests/WIKH_D1.ors - test/ocsp-tests/WIKH_D2.ors - test/ocsp-tests/WIKH_D3.ors - test/ocsp-tests/WIKH_ND1.ors - test/ocsp-tests/WIKH_ND2.ors - test/ocsp-tests/WIKH_ND3.ors - test/ocsp-tests/WINH_D1.ors - test/ocsp-tests/WINH_D2.ors - test/ocsp-tests/WINH_D3.ors - test/ocsp-tests/WINH_ND1.ors - test/ocsp-tests/WINH_ND2.ors - test/ocsp-tests/WINH_ND3.ors - test/ocsp-tests/WKDOSC_D1.ors - test/ocsp-tests/WKDOSC_D2.ors - test/ocsp-tests/WKDOSC_D3.ors - test/ocsp-tests/WKIC_D1_Issuer_ICA.pem - test/ocsp-tests/WKIC_D2_Issuer_Root.pem - test/ocsp-tests/WKIC_D3_Issuer_Root.pem - test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem - test/ocsp-tests/WKIC_ND2_Issuer_Root.pem - test/ocsp-tests/WKIC_ND3_Issuer_Root.pem - test/ocsp-tests/WRID_D1.ors - test/ocsp-tests/WRID_D2.ors - test/ocsp-tests/WRID_D3.ors - test/ocsp-tests/WRID_ND1.ors - test/ocsp-tests/WRID_ND2.ors - test/ocsp-tests/WRID_ND3.ors - test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem - test/ocsp-tests/WSNIC_D2_Issuer_Root.pem - test/ocsp-tests/WSNIC_D3_Issuer_Root.pem - test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem - test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem - test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem - test/pkcs7-1.pem - test/pkcs7.pem - test/provider_internal_test.cnf.in - test/proxy.cnf - test/recipes/04-test_conf_data/dollarid_off.cnf - test/recipes/04-test_conf_data/dollarid_off.txt - test/recipes/04-test_conf_data/dollarid_on.cnf - test/recipes/04-test_conf_data/dollarid_on.txt - test/recipes/04-test_params_conversion_data/native_types.txt - test/recipes/04-test_pem_read_depr_data/dhparams.pem - test/recipes/04-test_pem_read_depr_data/dsaparams.pem - test/recipes/04-test_pem_read_depr_data/dsaprivatekey.pem - test/recipes/04-test_pem_read_depr_data/dsapublickey.pem - test/recipes/04-test_pem_read_depr_data/rsaprivatekey.pem - test/recipes/04-test_pem_read_depr_data/rsapublickey.pem - test/recipes/04-test_pem_read_depr_data/x942params.pem - test/recipes/04-test_pem_reading_data/NOTES.txt - test/recipes/04-test_pem_reading_data/beermug.pem - test/recipes/04-test_pem_reading_data/cert-1023line.pem - test/recipes/04-test_pem_reading_data/cert-1024line.pem - test/recipes/04-test_pem_reading_data/cert-1025line.pem - test/recipes/04-test_pem_reading_data/cert-254-chars-at-the-end.pem - test/recipes/04-test_pem_reading_data/cert-254-chars-in-the-middle.pem - test/recipes/04-test_pem_reading_data/cert-255line.pem - test/recipes/04-test_pem_reading_data/cert-256line.pem - test/recipes/04-test_pem_reading_data/cert-257line.pem - test/recipes/04-test_pem_reading_data/cert-blankline.pem - test/recipes/04-test_pem_reading_data/cert-bom.pem - test/recipes/04-test_pem_reading_data/cert-comment.pem - test/recipes/04-test_pem_reading_data/cert-earlypad.pem - test/recipes/04-test_pem_reading_data/cert-extrapad.pem - test/recipes/04-test_pem_reading_data/cert-infixwhitespace.pem - test/recipes/04-test_pem_reading_data/cert-junk.pem - test/recipes/04-test_pem_reading_data/cert-leadingwhitespace.pem - test/recipes/04-test_pem_reading_data/cert-longline.pem - test/recipes/04-test_pem_reading_data/cert-misalignedpad.pem - test/recipes/04-test_pem_reading_data/cert-onecolumn.pem - test/recipes/04-test_pem_reading_data/cert-oneline-multiple-of-254.pem - test/recipes/04-test_pem_reading_data/cert-oneline.pem - test/recipes/04-test_pem_reading_data/cert-shortandlongline.pem - test/recipes/04-test_pem_reading_data/cert-shortline.pem - test/recipes/04-test_pem_reading_data/cert-threecolumn.pem - test/recipes/04-test_pem_reading_data/cert-trailingwhitespace.pem - test/recipes/04-test_pem_reading_data/cert.pem - test/recipes/04-test_pem_reading_data/csr.pem - test/recipes/04-test_pem_reading_data/dsa-1023line.pem - test/recipes/04-test_pem_reading_data/dsa-1024line.pem - test/recipes/04-test_pem_reading_data/dsa-1025line.pem - test/recipes/04-test_pem_reading_data/dsa-255line.pem - test/recipes/04-test_pem_reading_data/dsa-256line.pem - test/recipes/04-test_pem_reading_data/dsa-257line.pem - test/recipes/04-test_pem_reading_data/dsa-blankline.pem - test/recipes/04-test_pem_reading_data/dsa-comment.pem - test/recipes/04-test_pem_reading_data/dsa-corruptedheader.pem - test/recipes/04-test_pem_reading_data/dsa-corruptiv.pem - test/recipes/04-test_pem_reading_data/dsa-earlypad.pem - test/recipes/04-test_pem_reading_data/dsa-extrapad.pem - test/recipes/04-test_pem_reading_data/dsa-infixwhitespace.pem - test/recipes/04-test_pem_reading_data/dsa-junk.pem - test/recipes/04-test_pem_reading_data/dsa-leadingwhitespace.pem - test/recipes/04-test_pem_reading_data/dsa-longline.pem - test/recipes/04-test_pem_reading_data/dsa-misalignedpad.pem - test/recipes/04-test_pem_reading_data/dsa-onecolumn.pem - test/recipes/04-test_pem_reading_data/dsa-oneline.pem - test/recipes/04-test_pem_reading_data/dsa-onelineheader.pem - test/recipes/04-test_pem_reading_data/dsa-shortandlongline.pem - test/recipes/04-test_pem_reading_data/dsa-shortline.pem - test/recipes/04-test_pem_reading_data/dsa-threecolumn.pem - test/recipes/04-test_pem_reading_data/dsa-trailingwhitespace.pem - test/recipes/04-test_pem_reading_data/dsa.pem - test/recipes/04-test_pem_reading_data/dsaparam.pem - test/recipes/04-test_pem_reading_data/key.pem - test/recipes/04-test_pem_reading_data/wellknown - test/recipes/15-test_dsaparam_data/invalid/p2048_q256_bad_q.pem - test/recipes/15-test_dsaparam_data/invalid/p768_q160_too_small.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q160_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q160_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q160_t1864.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q160_t1864_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q224_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q224_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q256_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p1024_q256_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q160_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q160_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q224_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q224_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q224_t1864.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q224_t1864_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q256_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q256_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q256_t1864.pem - test/recipes/15-test_dsaparam_data/valid/p2048_q256_t1864_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q160_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q160_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q224_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q224_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q256_t1862.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q256_t1862_gind1.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q256_t1864.pem - test/recipes/15-test_dsaparam_data/valid/p3072_q256_t1864_gind1.pem - test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem - test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem - test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem - test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem - test/recipes/15-test_ecparam_data/noncanon/c2pnb163v1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/c2pnb208w1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/secp160k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/secp192k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/secp224k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/secp256k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/secp521r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect113r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect113r2-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect163k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect163r2-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect193r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect193r2-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect233k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect233r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect239k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect283k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect283r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect409k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect409r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect571k1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/sect571r1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls1-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls10-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls11-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls3-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls4-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls5-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls8-explicit.pem - test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls9-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem - test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem - test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem - test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem - test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem - test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem - test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem - test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem - test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem - test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem - test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem - test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem - test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem - test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem - test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem - test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem - test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem - test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem - test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem - test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem - test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem - test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem - test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem - test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem - test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem - test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem - test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem - test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem - test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem - test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem - test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem - test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem - test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem - test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem - test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem - test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem - test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem - test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem - test/recipes/15-test_mp_rsa_data/plain_text - test/recipes/15-test_rsaoaep_data/plain_text - test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem - test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem - test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem - test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem - test/recipes/20-test_dhparam_check_data/valid/dh_5114_1.pem - test/recipes/20-test_dhparam_check_data/valid/dh_5114_2.pem - test/recipes/20-test_dhparam_check_data/valid/dh_5114_3.pem - test/recipes/20-test_dhparam_check_data/valid/dh_ffdhe2048.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_5114_2.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_ffdhe2048.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p1024_q160_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p1024_q160_t1864.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p1024_q224_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p1024_q256_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p2048_q160_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p2048_q224_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p2048_q224_t1864.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p2048_q256_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p2048_q256_t1864.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p3072_q160_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p3072_q224_t1862.pem - test/recipes/20-test_dhparam_check_data/valid/dhx_p3072_q256_t1862.pem - test/recipes/20-test_dhparam_data/pkcs3-2-1024.der - test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem - test/recipes/20-test_dhparam_data/pkcs3-2-2048.der - test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem - test/recipes/20-test_dhparam_data/pkcs3-5-1024.der - test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem - test/recipes/20-test_dhparam_data/x942-0-1024.der - test/recipes/20-test_dhparam_data/x942-0-1024.pem - test/recipes/25-test_eai_data/ascii_chain.pem - test/recipes/25-test_eai_data/ascii_leaf.pem - test/recipes/25-test_eai_data/san.ascii - test/recipes/25-test_eai_data/san.utf8 - test/recipes/25-test_eai_data/utf8_chain.pem - test/recipes/25-test_eai_data/utf8_leaf.pem - test/recipes/25-test_rusext_data/grfc.msb - test/recipes/25-test_rusext_data/grfc.utf8 - test/recipes/30-test_defltfips/fipsmodule.cnf - test/recipes/30-test_evp_data/evpciph_aes_stitched.txt - test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt - test/recipes/30-test_evp_data/evpkdf_x942_des.txt - test/recipes/30-test_evp_pkey_provided/DH.priv.der - test/recipes/30-test_evp_pkey_provided/DH.priv.pem - test/recipes/30-test_evp_pkey_provided/DH.priv.txt - test/recipes/30-test_evp_pkey_provided/DH.pub.der - test/recipes/30-test_evp_pkey_provided/DH.pub.pem - test/recipes/30-test_evp_pkey_provided/DH.pub.txt - test/recipes/30-test_evp_pkey_provided/DSA.priv.der - test/recipes/30-test_evp_pkey_provided/DSA.priv.pem - test/recipes/30-test_evp_pkey_provided/DSA.priv.txt - test/recipes/30-test_evp_pkey_provided/DSA.pub.der - test/recipes/30-test_evp_pkey_provided/DSA.pub.pem - test/recipes/30-test_evp_pkey_provided/DSA.pub.txt - test/recipes/30-test_evp_pkey_provided/EC.priv.der - test/recipes/30-test_evp_pkey_provided/EC.priv.pem - test/recipes/30-test_evp_pkey_provided/EC.priv.txt - test/recipes/30-test_evp_pkey_provided/EC.pub.der - test/recipes/30-test_evp_pkey_provided/EC.pub.pem - test/recipes/30-test_evp_pkey_provided/EC.pub.txt - test/recipes/30-test_evp_pkey_provided/ED25519.priv.der - test/recipes/30-test_evp_pkey_provided/ED25519.priv.pem - test/recipes/30-test_evp_pkey_provided/ED25519.priv.txt - test/recipes/30-test_evp_pkey_provided/ED25519.pub.der - test/recipes/30-test_evp_pkey_provided/ED25519.pub.pem - test/recipes/30-test_evp_pkey_provided/ED25519.pub.txt - test/recipes/30-test_evp_pkey_provided/ED448.priv.der - test/recipes/30-test_evp_pkey_provided/ED448.priv.pem - test/recipes/30-test_evp_pkey_provided/ED448.priv.txt - test/recipes/30-test_evp_pkey_provided/ED448.pub.der - test/recipes/30-test_evp_pkey_provided/ED448.pub.pem - test/recipes/30-test_evp_pkey_provided/ED448.pub.txt - test/recipes/30-test_evp_pkey_provided/RSA.priv.der - test/recipes/30-test_evp_pkey_provided/RSA.priv.pem - test/recipes/30-test_evp_pkey_provided/RSA.priv.txt - test/recipes/30-test_evp_pkey_provided/RSA.pub.der - test/recipes/30-test_evp_pkey_provided/RSA.pub.pem - test/recipes/30-test_evp_pkey_provided/RSA.pub.txt - test/recipes/30-test_evp_pkey_provided/X25519.priv.der - test/recipes/30-test_evp_pkey_provided/X25519.priv.pem - test/recipes/30-test_evp_pkey_provided/X25519.priv.txt - test/recipes/30-test_evp_pkey_provided/X25519.pub.der - test/recipes/30-test_evp_pkey_provided/X25519.pub.pem - test/recipes/30-test_evp_pkey_provided/X25519.pub.txt - test/recipes/30-test_evp_pkey_provided/X448.priv.der - test/recipes/30-test_evp_pkey_provided/X448.priv.pem - test/recipes/30-test_evp_pkey_provided/X448.priv.txt - test/recipes/30-test_evp_pkey_provided/X448.pub.der - test/recipes/30-test_evp_pkey_provided/X448.pub.pem - test/recipes/30-test_evp_pkey_provided/X448.pub.txt - test/recipes/61-test_bio_prefix_data/args1.pl - test/recipes/61-test_bio_prefix_data/args2.pl - test/recipes/61-test_bio_prefix_data/in1.txt - test/recipes/61-test_bio_prefix_data/in2.txt - test/recipes/61-test_bio_prefix_data/out1.txt - test/recipes/61-test_bio_prefix_data/out2.txt - test/recipes/65-test_cmp_client_data/client.crt - test/recipes/65-test_cmp_client_data/client.csr - test/recipes/65-test_cmp_client_data/client.key - test/recipes/65-test_cmp_client_data/server.crt - test/recipes/65-test_cmp_client_data/server.key - test/recipes/65-test_cmp_msg_data/new.key - test/recipes/65-test_cmp_msg_data/pkcs10.der - test/recipes/65-test_cmp_msg_data/server.crt - test/recipes/65-test_cmp_protect_data/EndEntity1.crt - test/recipes/65-test_cmp_protect_data/EndEntity2.crt - test/recipes/65-test_cmp_protect_data/IP_PBM.der - test/recipes/65-test_cmp_protect_data/IP_PBM.txt - test/recipes/65-test_cmp_protect_data/IR_protected.der - test/recipes/65-test_cmp_protect_data/IR_unprotected.der - test/recipes/65-test_cmp_protect_data/Intermediate_CA.crt - test/recipes/65-test_cmp_protect_data/Root_CA.crt - test/recipes/65-test_cmp_protect_data/server.crt - test/recipes/65-test_cmp_protect_data/server.pem - test/recipes/65-test_cmp_server_data/CR_protected_PBM_1234.der - test/recipes/65-test_cmp_vfy_data/EndEntity1.crt - test/recipes/65-test_cmp_vfy_data/EndEntity2.crt - test/recipes/65-test_cmp_vfy_data/IP_waitingStatus_PBM.der - test/recipes/65-test_cmp_vfy_data/IP_waitingStatus_PBM.txt - test/recipes/65-test_cmp_vfy_data/IR_protected.der - test/recipes/65-test_cmp_vfy_data/IR_protected_0_extraCerts.der - test/recipes/65-test_cmp_vfy_data/IR_protected_2_extraCerts.der - test/recipes/65-test_cmp_vfy_data/IR_rmprotection.der - test/recipes/65-test_cmp_vfy_data/IR_unprotected.der - test/recipes/65-test_cmp_vfy_data/Intermediate_CA.crt - test/recipes/65-test_cmp_vfy_data/Root_CA.crt - test/recipes/65-test_cmp_vfy_data/chain.txt - test/recipes/65-test_cmp_vfy_data/client.crt - test/recipes/65-test_cmp_vfy_data/insta.cert.pem - test/recipes/65-test_cmp_vfy_data/insta.priv.pem - test/recipes/65-test_cmp_vfy_data/insta_ca.cert.pem - test/recipes/65-test_cmp_vfy_data/server.crt - test/recipes/65-test_cmp_vfy_data/server.key - test/recipes/66-test_ossl_store_data/DH-params.pem - test/recipes/66-test_ossl_store_data/DHX-params.pem - test/recipes/66-test_ossl_store_data/DSA-params.pem - test/recipes/80-test_ca_data/revoked.key - test/recipes/80-test_cmp_http_data/Mock/12345.txt - test/recipes/80-test_cmp_http_data/Mock/big_issuing.crt - test/recipes/80-test_cmp_http_data/Mock/big_root.crt - test/recipes/80-test_cmp_http_data/Mock/big_server.crt - test/recipes/80-test_cmp_http_data/Mock/big_trusted.crt - test/recipes/80-test_cmp_http_data/Mock/csr.pem - test/recipes/80-test_cmp_http_data/Mock/empty.txt - test/recipes/80-test_cmp_http_data/Mock/issuing.crt - test/recipes/80-test_cmp_http_data/Mock/new.key - test/recipes/80-test_cmp_http_data/Mock/new_pass_12345.key - test/recipes/80-test_cmp_http_data/Mock/random.bin - test/recipes/80-test_cmp_http_data/Mock/root.crt - test/recipes/80-test_cmp_http_data/Mock/server.cnf - test/recipes/80-test_cmp_http_data/Mock/server.crt - test/recipes/80-test_cmp_http_data/Mock/server.key - test/recipes/80-test_cmp_http_data/Mock/signer.crt - test/recipes/80-test_cmp_http_data/Mock/signer.key - test/recipes/80-test_cmp_http_data/Mock/signer.p12 - test/recipes/80-test_cmp_http_data/Mock/signer_issuing.crt - test/recipes/80-test_cmp_http_data/Mock/signer_only.crt - test/recipes/80-test_cmp_http_data/Mock/signer_root.crt - test/recipes/80-test_cmp_http_data/Mock/test.cnf - test/recipes/80-test_cmp_http_data/Mock/trusted.crt - test/recipes/80-test_cmp_http_data/Mock/wrong_csr.pem - test/recipes/80-test_cmp_http_data/test_commands.csv - test/recipes/80-test_cmp_http_data/test_connection.csv - test/recipes/80-test_cmp_http_data/test_credentials.csv - test/recipes/80-test_cmp_http_data/test_enrollment.csv - test/recipes/80-test_cmp_http_data/test_verification.csv - test/recipes/80-test_cms_data/bad_signtime_attr.cms - test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms - test/recipes/80-test_cms_data/ct_multiple_attr.cms - test/recipes/80-test_cms_data/no_ct_attr.cms - test/recipes/80-test_cms_data/no_md_attr.cms - test/recipes/80-test_ocsp_data/cert.pem - test/recipes/80-test_ocsp_data/key.pem - test/recipes/80-test_ssl_old_data/dsa2048.pem - test/recipes/80-test_tsa_data/all-zero.tsq - test/recipes/80-test_tsa_data/comodo-aaa.pem - test/recipes/80-test_tsa_data/sectigo-all-zero.tsr - test/recipes/80-test_tsa_data/sectigo-signer.pem - test/recipes/80-test_tsa_data/sectigo-time-stamping-ca.pem - test/recipes/80-test_tsa_data/user-trust-ca-aaa.pem - test/recipes/80-test_tsa_data/user-trust-ca.pem - test/recipes/90-test_gost_data/server-cert2001.pem - test/recipes/90-test_gost_data/server-cert2012.pem - test/recipes/90-test_gost_data/server-key2001.pem - test/recipes/90-test_gost_data/server-key2012.pem - test/recipes/90-test_includes.t - test/recipes/90-test_includes_data/conf-includes/includes1.cnf - test/recipes/90-test_includes_data/conf-includes/includes2.cnf - test/recipes/90-test_includes_data/incdir.cnf - test/recipes/90-test_includes_data/includes-broken.cnf - test/recipes/90-test_includes_data/includes-eq-ws.cnf - test/recipes/90-test_includes_data/includes-eq.cnf - test/recipes/90-test_includes_data/includes-file.cnf - test/recipes/90-test_includes_data/includes.cnf - test/recipes/90-test_includes_data/vms-includes-file.cnf - test/recipes/90-test_includes_data/vms-includes.cnf - test/recipes/90-test_sslapi_data/passwd.txt - test/recipes/90-test_store_data/dsaparam.pem - test/recipes/90-test_store_data/rsa-key-2432.pem - test/recipes/90-test_store_data/testrsa.msb - test/recipes/90-test_store_data/testrsa.pvk - test/recipes/90-test_threads_data/rsakey.pem - test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem - test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem - test/recipes/91-test_pkey_check_data/sm2_bad_0.pem - test/recipes/91-test_pkey_check_data/sm2_bad_1.pem - test/recipes/91-test_pkey_check_data/sm2_bad_neg1.pem - test/recipes/ocsp-response.der - test/serverinfo.pem - test/serverinfo2.pem - test/session.pem - test/shibboleth.pfx - test/smcont.bin - test/smcont.txt - test/smcont_zero.txt - test/smime-certs/ca.cnf - test/smime-certs/smdh.pem - test/smime-certs/smdsa1.pem - test/smime-certs/smdsa2.pem - test/smime-certs/smdsa3.pem - test/smime-certs/smdsap.pem - test/smime-certs/smec1.pem - test/smime-certs/smec2.pem - test/smime-certs/smec3.pem - test/smime-certs/smroot.pem - test/smime-certs/smrsa1.pem - test/smime-certs/smrsa2.pem - test/smime-certs/smrsa3.pem - test/ssl-tests/01-simple.cnf - test/ssl-tests/02-protocol-version.cnf - test/ssl-tests/03-custom_verify.cnf - test/ssl-tests/04-client_auth.cnf - test/ssl-tests/04-client_auth.cnf.in - test/ssl-tests/05-sni.cnf - test/ssl-tests/06-sni-ticket.cnf - test/ssl-tests/07-dtls-protocol-version.cnf - test/ssl-tests/08-npn.cnf - test/ssl-tests/09-alpn.cnf - test/ssl-tests/10-resumption.cnf - test/ssl-tests/11-dtls_resumption.cnf - test/ssl-tests/12-ct.cnf - test/ssl-tests/13-fragmentation.cnf - test/ssl-tests/14-curves.cnf - test/ssl-tests/14-curves.cnf.in - test/ssl-tests/15-certstatus.cnf - test/ssl-tests/16-dtls-certstatus.cnf - test/ssl-tests/17-renegotiate.cnf - test/ssl-tests/18-dtls-renegotiate.cnf - test/ssl-tests/19-mac-then-encrypt.cnf - test/ssl-tests/20-cert-select.cnf - test/ssl-tests/20-cert-select.cnf.in - test/ssl-tests/21-key-update.cnf - test/ssl-tests/22-compression.cnf - test/ssl-tests/23-srp.cnf - test/ssl-tests/24-padding.cnf - test/ssl-tests/25-cipher.cnf - test/ssl-tests/26-tls13_client_auth.cnf - test/ssl-tests/27-ticket-appdata.cnf - test/ssl-tests/28-seclevel.cnf - test/ssl-tests/29-dtls-sctp-label-bug.cnf - test/ssl-tests/30-extended-master-secret.cnf - test/ssl_test.tmpl - test/ssl_test_ctx_test.cnf - test/sysdefault.cnf - test/test.cnf - test/testcrl.pem - test/testdsa.pem - test/testdsapub.pem - test/testec-p256.pem - test/testecpub-p256.pem - test/tested25519.pem - test/tested25519pub.pem - test/tested448.pem - test/tested448pub.pem - test/testp7.pem - test/testreq2.pem - test/testrsa.pem - test/testrsa2048.pem - test/testrsa_withattrs.der - test/testrsa_withattrs.pem - test/testrsapss.pem - test/testrsapssmandatory.pem - test/testrsapub.pem - test/testsid.pem - test/testx509.pem - test/v3-cert1.pem - test/v3-cert2.pem - test/v3_ca_exts.cnf - tools/build.info - util/build.info - util/c-compress-test.pl - util/echo.pl - util/engines.num - util/fips-checksums.sh - util/fix-deprecation - util/fix-includes.sed - util/indent.pro - util/lang-compress.pl - util/libcrypto.num - util/libssl.num - util/local_shlib.com.in - util/markdownlint.rb - util/missingcrypto-internal.txt - util/missingcrypto.txt - util/missingcrypto111.txt - util/missingmacro.txt - util/missingmacro111.txt - util/missingssl-internal.txt - util/missingssl.txt - util/missingssl111.txt - util/opensslwrap.sh - util/other-internal.syms - util/other.syms - util/perl/OpenSSL/Glob.pm - util/providers.num - util/shlib_wrap.sh.in - util/unlocal_shlib.com.in - util/withlibctx.pl - util/wrap.pl.in -Copyright: __NO_COPYRIGHT_NOR_LICENSE__ -License: __NO_COPYRIGHT_NOR_LICENSE__ - -Files: crypto/bn/README.pod - doc/internal/man3/OPENSSL_SA.pod - doc/internal/man3/OPTIONS.pod - doc/internal/man3/OSSL_DEPRECATED.pod - doc/internal/man3/OSSL_METHOD_STORE.pod - doc/internal/man3/cms_add1_signing_cert.pod - doc/internal/man3/evp_generic_fetch.pod - doc/internal/man3/evp_keymgmt_newdata.pod - doc/internal/man3/evp_keymgmt_util_export_to_provider.pod - doc/internal/man3/evp_md_get_number.pod - doc/internal/man3/evp_pkey_export_to_provider.pod - doc/internal/man3/evp_pkey_get1_ED25519.pod - doc/internal/man3/ossl_DER_w_begin_sequence.pod - doc/internal/man3/ossl_DER_w_bn.pod - doc/internal/man3/ossl_DER_w_precompiled.pod - doc/internal/man3/ossl_algorithm_do_all.pod - doc/internal/man3/ossl_cmp_X509_STORE_add1_certs.pod - doc/internal/man3/ossl_cmp_asn1_octet_string_set1.pod - doc/internal/man3/ossl_cmp_certreq_new.pod - doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod - doc/internal/man3/ossl_cmp_hdr_init.pod - doc/internal/man3/ossl_cmp_mock_srv_new.pod - doc/internal/man3/ossl_cmp_msg_check_update.pod - doc/internal/man3/ossl_cmp_msg_create.pod - doc/internal/man3/ossl_cmp_msg_protect.pod - doc/internal/man3/ossl_cmp_pkisi_get_status.pod - doc/internal/man3/ossl_cmp_print_log.pod - doc/internal/man3/ossl_ends_with_dirsep.pod - doc/internal/man3/ossl_global_properties_no_mirrored.pod - doc/internal/man3/ossl_init_thread_deregister.pod - doc/internal/man3/ossl_lib_ctx_get_data.pod - doc/internal/man3/ossl_method_construct.pod - doc/internal/man3/ossl_namemap_new.pod - doc/internal/man3/ossl_provider_add_conf_module.pod - doc/internal/man3/ossl_provider_new.pod - doc/internal/man3/ossl_punycode_decode.pod - doc/internal/man3/ossl_rand_get_entropy.pod - doc/internal/man3/ossl_random_add_conf_module.pod - doc/internal/man3/ossl_rsa_get0_all_params.pod - doc/internal/man3/x509v3_cache_extensions.pod - doc/internal/man7/DERlib.pod - doc/internal/man7/EVP_PKEY.pod - doc/internal/man7/VERSION.pod - doc/internal/man7/build.info.pod - doc/internal/man7/deprecation.pod - doc/man1/CA.pl.pod - doc/man1/openssl-asn1parse.pod.in - doc/man1/openssl-ca.pod.in - doc/man1/openssl-ciphers.pod.in - doc/man1/openssl-cmds.pod.in - doc/man1/openssl-cmp.pod.in - doc/man1/openssl-cms.pod.in - doc/man1/openssl-crl.pod.in - doc/man1/openssl-crl2pkcs7.pod.in - doc/man1/openssl-dgst.pod.in - doc/man1/openssl-dhparam.pod.in - doc/man1/openssl-dsa.pod.in - doc/man1/openssl-dsaparam.pod.in - doc/man1/openssl-ec.pod.in - doc/man1/openssl-ecparam.pod.in - doc/man1/openssl-enc.pod.in - doc/man1/openssl-engine.pod.in - doc/man1/openssl-errstr.pod.in - doc/man1/openssl-fipsinstall.pod.in - doc/man1/openssl-format-options.pod - doc/man1/openssl-gendsa.pod.in - doc/man1/openssl-genpkey.pod.in - doc/man1/openssl-genrsa.pod.in - doc/man1/openssl-info.pod.in - doc/man1/openssl-kdf.pod.in - doc/man1/openssl-list.pod.in - doc/man1/openssl-mac.pod.in - doc/man1/openssl-namedisplay-options.pod - doc/man1/openssl-nseq.pod.in - doc/man1/openssl-ocsp.pod.in - doc/man1/openssl-passphrase-options.pod - doc/man1/openssl-passwd.pod.in - doc/man1/openssl-pkcs12.pod.in - doc/man1/openssl-pkcs7.pod.in - doc/man1/openssl-pkcs8.pod.in - doc/man1/openssl-pkey.pod.in - doc/man1/openssl-pkeyparam.pod.in - doc/man1/openssl-pkeyutl.pod.in - doc/man1/openssl-prime.pod.in - doc/man1/openssl-rand.pod.in - doc/man1/openssl-rehash.pod.in - doc/man1/openssl-req.pod.in - doc/man1/openssl-rsa.pod.in - doc/man1/openssl-rsautl.pod.in - doc/man1/openssl-s_client.pod.in - doc/man1/openssl-s_server.pod.in - doc/man1/openssl-s_time.pod.in - doc/man1/openssl-sess_id.pod.in - doc/man1/openssl-smime.pod.in - doc/man1/openssl-speed.pod.in - doc/man1/openssl-spkac.pod.in - doc/man1/openssl-srp.pod.in - doc/man1/openssl-storeutl.pod.in - doc/man1/openssl-ts.pod.in - doc/man1/openssl-verification-options.pod - doc/man1/openssl-verify.pod.in - doc/man1/openssl-version.pod.in - doc/man1/openssl-x509.pod.in - doc/man1/openssl.pod - doc/man1/tsget.pod - doc/man3/ADMISSIONS.pod - doc/man3/ASN1_EXTERN_FUNCS.pod - doc/man3/ASN1_INTEGER_get_int64.pod - doc/man3/ASN1_INTEGER_new.pod - doc/man3/ASN1_ITEM_lookup.pod - doc/man3/ASN1_OBJECT_new.pod - doc/man3/ASN1_STRING_TABLE_add.pod - doc/man3/ASN1_STRING_length.pod - doc/man3/ASN1_STRING_new.pod - doc/man3/ASN1_STRING_print_ex.pod - doc/man3/ASN1_TIME_set.pod - doc/man3/ASN1_TYPE_get.pod - doc/man3/ASN1_aux_cb.pod - doc/man3/ASN1_generate_nconf.pod - doc/man3/ASN1_item_d2i_bio.pod - doc/man3/ASN1_item_new.pod - doc/man3/ASN1_item_sign.pod - doc/man3/ASYNC_WAIT_CTX_new.pod - doc/man3/ASYNC_start_job.pod - doc/man3/BF_encrypt.pod - doc/man3/BIO_ADDR.pod - doc/man3/BIO_ADDRINFO.pod - doc/man3/BIO_connect.pod - doc/man3/BIO_ctrl.pod - doc/man3/BIO_f_base64.pod - doc/man3/BIO_f_buffer.pod - doc/man3/BIO_f_cipher.pod - doc/man3/BIO_f_md.pod - doc/man3/BIO_f_null.pod - doc/man3/BIO_f_prefix.pod - doc/man3/BIO_f_readbuffer.pod - doc/man3/BIO_f_ssl.pod - doc/man3/BIO_find_type.pod - doc/man3/BIO_get_data.pod - doc/man3/BIO_get_ex_new_index.pod - doc/man3/BIO_meth_new.pod - doc/man3/BIO_new.pod - doc/man3/BIO_new_CMS.pod - doc/man3/BIO_parse_hostserv.pod - doc/man3/BIO_printf.pod - doc/man3/BIO_push.pod - doc/man3/BIO_read.pod - doc/man3/BIO_s_accept.pod - doc/man3/BIO_s_bio.pod - doc/man3/BIO_s_connect.pod - doc/man3/BIO_s_core.pod - doc/man3/BIO_s_fd.pod - doc/man3/BIO_s_file.pod - doc/man3/BIO_s_mem.pod - doc/man3/BIO_s_null.pod - doc/man3/BIO_s_socket.pod - doc/man3/BIO_set_callback.pod - doc/man3/BIO_should_retry.pod - doc/man3/BIO_socket_wait.pod - doc/man3/BN_BLINDING_new.pod - doc/man3/BN_CTX_new.pod - doc/man3/BN_CTX_start.pod - doc/man3/BN_add.pod - doc/man3/BN_add_word.pod - doc/man3/BN_bn2bin.pod - doc/man3/BN_cmp.pod - doc/man3/BN_copy.pod - doc/man3/BN_generate_prime.pod - doc/man3/BN_mod_exp_mont.pod - doc/man3/BN_mod_inverse.pod - doc/man3/BN_mod_mul_montgomery.pod - doc/man3/BN_mod_mul_reciprocal.pod - doc/man3/BN_new.pod - doc/man3/BN_num_bytes.pod - doc/man3/BN_rand.pod - doc/man3/BN_security_bits.pod - doc/man3/BN_set_bit.pod - doc/man3/BN_swap.pod - doc/man3/BN_zero.pod - doc/man3/BUF_MEM_new.pod - doc/man3/CMS_EncryptedData_decrypt.pod - doc/man3/CMS_EncryptedData_encrypt.pod - doc/man3/CMS_EnvelopedData_create.pod - doc/man3/CMS_add0_cert.pod - doc/man3/CMS_add1_recipient_cert.pod - doc/man3/CMS_add1_signer.pod - doc/man3/CMS_compress.pod - doc/man3/CMS_data_create.pod - doc/man3/CMS_decrypt.pod - doc/man3/CMS_digest_create.pod - doc/man3/CMS_encrypt.pod - doc/man3/CMS_final.pod - doc/man3/CMS_get0_RecipientInfos.pod - doc/man3/CMS_get0_SignerInfos.pod - doc/man3/CMS_get0_type.pod - doc/man3/CMS_get1_ReceiptRequest.pod - doc/man3/CMS_sign.pod - doc/man3/CMS_sign_receipt.pod - doc/man3/CMS_uncompress.pod - doc/man3/CMS_verify.pod - doc/man3/CMS_verify_receipt.pod - doc/man3/CONF_modules_free.pod - doc/man3/CONF_modules_load_file.pod - doc/man3/CRYPTO_THREAD_run_once.pod - doc/man3/CRYPTO_get_ex_new_index.pod - doc/man3/CRYPTO_memcmp.pod - doc/man3/CTLOG_STORE_get0_log_by_id.pod - doc/man3/CTLOG_STORE_new.pod - doc/man3/CTLOG_new.pod - doc/man3/CT_POLICY_EVAL_CTX_new.pod - doc/man3/DEFINE_STACK_OF.pod - doc/man3/DES_random_key.pod - doc/man3/DH_generate_key.pod - doc/man3/DH_generate_parameters.pod - doc/man3/DH_get0_pqg.pod - doc/man3/DH_get_1024_160.pod - doc/man3/DH_meth_new.pod - doc/man3/DH_new.pod - doc/man3/DH_new_by_nid.pod - doc/man3/DH_set_method.pod - doc/man3/DH_size.pod - doc/man3/DSA_SIG_new.pod - doc/man3/DSA_do_sign.pod - doc/man3/DSA_dup_DH.pod - doc/man3/DSA_generate_key.pod - doc/man3/DSA_generate_parameters.pod - doc/man3/DSA_get0_pqg.pod - doc/man3/DSA_meth_new.pod - doc/man3/DSA_new.pod - doc/man3/DSA_set_method.pod - doc/man3/DSA_sign.pod - doc/man3/DSA_size.pod - doc/man3/DTLS_get_data_mtu.pod - doc/man3/DTLS_set_timer_cb.pod - doc/man3/DTLSv1_listen.pod - doc/man3/ECDSA_SIG_new.pod - doc/man3/ECPKParameters_print.pod - doc/man3/EC_GFp_simple_method.pod - doc/man3/EC_GROUP_copy.pod - doc/man3/EC_GROUP_new.pod - doc/man3/EC_KEY_get_enc_flags.pod - doc/man3/EC_KEY_new.pod - doc/man3/EC_POINT_add.pod - doc/man3/EC_POINT_new.pod - doc/man3/ENGINE_add.pod - doc/man3/ERR_GET_LIB.pod - doc/man3/ERR_clear_error.pod - doc/man3/ERR_error_string.pod - doc/man3/ERR_get_error.pod - doc/man3/ERR_load_crypto_strings.pod - doc/man3/ERR_load_strings.pod - doc/man3/ERR_new.pod - doc/man3/ERR_print_errors.pod - doc/man3/ERR_remove_state.pod - doc/man3/ERR_set_mark.pod - doc/man3/EVP_ASYM_CIPHER_free.pod - doc/man3/EVP_BytesToKey.pod - doc/man3/EVP_CIPHER_CTX_get_cipher_data.pod - doc/man3/EVP_CIPHER_CTX_get_original_iv.pod - doc/man3/EVP_CIPHER_meth_new.pod - doc/man3/EVP_DigestInit.pod - doc/man3/EVP_DigestSignInit.pod - doc/man3/EVP_DigestVerifyInit.pod - doc/man3/EVP_EncodeInit.pod - doc/man3/EVP_EncryptInit.pod - doc/man3/EVP_KDF.pod - doc/man3/EVP_KEM_free.pod - doc/man3/EVP_KEYEXCH_free.pod - doc/man3/EVP_KEYMGMT.pod - doc/man3/EVP_MAC.pod - doc/man3/EVP_MD_meth_new.pod - doc/man3/EVP_OpenInit.pod - doc/man3/EVP_PBE_CipherInit.pod - doc/man3/EVP_PKEY2PKCS8.pod - doc/man3/EVP_PKEY_ASN1_METHOD.pod - doc/man3/EVP_PKEY_CTX_ctrl.pod - doc/man3/EVP_PKEY_CTX_get0_libctx.pod - doc/man3/EVP_PKEY_CTX_new.pod - doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod - doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod - doc/man3/EVP_PKEY_CTX_set_params.pod - doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod - doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod - doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod - doc/man3/EVP_PKEY_asn1_get_count.pod - doc/man3/EVP_PKEY_check.pod - doc/man3/EVP_PKEY_copy_parameters.pod - doc/man3/EVP_PKEY_decapsulate.pod - doc/man3/EVP_PKEY_decrypt.pod - doc/man3/EVP_PKEY_derive.pod - doc/man3/EVP_PKEY_digestsign_supports_digest.pod - doc/man3/EVP_PKEY_encapsulate.pod - doc/man3/EVP_PKEY_encrypt.pod - doc/man3/EVP_PKEY_fromdata.pod - doc/man3/EVP_PKEY_get_default_digest_nid.pod - doc/man3/EVP_PKEY_get_field_type.pod - doc/man3/EVP_PKEY_get_group_name.pod - doc/man3/EVP_PKEY_get_size.pod - doc/man3/EVP_PKEY_gettable_params.pod - doc/man3/EVP_PKEY_is_a.pod - doc/man3/EVP_PKEY_keygen.pod - doc/man3/EVP_PKEY_meth_get_count.pod - doc/man3/EVP_PKEY_meth_new.pod - doc/man3/EVP_PKEY_new.pod - doc/man3/EVP_PKEY_print_private.pod - doc/man3/EVP_PKEY_set1_RSA.pod - doc/man3/EVP_PKEY_set1_encoded_public_key.pod - doc/man3/EVP_PKEY_set_type.pod - doc/man3/EVP_PKEY_settable_params.pod - doc/man3/EVP_PKEY_sign.pod - doc/man3/EVP_PKEY_todata.pod - doc/man3/EVP_PKEY_verify.pod - doc/man3/EVP_PKEY_verify_recover.pod - doc/man3/EVP_RAND.pod - doc/man3/EVP_SIGNATURE.pod - doc/man3/EVP_SealInit.pod - doc/man3/EVP_SignInit.pod - doc/man3/EVP_VerifyInit.pod - doc/man3/EVP_aes_128_gcm.pod - doc/man3/EVP_aria_128_gcm.pod - doc/man3/EVP_bf_cbc.pod - doc/man3/EVP_blake2b512.pod - doc/man3/EVP_camellia_128_ecb.pod - doc/man3/EVP_cast5_cbc.pod - doc/man3/EVP_chacha20.pod - doc/man3/EVP_des_cbc.pod - doc/man3/EVP_desx_cbc.pod - doc/man3/EVP_idea_cbc.pod - doc/man3/EVP_md2.pod - doc/man3/EVP_md4.pod - doc/man3/EVP_md5.pod - doc/man3/EVP_mdc2.pod - doc/man3/EVP_rc2_cbc.pod - doc/man3/EVP_rc4.pod - doc/man3/EVP_rc5_32_12_16_cbc.pod - doc/man3/EVP_ripemd160.pod - doc/man3/EVP_seed_cbc.pod - doc/man3/EVP_set_default_properties.pod - doc/man3/EVP_sha1.pod - doc/man3/EVP_sha224.pod - doc/man3/EVP_sha3_224.pod - doc/man3/EVP_sm3.pod - doc/man3/EVP_sm4_cbc.pod - doc/man3/EVP_whirlpool.pod - doc/man3/HMAC.pod - doc/man3/MD5.pod - doc/man3/MDC2_Init.pod - doc/man3/NCONF_new_ex.pod - doc/man3/OBJ_nid2obj.pod - doc/man3/OCSP_REQUEST_new.pod - doc/man3/OCSP_cert_to_id.pod - doc/man3/OCSP_request_add1_nonce.pod - doc/man3/OCSP_resp_find_status.pod - doc/man3/OCSP_response_status.pod - doc/man3/OCSP_sendreq_new.pod - doc/man3/OPENSSL_Applink.pod - doc/man3/OPENSSL_FILE.pod - doc/man3/OPENSSL_LH_COMPFUNC.pod - doc/man3/OPENSSL_LH_stats.pod - doc/man3/OPENSSL_config.pod - doc/man3/OPENSSL_fork_prepare.pod - doc/man3/OPENSSL_hexchar2int.pod - doc/man3/OPENSSL_ia32cap.pod - doc/man3/OPENSSL_init_crypto.pod - doc/man3/OPENSSL_init_ssl.pod - doc/man3/OPENSSL_instrument_bus.pod - doc/man3/OPENSSL_load_builtin_modules.pod - doc/man3/OPENSSL_malloc.pod - doc/man3/OPENSSL_s390xcap.pod - doc/man3/OPENSSL_secure_malloc.pod - doc/man3/OSSL_CMP_CTX_new.pod - doc/man3/OSSL_CMP_HDR_get0_transactionID.pod - doc/man3/OSSL_CMP_ITAV_set0.pod - doc/man3/OSSL_CMP_MSG_get0_header.pod - doc/man3/OSSL_CMP_MSG_http_perform.pod - doc/man3/OSSL_CMP_SRV_CTX_new.pod - doc/man3/OSSL_CMP_STATUSINFO_new.pod - doc/man3/OSSL_CMP_exec_certreq.pod - doc/man3/OSSL_CMP_log_open.pod - doc/man3/OSSL_CMP_validate_msg.pod - doc/man3/OSSL_CORE_MAKE_FUNC.pod - doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod - doc/man3/OSSL_CRMF_MSG_set0_validity.pod - doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod - doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod - doc/man3/OSSL_CRMF_pbmp_new.pod - doc/man3/OSSL_DECODER.pod - doc/man3/OSSL_DECODER_CTX.pod - doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod - doc/man3/OSSL_DECODER_from_bio.pod - doc/man3/OSSL_ENCODER.pod - doc/man3/OSSL_ENCODER_CTX.pod - doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod - doc/man3/OSSL_ENCODER_to_bio.pod - doc/man3/OSSL_ESS_check_signing_certs.pod - doc/man3/OSSL_HTTP_REQ_CTX.pod - doc/man3/OSSL_HTTP_parse_url.pod - doc/man3/OSSL_HTTP_transfer.pod - doc/man3/OSSL_LIB_CTX.pod - doc/man3/OSSL_PARAM.pod - doc/man3/OSSL_PARAM_BLD.pod - doc/man3/OSSL_PARAM_allocate_from_text.pod - doc/man3/OSSL_PARAM_dup.pod - doc/man3/OSSL_PARAM_int.pod - doc/man3/OSSL_PROVIDER.pod - doc/man3/OSSL_SELF_TEST_new.pod - doc/man3/OSSL_SELF_TEST_set_callback.pod - doc/man3/OSSL_STORE_INFO.pod - doc/man3/OSSL_STORE_LOADER.pod - doc/man3/OSSL_STORE_SEARCH.pod - doc/man3/OSSL_STORE_attach.pod - doc/man3/OSSL_STORE_expect.pod - doc/man3/OSSL_STORE_open.pod - doc/man3/OSSL_trace_enabled.pod - doc/man3/OSSL_trace_get_category_num.pod - doc/man3/OSSL_trace_set_channel.pod - doc/man3/OpenSSL_add_all_algorithms.pod - doc/man3/OpenSSL_version.pod - doc/man3/PEM_X509_INFO_read_bio_ex.pod - doc/man3/PEM_bytes_read_bio.pod - doc/man3/PEM_read.pod - doc/man3/PEM_read_CMS.pod - doc/man3/PEM_read_bio_PrivateKey.pod - doc/man3/PEM_read_bio_ex.pod - doc/man3/PEM_write_bio_CMS_stream.pod - doc/man3/PEM_write_bio_PKCS7_stream.pod - doc/man3/PKCS12_PBE_keyivgen.pod - doc/man3/PKCS12_SAFEBAG_create_cert.pod - doc/man3/PKCS12_SAFEBAG_get0_attrs.pod - doc/man3/PKCS12_SAFEBAG_get1_cert.pod - doc/man3/PKCS12_add1_attr_by_NID.pod - doc/man3/PKCS12_add_CSPName_asc.pod - doc/man3/PKCS12_add_cert.pod - doc/man3/PKCS12_add_friendlyname_asc.pod - doc/man3/PKCS12_add_localkeyid.pod - doc/man3/PKCS12_add_safe.pod - doc/man3/PKCS12_create.pod - doc/man3/PKCS12_decrypt_skey.pod - doc/man3/PKCS12_gen_mac.pod - doc/man3/PKCS12_get_friendlyname.pod - doc/man3/PKCS12_init.pod - doc/man3/PKCS12_item_decrypt_d2i.pod - doc/man3/PKCS12_key_gen_utf8_ex.pod - doc/man3/PKCS12_newpass.pod - doc/man3/PKCS12_pack_p7encdata.pod - doc/man3/PKCS12_parse.pod - doc/man3/PKCS5_PBE_keyivgen.pod - doc/man3/PKCS5_PBKDF2_HMAC.pod - doc/man3/PKCS7_decrypt.pod - doc/man3/PKCS7_encrypt.pod - doc/man3/PKCS7_get_octet_string.pod - doc/man3/PKCS7_sign.pod - doc/man3/PKCS7_sign_add_signer.pod - doc/man3/PKCS7_type_is_other.pod - doc/man3/PKCS7_verify.pod - doc/man3/PKCS8_encrypt.pod - doc/man3/PKCS8_pkey_add1_attr.pod - doc/man3/RAND_add.pod - doc/man3/RAND_bytes.pod - doc/man3/RAND_cleanup.pod - doc/man3/RAND_egd.pod - doc/man3/RAND_get0_primary.pod - doc/man3/RAND_load_file.pod - doc/man3/RAND_set_DRBG_type.pod - doc/man3/RAND_set_rand_method.pod - doc/man3/RC4_set_key.pod - doc/man3/RIPEMD160_Init.pod - doc/man3/RSA_blinding_on.pod - doc/man3/RSA_check_key.pod - doc/man3/RSA_generate_key.pod - doc/man3/RSA_get0_key.pod - doc/man3/RSA_meth_new.pod - doc/man3/RSA_new.pod - doc/man3/RSA_padding_add_PKCS1_type_1.pod - doc/man3/RSA_print.pod - doc/man3/RSA_private_encrypt.pod - doc/man3/RSA_public_encrypt.pod - doc/man3/RSA_set_method.pod - doc/man3/RSA_sign.pod - doc/man3/RSA_sign_ASN1_OCTET_STRING.pod - doc/man3/RSA_size.pod - doc/man3/SCT_new.pod - doc/man3/SCT_print.pod - doc/man3/SCT_validate.pod - doc/man3/SHA256_Init.pod - doc/man3/SMIME_read_ASN1.pod - doc/man3/SMIME_read_CMS.pod - doc/man3/SMIME_read_PKCS7.pod - doc/man3/SMIME_write_ASN1.pod - doc/man3/SMIME_write_CMS.pod - doc/man3/SMIME_write_PKCS7.pod - doc/man3/SRP_Calc_B.pod - doc/man3/SRP_VBASE_new.pod - doc/man3/SRP_create_verifier.pod - doc/man3/SRP_user_pwd_new.pod - doc/man3/SSL_CIPHER_get_name.pod - doc/man3/SSL_COMP_add_compression_method.pod - doc/man3/SSL_CONF_CTX_new.pod - doc/man3/SSL_CONF_CTX_set1_prefix.pod - doc/man3/SSL_CONF_CTX_set_flags.pod - doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod - doc/man3/SSL_CONF_cmd.pod - doc/man3/SSL_CONF_cmd_argv.pod - doc/man3/SSL_CTX_add1_chain_cert.pod - doc/man3/SSL_CTX_add_extra_chain_cert.pod - doc/man3/SSL_CTX_add_session.pod - doc/man3/SSL_CTX_config.pod - doc/man3/SSL_CTX_ctrl.pod - doc/man3/SSL_CTX_dane_enable.pod - doc/man3/SSL_CTX_flush_sessions.pod - doc/man3/SSL_CTX_free.pod - doc/man3/SSL_CTX_get0_param.pod - doc/man3/SSL_CTX_get_verify_mode.pod - doc/man3/SSL_CTX_has_client_custom_ext.pod - doc/man3/SSL_CTX_load_verify_locations.pod - doc/man3/SSL_CTX_new.pod - doc/man3/SSL_CTX_sess_number.pod - doc/man3/SSL_CTX_sess_set_cache_size.pod - doc/man3/SSL_CTX_sess_set_get_cb.pod - doc/man3/SSL_CTX_sessions.pod - doc/man3/SSL_CTX_set0_CA_list.pod - doc/man3/SSL_CTX_set1_curves.pod - doc/man3/SSL_CTX_set1_sigalgs.pod - doc/man3/SSL_CTX_set1_verify_cert_store.pod - doc/man3/SSL_CTX_set_alpn_select_cb.pod - doc/man3/SSL_CTX_set_cert_cb.pod - doc/man3/SSL_CTX_set_cert_store.pod - doc/man3/SSL_CTX_set_cert_verify_callback.pod - doc/man3/SSL_CTX_set_cipher_list.pod - doc/man3/SSL_CTX_set_client_cert_cb.pod - doc/man3/SSL_CTX_set_client_hello_cb.pod - doc/man3/SSL_CTX_set_ct_validation_callback.pod - doc/man3/SSL_CTX_set_ctlog_list_file.pod - doc/man3/SSL_CTX_set_default_passwd_cb.pod - doc/man3/SSL_CTX_set_generate_session_id.pod - doc/man3/SSL_CTX_set_info_callback.pod - doc/man3/SSL_CTX_set_keylog_callback.pod - doc/man3/SSL_CTX_set_max_cert_list.pod - doc/man3/SSL_CTX_set_min_proto_version.pod - doc/man3/SSL_CTX_set_mode.pod - doc/man3/SSL_CTX_set_msg_callback.pod - doc/man3/SSL_CTX_set_num_tickets.pod - doc/man3/SSL_CTX_set_options.pod - doc/man3/SSL_CTX_set_psk_client_callback.pod - doc/man3/SSL_CTX_set_quiet_shutdown.pod - doc/man3/SSL_CTX_set_read_ahead.pod - doc/man3/SSL_CTX_set_record_padding_callback.pod - doc/man3/SSL_CTX_set_security_level.pod - doc/man3/SSL_CTX_set_session_cache_mode.pod - doc/man3/SSL_CTX_set_session_id_context.pod - doc/man3/SSL_CTX_set_session_ticket_cb.pod - doc/man3/SSL_CTX_set_split_send_fragment.pod - doc/man3/SSL_CTX_set_srp_password.pod - doc/man3/SSL_CTX_set_ssl_version.pod - doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod - doc/man3/SSL_CTX_set_timeout.pod - doc/man3/SSL_CTX_set_tlsext_servername_callback.pod - doc/man3/SSL_CTX_set_tlsext_status_cb.pod - doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod - doc/man3/SSL_CTX_set_tlsext_use_srtp.pod - doc/man3/SSL_CTX_set_tmp_dh_callback.pod - doc/man3/SSL_CTX_set_tmp_ecdh.pod - doc/man3/SSL_CTX_set_verify.pod - doc/man3/SSL_CTX_use_certificate.pod - doc/man3/SSL_CTX_use_psk_identity_hint.pod - doc/man3/SSL_CTX_use_serverinfo.pod - doc/man3/SSL_SESSION_free.pod - doc/man3/SSL_SESSION_get0_cipher.pod - doc/man3/SSL_SESSION_get0_hostname.pod - doc/man3/SSL_SESSION_get0_id_context.pod - doc/man3/SSL_SESSION_get0_peer.pod - doc/man3/SSL_SESSION_get_compress_id.pod - doc/man3/SSL_SESSION_get_protocol_version.pod - doc/man3/SSL_SESSION_get_time.pod - doc/man3/SSL_SESSION_has_ticket.pod - doc/man3/SSL_SESSION_is_resumable.pod - doc/man3/SSL_SESSION_print.pod - doc/man3/SSL_SESSION_set1_id.pod - doc/man3/SSL_accept.pod - doc/man3/SSL_alert_type_string.pod - doc/man3/SSL_alloc_buffers.pod - doc/man3/SSL_check_chain.pod - doc/man3/SSL_clear.pod - doc/man3/SSL_connect.pod - doc/man3/SSL_do_handshake.pod - doc/man3/SSL_export_keying_material.pod - doc/man3/SSL_extension_supported.pod - doc/man3/SSL_free.pod - doc/man3/SSL_get0_peer_scts.pod - doc/man3/SSL_get_SSL_CTX.pod - doc/man3/SSL_get_all_async_fds.pod - doc/man3/SSL_get_certificate.pod - doc/man3/SSL_get_ciphers.pod - doc/man3/SSL_get_client_random.pod - doc/man3/SSL_get_current_cipher.pod - doc/man3/SSL_get_default_timeout.pod - doc/man3/SSL_get_error.pod - doc/man3/SSL_get_extms_support.pod - doc/man3/SSL_get_fd.pod - doc/man3/SSL_get_peer_cert_chain.pod - doc/man3/SSL_get_peer_certificate.pod - doc/man3/SSL_get_peer_signature_nid.pod - doc/man3/SSL_get_peer_tmp_key.pod - doc/man3/SSL_get_psk_identity.pod - doc/man3/SSL_get_rbio.pod - doc/man3/SSL_get_session.pod - doc/man3/SSL_get_shared_sigalgs.pod - doc/man3/SSL_get_verify_result.pod - doc/man3/SSL_get_version.pod - doc/man3/SSL_group_to_name.pod - doc/man3/SSL_in_init.pod - doc/man3/SSL_key_update.pod - doc/man3/SSL_library_init.pod - doc/man3/SSL_load_client_CA_file.pod - doc/man3/SSL_new.pod - doc/man3/SSL_pending.pod - doc/man3/SSL_read.pod - doc/man3/SSL_read_early_data.pod - doc/man3/SSL_rstate_string.pod - doc/man3/SSL_session_reused.pod - doc/man3/SSL_set1_host.pod - doc/man3/SSL_set_async_callback.pod - doc/man3/SSL_set_bio.pod - doc/man3/SSL_set_connect_state.pod - doc/man3/SSL_set_fd.pod - doc/man3/SSL_set_retry_verify.pod - doc/man3/SSL_set_session.pod - doc/man3/SSL_set_shutdown.pod - doc/man3/SSL_set_verify_result.pod - doc/man3/SSL_shutdown.pod - doc/man3/SSL_state_string.pod - doc/man3/SSL_want.pod - doc/man3/SSL_write.pod - doc/man3/TS_RESP_CTX_new.pod - doc/man3/TS_VERIFY_CTX_set_certs.pod - doc/man3/UI_STRING.pod - doc/man3/UI_UTIL_read_pw.pod - doc/man3/UI_create_method.pod - doc/man3/UI_new.pod - doc/man3/X509V3_get_d2i.pod - doc/man3/X509V3_set_ctx.pod - doc/man3/X509_ALGOR_dup.pod - doc/man3/X509_CRL_get0_by_serial.pod - doc/man3/X509_EXTENSION_set_object.pod - doc/man3/X509_LOOKUP.pod - doc/man3/X509_LOOKUP_hash_dir.pod - doc/man3/X509_LOOKUP_meth_new.pod - doc/man3/X509_NAME_ENTRY_get_object.pod - doc/man3/X509_NAME_add_entry_by_txt.pod - doc/man3/X509_NAME_get0_der.pod - doc/man3/X509_NAME_get_index_by_NID.pod - doc/man3/X509_NAME_print_ex.pod - doc/man3/X509_PUBKEY_new.pod - doc/man3/X509_SIG_get0.pod - doc/man3/X509_STORE_CTX_get_error.pod - doc/man3/X509_STORE_CTX_new.pod - doc/man3/X509_STORE_CTX_set_verify_cb.pod - doc/man3/X509_STORE_add_cert.pod - doc/man3/X509_STORE_get0_param.pod - doc/man3/X509_STORE_new.pod - doc/man3/X509_STORE_set_verify_cb_func.pod - doc/man3/X509_VERIFY_PARAM_set_flags.pod - doc/man3/X509_add_cert.pod - doc/man3/X509_check_ca.pod - doc/man3/X509_check_host.pod - doc/man3/X509_check_issued.pod - doc/man3/X509_check_private_key.pod - doc/man3/X509_check_purpose.pod - doc/man3/X509_cmp.pod - doc/man3/X509_cmp_time.pod - doc/man3/X509_digest.pod - doc/man3/X509_dup.pod - doc/man3/X509_get0_distinguishing_id.pod - doc/man3/X509_get0_notBefore.pod - doc/man3/X509_get0_signature.pod - doc/man3/X509_get0_uids.pod - doc/man3/X509_get_extension_flags.pod - doc/man3/X509_get_pubkey.pod - doc/man3/X509_get_serialNumber.pod - doc/man3/X509_get_subject_name.pod - doc/man3/X509_get_version.pod - doc/man3/X509_load_http.pod - doc/man3/X509_new.pod - doc/man3/X509_sign.pod - doc/man3/X509_verify.pod - doc/man3/X509_verify_cert.pod - doc/man3/X509v3_get_ext_by_NID.pod - doc/man3/b2i_PVK_bio_ex.pod - doc/man3/d2i_PKCS8PrivateKey_bio.pod - doc/man3/d2i_PrivateKey.pod - doc/man3/d2i_RSAPrivateKey.pod - doc/man3/d2i_SSL_SESSION.pod - doc/man3/d2i_X509.pod - doc/man3/i2d_CMS_bio_stream.pod - doc/man3/i2d_PKCS7_bio_stream.pod - doc/man3/i2d_re_X509_tbs.pod - doc/man3/o2i_SCT_LIST.pod - doc/man3/s2i_ASN1_IA5STRING.pod - doc/man5/config.pod - doc/man5/fips_config.pod - doc/man5/x509v3_config.pod - doc/man7/EVP_ASYM_CIPHER-SM2.pod - doc/man7/EVP_CIPHER-AES.pod - doc/man7/EVP_CIPHER-ARIA.pod - doc/man7/EVP_CIPHER-BLOWFISH.pod - doc/man7/EVP_CIPHER-CAMELLIA.pod - doc/man7/EVP_CIPHER-CAST.pod - doc/man7/EVP_CIPHER-CHACHA.pod - doc/man7/EVP_CIPHER-DES.pod - doc/man7/EVP_CIPHER-IDEA.pod - doc/man7/EVP_CIPHER-RC2.pod - doc/man7/EVP_CIPHER-RC4.pod - doc/man7/EVP_CIPHER-RC5.pod - doc/man7/EVP_CIPHER-SEED.pod - doc/man7/EVP_CIPHER-SM4.pod - doc/man7/EVP_KDF-HKDF.pod - doc/man7/EVP_KDF-KB.pod - doc/man7/EVP_KDF-KRB5KDF.pod - doc/man7/EVP_KDF-PBKDF1.pod - doc/man7/EVP_KDF-PBKDF2.pod - doc/man7/EVP_KDF-PKCS12KDF.pod - doc/man7/EVP_KDF-SCRYPT.pod - doc/man7/EVP_KDF-SS.pod - doc/man7/EVP_KDF-SSHKDF.pod - doc/man7/EVP_KDF-TLS13_KDF.pod - doc/man7/EVP_KDF-TLS1_PRF.pod - doc/man7/EVP_KDF-X942-ASN1.pod - doc/man7/EVP_KDF-X942-CONCAT.pod - doc/man7/EVP_KDF-X963.pod - doc/man7/EVP_KEM-RSA.pod - doc/man7/EVP_KEYEXCH-DH.pod - doc/man7/EVP_KEYEXCH-ECDH.pod - doc/man7/EVP_KEYEXCH-X25519.pod - doc/man7/EVP_MAC-BLAKE2.pod - doc/man7/EVP_MAC-CMAC.pod - doc/man7/EVP_MAC-GMAC.pod - doc/man7/EVP_MAC-HMAC.pod - doc/man7/EVP_MAC-KMAC.pod - doc/man7/EVP_MAC-Poly1305.pod - doc/man7/EVP_MAC-Siphash.pod - doc/man7/EVP_MD-BLAKE2.pod - doc/man7/EVP_MD-MD2.pod - doc/man7/EVP_MD-MD4.pod - doc/man7/EVP_MD-MD5-SHA1.pod - doc/man7/EVP_MD-MD5.pod - doc/man7/EVP_MD-MDC2.pod - doc/man7/EVP_MD-RIPEMD160.pod - doc/man7/EVP_MD-SHA1.pod - doc/man7/EVP_MD-SHA2.pod - doc/man7/EVP_MD-SHA3.pod - doc/man7/EVP_MD-SHAKE.pod - doc/man7/EVP_MD-SM3.pod - doc/man7/EVP_MD-WHIRLPOOL.pod - doc/man7/EVP_MD-common.pod - doc/man7/EVP_PKEY-DH.pod - doc/man7/EVP_PKEY-DSA.pod - doc/man7/EVP_PKEY-EC.pod - doc/man7/EVP_PKEY-FFC.pod - doc/man7/EVP_PKEY-HMAC.pod - doc/man7/EVP_PKEY-RSA.pod - doc/man7/EVP_PKEY-SM2.pod - doc/man7/EVP_PKEY-X25519.pod - doc/man7/EVP_RAND-CTR-DRBG.pod - doc/man7/EVP_RAND-HASH-DRBG.pod - doc/man7/EVP_RAND-HMAC-DRBG.pod - doc/man7/EVP_RAND-SEED-SRC.pod - doc/man7/EVP_RAND-TEST-RAND.pod - doc/man7/EVP_RAND.pod - doc/man7/EVP_SIGNATURE-DSA.pod - doc/man7/EVP_SIGNATURE-ECDSA.pod - doc/man7/EVP_SIGNATURE-ED25519.pod - doc/man7/EVP_SIGNATURE-HMAC.pod - doc/man7/EVP_SIGNATURE-RSA.pod - doc/man7/OSSL_PROVIDER-FIPS.pod - doc/man7/OSSL_PROVIDER-base.pod - doc/man7/OSSL_PROVIDER-default.pod - doc/man7/OSSL_PROVIDER-legacy.pod - doc/man7/OSSL_PROVIDER-null.pod - doc/man7/RAND.pod - doc/man7/RSA-PSS.pod - doc/man7/X25519.pod - doc/man7/bio.pod - doc/man7/crypto.pod - doc/man7/ct.pod - doc/man7/des_modes.pod - doc/man7/evp.pod - doc/man7/fips_module.pod - doc/man7/life_cycle-cipher.pod - doc/man7/life_cycle-digest.pod - doc/man7/life_cycle-kdf.pod - doc/man7/life_cycle-mac.pod - doc/man7/life_cycle-pkey.pod - doc/man7/life_cycle-rand.pod - doc/man7/openssl-core.h.pod - doc/man7/openssl-core_dispatch.h.pod - doc/man7/openssl-core_names.h.pod - doc/man7/openssl-env.pod - doc/man7/openssl-glossary.pod - doc/man7/openssl-threads.pod - doc/man7/openssl_user_macros.pod.in - doc/man7/ossl_store-file.pod - doc/man7/ossl_store.pod - doc/man7/passphrase-encoding.pod - doc/man7/property.pod - doc/man7/provider-asym_cipher.pod - doc/man7/provider-base.pod - doc/man7/provider-cipher.pod - doc/man7/provider-decoder.pod - doc/man7/provider-digest.pod - doc/man7/provider-encoder.pod - doc/man7/provider-kdf.pod - doc/man7/provider-kem.pod - doc/man7/provider-keyexch.pod - doc/man7/provider-keymgmt.pod - doc/man7/provider-mac.pod - doc/man7/provider-object.pod - doc/man7/provider-rand.pod - doc/man7/provider-signature.pod - doc/man7/provider-storemgmt.pod - doc/man7/provider.pod - doc/man7/proxy-certificates.pod - doc/man7/ssl.pod - doc/man7/x509.pod -Copyright: 1998-2022 The OpenSSL Project Authors. - 2017 Ribose Inc. - 2019 Oracle and/or its affiliates. - 2019 Red Hat, Inc. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - L. - -Files: apps/engine.c - crypto/asn1/a_digest.c - crypto/asn1/ameth_lib.c - crypto/asn1/d2i_pr.c - crypto/conf/conf_mall.c - crypto/conf/conf_mod.c - crypto/engine/eng_cnf.c - crypto/engine/eng_ctrl.c - crypto/engine/eng_dyn.c - crypto/engine/eng_fat.c - crypto/engine/eng_init.c - crypto/engine/eng_list.c - crypto/engine/eng_openssl.c - crypto/engine/eng_pkey.c - crypto/engine/eng_rdrand.c - crypto/engine/tb_asnmth.c - crypto/engine/tb_cipher.c - crypto/engine/tb_dh.c - crypto/engine/tb_digest.c - crypto/engine/tb_dsa.c - crypto/engine/tb_eckey.c - crypto/engine/tb_rand.c - crypto/engine/tb_rsa.c - crypto/evp/digest.c - crypto/evp/evp_enc.c - crypto/init.c - crypto/pem/pem_lib.c - crypto/rand/rand_lib.c - crypto/ts/ts_conf.c - engines/e_dasync.c - providers/common/provider_util.c - providers/implementations/keymgmt/mac_legacy_kmgmt.c - providers/implementations/signature/mac_legacy_sig.c - test/afalgtest.c -Copyright: 1995-2022 The OpenSSL Project Authors. - 2002 Oracle and/or its affiliates. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need to use some engine deprecated APIs - -Files: test/recipes/30-test_evp_data/evpciph_aes_ocb.txt - test/recipes/30-test_evp_data/evpciph_aes_siv.txt - test/recipes/30-test_evp_data/evpciph_aria.txt - test/recipes/30-test_evp_data/evpciph_camellia.txt - test/recipes/30-test_evp_data/evpciph_chacha.txt - test/recipes/30-test_evp_data/evpciph_des3_common.txt - test/recipes/30-test_evp_data/evpencod.txt - test/recipes/30-test_evp_data/evpkdf_hkdf.txt - test/recipes/30-test_evp_data/evpkdf_krb5.txt - test/recipes/30-test_evp_data/evpkdf_pbkdf1.txt - test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt - test/recipes/30-test_evp_data/evpkdf_scrypt.txt - test/recipes/30-test_evp_data/evpkdf_ssh.txt - test/recipes/30-test_evp_data/evpkdf_tls11_prf.txt - test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt - test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt - test/recipes/30-test_evp_data/evpkdf_x942.txt - test/recipes/30-test_evp_data/evpmac_blake.txt - test/recipes/30-test_evp_data/evpmac_poly1305.txt - test/recipes/30-test_evp_data/evpmd_ripemd.txt - test/recipes/30-test_evp_data/evpmd_sha.txt - test/recipes/30-test_evp_data/evpmd_sm3.txt - test/recipes/30-test_evp_data/evpmd_whirlpool.txt - test/recipes/30-test_evp_data/evppbe_pbkdf2.txt - test/recipes/30-test_evp_data/evppbe_pkcs12.txt - test/recipes/30-test_evp_data/evppbe_scrypt.txt - test/recipes/30-test_evp_data/evppkey_brainpool.txt - test/recipes/30-test_evp_data/evppkey_dh.txt - test/recipes/30-test_evp_data/evppkey_ecc.txt - test/recipes/30-test_evp_data/evppkey_ffdhe.txt - test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt - test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt - test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt -Copyright: 2001-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - -Files: crypto/des/cbc_cksm.c - crypto/des/cbc_enc.c - crypto/des/cfb64ede.c - crypto/des/cfb64enc.c - crypto/des/cfb_enc.c - crypto/des/des_enc.c - crypto/des/ecb3_enc.c - crypto/des/ecb_enc.c - crypto/des/fcrypt.c - crypto/des/fcrypt_b.c - crypto/des/ofb64ede.c - crypto/des/ofb64enc.c - crypto/des/ofb_enc.c - crypto/des/pcbc_enc.c - crypto/des/rand_key.c - crypto/des/str2key.c - crypto/des/xcbc_enc.c - crypto/evp/e_des.c - crypto/evp/e_des3.c - crypto/evp/e_xcbc_d.c - providers/implementations/ciphers/cipher_des.c - providers/implementations/ciphers/cipher_des_hw.c - providers/implementations/ciphers/cipher_desx.c - providers/implementations/ciphers/cipher_desx_hw.c - providers/implementations/ciphers/cipher_tdes.c - providers/implementations/ciphers/cipher_tdes_common.c - providers/implementations/ciphers/cipher_tdes_default.c - providers/implementations/ciphers/cipher_tdes_default_hw.c - providers/implementations/ciphers/cipher_tdes_hw.c - providers/implementations/ciphers/cipher_tdes_wrap_hw.c - test/destest.c -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DES low level APIs are deprecated for public use, but still ok for internal - use. - -Files: crypto/rsa/rsa_ameth.c - crypto/rsa/rsa_asn1.c - crypto/rsa/rsa_backend.c - crypto/rsa/rsa_chk.c - crypto/rsa/rsa_crpt.c - crypto/rsa/rsa_lib.c - crypto/rsa/rsa_meth.c - crypto/rsa/rsa_none.c - crypto/rsa/rsa_ossl.c - crypto/rsa/rsa_pk1.c - crypto/rsa/rsa_pmeth.c - crypto/rsa/rsa_prn.c - crypto/rsa/rsa_pss.c - crypto/rsa/rsa_saos.c - crypto/rsa/rsa_sign.c - crypto/rsa/rsa_x931.c - crypto/rsa/rsa_x931g.c - providers/common/der/der_rsa_key.c - providers/implementations/asymciphers/rsa_enc.c - providers/implementations/encode_decode/decode_pem2der.c - providers/implementations/kem/rsa_kem.c - providers/implementations/keymgmt/rsa_kmgmt.c - providers/implementations/signature/rsa_sig.c - test/keymgmt_internal_test.c - test/rsa_sp800_56b_test.c -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - RSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/asn1/d2i_pu.c - crypto/dsa/dsa_ameth.c - crypto/dsa/dsa_asn1.c - crypto/dsa/dsa_backend.c - crypto/dsa/dsa_check.c - crypto/dsa/dsa_gen.c - crypto/dsa/dsa_key.c - crypto/dsa/dsa_lib.c - crypto/dsa/dsa_meth.c - crypto/dsa/dsa_ossl.c - crypto/dsa/dsa_pmeth.c - crypto/dsa/dsa_prn.c - crypto/dsa/dsa_sign.c - crypto/dsa/dsa_vrf.c - crypto/evp/p_lib.c - crypto/pem/pem_all.c - crypto/pem/pem_info.c - crypto/x509/x_pubkey.c - providers/common/der/der_dsa_gen.c.in - providers/common/der/der_dsa_key.c - providers/common/der/der_dsa_sig.c - providers/implementations/keymgmt/dsa_kmgmt.c - providers/implementations/signature/dsa_sig.c - test/dsa_no_digest_size_test.c - test/dsatest.c -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/ec/curve25519.c - crypto/ec/ec2_oct.c - crypto/ec/ec2_smpl.c - crypto/ec/ec_asn1.c - crypto/ec/ec_check.c - crypto/ec/ec_curve.c - crypto/ec/ec_cvt.c - crypto/ec/ec_mult.c - crypto/ec/ec_oct.c - crypto/ec/ecdsa_ossl.c - crypto/ec/ecdsa_sign.c - crypto/ec/ecdsa_vrf.c - crypto/ec/ecp_mont.c - crypto/ec/ecp_nist.c - crypto/ec/ecp_oct.c - crypto/ec/ecp_smpl.c - crypto/ec/ecx_meth.c - crypto/sm2/sm2_crypt.c - providers/implementations/signature/ecdsa_sig.c -Copyright: 2001-2021 The OpenSSL Project Authors. - 2002 Oracle and/or its affiliates. - 2017 Ribose Inc. Ported from Ribose contributions from Botan. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - ECDSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: fuzz/bndiv.c - fuzz/client.c - fuzz/crl.c - fuzz/driver.c - fuzz/fuzz_rand.c - fuzz/fuzzer.h - fuzz/x509.c - test/asynciotest.c - test/cipherbytes_test.c - test/cipherlist_test.c - test/ciphername_test.c - test/ecstresstest.c - test/fake_rsaprov.c - test/hexstr_test.c - test/params_test.c - test/sslbuffertest.c - test/testutil/fake_random.c - test/x509aux.c -Copyright: 2016-2022 The OpenSSL Project Authors. - 2017 BaishanCloud. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - -Files: crypto/ec/curve448/arch_32/arch_intrinsics.h - crypto/ec/curve448/arch_32/f_impl.h - crypto/ec/curve448/arch_32/f_impl32.c - crypto/ec/curve448/arch_64/arch_intrinsics.h - crypto/ec/curve448/arch_64/f_impl.h - crypto/ec/curve448/arch_64/f_impl64.c - crypto/ec/curve448/curve448.c - crypto/ec/curve448/curve448_tables.c - crypto/ec/curve448/curve448utils.h - crypto/ec/curve448/ed448.h - crypto/ec/curve448/eddsa.c - crypto/ec/curve448/f_generic.c - crypto/ec/curve448/field.h - crypto/ec/curve448/point_448.h - crypto/ec/curve448/scalar.c - crypto/ec/curve448/word.h -Copyright: 2014-2016 Cryptography Research, Inc. - 2017-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Mike Hamburg - -Files: crypto/dh/dh_ameth.c - crypto/dh/dh_asn1.c - crypto/dh/dh_backend.c - crypto/dh/dh_check.c - crypto/dh/dh_kdf.c - crypto/dh/dh_key.c - crypto/dh/dh_lib.c - crypto/dh/dh_meth.c - crypto/dh/dh_prn.c - crypto/dh/dh_rfc5114.c - providers/implementations/exchange/dh_exch.c - providers/implementations/keymgmt/dh_kmgmt.c - test/dhtest.c -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DH low level APIs are deprecated for public use, but still ok for - internal use. - -Files: apps/list.c - crypto/engine/tb_pkmeth.c - crypto/pem/pem_pkey.c - engines/e_afalg.c - engines/e_capi.c - engines/e_devcrypto.c - test/drbgtest.c - test/enginetest.c - test/evp_extra_test.c - test/evp_extra_test2.c -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need to use some deprecated APIs - -Files: crypto/aes/aes_cbc.c - crypto/evp/e_aes_cbc_hmac_sha1.c - crypto/evp/e_aes_cbc_hmac_sha256.c - providers/implementations/ciphers/cipher_aes.c - providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c - providers/implementations/ciphers/cipher_aes_ccm.c - providers/implementations/ciphers/cipher_aes_gcm.c - providers/implementations/ciphers/cipher_aes_ocb.c - providers/implementations/ciphers/cipher_aes_xts.c - providers/implementations/ciphers/cipher_aes_xts_fips.c -Copyright: 2002-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - AES low level APIs are deprecated for public use, but still ok for internal - use where we're using them to implement the higher level EVP interface, as is - the case here. - -Files: crypto/cast/c_cfb64.c - crypto/cast/c_ecb.c - crypto/cast/c_enc.c - crypto/cast/c_ofb64.c - crypto/cast/c_skey.c - crypto/evp/e_cast.c - providers/implementations/ciphers/cipher_cast5.c - providers/implementations/ciphers/cipher_cast5_hw.c - test/casttest.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CAST low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/asn1/i2d_evp.c - crypto/x509/x_all.c - providers/implementations/encode_decode/encode_key2any.c - providers/implementations/encode_decode/encode_key2blob.c - providers/implementations/encode_decode/encode_key2ms.c - providers/implementations/encode_decode/encode_key2text.c - test/ec_internal_test.c - test/ecdsatest.c - test/sm2_internal_test.c -Copyright: 1995-2022 The OpenSSL Project Authors. - 2002 Oracle and/or its affiliates. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Low level APIs are deprecated for public use, but still ok for internal use. - -Files: crypto/camellia/cmll_cbc.c - crypto/camellia/cmll_cfb.c - crypto/camellia/cmll_ctr.c - crypto/camellia/cmll_ecb.c - crypto/camellia/cmll_misc.c - crypto/camellia/cmll_ofb.c - crypto/evp/e_camellia.c - providers/implementations/ciphers/cipher_camellia.c - providers/implementations/ciphers/cipher_camellia_hw.c -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Camellia low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/evp/e_idea.c - crypto/idea/i_cbc.c - crypto/idea/i_cfb64.c - crypto/idea/i_ecb.c - crypto/idea/i_ofb64.c - crypto/idea/i_skey.c - providers/implementations/ciphers/cipher_idea.c - providers/implementations/ciphers/cipher_idea_hw.c - test/ideatest.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - IDEA low level APIs are deprecated for public use, but still ok for internal - use where we're using them to implement the higher level EVP interface, as is - the case here. - -Files: test/ssl-tests/01-simple.cnf.in - test/ssl-tests/03-custom_verify.cnf.in - test/ssl-tests/05-sni.cnf.in - test/ssl-tests/19-mac-then-encrypt.cnf.in - test/ssl-tests/24-padding.cnf.in - test/ssl-tests/28-seclevel.cnf.in - test/ssl-tests/30-extended-master-secret.cnf.in - test/ssl-tests/ssltests_base.pm -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SSL test configurations - -Files: crypto/bf/bf_cfb64.c - crypto/bf/bf_ecb.c - crypto/bf/bf_enc.c - crypto/bf/bf_ofb64.c - crypto/bf/bf_skey.c - crypto/evp/e_bf.c - providers/implementations/ciphers/cipher_blowfish_hw.c - test/bftest.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - BF low level APIs are deprecated for public use, but still ok for internal - use. - -Files: crypto/evp/e_rc2.c - crypto/rc2/rc2_cbc.c - crypto/rc2/rc2_ecb.c - crypto/rc2/rc2_skey.c - crypto/rc2/rc2cfb64.c - crypto/rc2/rc2ofb64.c - providers/implementations/ciphers/cipher_rc2_hw.c - test/rc2test.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - RC2 low level APIs are deprecated for public use, but still ok for internal - use. - -Files: crypto/evp/e_rc5.c - crypto/rc5/rc5_ecb.c - crypto/rc5/rc5_enc.c - crypto/rc5/rc5_skey.c - crypto/rc5/rc5cfb64.c - crypto/rc5/rc5ofb64.c - providers/implementations/ciphers/cipher_rc5_hw.c - test/rc5test.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - RC5 low level APIs are deprecated for public use, but still ok for internal - use. - -Files: apps/include/__DECC_INCLUDE_EPILOGUE.H - apps/include/__DECC_INCLUDE_PROLOGUE.H - include/openssl/__DECC_INCLUDE_EPILOGUE.H - include/openssl/__DECC_INCLUDE_PROLOGUE.H - providers/common/include/prov/__DECC_INCLUDE_EPILOGUE.H - providers/common/include/prov/__DECC_INCLUDE_PROLOGUE.H - providers/implementations/include/prov/__DECC_INCLUDE_EPILOGUE.H - providers/implementations/include/prov/__DECC_INCLUDE_PROLOGUE.H -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is only used by HP C/C++ on VMS, and is included automatically - after each header file from this directory - . - The C++ compiler doesn't understand these pragmas, even though it - understands the corresponding command line qualifier. - -Files: crypto/err/openssl.txt - engines/e_afalg.txt - engines/e_capi.txt - engines/e_dasync.txt - engines/e_loader_attic.txt - engines/e_ossltest.txt -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Reason codes - -Files: crypto/evp/e_seed.c - crypto/seed/seed_cbc.c - crypto/seed/seed_cfb.c - crypto/seed/seed_ecb.c - crypto/seed/seed_ofb.c - providers/implementations/ciphers/cipher_seed_hw.c -Copyright: 2007-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SEED low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/evp/legacy_md2.c - crypto/md2/md2_dgst.c - crypto/md2/md2_one.c - crypto/mdc2/mdc2_one.c - crypto/mdc2/mdc2dgst.c - providers/implementations/digests/md2_prov.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD2 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/arm64cpuid.pl - crypto/armv4cpuid.pl - crypto/pariscid.pl - crypto/ppccpuid.pl - crypto/s390xcpuid.pl - crypto/x86_64cpuid.pl -Copyright: 2005-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - $output is the last argument if it looks like a file (it has an extension) - $flavour is the first argument if it doesn't look like a file - -Files: crypto/hmac/hmac.c - crypto/pkcs12/p12_mutl.c - providers/implementations/kdfs/hkdf.c - providers/implementations/kdfs/pbkdf2.c - providers/implementations/macs/hmac_prov.c - test/hmactest.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - HMAC low level APIs are deprecated for public use, but still ok for internal - use. - -Files: providers/implementations/ciphers/cipher_aes_hw.c - providers/implementations/ciphers/cipher_aes_ocb_hw.c - providers/implementations/ciphers/cipher_aes_siv_hw.c - providers/implementations/ciphers/cipher_aes_wrp.c - providers/implementations/ciphers/cipher_aes_xts_hw.c -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file uses the low level AES functions (which are deprecated for - non-internal use) in order to implement provider AES ciphers. - -Files: crypto/LPdir_unix.c - crypto/LPdir_vms.c - crypto/LPdir_win.c - crypto/LPdir_win32.c - crypto/LPdir_wince.c -Copyright: 2004-2018 Richard Levitte - 2004-2018 The OpenSSL Project Authors. -License: BSD-2-Clause - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is dual-licensed and is also available under the following - terms: - . - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -Files: crypto/ec/ecp_nistp224.c - crypto/ec/ecp_nistp256.c - crypto/ec/ecp_nistp521.c - crypto/ec/ecp_nistputil.c -Copyright: 2010-2021 The OpenSSL Project Authors. - 2011 Google Inc. -License: Apache-2.0 - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Licensed under the Apache License, Version 2.0 (the "License"); - . - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - ECDSA low level APIs are deprecated for public use, but still ok for - internal use. - . - On Debian systems, the complete text of the Apache License Version 2.0 - can be found in `/usr/share/common-licenses/Apache-2.0'. - -Files: crypto/evp/e_rc4.c - crypto/rc4/rc4_enc.c - crypto/rc4/rc4_skey.c - providers/implementations/ciphers/cipher_rc4_hw.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - RC4 low level APIs are deprecated for public use, but still ok for internal - use. - -Files: crypto/evp/legacy_md5.c - crypto/md5/md5_dgst.c - crypto/md5/md5_one.c - providers/implementations/digests/md5_prov.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD5 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/evp/legacy_md4.c - crypto/md4/md4_dgst.c - crypto/md4/md4_one.c - providers/implementations/digests/md4_prov.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD4 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/async/arch/async_null.c - crypto/async/arch/async_posix.c - crypto/async/arch/async_win.c - crypto/async/async_wait.c -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This must be the first #include file - -Files: crypto/des/set_key.c - crypto/ts/ts_local.h - demos/digest/BIO_f_md.c - demos/digest/EVP_MD_stdin.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - -Files: crypto/aes/asm/vpaes-armv8.pl - crypto/aes/asm/vpaes-ppc.pl - crypto/aes/asm/vpaes-x86.pl - crypto/aes/asm/vpaes-x86_64.pl -Copyright: 2011-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Constant-time SSSE3 AES core implementation. - version 0.1 - . - By Mike Hamburg (Stanford University), 2009 - Public domain. - -Files: test/ssl-tests/09-alpn.cnf.in - test/ssl-tests/12-ct.cnf.in - test/ssl-tests/25-cipher.cnf.in - test/ssl-tests/protocol_version.pm -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test version negotiation - -Files: crypto/evp/legacy_ripemd.c - crypto/ripemd/rmd_dgst.c - crypto/ripemd/rmd_one.c - providers/implementations/digests/ripemd_prov.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - RIPEMD160 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/evp/legacy_mdc2.c - providers/implementations/digests/mdc2_prov.c - test/mdc2test.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MDC2 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: demos/cms/cms_sign.c - demos/smime/smdec.c - demos/smime/smsign.c -Copyright: 2007-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple S/MIME signing example - -Files: crypto/seed/seed.c - crypto/seed/seed_local.h - include/openssl/seed.h -Copyright: 2007 KISA(Korea Information Security Agency). - 2007-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Neither the name of author nor the names of its contributors may - be used to endorse or promote products derived from this software - without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -Files: providers/implementations/digests/blake2_impl.h - providers/implementations/digests/blake2b_prov.c - providers/implementations/digests/blake2s_prov.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Derived from the BLAKE2 reference implementation written by Samuel Neves. - Copyright 2012, Samuel Neves - More information about the BLAKE2 hash function and its implementations - can be found at https://blake2.net. - -Files: crypto/crmf/crmf_asn.c - crypto/crmf/crmf_local.h - crypto/crmf/crmf_pbm.c -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. - -Files: crypto/ec/ecdh_kdf.c - crypto/ec/ecdh_ossl.c - providers/implementations/exchange/ecdh_exch.c -Copyright: 2002 Oracle and/or its affiliates. - 2002-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - ECDH low level APIs are deprecated for public use, but still ok for - internal use. - -Files: providers/implementations/encode_decode/decode_der2key.c - providers/implementations/encode_decode/decode_msblob2key.c - providers/implementations/encode_decode/decode_pvk2key.c -Copyright: 2020-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/ec/ec_ameth.c - crypto/ec/ec_kmeth.c - crypto/ec/ec_pmeth.c -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - ECDH and ECDSA low level APIs are deprecated for public use, but still ok - for internal use. - -Files: crypto/x509/v3_lib.c - crypto/x509/v3_prn.c - crypto/x509/v3_utl.c -Copyright: 1999-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - X509 v3 extension utilities - -Files: crypto/evp/p_dec.c - crypto/evp/p_enc.c - ssl/ssl_rsa_legacy.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need to use the deprecated RSA low level calls - -Files: crypto/cmac/cmac.c - providers/implementations/macs/cmac_prov.c - test/cmactest.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CMAC low level APIs are deprecated for public use, but still ok for internal - use. - -Files: test/recipes/30-test_evp_data/evpciph_aes_common.txt - test/recipes/30-test_evp_data/evpmac_cmac_des.txt - test/recipes/30-test_evp_data/evpmac_common.txt -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - The keyword Availablein must appear before the test name if needed. - -Files: test/recipes/30-test_evp_data/evppkey_ecdh.txt - test/recipes/30-test_evp_data/evppkey_ecx.txt - test/recipes/30-test_evp_data/evppkey_sm2.txt -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - Public key algorithm tests - . - Private keys used for PKEY operations. - -Files: include/crypto/modes.h - include/internal/sha3.h - include/internal/sm3.h -Copyright: 2010-2021 The OpenSSL Project Authors. - 2017 Ribose Inc. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This header can move into provider when legacy support is removed - -Files: test/ssl_cert_table_internal_test.c - test/x509_internal_test.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the x509 and x509v3 modules - -Files: demos/cms/cms_enc.c - demos/smime/smenc.c -Copyright: 2007-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple S/MIME encrypt example - -Files: test/ssl-tests/10-resumption.cnf.in - test/ssl-tests/11-dtls_resumption.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test version negotiation upon resumption. - -Files: crypto/srp/srp_lib.c - crypto/srp/srp_vfy.c -Copyright: 2004 EdelKey Project. - 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Christophe Renou and Peter Sylvester, - for the EdelKey project. - . - All the SRP APIs in this file are deprecated - -Files: crypto/cms/cms_kari.c - crypto/evp/pmeth_lib.c -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Low level key APIs (DH etc) are deprecated for public use, but still ok for - internal use. - -Files: include/crypto/ec.h - include/crypto/ecx.h -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal EC functions for other submodules: not for application use - -Files: demos/cms/cms_ver.c - demos/smime/smver.c -Copyright: 2007-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple S/MIME verification example - -Files: crypto/err/err_all_legacy.c - ssl/ssl_err_legacy.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is the C source file where we include this header directly - -Files: include/crypto/__DECC_INCLUDE_EPILOGUE.H - include/internal/__DECC_INCLUDE_EPILOGUE.H -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is only used by HP C on VMS, and is included automatically - after each header file from this directory - -Files: crypto/md5/md5_sha1.c - providers/implementations/digests/md5_sha1_prov.c -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/evp/legacy_wp.c - providers/implementations/digests/wp_prov.c -Copyright: 2005-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Whirlpool low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/whrlpool/wp_block.c - crypto/whrlpool/wp_dgst.c -Copyright: 2005-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - The Whirlpool hashing function. - . - See - P.S.L.M. Barreto, V. Rijmen, - ``The Whirlpool hashing function,'' - NESSIE submission, 2000 (tweaked version, 2001), - - . - Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and - Vincent Rijmen. Lookup "reference implementations" on - - -Files: test/ssl-tests/17-renegotiate.cnf.in - test/ssl-tests/18-dtls-renegotiate.cnf.in -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test Renegotiation - -Files: providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c - providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c -Copyright: 2011-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - All low level APIs are deprecated for public use, but still ok for internal - use where we're using them to implement the higher level EVP interface, as is - the case here. - -Files: crypto/conf/conf_api.c - crypto/conf/conf_def.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Part of the code in here was originally in conf.c, which is now removed - -Files: providers/implementations/macs/blake2b_mac.c - providers/implementations/macs/blake2s_mac.c -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Constants - -Files: include/crypto/__DECC_INCLUDE_PROLOGUE.H - include/internal/__DECC_INCLUDE_PROLOGUE.H -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is only used by HP C on VMS, and is included automatically - after each header file from this directory - . - save state - -Files: crypto/bn/rsaz_exp.c - crypto/bn/rsaz_exp.h -Copyright: 2012-2020 Intel Corporation. - 2013-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) - (1) Intel Corporation, Israel Development Center, Haifa, Israel - (2) University of Haifa, Israel - -Files: crypto/md5/asm/md5-586.pl - crypto/ripemd/asm/rmd-586.pl -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Normal is the - -Files: include/openssl/srtp.h - ssl/d1_srtp.c -Copyright: 2006 Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. - 2011-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DTLS code by Eric Rescorla - -Files: crypto/sha/sha1_one.c - crypto/sha/sha1dgst.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SHA-1 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/LPdir_nyi.c - include/internal/o_dir.h -Copyright: 2004 Richard Levitte - 2004-2021 The OpenSSL Project Authors. -License: BSD-2-Clause - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is dual-licensed and is also available under the following - terms: - . - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -Files: crypto/x509/v3_pci.c - crypto/x509/v3_pcia.c -Copyright: 2004 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). - 2004-2021 The OpenSSL Project Authors. -License: BSD-3-Clause - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is dual-licensed and is also available under the following - terms: - . - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - . - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - 3. Neither the name of the Institute nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - . - On Debian systems, the complete text of the BSD 3-clause "New" or "Revised" - License can be found in `/usr/share/common-licenses/BSD'. - -Files: README-ENGINES.md -Copyright: __NO_COPYRIGHT__ in: README-ENGINES.md -License: __HEADER___ - devices, also through whatever vendor support channels are available. If - none of this is possible, or the problem seems to be something about the - ENGINE API itself (ie. not necessarily specific to a particular ENGINE - implementation) then you should mail complete details to the relevant - OpenSSL mailing list. For a definition of "complete details", refer to - the OpenSSL "README" file. As for which list to send it to: - . - * openssl-users: if you are *using* the ENGINE abstraction, either in an - pre-compiled application or in your own application code. - . - * openssl-dev: if you are discussing problems with OpenSSL source code. - . - USAGE - -Files: test/recipes/10-test_bn_data/bnexp.txt -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Exp tests. - -Files: crypto/asn1/a_time.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - This is an implementation of the ASN1 Time structure which is: - -Files: test/danetest.in -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Blank and comment lines ignored. - . - The first line in each block takes the form: - . - - . - It is followed by lines of the form: - . - - . - and finally, by certificates. - . - Test chain matching TLSA records - -- - -Files: crypto/dh/dh_gen.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - NB: These functions have been upgraded - the previous prototypes are in - -Files: crypto/bn/asm/rsaz-avx2.pl -Copyright: 2012 Intel Corporation. - 2013-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) - (1) Intel Corporation, Israel Development Center, Haifa, Israel - (2) University of Haifa, Israel - . - References: - [1] S. Gueron, V. Krasnov: "Software Implementation of Modular - Exponentiation, Using Advanced Vector Instructions Architectures", - F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369, - -Files: test/ssl-tests/26-tls13_client_auth.cnf.in -Copyright: 2018-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test TLSv1.3 certificate authentication - -Files: demos/bio/sconnect.c -Copyright: 1998-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - A minimal program to do SSL to a passed host and port. - It is actually using non-blocking IO but in a very simple manner - sconnect host:port - it does a 'GET / HTTP/1.0' - . - cc -I../../include sconnect.c -L../.. -lssl -lcrypto - -Files: crypto/cmp/cmp_server.c -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - general CMP server functions - -Files: CHANGES.md -Copyright: __NO_COPYRIGHT__ in: CHANGES.md -License: __UNKNOWN__ - With this concept comes a new core API for interaction between - libcrypto and provider implementations. Public libcrypto functions - that want to use providers do so through this core API. - . - The main documentation for this core API is found in - doc/man7/provider.pod, doc/man7/provider-base.pod, and they in turn - refer to other manuals describing the API specific for supported - algorithm types (also called operations). - . - *The OpenSSL team* - . - OpenSSL 1.1.1 - -Files: test/recipes/30-test_evp_data/evppkey_ecdsa.txt -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - The keyword Availablein must appear before the test name if needed. - . - Public key algorithm tests - . - Private keys used for PKEY operations. - . - EC P-256 key - -Files: crypto/aes/asm/bsaes-x86_64.pl -Copyright: 2011-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - AES-128 [originally in CTR mode] ### - bitsliced implementation for Intel Core 2 processors ### - requires support of SSE extensions up to SSSE3 ### - Author: Emilia Käsper and Peter Schwabe ### - Date: 2009-03-19 ### - Public domain ### - ### - See http://homes.esat.kuleuven.be/~ekasper/#software for ### - further information. ### - . - September 2011. - . - Started as transliteration to "perlasm" the original code has - undergone following changes: - . - - code was made position-independent; - - rounds were folded into a loop resulting in >5x size reduction - from 12.5KB to 2.2KB; - - above was possible thanks to mixcolumns() modification that - allowed to feed its output back to aesenc[last], this was - achieved at cost of two additional inter-registers moves; - - some instruction reordering and interleaving; - - this module doesn't implement key setup subroutine, instead it - relies on conversion of "conventional" key schedule as returned - -Files: providers/fips/self_test_data.inc -Copyright: 2019-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Macros to build Self test data - -Files: providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - Fujitsu SPARC64 X support for AES CCM. - -Files: providers/implementations/ciphers/cipher_aes_gcm_hw_t4.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - Fujitsu SPARC64 X support for AES GCM. - -Files: crypto/asn1/tbl_standard.h -Copyright: 1999-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - size limits: this stuff is taken straight from RFC3280 - -Files: crypto/crmf/crmf_lib.c -Copyright: 2007-2018 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. - . - This file contains the functions that handle the individual items inside - the CRMF structures - . - NAMING - . - The 0 functions use the supplied structure pointer directly in the parent and - it will be freed up when the parent is freed. - . - The 1 functions use a copy of the supplied structure pointer (or in some - cases increases its link count) in the parent and so both should be freed up. - -Files: test/endecoder_legacy_test.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This program tests the following known key type specific function against - -Files: ssl/statem/extensions_cust.c -Copyright: 2014-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Custom extension utility functions - -Files: apps/progs.pl -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Generate progs.h file by looking for command mains in list of C files - passed on the command line. - -Files: crypto/evp/legacy_md5_sha1.c -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for - -Files: crypto/pem/pvkfmt.c -Copyright: 2005-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Support for PVK format keys and related structures (such a PUBLICKEYBLOB - and PRIVATEKEYBLOB). - . - RSA and DSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/des/qud_cksm.c -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE - Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in - only based on the code in this paper and is almost definitely not the same - as the MIT implementation. - . - DES low level APIs are deprecated for public use, but still ok for internal - use. - -Files: test/recipes/30-test_evp_data/evpkdf_ss.txt -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - There are currently no official test vectors for Single Step KDF - https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors - -Files: crypto/cmp/cmp_hdr.c -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CMP functions for PKIHeader handling - -Files: providers/implementations/ciphers/cipher_sm4.c -Copyright: 2019-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb - -Files: providers/implementations/ciphers/cipher_aes_siv.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for AES SIV mode - . - This file uses the low level AES functions (which are deprecated for - non-internal use) in order to implement provider AES ciphers. - -Files: crypto/ec/ecp_nistz256_table.c -Copyright: 2014-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is the precomputed constant time access table for the code in - -Files: test/siphash_internal_test.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the siphash module - -Files: test/recipes/30-test_evp_data/evpciph_aes_cts.txt -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3 - These have an IV of all zeros, for a 128 bit AES key. - -Files: include/crypto/types.h -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - When removal is simulated, we still need the type internally - -Files: providers/implementations/ciphers/cipher_cts.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Helper functions for 128 bit CBC CTS ciphers (Currently AES and Camellia). - -Files: demos/pkey/EVP_PKEY_EC_keygen.c -Copyright: 2021-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Example showing how to generate an EC key and extract values from the - generated key. - -Files: demos/pkey/EVP_PKEY_RSA_keygen.c -Copyright: 2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Example showing how to generate an RSA key pair. - . - When generating an RSA key, you must specify the number of bits in the key. A - reasonable value would be 4096. Avoid using values below 2048. These values - are reasonable as of 2022. - -Files: test/modes_internal_test.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the modes module - . - This file uses the low level AES functions (which are deprecated for - non-internal use) in order to test the modes code - -Files: crypto/param_build_set.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Key Management utility functions to share functionality between the export() - -Files: util/mkdef.pl -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Generate a linker version script suitable for the given platform - from a given ordinals file. - -Files: test/poly1305_internal_test.c -Copyright: 2016-2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the poly1305 module - -Files: providers/implementations/ciphers/ciphercommon.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Generic dispatch table functions for ciphers. - -Files: test/helpers/handshake_srp.c -Copyright: 2016-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SRP is deprecated and there is no replacent. When SRP is removed, the code in - this file can be removed too. Until then we have to use the deprecated APIs. - -Files: providers/implementations/ciphers/cipher_tdes_wrap.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DES and SHA-1 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: apps/lib/opt.c -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is also used by the test suite. Do not #include "apps.h". - -Files: crypto/async/arch/async_win.h -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is the same detection used in cryptlib to set up the thread local - storage that we depend on, so just copy that - -Files: crypto/evp/evp_utils.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal EVP utility functions - -Files: ssl/statem/statem_local.h -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - The following definitions are PRIVATE to the state machine. They should - NOT be used outside of the state machine. - . - Max message length definitions - . - The spec allows for a longer length than this, but we limit it - -Files: engines/e_padlock.c -Copyright: 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file uses the low level AES and engine functions (which are deprecated - for non-internal use) in order to implement the padlock engine AES ciphers. - -Files: test/ssl_test_ctx_test.c -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Ideally, CONF should offer standard parsing methods and cover them - in tests. But since we have no CONF tests, we use a custom test for now. - -Files: util/perl/OpenSSL/Template.pm -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Implements the functionality to read one or more template files and run - them through Text::Template - -Files: crypto/async/async.c -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Without this we start getting longjmp crashes because it thinks we're jumping - up the stack when in fact we are jumping to an entirely different stack. The - cost of this is not having certain buffer overrun/underrun checks etc for - this source file :-( - -Files: providers/implementations/ciphers/cipher_rc5.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for RC5 cipher modes ecb, cbc, ofb, cfb - . - RC5 low level APIs are deprecated for public use, but still ok for internal - use. - -Files: providers/implementations/ciphers/cipher_chacha20_hw.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - chacha20 cipher implementation - -Files: providers/implementations/ciphers/cipher_aria_ccm.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for ARIA CCM mode - -Files: test/asn1_internal_test.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the asn1 module - . - RSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: fuzz/conf.c -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Test configuration parsing. - -Files: test/ssl-tests/27-ticket-appdata.cnf.in -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test session ticket app data - -Files: providers/implementations/kdfs/tls1_prf.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Refer to "The TLS Protocol Version 1.0" Section 5 - (https://tools.ietf.org/html/rfc2246#section-5) and - "The Transport Layer Security (TLS) Protocol Version 1.2" Section 5 - (https://tools.ietf.org/html/rfc5246#section-5). - . - For TLS v1.0 and TLS v1.1 the TLS PRF algorithm is given by: - -Files: include/openssl/cryptoerr_legacy.h -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This header file preserves symbols from pre-3.0 OpenSSL. - It should never be included directly, as it's already included - by the public {lib}err.h headers, and since it will go away some - time in the future. - -Files: crypto/poly1305/poly1305_base2_44.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This module is meant to be used as template for base 2^44 assembly - implementation[s]. On side note compiler-generated code is not - -Files: test/filterprov.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A filtering provider for test purposes. We pass all calls through to the - default provider except where we want other behaviour for a test. - -Files: crypto/dh/dh_pmeth.c -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DH & DSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: README.md -Copyright: 1995-1998 Eric A. Young, Tim J. Hudson - 1998-2022 The OpenSSL Project -License: __UNKNOWN__ - - . - [www.openssl.org]: - - "OpenSSL Homepage" - . - [git.openssl.org]: - - "OpenSSL Git Repository" - . - [git.openssl.org]: - - "OpenSSL Git Repository" - . - [github.com/openssl/openssl]: - - "OpenSSL GitHub Mirror" - . - [wiki.openssl.org]: - - "OpenSSL Wiki" - -Files: fuzz/bignum.c -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Confirm that a^b mod c agrees when calculated cleverly vs naively, for - random a, b and c. - -Files: test/moduleloadtest.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Extremely simple dynamic loader, must never be linked with anything other - than the standard C library. Its purpose is to try to load a dynamic module - and verify the presence of one symbol, if that's given. - -Files: crypto/sha/sha256.c -Copyright: 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SHA256 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: providers/implementations/ciphers/cipher_aria_gcm.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for ARIA GCM mode - -Files: test/generate_ssl_tests.pl -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SSL testcase generator - -Files: test/rand_test.c -Copyright: 2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the >License>). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - -Files: test/asn1_time_test.c -Copyright: 1999-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Time tests for the asn1 module - -Files: util/check-format-test-positives.c -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This demonstrates/tests cases where check-format.pl should report issues. - Some of the reports are due to sanity checks for proper nesting of comment - delimiters and parenthesis-like symbols, e.g., on unexpected/unclosed braces. - . - The '@'s after '*' are used for self-tests: they mark lines containing - a single flaw that should be reported. Normally it should be reported - while handling the given line, but in case of delayed checks there is a - following digit indicating the number of reports expected for this line. - . - For each of the following set of lines the tool should complain once - @ tab character: - @ intra-line carriage return character: - . - @ non-printable ASCII character:  - @ non-ASCII character: ä - @ whitespace at EOL: - /*@ end-of-line comment style not allowed (for C90 compatibility) */ - @0 intra-line comment indent off by 1, reported unless sloppy-cmt - X */ /*@2 no space nor '*' after comment start, reported unless sloppy-spc - X*/ /*@ no space before comment end , reported unless sloppy-spc - @ comment starting delimiter: /* inside intra-line comment - @0 - @ above multi-line comment start indent off by 1, reported unless sloppy-cmt; this comment line is too long - @ multi-line comment indent further off by 1 relative to comment start - @ multi-line comment ending with text on last line - @2 multi-line comment starting with text on first line - @ comment starting delimiter: /* inside multi-line comment - @ multi-line comment indent off by -1 - X*@ no spc after leading '*' in multi-line comment, reported unless sloppy-spc - @0 more than two spaces after . in comment, reported unless sloppy-spc - -Files: test/acvp_test.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A set of tests demonstrating uses cases for CAVS/ACVP testing. - . - For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to - -Files: crypto/mem_sec.c -Copyright: 2004-2014 Akamai Technologies. - 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is in two halves. The first half implements the public API - to be used by external consumers, and to be used by OpenSSL to store - data in a "secure arena." The second half implements the secure arena. - For details on that implementation, see below (look for uppercase - "SECURE HEAP IMPLEMENTATION"). - -Files: demos/signature/EVP_Signature_demo.h -Copyright: 2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Signers private EC key - -Files: apps/lib/cmp_mock_srv.c -Copyright: 2018-2020 Siemens AG - 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or atf - https://www.openssl.org/source/license.html - -Files: test/ssl-tests/13-fragmentation.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test packet fragmentation - -Files: crypto/asn1/standard_methods.h -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This table MUST be kept in ascending order of the NID each method - -Files: test/rsa_test.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - test vectors from p1ovect1.txt - . - RSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/dsa/dsa_depr.c -Copyright: 2002-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file contains deprecated function(s) that are now wrappers to the new - version(s). - . - DSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: ssl/record/record_local.h -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - The following macros/functions are PRIVATE to the record layer. They - should NOT be used outside of the record layer. - -Files: demos/cms/cms_ddec.c -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - S/MIME detached data decrypt example: rarely done but should the need - arise this is an example.... - -Files: crypto/x509/v3_asid.c -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Implementation of RFC 3779 section 3.2. - -Files: fuzz/asn1.c -Copyright: 2016-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Fuzz ASN.1 parsing for various data structures. Specify which on the - command line: - . - asn1 - . - We need to use some deprecated APIs - -Files: demos/cms/cms_dec.c -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple S/MIME decryption example - -Files: test/ssl-tests/16-dtls-certstatus.cnf.in -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test DTLS CertStatus messages - -Files: crypto/bn/asm/rsaz-x86_64.pl -Copyright: 2012 Intel Corporation. - 2013-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) - (1) Intel Corporation, Israel Development Center, Haifa, Israel - (2) University of Haifa, Israel - . - References: - [1] S. Gueron, "Efficient Software Implementations of Modular - Exponentiation", http://eprint.iacr.org/2011/239 - [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring". - IEEE Proceedings of 9th International Conference on Information - Technology: New Generations (ITNG 2012), 821-823 (2012). - [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation - Journal of Cryptographic Engineering 2:31-43 (2012). - [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis - resistant 512-bit and 1024-bit modular exponentiation for optimizing - -Files: test/recipes/30-test_evp_data/evppkey_mismatch.txt -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - Public / Private keys from other tests used for keypair testing. - -Files: test/recipes/95-test_external_pyca_data/cryptography.sh -Copyright: 2017 Oracle and/or its affiliates. - 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - OpenSSL external testing using the Python Cryptography module - -Files: demos/cipher/aesgcm.c -Copyright: 2012-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple AES GCM authenticated encryption with additional data (AEAD) - demonstration program. - -Files: crypto/ec/ec_deprecated.c -Copyright: 2002-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Suppress deprecation warnings for EC low level implementations that are - kept until removal. - -Files: engines/e_ossltest.c -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is the OSSLTEST engine. It provides deliberately crippled digest - implementations for test purposes. It is highly insecure and must NOT be - used for any purpose except testing - . - We need to use some engine deprecated APIs - -Files: providers/implementations/ciphers/ciphercommon_ccm.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for ccm mode - -Files: test/recipes/30-test_evp_data/evppkey_rsa.txt -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - The keyword Availablein must appear before the test name if needed. - . - Private keys used for PKEY operations. - . - Any Tests that have keys < 2048 bits OR sign with SHA1 are in this file. - . - RSA 2048 bit key. - -Files: ssl/s3_cbc.c -Copyright: 2012-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file has no dependencies on the rest of libssl because it is shared - with the providers. It contains functions for low level MAC calculations. - Responsibility for this lies with the HMAC implementation in the - providers. However there are legacy code paths in libssl which also need to - do this. In time those legacy code paths can be removed and this file can be - moved out of libssl. - . - MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: util/err-to-raise -Copyright: 2019-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Run this program like this: - perl -pi util/err-to-raise files... - or - git ls-files | grep '\.c$' | xargs perl -pi util/err-to-raise - -Files: crypto/objects/obj_dat.h -Copyright: 1995-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Serialized OID's - -Files: crypto/async/async_local.h -Copyright: 2015-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Must do this before including any header files, because on MacOS/X - includes which includes - -Files: test/ssl-tests/02-protocol-version.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test TLS version negotiation - -Files: crypto/poly1305/poly1305_ieee754.c -Copyright: 2016-2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This module is meant to be used as template for non-x87 floating- - -Files: include/internal/deprecated.h -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This header file should be included by internal code that needs to use APIs - that have been deprecated for public use, but where those symbols will still - be available internally. For example the EVP and provider code needs to use - low level APIs that are otherwise deprecated. - . - This header *must* be the first OpenSSL header included by a source file. - -Files: providers/implementations/ciphers/cipher_aes_ccm_hw.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - AES CCM mode - . - This file uses the low level AES functions (which are deprecated for - non-internal use) in order to implement provider AES ciphers. - -Files: test/recipes/30-test_evp_data/evpmac_siphash.txt -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - SIPHASH tests - default values: 2,4 rounds, 16-byte mac - There are no official test vectors, they are simple vectors 1, 2, 3, etc - -Files: test/recipes/30-test_evp_data/evpciph_rc2.txt -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A valid set of RC2 test vectors could not be found for all RC2 modes - the - following values were generated using the deprecated cipher code, in order to - confirm that the new provider code is equivalent. - -Files: include/internal/tsan_assist.h -Copyright: 2018-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Contemporary compilers implement lock-free atomic memory access - primitives that facilitate writing "thread-opportunistic" or even real - multi-threading low-overhead code. "Thread-opportunistic" is when - exact result is not required, e.g. some statistics, or execution flow - doesn't have to be unambiguous. Simplest example is lazy "constant" - initialization when one can synchronize on variable itself, e.g. - -Files: crypto/ia64cpuid.S -Copyright: 2004-2017 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - Works on all IA-64 platforms: Linux, HP-UX, Win64i... - On Win64i compile with ias.exe. - -Files: fuzz/asn1parse.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Fuzz the parser used for dumping ASN.1 using "openssl asn1parse". - -Files: test/recipes/30-test_evp_data/evpciph_rc5.txt -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - The following tests were generated using legacy code, to ensure that the - provider ciphers have identical results. - -Files: include/openssl/crmf.h.in -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. - -Files: test/p_test.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is a very simple provider that does absolutely nothing except respond - to provider global parameter requests. It does this by simply echoing back - a parameter request it makes to the loading library. - -Files: providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - AES-NI support for AES GCM. - -Files: test/srptest.c -Copyright: 2011-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SRP is deprecated, so we're going to have to use some deprecated APIs in - order to test it. - -Files: apps/srp.c -Copyright: 2004 EdelKey Project. - 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Christophe Renou and Peter Sylvester, - for the EdelKey project. - . - SRP is deprecated, so we're going to have to use some deprecated APIs - -Files: test/x509_time_test.c -Copyright: 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests for X509 time functions - -Files: providers/implementations/ciphers/cipher_rc4.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for RC4 ciphers - . - RC4 low level APIs are deprecated for public use, but still ok for internal - use. - -Files: demos/cms/cms_uncomp.c -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple S/MIME uncompression example - -Files: crypto/ffc/ffc_params_validate.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Finite Field cryptography (FFC) is used for DSA and DH. - This file contains methods for validation of FFC parameters. - It calls the same functions as the generation as the code is very similar. - -Files: engines/e_loader_attic.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - THIS ENGINE IS FOR TESTING PURPOSES ONLY. - -Files: demos/cms/cms_comp.c -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple S/MIME compress example - -Files: util/find-unused-errs -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Find unused error function-names and reason-codes, and edit them - out of the source. Doesn't handle line-wrapping, might have to do - some manual cleanups to fix compile errors. - -Files: test/bntests.pl -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Run the tests specified in bntests.txt, as a check against OpenSSL. - -Files: test/pkits-test.pl -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Perl utility to run PKITS tests for RFC3280 compliance. - -Files: providers/implementations/ciphers/cipher_aes_hw_t4.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - Sparc t4 support for AES modes ecb, cbc, ofb, cfb, ctr. - -Files: demos/cms/cms_sign2.c -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - S/MIME signing example: 2 signers - -Files: crypto/asn1/asn1_item_list.c -Copyright: 2000-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need to use the low level ASN1 items until they are removed - -Files: crypto/dh/dh_group_params.c -Copyright: 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DH parameters from RFC7919 and RFC3526 - . - DH low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/evp/bio_ok.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - From: Arne Ansper - -Files: crypto/x509/v3_addr.c -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Implementation of RFC 3779 section 2.2. - -Files: demos/bio/server-arg.c -Copyright: 2013-2017 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A minimal program to serve an SSL connection. It uses blocking. It use the - -Files: providers/implementations/ciphers/ciphercommon_gcm.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for gcm mode - -Files: util/dofile.pl -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Reads one or more template files and runs it through Text::Template - . - It is assumed that this scripts is called with -Mconfigdata, a module - that holds configuration data in %config - -Files: providers/implementations/ciphers/cipher_aes_hw_s390x.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - IBM S390X support for AES modes ecb, cbc, ofb, cfb, ctr. - -Files: test/recipes/10-test_bn_data/bnsum.txt -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Sum tests. - -Files: providers/implementations/kdfs/sskdf.c -Copyright: 2019 Oracle and/or its affiliates. - 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final - Section 4.1. - . - The Single Step KDF algorithm is given by: - -Files: test/mdc2_internal_test.c -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the mdc2 module - . - MDC2 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: demos/cipher/aesccm.c -Copyright: 2013-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple AES CCM authenticated encryption with additional data (AEAD) - demonstration program. - -Files: apps/cms.c -Copyright: 2008-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CMS utility function - -Files: apps/rsa.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Necessary for legacy RSA public key export - -Files: crypto/perlasm/x86asm.pl -Copyright: 1995-2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - require 'x86asm.pl'; - -Files: providers/implementations/ciphers/cipher_camellia_cts.inc -Copyright: 2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for CAMELLIA CBC CTS ciphers - -Files: providers/implementations/keymgmt/ec_kmgmt.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - ECDH/ECDSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: test/recipes/30-test_evp_data/evpciph_aes_wrap.txt -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Cipher names id-aesXXX-wrap are to test aliases. - . - AES wrap tests from RFC3394 - -Files: test/recipes/30-test_evp_data/evpmd_blake.txt -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - BLAKE2 tests, using same inputs as MD5 - There are no official BLAKE2 test vectors we can use since they all use a key - Which is currently unsupported by OpenSSL. They were generated using the - reference implementation. RFC7693 also mentions the 616263 / "abc" values. - -Files: crypto/asn1/asn1_local.h -Copyright: 2005-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal ASN1 structures and functions: not for application use - -Files: crypto/ffc/ffc_params_generate.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - For the prime check.. - FIPS 186-4 Section C.3 Table C.1 - Returns the minimum number of Miller Rabin iterations for a L,N pair - -Files: Configure -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Configure -- OpenSSL source tree configuration script - -Files: crypto/chacha/chacha_enc.c -Copyright: 2015-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Adapted from the public domain code by D. Bernstein from SUPERCOP. - -Files: test/d2i_test.c -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Regression tests for ASN.1 parsing bugs. - -Files: demos/bio/server-conf.c -Copyright: 2013-2017 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A minimal program to serve an SSL connection. It uses blocking. It uses - -Files: ssl/record/record.h -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - These structures should be considered PRIVATE to the record layer. No - non-record layer code should be using these structures in any way. - -Files: fuzz/server.c -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Shamelessly copied from BoringSSL and converted to C. - . - Test first part of SSL server handshake. - . - We need to use some deprecated APIs - -Files: providers/implementations/ciphers/cipher_camellia_hw_t4.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - Fujitsu SPARC64 X support for camellia modes. - -Files: crypto/des/asm/des-586.pl -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - The inner loop instruction sequence and the IP/FP modifications are from - Svend Olaf Mikkelsen. - -Files: providers/implementations/macs/kmac_prov.c -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - See SP800-185 "Appendix A - KMAC, .... in Terms of Keccak[c]" - . - Inputs are: - -Files: crypto/evp/e_rc4_hmac_md5.c -Copyright: 2011-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD5 and RC4 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: test/rsa_complex.c -Copyright: 2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Check to see if there is a conflict between complex.h and openssl/rsa.h. - The former defines "I" as a macro and earlier versions of the latter use - for function arguments. - -Files: providers/implementations/ciphers/cipher_aria_ccm_hw.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - Generic support for ARIA CCM. - -Files: apps/CA.pl.in -Copyright: 2000-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Wrapper around the ca to make it easier to use - . - {- join("\n# ", @autowarntext) -} - -Files: providers/implementations/digests/sha2_prov.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SHA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: test/rc4test.c -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - RC4 and SHA-1 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: test/recipes/30-test_evp_data/evppkey_rsa_common.txt -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - The keyword Availablein must appear before the test name if needed. - . - Private keys used for PKEY operations. - . - RSA 2048 bit key. - -Files: apps/include/fmt.h -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Options are shared by apps (see apps.h) and the test system - (see test/testutil.h'). - In order to remove the dependency between apps and options, the following - shared fields have been moved into this file. - -Files: crypto/asn1_dsa.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A simple ASN.1 DER encoder/decoder for DSA-Sig-Value and ECDSA-Sig-Value. - -Files: crypto/bn/asm/rsaz-avx512.pl -Copyright: 2020 Intel Corporation. - 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Ilya Albrekht, Sergey Kirillov and Andrey Matyukov - Intel Corporation - . - December 2020 - . - Initial release. - . - Implementation utilizes 256-bit (ymm) registers to avoid frequency scaling issues. - . - IceLake-Client @ 1.3GHz - |---------+----------------------+--------------+-------------| - | | OpenSSL 3.0.0-alpha9 | this | Unit | - |---------+----------------------+--------------+-------------| - | rsa2048 | 2 127 659 | 1 015 625 | cycles/sign | - | | 611 | 1280 / +109% | sign/s | - |---------+----------------------+--------------+-------------| - . - $output is the last argument if it looks like a file (it has an extension) - $flavour is the first argument if it doesn't look like a file - -Files: test/recipes/95-test_external_gost_engine_data/gost_engine.sh -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - OpenSSL external testing using the GOST engine - -Files: crypto/dso/dso_dlfcn.c -Copyright: 2000-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need to do this early, because stdio.h includes the header files that - -Files: providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.inc -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - S390X support for AES CCM. - -Files: include/openssl/sslerr_legacy.h -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This header file preserves symbols from pre-3.0 OpenSSL. - It should never be included directly, as it's already included - by the public sslerr.h headers, and since it will go away some - time in the future. - -Files: util/perl/OpenSSL/config.pm -Copyright: 1998-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Determine the operating system and run ./Configure. Far descendant from - Apache's minarch and GuessOS. - -Files: ssl/statem/statem.h -Copyright: 2015-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - These enums should be considered PRIVATE to the state machine. No - non-state machine code should need to use these - . - Valid return codes used for functions performing work prior to or after - sending or receiving a message - -Files: providers/implementations/ciphers/cipher_aes_cts.inc -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for AES CBC CTS ciphers - -Files: providers/implementations/ciphers/cipher_blowfish.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for Blowfish cipher modes ecb, cbc, ofb, cfb - . - BF low level APIs are deprecated for public use, but still ok for internal - use. - -Files: test/evp_fetch_prov_test.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SHA256 low level APIs are deprecated for public use, but still ok for - internal use. Note, that due to symbols not being exported, only the - -Files: demos/bio/saccept.c -Copyright: 1998-2017 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - A minimal program to serve an SSL connection. - It uses blocking. - saccept host:port - host is the interface IP to use. If any interface, use *:port - The default it *:4433 - . - cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl - -Files: test/recipes/30-test_evp_data/evpkdf_x963.txt -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - Test vectors extracted from - -Files: crypto/sha/sha512.c -Copyright: 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - SHA512 low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/cmp/cmp_msg.c -Copyright: 2007-2019 Nokia - 2007-2022 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CMP functions for PKIMessage construction - -Files: crypto/dh/dh_depr.c -Copyright: 2002-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file contains deprecated functions as wrappers to the new ones - . - DH low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/cmp/cmp_status.c -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CMP functions for PKIStatusInfo handling and PKIMessage decomposition - -Files: crypto/bn/bn_depr.c -Copyright: 2002-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Support for deprecated functions goes here - static linkage will only - slurp this code if applications are using them directly. - -Files: crypto/md5/asm/md5-x86_64.pl -Copyright: 2005-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - MD5 optimized for AMD64. - -Files: apps/lib/http_server.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Very basic HTTP server - -Files: providers/implementations/ciphers/cipher_aria_gcm_hw.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - Generic support for ARIA GCM. - -Files: crypto/des/ncbc_enc.c -Copyright: 1998-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - #included by: - -Files: include/openssl/srp.h.in -Copyright: 2004 EdelKey Project. - 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Christophe Renou and Peter Sylvester, - for the EdelKey project. - -Files: test/rsa_mp_test.c -Copyright: 2017 BaishanCloud. - 2017-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This aims to test the setting functions, including internal ones - . - RSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: ssl/tls_srp.c -Copyright: 2004 EdelKey Project. - 2004-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Christophe Renou and Peter Sylvester, - for the EdelKey project. - . - We need to use the SRP deprecated APIs in order to implement the SSL SRP - APIs - which are themselves deprecated. - -Files: test/pem_read_depr_test.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file tests deprecated APIs. Therefore we need to suppress deprecation - warnings. - -Files: test/ssl-tests/07-dtls-protocol-version.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test DTLS version negotiation - -Files: crypto/asn1/a_gentm.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - GENERALIZEDTIME implementation. Based on UTCTIME - -Files: providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - AES-NI support for AES CCM. - -Files: test/recipes/30-test_evp_data/evppkey_dsa.txt -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - . - Private keys used for PKEY operations. - . - DSA key - -Files: util/ck_errf.pl -Copyright: 1995-2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is just a quick script to scan for cases where the 'error' - function name in a XXXerr() macro is wrong. - . - Run in the top level by going - -Files: test/context_internal_test.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the OpenSSL library context - -Files: test/certs/mkcert.sh -Copyright: 2016 Viktor Dukhovni . - 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is dual-licensed and is also available under other terms. - Please contact the author. - . - 100 years should be enough for now - -Files: util/check-format-test-negatives.c -Copyright: 2007-2019 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2019 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - A collection of test cases where check-format.pl should not report issues. - There are some known false positives, though, which are marked below. - . - - - allow extra SPC in format-tagged multi-line comment - -Files: test/ssl-tests/06-sni-ticket.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test SNI/Session tickets - -Files: LICENSE.txt -Copyright: license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. -License: __UNKNOWN__ - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - . - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - . - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - . - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - . - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - . - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - . - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - . - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - . - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - . - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - . - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - . - END OF TERMS AND CONDITIONS - -Files: crypto/ec/asm/ecp_nistz256-x86_64.pl -Copyright: 2014 Intel Corporation. - 2014-2020 The OpenSSL Project Authors. - 2015 CloudFlare, Inc. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3) - (1) Intel Corporation, Israel Development Center, Haifa, Israel - (2) University of Haifa, Israel - (3) CloudFlare, Inc. - . - Reference: - S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with - 256 Bit Primes" - . - Further optimization by : - -Files: test/smime-certs/mksmime-certs.sh -Copyright: 2013-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Utility to recreate S/MIME certificates - -Files: providers/implementations/ciphers/cipher_rc2.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for RC2 cipher modes ecb, cbc, ofb, cfb - . - RC2 low level APIs are deprecated for public use, but still ok for internal - use. - -Files: providers/implementations/keymgmt/kdf_legacy_kmgmt.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This implemments a dummy key manager for legacy KDFs that still support the - -Files: crypto/perlasm/sparcv9_modes.pl -Copyright: 2012-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Specific modes implementations for SPARC Architecture 2011. There - is T4 dependency though, an ASI value that is not specified in the - Architecture Manual. But as SPARC universe is rather monocultural, - we imply that processor capable of executing crypto instructions - can handle the ASI in question as well. This means that we ought to - keep eyes open when new processors emerge... - . - As for above mentioned ASI. It's so called "block initializing - store" which cancels "read" in "read-update-write" on cache lines. - This is "cooperative" optimization, as it reduces overall pressure - on memory interface. Benefits can't be observed/quantified with - usual benchmarks, on the contrary you can notice that single-thread - performance for parallelizable modes is ~1.5% worse for largest - block sizes [though few percent better for not so long ones]. All - this based on suggestions from David Miller. - -Files: crypto/bn/rsaz_exp_x2.c -Copyright: 2020 Intel Corporation. - 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Ilya Albrekht, Sergey Kirillov and Andrey Matyukov - Intel Corporation - -Files: apps/smime.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - S/MIME utility function - -Files: crypto/des/asm/crypt586.pl -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - The inner loop instruction sequence and the IP/FP modifications are from - Svend Olaf Mikkelsen - -Files: test/ssl-tests/15-certstatus.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test CertStatus messages - -Files: crypto/asn1/bio_asn1.c -Copyright: 2006-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Experimental ASN1 BIO. When written through the data is converted to an - ASN1 string type: default is OCTET STRING. Additional functions can be - provided to add prefix and suffix data. - -Files: util/check-format.pl -Copyright: 2019-2020 Siemens AG - 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). - You may not use this file except in compliance with the License. - You can obtain a copy in the file LICENSE in the source distribution - or at https://www.openssl.org/source/license.html - . - check-format.pl - - check formatting of C source according to OpenSSL coding style - -Files: fuzz/cms.c -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Test CMS DER parsing. - -Files: test/sm3_internal_test.c -Copyright: 2021 UnionTech. - 2021-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the SM3 module. - -Files: crypto/pkcs7/pk7_smime.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple PKCS#7 processing functions - -Files: apps/lib/tlssrp_depr.c -Copyright: 1995-2021 The OpenSSL Project Authors. - 2005 Nokia. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file is to enable backwards compatibility for the SRP features of - -Files: demos/cipher/ariacbc.c -Copyright: 2012-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Simple ARIA CBC encryption demonstration program. - -Files: include/crypto/md32_common.h -Copyright: 1999-2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - This is a generic 32 bit "collector" for message digest algorithms. - Whenever needed it collects input character stream into chunks of - 32 bit values and invokes a block function that performs actual hash - calculations. - . - Porting guide. - . - Obligatory macros: - -Files: test/recipes/01-test_fipsmodule_cnf.t -Copyright: 2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is a sanity checker to see that the fipsmodule.cnf that's been - generated for testing is valid. - -Files: providers/implementations/signature/sm2_sig.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - ECDSA low level APIs are deprecated for public use, but still ok for - -Files: include/crypto/ctype.h -Copyright: 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This version of ctype.h provides a standardised and platform - independent implementation that supports seven bit ASCII characters. - The specific intent is to not pass extended ASCII characters (> 127) - even if the host operating system would. - . - There is EBCDIC support included for machines which use this. However, - there are a number of concerns about how well EBCDIC is supported - throughout the rest of the source code. Refer to issue #4154 for - details. - -Files: crypto/modes/wrap128.c -Copyright: 2013-2018 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Beware! - . - Following wrapping modes were designed for AES but this implementation - allows you to use them for any 128 bit block cipher. - -Files: Configurations/shared-info.pl -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is a collection of extra attributes to be used as input for creating - shared libraries, currently on any Unix variant, including Unix like - environments on Windows. - -Files: providers/implementations/rands/crngt.c -Copyright: 2019 Oracle and/or its affiliates. - 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests. - -Files: demos/signature/rsa_pss.h -Copyright: 2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - 4096-bit RSA private key, DER. - -Files: providers/implementations/ciphers/cipher_aes_gcm_hw_s390x.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - IBM S390X support for AES GCM. - -Files: crypto/cmp/cmp_vfy.c -Copyright: 2007-2020 Nokia - 2007-2021 The OpenSSL Project Authors. - 2015-2020 Siemens AG -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - CMP functions for PKIMessage checking - -Files: apps/lib/engine.c -Copyright: 2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Here is a set of wrappers for the ENGINE API, which are no-ops when the - ENGINE API is disabled / removed. - We need to suppress deprecation warnings to make this work. - -Files: providers/implementations/ciphers/cipher_seed.c -Copyright: 2019-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for Seed cipher modes ecb, cbc, ofb, cfb - . - SEED low level APIs are deprecated for public use, but still ok for - internal use. - -Files: providers/implementations/kdfs/kbkdf.c -Copyright: 2019 Red Hat, Inc. - 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This implements https://csrc.nist.gov/publications/detail/sp/800-108/final - section 5.1 ("counter mode") and section 5.2 ("feedback mode") in both HMAC - and CMAC. That document does not name the KDFs it defines; the name is - derived from - https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Key-Derivation - . - Note that section 5.3 ("double-pipeline mode") is not implemented, though - it would be possible to do so in the future. - . - These versions all assume the counter is used. It would be relatively - straightforward to expose a configuration handle should the need arise. - . - Variable names attempt to match those of SP800-108. - -Files: crypto/siphash/siphash.c -Copyright: 2012-2014 Daniel J. Bernstein - 2012-2016 Jean-Philippe Aumasson - 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Based on https://131002.net/siphash C reference implementation - . - SipHash reference C implementation - . - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - . - You should have received a copy of the CC0 Public Domain Dedication along - with this software. If not, see - . - -Files: demos/smime/smsign2.c -Copyright: 2007-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - S/MIME signing example: 2 signers. OpenSSL 0.9.9 only - -Files: crypto/bn/asm/ppc.pl -Copyright: 2004-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Implemented as a Perl wrapper as we want to support several different - architectures with single file. We pick up the target based on the - file name we are asked to generate. - . - It should be noted though that this perl code is nothing like - /crypto/perlasm/x86*. In this case perl is used pretty much - as pre-processor to cover for platform differences in name decoration, - linker tables, 32-/64-bit instruction sets... - . - As you might know there're several PowerPC ABI in use. Most notably - Linux and AIX use different 32-bit ABIs. Good news are that these ABIs - are similar enough to implement leaf(!) functions, which would be ABI - neutral. And that's what you find here: ABI neutral leaf functions. - In case you wonder what that is... - . - AIX performance - . - MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e. - . - The following is the performance of 32-bit compiler - generated code: - . - OpenSSL 0.9.6c 21 dec 2001 - built on: Tue Jun 11 11:06:51 EDT 2002 - options:bn(64,32) ... - -Files: test/ssl-tests/22-compression.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test Compression - -Files: ssl/tls_depr.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need to use some engine and HMAC deprecated APIs - -Files: providers/implementations/ciphers/cipher_aes_gcm_hw.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for AES GCM mode - . - This file uses the low level AES functions (which are deprecated for - non-internal use) in order to implement provider AES ciphers. - -Files: crypto/cast/asm/cast-586.pl -Copyright: 1995-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This flag makes the inner loop one cycle longer, but generates - code that runs %30 faster on the pentium pro/II, 44% faster - of PIII, while only %7 slower on the pentium. - By default, this flag is on. - -Files: providers/implementations/ciphers/cipher_chacha20.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for chacha20 cipher - -Files: test/dane-cross.in -Copyright: 2016-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Blank and comment lines ignored. - . - The first line in each block takes the form: - . - - . - It is followed by lines of the form: - . - - . - and finally, by certificates. - . - 1 - Ensure TLSA with direct root works when peer chain provides a - cross-cert. - -Files: test/chacha_internal_test.c -Copyright: 2017 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the chacha module. EVP tests would exercise - complete 32-byte blocks. This test goes per byte... - -Files: test/recipes/30-test_evp_data/evppkey_kas.txt -Copyright: 2001-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests start with one of these keywords - Cipher Decrypt Derive Digest Encoding KDF MAC PBE - PrivPubKeyPair Sign Verify VerifyRecover - and continue until a blank line. Lines starting with a pound sign are ignored. - The keyword Availablein must appear before the test name if needed. - . - Public key algorithm tests - Private keys used for PKEY operations. - . - http://csrc.nist.gov/groups/STM/cavp/component-testing.html#ECCCDH # - -Files: test/sm4_internal_test.c -Copyright: 2017 Ribose Inc. - 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Internal tests for the SM4 module. - -Files: crypto/ec/ecp_nistz256.c -Copyright: 2014 Intel Corporation. - 2014-2021 The OpenSSL Project Authors. - 2015 CloudFlare, Inc. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3) - (1) Intel Corporation, Israel Development Center, Haifa, Israel - (2) University of Haifa, Israel - (3) CloudFlare, Inc. - . - Reference: - S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with - 256 Bit Primes" - . - ECDSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: crypto/aes/aes_core.c -Copyright: 2002-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - rijndael-alg-fst.c - . - @version 3.0 (December 2000) - . - Optimised ANSI C code for the Rijndael cipher (now AES) - . - @author Vincent Rijmen - @author Antoon Bosselaers - @author Paulo Barreto - . - This code is hereby placed in the public domain. - . - THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - . - Note: rewritten a little bit to provide error control and an OpenSSL- - compatible API - . - AES low level APIs are deprecated for public use, but still ok for internal - use where we're using them to implement the higher level EVP interface, as is - the case here. - -Files: crypto/evp/e_aes.c -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This file uses the low level AES functions (which are deprecated for - non-internal use) in order to implement the EVP AES ciphers. - -Files: crypto/bio/bss_bio.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Special method for a BIO where the other endpoint is also a BIO of this - kind, handled by the same thread (i.e. the "peer" is actually ourselves, - wearing a different hat). Such "BIO pairs" are mainly for using the SSL - library with I/O interfaces for which no specific BIO method is available. - See ssl/ssltest.c for some hints on how this can be used. - -Files: util/merge-err-lines -Copyright: 2019 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Sometimes calls to XXXerr() are split into two lines, because the define'd - names are very long. This script looks for those lines and merges them. - It should be run before the "err-to-raise" script. - . - Run this program like this: - perl -pi util/merge-err-lines files... - or - git grep -l '[A-Z0-9]err([^)]*$' | xargs perl -pi util/merge-err-lines - -Files: fuzz/ct.c -Copyright: 2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Fuzz the SCT parser. - -Files: doc/man7/migration_guide.pod -Copyright: 2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - __MANY_TOTAL_LINES__(2414lines) truncating at: this file except in compliance with the License. You can obtain - this file except in compliance with the License. You can obtain a copy - __MANY_TOTAL_LINES__(2415lines) truncating at: in the file LICENSE in the source distribution or at - in the file LICENSE in the source distribution or at - __MANY_TOTAL_LINES__(2416lines) truncating at: L. - L. - __MANY_TOTAL_LINES__(2417lines) truncating at: - . - __MANY_TOTAL_LINES__(2418lines) truncating at: =cut - -Files: crypto/bn/bn_rsa_fips186_4.c -Copyright: 2018-2019 Oracle and/or its affiliates. - 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - According to NIST SP800-131A "Transitioning the use of cryptographic - algorithms and key lengths" Generation of 1024 bit RSA keys are no longer - allowed for signatures (Table 2) or key transport (Table 5). In the code - below any attempt to generate 1024 bit RSA keys will result in an error (Note - that digital signature verification can still use deprecated 1024 bit keys). - . - FIPS 186-4 relies on the use of the auxiliary primes p1, p2, q1 and q2 that - must be generated before the module generates the RSA primes p and q. - Table B.1 in FIPS 186-4 specifies RSA modulus lengths of 2048 and - 3072 bits only, the min/max total length of the auxiliary primes. - FIPS 186-5 Table A.1 includes an additional entry for 4096 which has been - included here. - -Files: crypto/evp/ctrl_params_translate.c -Copyright: 2021-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Some ctrls depend on deprecated functionality. We trust that this is - functionality that remains internally even when 'no-deprecated' is - -Files: test/ssl-tests/21-key-update.cnf.in -Copyright: 2017-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test KeyUpdate - -Files: test/cms-examples.pl -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Perl script to run tests against S/MIME examples in RFC4134 - Assumes RFC is in current directory and called "rfc4134.txt" - -Files: test/evp_libctx_test.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - * These tests are setup to load null into the default library context. - * Any tests are expected to use the created 'libctx' to find algorithms. - * The framework runs the tests twice using the 'default' provider or - * 'fips' provider as inputs. - . - DSA/DH low level APIs are deprecated for public use, but still ok for - internal use. - -Files: ms/uplink-x86_64.pl -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - $output is the last argument if it looks like a file (it has an extension) - -Files: demos/cms/cms_denc.c -Copyright: 2008-2016 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - S/MIME detached data encrypt example: rarely done but should the need - arise this is an example.... - -Files: crypto/aria/aria.c -Copyright: 2017 National Security Research Institute. - 2017 Oracle and/or its affiliates. - 2017-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Information for ARIA - http://210.104.33.10/ARIA/index-e.html (English) - http://seed.kisa.or.kr/ (Korean) - . - Public domain version is distributed above. - -Files: crypto/x509/v3_conf.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - extension creation utilities - -Files: providers/implementations/ciphers/cipher_aes_hw_aesni.inc -Copyright: 2001-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - - - AES-NI support for AES modes ecb, cbc, ofb, cfb, ctr. - -Files: crypto/bn/bn_mont.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Details about Montgomery multiplication algorithms can be found at - http://security.ece.orst.edu/publications.html, e.g. - http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf - -Files: crypto/rsa/rsa_gen.c -Copyright: 1995-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - NB: these functions have been "upgraded", the deprecated versions (which - -Files: test/ffc_internal_test.c -Copyright: 2019-2020 Oracle and/or its affiliates. - 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is an internal test that is intentionally using internal APIs. Some of - those APIs are deprecated for public use. - -Files: providers/implementations/storemgmt/file_store_any2obj.c -Copyright: 2020-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - This is a decoder that's completely internal to the 'file:' store - -Files: fuzz/cmp.c -Copyright: 2007-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test CMP DER parsing. - -Files: fuzz/test-corpus.c -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - . - Given a list of files, run each of them through the fuzzer. Note that - failure will be indicated by some kind of crash. Switching on things like - asan improves the test. - -Files: crypto/rsa/rsa_oaep.c -Copyright: 1999-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) - . - See Victor Shoup, "OAEP reconsidered," Nov. 2000, for problems with the security - proof for the original OAEP scheme, which EME-OAEP is based on. A new - proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, - "RSA-OEAP is Still Alive!", Dec. 2000, . The new proof has stronger requirements - for the underlying permutation: "partial-one-wayness" instead of - one-wayness. For the RSA function, this is an equivalent notion. - . - RSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: doc/perlvars.pm -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - . - Set some Perl variables for use by util/dofile.pl when processing - POD files (mainly man1). - -Files: providers/implementations/ciphers/cipher_aria.c -Copyright: 2019-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Dispatch functions for ARIA cipher modes ecb, cbc, ofb, cfb, ctr - -Files: providers/implementations/kdfs/krb5kdf.c -Copyright: 2018-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - DES low level APIs are deprecated for public use, but still ok for internal - -Files: crypto/evp/legacy_sha.c -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - All SHA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: test/ssl-tests/08-npn.cnf.in -Copyright: 2016-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Test NPN. Note that NPN is only supported up to TLSv1.2 - -Files: providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc -Copyright: 2019-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Crypto extention support for AES GCM. - -Files: include/crypto/rand.h -Copyright: 2016-2021 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Licensed under the Apache License 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - https://www.openssl.org/source/license.html - or in the file LICENSE in the source distribution. - -Files: crypto/rsa/rsa_depr.c -Copyright: 2002-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - NB: This file contains deprecated functions (compatibility wrappers to the - "new" versions). - . - RSA low level APIs are deprecated for public use, but still ok for - internal use. - -Files: test/sslapitest.c -Copyright: 2016-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - We need access to the deprecated low level HMAC APIs for legacy purposes - when the deprecated calls are not hidden - -Files: test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt -Copyright: 2019-2020 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Tests from NIST CCM Test Vectors (SP800-38C) - -Files: apps/lib/engine_loader.c -Copyright: 2018-2022 The OpenSSL Project Authors. -License: __UNKNOWN__ - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - . - Here is an STORE loader for ENGINE backed keys. It relies on deprecated - functions, and therefore need to have deprecation warnings suppressed. - -Files: external/perl/Text-Template-1.56/lib/Text/Template.pm -Copyright: 2013 M. J. Dominus. You may copy and distribute this program under the same terms as Perl itself. If in doubt, write to mjd-perl-template+@plover.com for a license. -License: __NO_LICENSE__ - -Files: CONTRIBUTING.md -Copyright: 20 xx-20yy The OpenSSL Project Authors. -License: __UNKNOWN__ with unknown exception - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - ``` - . - 3. Patches should be as current as possible; expect to have to rebase - often. We do not accept merge commits, you will have to remove them - (usually by rebasing) before it will be acceptable. - . - 4. Patches should follow our [coding style] and compile without warnings. - Where `gcc` or `clang` is available you should use the - `--strict-warnings` `Configure` option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. Clean builds via - GitHub Actions and AppVeyor are required, and they are started automatically - whenever a PR is created or updated. - . - [coding style]: https://www.openssl.org/policies/codingstyle.html - . - 5. When at all possible, patches should include tests. These can - either be added to an existing test, or completely new. Please see - [test/README.md](test/README.md) for information on the test framework. - . - 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/man[1357] for - examples of our style. Run "make doc-nits" to make sure that your - documentation changes are clean. - . - 7. For user visible changes (API changes, behaviour changes, ...), - consider adding a note in [CHANGES.md](CHANGES.md). - This could be a summarising description of the change, and could - explain the grander details. - Have a look through existing entries for inspiration. - Please note that this is NOT simply a copy of git-log one-liners. - Also note that security fixes get an entry in [CHANGES.md](CHANGES.md). - This file helps users get more in depth information of what comes - with a specific release without having to sift through the higher - noise ratio in git-log. - . - 8. For larger or more important user visible changes, as well as - security fixes, please add a line in [NEWS.md](NEWS.md). - On exception, it might be worth adding a multi-line entry (such as - the entry that announces all the types that became opaque with - OpenSSL 1.1.0). - This file helps users get a very quick summary of what comes with a - specific release, to see if an upgrade is worth the effort. - . - 9. Guidelines how to integrate error output of new crypto library modules - can be found in [crypto/err/README.md](crypto/err/README.md). - -#---------------------------------------------------------------------------- -# xml and html files (skipped): -# doc/HOWTO/keys.txt -# doc/HOWTO/certificates.txt -# doc/images/openssl.svg - -#---------------------------------------------------------------------------- -# huge files (skipped): -# test/recipes/10-test_bn_data/bngcd.txt -# test/recipes/30-test_evp_data/evprand.txt - -#---------------------------------------------------------------------------- -# Files marked as NO_LICENSE_TEXT_FOUND may be covered by the following -# license/copyright files. - -#---------------------------------------------------------------------------- -# License file: LICENSE.txt - . - Apache License - Version 2.0, January 2004 - https://www.apache.org/licenses/ - . - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - . - 1. Definitions. - . - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - . - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - . - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - . - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - . - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - . - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - . - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - . - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - . - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - . - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - . - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - . - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - . - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - . - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - . - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - . - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - . - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - . - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - . - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - . - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - . - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - . - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - . - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - . - END OF TERMS AND CONDITIONS +Upstream-Name: OpenSSL +Source: https://www.openssl.org + +Files: * +Copyright: 1995-2020, The OpenSSL Project Authors + 1995-1998, Eric A. Young, Tim J. Hudson + 2004-2014 Akamai Technologies. + 2008 Andy Polyakov + 2017 BaishanCloud. + 2015 CloudFlare Inc. + 2014-2016 Cryptography Research Inc. + 2012-2014 Daniel J. Bernstein + 2004 EdelKey Project. + 2011 Google Inc. + 2018-2019 IBM Corp. + 2012,2014 Intel Corporation. + 2012-2016 Jean-Philippe Aumasson + 2007 KISA(Korea Information Security Agency). + 2004 Kungliga Tekniska Högskolan + 2017 National Security Research Institute. + 2006 Network Resonance Inc. + 2005,2007-2020 Nokia + 2006 NTT (Nippon Telegraph and Telephone Corporation) + 2002,2017-2020 Oracle and/or its affiliates. + 1995 Patrick Powell + 2019 Red Hat Inc. + 2017 Ribose Inc. + 2004,2018 Richard Levitte + 2011 RTFM Inc. + 2012 Samuel Neves + 2015-2020 Siemens AG + 2002 The OpenTSA Project. + 2013-2014 Timo Teräs + 2016 Viktor Dukhovni . + 2016 VMS Software Inc. +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution or at + https://www.openssl.org/source/license.html + . + On Debian systems, the complete text of the Apache 2.0 License + can be found in `/usr/share/common-licenses/Apache-2.0' + +Files: debian/* +Copyright: Christoph Martin, Kurt Roeckx, Sebastian Andrzej Siewior +License: Apache-2.0 + +Files: external/perl/Text-Template-1.56/* +Copyright: 2013, Mark Jason Dominus . +License: Artistic or GPL-1+ + +License: Artistic + This program is free software; you can redistribute it and/or modify + it under the terms of the Artistic License, which comes with Perl. + . + On Debian systems, the complete text of the Artistic License can be + found in `/usr/share/common-licenses/Artistic'. + +License: GPL-1+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 1, or (at your option) + any later version. + . + On Debian systems, the complete text of version 1 of the GNU General + Public License can be found in `/usr/share/common-licenses/GPL-1'. diff --git a/debian/gbp.conf b/debian/gbp.conf index ee4fb70..c3062b1 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -2,8 +2,8 @@ #upstream-vcs-tag = OpenSSL_%(version%.%_)s #sign-tags = false dist = DEP14 -upstream-branch = upstream/master -debian-branch = debian/experimental +upstream-branch = upstream/openssl-3.0 +debian-branch = debian/unstable debian-tag = debian/openssl-%(version)s id-length = 12 abbrev = 12 diff --git a/debian/libssl3.postinst b/debian/libssl3.postinst deleted file mode 100644 index 74cd4ca..0000000 --- a/debian/libssl3.postinst +++ /dev/null @@ -1,226 +0,0 @@ -#!/bin/sh - -. /usr/share/debconf/confmodule - -set -e - -package_name() -{ - echo $(basename $0 .postinst) -} - -# element() is a helper function for file-rc: -element() { - local element list IFS - - element="$1" - - [ "$2" = "in" ] && shift - list="$2" - [ "$list" = "-" ] && return 1 - [ "$list" = "*" ] && return 0 - - IFS="," - set -- $list - case $element in - "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9") - return 0 - esac - return 1 -} - -# filerc (runlevel, service) returns /etc/init.d/service, if service is -# running in $runlevel: -filerc() { - local runlevel basename - runlevel=$1 - basename=$2 - while read LINE - do - case $LINE in - \#*|"") continue - esac - - set -- $LINE - SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4" - [ "$CMD" = "/etc/init.d/$basename" ] || continue - - if element "$runlevel" in "$START" || element "S" in "$START" - then - echo "/etc/init.d/$basename" - return 0 - fi - done < /etc/runlevel.conf - echo "" -} - -if [ "$1" = "configure" ] -then - if [ ! -z "$2" ] && [ ! -x /usr/lib/needrestart/apt-pinvoke ] ; then - # This triggers services restarting, so limit this to major upgrades - # only. Security updates should not restart services automatically. - if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then - echo -n "Checking for services that may need to be restarted..." - check="amanda-server anon-proxy apache2 apache-ssl" - check="$check apf-firewall asterisk bacula-director-common" - check="$check bacula-fd bacula-sd bind9 bip boinc-client" - check="$check boxbackup-client boxbackup-server bozo cfengine2" - check="$check cfengine3 citadel-server clamav-daemon clamav-freshclam" - check="$check clamcour collectd-core conserver-server courier-imap-ssl" - check="$check courier-mta-ssl courier-pop-ssl cyrus21-imapd" - check="$check cyrus21-pop3d cyrus-common cyrus-imspd dovecot-core" - check="$check ejabberd exim4 fetchmail freeradius ftpd-ssl gatling" - check="$check globus-gatekeeper inn inn2 libapache-mod-ssl lighttpd lldpd" - check="$check lwresd monit myproxy-server nagios-nrpe-server nginx-common" - check="$check ntp openntpd openssh-server openvpn partimage-server" - check="$check postfix postgresql-7.4 postgresql-8.0 postgresql-8.1" - check="$check postgresql-8.2 postgresql-9.1 postgresql-9.2 postgresql-9.3" - check="$check proftpd proftpd-ldap proftpd-basic" - check="$check proftpd-mysql proftpd-pgsql racoon sendmail slapd" - check="$check spamassassin ssh-nonfree stunnel4 syslog-ng tor unbound" - check="$check vsftpd" - # Only get the ones that are installed, and configured - check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') - # init script rewrites - check=$(echo $check | sed " - # The name of proftpd-{ldap,mysql,pgsql,basic} init script is - # same as "proftpd". - s/proftpd-.*/proftpd/g; - # dovecot-core ships its init script, but the - # script name is dovecot for dovecot-{imapd,pop3d}. - s/dovecot-core/dovecot/g; - # openssh-server's init script it called ssh - s/openssh-server/ssh/g; - # bacula-director-common's init is bacula-director - s/bacula-director-common/bacula-director/g; - # citadel server - s/citadel-server/citadel/g; - # collectd - s/collectd-core/collectd/g; - # cyrus - s/cyrus-common/cyrus-imapd/g; - # nginx - s/nginx-common/nginx/g; - ") - echo "done." - fi - if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then - echo -n "Checking for services that may need to be restarted..." - check2="chef chef-expander chef-server-api" - check2="$check2 chef-solr pound postgresql-common" - check2="$check2 prosody puppet puppetmaster snmpd" - - # Only get the ones that are installed, and configured - check2=$(dpkg -s $check2 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') - # init script rewrites - check2=$(echo $check2 | sed -r " - s/chef\s/chef-client/g; - s/chef-server-api/chef-server/g; - s/postgresql-common/postgresql/g; - ") - echo "done." - if [ -n "$check2" ]; then - check="$check $check2" - fi - fi - - if [ -n "$check" ]; then - db_version 2.0 - echo "Checking init scripts..." - for service in $check; do - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1) - if [ -n "$idl" ] && [ -x $idl ]; then - services="$service $services" - else - echo "WARNING: init script for $service not found." - fi - else - if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then - - idl=$(filerc $rl $service) - else - idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) - fi - if [ -n "$idl" ] && [ -x $idl ]; then - services="$service $services" - fi - fi - done - if [ -n "$services" ]; then - db_input critical libraries/restart-without-asking || true - db_go || true - db_get libraries/restart-without-asking - if [ "x$RET" != xtrue ]; then - db_reset libssl3/restart-services - db_set libssl3/restart-services "$services" - db_input critical libssl3/restart-services || true - if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then - db_input medium libssl3/restart-services || true - else - db_input critical libssl3/restart-services || true - fi - db_go || true - db_get libssl3/restart-services - - if [ "x$RET" != "x" ] - then - services=$RET - answer=yes - else - answer=no - fi - else - answer=yes - fi - echo - if [ "$answer" = yes ] && [ "$services" != "" ]; then - echo "Restarting services possibly affected by the upgrade:" - failed="" - rl=$(runlevel | sed 's/.*\ //') - for service in $services; do - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - idl="invoke-rc.d ${service}" - elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then - idl=$(filerc $rl $service) - else - idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) - fi - - if ! $idl restart; then - failed="$service $failed" - fi - done - echo - if [ -n "$failed" ]; then - db_subst libssl3/restart-failed services "$failed" - db_input critical libssl3/restart-failed || true - db_go || true - else - echo "Services restarted successfully." - fi - echo - fi - else - echo "Nothing to restart." - fi - # Shut down the frontend, to make sure none of the - # restarted services keep a connection open to it - db_stop - fi # end upgrading and $2 lt 0.9.8c-2 - - # Here we issue the reboot notification for upgrades and - # security updates. We do want services to be restarted when we - # update for a security issue, but planned by the sysadmin, not - # automatically. - - # Only issue the reboot notification for servers; we proxy this by - # testing that the X server is not running (LP: #244250) - if ! pidof /usr/lib/xorg/Xorg > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then - /usr/share/update-notifier/notify-reboot-required - fi - - fi # Upgrading -fi - -#DEBHELPER# diff --git a/debian/libssl3.symbols b/debian/libssl3.symbols index d1f3431..4aa4e54 100644 --- a/debian/libssl3.symbols +++ b/debian/libssl3.symbols @@ -1,6 +1,8 @@ libcrypto.so.3 libssl3 #MINVER# * Build-Depends-Package: libssl-dev - *@OPENSSL_3.0.0 3.0.0~~alpha1 + *@OPENSSL_3.0.0 3.0.0 + *@OPENSSL_3.0.3 3.0.3 + *@OPENSSL_3.0.8 3.0.8 libssl.so.3 libssl3 #MINVER# * Build-Depends-Package: libssl-dev - *@OPENSSL_3.0.0 3.0.0~~alpha1 + *@OPENSSL_3.0.0 3.0.0 diff --git a/debian/libssl3.templates b/debian/libssl3.templates deleted file mode 100644 index 846c3fc..0000000 --- a/debian/libssl3.templates +++ /dev/null @@ -1,42 +0,0 @@ -Template: libssl3/restart-services -Type: string -_Description: Services to restart to make them use the new libraries: - This release of OpenSSL fixes some security issues. Services will not - use these fixes until they are restarted. Please note that restarting - the SSH server (sshd) should not affect any existing connections. - . - Please check the list of detected services that need to be restarted - and correct it, if needed. The services names must be identical to the - initialization script names in /etc/init.d and separated by - spaces. No services will be restarted if the list is empty. - . - Any service that later fails unexpectedly after this upgrade should - be restarted. It is recommended to reboot this host to avoid any - SSL-related trouble. - -Template: libssl3/restart-failed -Type: error -#flag:translate!:3 -#flag:comment:2 -# This paragraph is followed by a (non translatable) paragraph containing -# a list of services that could not be restarted -_Description: Failure restarting some services for OpenSSL upgrade - The following services could not be restarted for the OpenSSL library upgrade: - . - ${services} - . - You will need to start these manually by running - '/etc/init.d/ start'. - -Template: libraries/restart-without-asking -Type: boolean -Default: false -_Description: Restart services during package upgrades without asking? - There are services installed on your system which need to be restarted - when certain libraries, such as libpam, libc, and libssl, are upgraded. - Since these restarts may cause interruptions of service for the system, - you will normally be prompted on each upgrade for the list of services - you wish to restart. You can choose this option to avoid being prompted; - instead, all necessary restarts will be done for you automatically so you - can avoid being asked questions on each library upgrade. - diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..d5397e2 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,4 @@ +usr/lib/ssl/ct_log_list.cnf +usr/lib/ssl/ct_log_list.cnf.dist +usr/lib/ssl/openssl.cnf.dist +usr/share/doc/openssl/html diff --git a/debian/openssl.install b/debian/openssl.install index 7e6b61c..1f270a7 100644 --- a/debian/openssl.install +++ b/debian/openssl.install @@ -1,5 +1,6 @@ etc/ssl usr/bin/* +usr/lib/ssl/cert.pem usr/lib/ssl/certs usr/lib/ssl/private usr/lib/ssl/misc/* diff --git a/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch b/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch index f820d9f..d19449c 100644 --- a/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch +++ b/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch @@ -23,7 +23,7 @@ Signed-off-by: Sebastian Andrzej Siewior 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index a7294d2ad1b1..617ad2e65655 100644 +index b578a3c2a861..b3b21d39990b 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -697,7 +697,7 @@ my %targets = ( @@ -36,15 +36,15 @@ index a7294d2ad1b1..617ad2e65655 100644 "linux-latomic" => { inherit_from => [ "linux-generic32" ], diff --git a/Configure b/Configure -index df7232d55154..308086509ee7 100755 +index 5ac4b5222e4f..978414d914ea 100755 --- a/Configure +++ b/Configure -@@ -1716,7 +1716,7 @@ unless ($disabled{devcryptoeng}) { - +@@ -1715,7 +1715,7 @@ unless ($disabled{devcryptoeng}) { unless ($disabled{ktls}) { $config{ktls}=""; + my $cc = $config{CROSS_COMPILE}.$config{CC}; - if ($target =~ m/^linux/) { + if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { - my $usr = "/usr/$config{cross_compile_prefix}"; - chop($usr); - if ($config{cross_compile_prefix} eq "") { + system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); + if ($? != 0) { + disable('too-old-kernel', 'ktls'); diff --git a/debian/patches/Fix-tests-for-new-default-security-level.patch b/debian/patches/Fix-tests-for-new-default-security-level.patch new file mode 100644 index 0000000..6d68e13 --- /dev/null +++ b/debian/patches/Fix-tests-for-new-default-security-level.patch @@ -0,0 +1,1390 @@ +From: Matt Caswell +Date: Tue, 5 Oct 2021 17:30:09 +0100 +Subject: Fix tests for new default security level + +Fix tests that were expecting a default security level of 1 to work with +the new default of 2. + +Reviewed-by: Dmitry Belyavskiy +(Merged from https://github.com/openssl/openssl/pull/16760) +--- + test/ssl-tests/12-ct.cnf | 24 ++-- + test/ssl-tests/12-ct.cnf.in | 12 ++ + test/ssl-tests/14-curves.cnf | 220 +++++++++++++++++------------------ + test/ssl-tests/14-curves.cnf.in | 9 +- + test/ssl-tests/22-compression.cnf | 32 ++--- + test/ssl-tests/22-compression.cnf.in | 16 +++ + test/sslapitest.c | 24 ++-- + 7 files changed, 189 insertions(+), 148 deletions(-) + +diff --git a/test/ssl-tests/12-ct.cnf b/test/ssl-tests/12-ct.cnf +index 2e6e9dea6757..369c5d4e8eef 100644 +--- a/test/ssl-tests/12-ct.cnf ++++ b/test/ssl-tests/12-ct.cnf +@@ -19,11 +19,11 @@ client = 0-ct-permissive-without-scts-client + + [0-ct-permissive-without-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-ct-permissive-without-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -46,11 +46,11 @@ client = 1-ct-permissive-with-scts-client + + [1-ct-permissive-with-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [1-ct-permissive-with-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +@@ -73,11 +73,11 @@ client = 2-ct-strict-without-scts-client + + [2-ct-strict-without-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-ct-strict-without-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -101,11 +101,11 @@ client = 3-ct-strict-with-scts-client + + [3-ct-strict-with-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [3-ct-strict-with-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +@@ -130,11 +130,11 @@ resume-client = 4-ct-permissive-resumption-client + + [4-ct-permissive-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [4-ct-permissive-resumption-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +@@ -162,11 +162,11 @@ resume-client = 5-ct-strict-resumption-resume-client + + [5-ct-strict-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [5-ct-strict-resumption-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +diff --git a/test/ssl-tests/12-ct.cnf.in b/test/ssl-tests/12-ct.cnf.in +index ddafd3fc4cda..c11bcc9c0958 100644 +--- a/test/ssl-tests/12-ct.cnf.in ++++ b/test/ssl-tests/12-ct.cnf.in +@@ -19,8 +19,10 @@ our @tests = ( + { + name => "ct-permissive-without-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + extra => { + "CTValidation" => "Permissive", + }, +@@ -32,10 +34,12 @@ our @tests = ( + { + name => "ct-permissive-with-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", +@@ -48,8 +52,10 @@ our @tests = ( + { + name => "ct-strict-without-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + extra => { + "CTValidation" => "Strict", + }, +@@ -62,10 +68,12 @@ our @tests = ( + { + name => "ct-strict-with-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", +@@ -78,10 +86,12 @@ our @tests = ( + { + name => "ct-permissive-resumption", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", +@@ -96,10 +106,12 @@ our @tests = ( + { + name => "ct-strict-resumption", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", +diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf +index bafa4a65cd35..f472dd7d634e 100644 +--- a/test/ssl-tests/14-curves.cnf ++++ b/test/ssl-tests/14-curves.cnf +@@ -93,13 +93,13 @@ client = 0-curve-prime256v1-client + + [0-curve-prime256v1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = prime256v1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-curve-prime256v1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = prime256v1 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -122,13 +122,13 @@ client = 1-curve-secp384r1-client + + [1-curve-secp384r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp384r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [1-curve-secp384r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp384r1 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -151,13 +151,13 @@ client = 2-curve-secp521r1-client + + [2-curve-secp521r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp521r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-curve-secp521r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp521r1 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -180,13 +180,13 @@ client = 3-curve-X25519-client + + [3-curve-X25519-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = X25519 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [3-curve-X25519-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = X25519 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -209,13 +209,13 @@ client = 4-curve-X448-client + + [4-curve-X448-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = X448 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [4-curve-X448-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = X448 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -238,13 +238,13 @@ client = 5-curve-sect233k1-client + + [5-curve-sect233k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [5-curve-sect233k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -267,13 +267,13 @@ client = 6-curve-sect233r1-client + + [6-curve-sect233r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [6-curve-sect233r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -296,13 +296,13 @@ client = 7-curve-sect283k1-client + + [7-curve-sect283k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [7-curve-sect283k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -325,13 +325,13 @@ client = 8-curve-sect283r1-client + + [8-curve-sect283r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [8-curve-sect283r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -354,13 +354,13 @@ client = 9-curve-sect409k1-client + + [9-curve-sect409k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [9-curve-sect409k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -383,13 +383,13 @@ client = 10-curve-sect409r1-client + + [10-curve-sect409r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [10-curve-sect409r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -412,13 +412,13 @@ client = 11-curve-sect571k1-client + + [11-curve-sect571k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [11-curve-sect571k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -441,13 +441,13 @@ client = 12-curve-sect571r1-client + + [12-curve-sect571r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [12-curve-sect571r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -470,13 +470,13 @@ client = 13-curve-secp224r1-client + + [13-curve-secp224r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [13-curve-secp224r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -499,13 +499,13 @@ client = 14-curve-sect163k1-client + + [14-curve-sect163k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [14-curve-sect163k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -528,13 +528,13 @@ client = 15-curve-sect163r2-client + + [15-curve-sect163r2-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [15-curve-sect163r2-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r2 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -557,13 +557,13 @@ client = 16-curve-prime192v1-client + + [16-curve-prime192v1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = prime192v1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [16-curve-prime192v1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = prime192v1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -586,13 +586,13 @@ client = 17-curve-sect163r1-client + + [17-curve-sect163r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [17-curve-sect163r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -615,13 +615,13 @@ client = 18-curve-sect193r1-client + + [18-curve-sect193r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [18-curve-sect193r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -644,13 +644,13 @@ client = 19-curve-sect193r2-client + + [19-curve-sect193r2-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [19-curve-sect193r2-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r2 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -673,13 +673,13 @@ client = 20-curve-sect239k1-client + + [20-curve-sect239k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect239k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [20-curve-sect239k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect239k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -702,13 +702,13 @@ client = 21-curve-secp160k1-client + + [21-curve-secp160k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [21-curve-secp160k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -731,13 +731,13 @@ client = 22-curve-secp160r1-client + + [22-curve-secp160r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [22-curve-secp160r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -760,13 +760,13 @@ client = 23-curve-secp160r2-client + + [23-curve-secp160r2-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [23-curve-secp160r2-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r2 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -789,13 +789,13 @@ client = 24-curve-secp192k1-client + + [24-curve-secp192k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp192k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [24-curve-secp192k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp192k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -818,13 +818,13 @@ client = 25-curve-secp224k1-client + + [25-curve-secp224k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [25-curve-secp224k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -847,13 +847,13 @@ client = 26-curve-secp256k1-client + + [26-curve-secp256k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp256k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [26-curve-secp256k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp256k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -876,13 +876,13 @@ client = 27-curve-brainpoolP256r1-client + + [27-curve-brainpoolP256r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP256r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [27-curve-brainpoolP256r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP256r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -905,13 +905,13 @@ client = 28-curve-brainpoolP384r1-client + + [28-curve-brainpoolP384r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP384r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [28-curve-brainpoolP384r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP384r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -934,13 +934,13 @@ client = 29-curve-brainpoolP512r1-client + + [29-curve-brainpoolP512r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP512r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [29-curve-brainpoolP512r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP512r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1713,13 +1713,13 @@ client = 55-curve-sect233k1-tls13-client + + [55-curve-sect233k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [55-curve-sect233k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1740,13 +1740,13 @@ client = 56-curve-sect233r1-tls13-client + + [56-curve-sect233r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [56-curve-sect233r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1767,13 +1767,13 @@ client = 57-curve-sect283k1-tls13-client + + [57-curve-sect283k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [57-curve-sect283k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1794,13 +1794,13 @@ client = 58-curve-sect283r1-tls13-client + + [58-curve-sect283r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [58-curve-sect283r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1821,13 +1821,13 @@ client = 59-curve-sect409k1-tls13-client + + [59-curve-sect409k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [59-curve-sect409k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1848,13 +1848,13 @@ client = 60-curve-sect409r1-tls13-client + + [60-curve-sect409r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [60-curve-sect409r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1875,13 +1875,13 @@ client = 61-curve-sect571k1-tls13-client + + [61-curve-sect571k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [61-curve-sect571k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1902,13 +1902,13 @@ client = 62-curve-sect571r1-tls13-client + + [62-curve-sect571r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [62-curve-sect571r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1929,13 +1929,13 @@ client = 63-curve-secp224r1-tls13-client + + [63-curve-secp224r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [63-curve-secp224r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1956,13 +1956,13 @@ client = 64-curve-sect163k1-tls13-client + + [64-curve-sect163k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [64-curve-sect163k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1983,13 +1983,13 @@ client = 65-curve-sect163r2-tls13-client + + [65-curve-sect163r2-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [65-curve-sect163r2-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r2 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2010,13 +2010,13 @@ client = 66-curve-prime192v1-tls13-client + + [66-curve-prime192v1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = prime192v1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [66-curve-prime192v1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = prime192v1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2037,13 +2037,13 @@ client = 67-curve-sect163r1-tls13-client + + [67-curve-sect163r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [67-curve-sect163r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2064,13 +2064,13 @@ client = 68-curve-sect193r1-tls13-client + + [68-curve-sect193r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [68-curve-sect193r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2091,13 +2091,13 @@ client = 69-curve-sect193r2-tls13-client + + [69-curve-sect193r2-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [69-curve-sect193r2-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r2 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2118,13 +2118,13 @@ client = 70-curve-sect239k1-tls13-client + + [70-curve-sect239k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect239k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [70-curve-sect239k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect239k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2145,13 +2145,13 @@ client = 71-curve-secp160k1-tls13-client + + [71-curve-secp160k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [71-curve-secp160k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2172,13 +2172,13 @@ client = 72-curve-secp160r1-tls13-client + + [72-curve-secp160r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [72-curve-secp160r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2199,13 +2199,13 @@ client = 73-curve-secp160r2-tls13-client + + [73-curve-secp160r2-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [73-curve-secp160r2-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r2 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2226,13 +2226,13 @@ client = 74-curve-secp192k1-tls13-client + + [74-curve-secp192k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp192k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [74-curve-secp192k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp192k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2253,13 +2253,13 @@ client = 75-curve-secp224k1-tls13-client + + [75-curve-secp224k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [75-curve-secp224k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2280,13 +2280,13 @@ client = 76-curve-secp256k1-tls13-client + + [76-curve-secp256k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp256k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [76-curve-secp256k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp256k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2307,13 +2307,13 @@ client = 77-curve-brainpoolP256r1-tls13-client + + [77-curve-brainpoolP256r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP256r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [77-curve-brainpoolP256r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP256r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2334,13 +2334,13 @@ client = 78-curve-brainpoolP384r1-tls13-client + + [78-curve-brainpoolP384r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP384r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [78-curve-brainpoolP384r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP384r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2361,13 +2361,13 @@ client = 79-curve-brainpoolP512r1-tls13-client + + [79-curve-brainpoolP512r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP512r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [79-curve-brainpoolP512r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP512r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in +index 5653e70bef21..0b49d08fa59d 100644 +--- a/test/ssl-tests/14-curves.cnf.in ++++ b/test/ssl-tests/14-curves.cnf.in +@@ -36,10 +36,11 @@ sub generate_tests() { + name => "curve-${curve}", + server => { + "Curves" => $curve, ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { +- "CipherString" => "ECDHE", ++ "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3", + "Curves" => $curve + }, +@@ -56,10 +57,11 @@ sub generate_tests() { + name => "curve-${curve}", + server => { + "Curves" => $curve, ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { +- "CipherString" => "ECDHE", ++ "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2", + "Curves" => $curve + }, +@@ -100,10 +102,11 @@ sub generate_tests() { + name => "curve-${curve}-tls13", + server => { + "Curves" => $curve, ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { +- "CipherString" => "ECDHE", ++ "CipherString" => 'ECDHE@SECLEVEL=1', + "MinProtocol" => "TLSv1.3", + "Curves" => $curve + }, +diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf +index c85d3129abbb..a70f01b7af96 100644 +--- a/test/ssl-tests/22-compression.cnf ++++ b/test/ssl-tests/22-compression.cnf +@@ -21,12 +21,12 @@ client = 0-tlsv1_3-both-compress-client + + [0-tlsv1_3-both-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-tlsv1_3-both-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +@@ -47,11 +47,11 @@ client = 1-tlsv1_3-client-compress-client + + [1-tlsv1_3-client-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [1-tlsv1_3-client-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +@@ -72,12 +72,12 @@ client = 2-tlsv1_3-server-compress-client + + [2-tlsv1_3-server-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-tlsv1_3-server-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -97,11 +97,11 @@ client = 3-tlsv1_3-neither-compress-client + + [3-tlsv1_3-neither-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [3-tlsv1_3-neither-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -121,12 +121,12 @@ client = 4-tlsv1_2-both-compress-client + + [4-tlsv1_2-both-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [4-tlsv1_2-both-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -148,11 +148,11 @@ client = 5-tlsv1_2-client-compress-client + + [5-tlsv1_2-client-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [5-tlsv1_2-client-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -174,12 +174,12 @@ client = 6-tlsv1_2-server-compress-client + + [6-tlsv1_2-server-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [6-tlsv1_2-server-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +@@ -200,11 +200,11 @@ client = 7-tlsv1_2-neither-compress-client + + [7-tlsv1_2-neither-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [7-tlsv1_2-neither-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in +index 69a2e7f80101..0b8f010b76c0 100644 +--- a/test/ssl-tests/22-compression.cnf.in ++++ b/test/ssl-tests/22-compression.cnf.in +@@ -21,9 +21,11 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-both-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + test => { +@@ -34,8 +36,10 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-client-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + test => { +@@ -46,9 +50,11 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-server-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + test => { + "CompressionExpected" => "No", +@@ -58,8 +64,10 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-neither-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + test => { + "CompressionExpected" => "No", +@@ -71,9 +79,11 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-both-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, +@@ -85,8 +95,10 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-client-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, +@@ -98,9 +110,11 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-server-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2" + }, + test => { +@@ -111,8 +125,10 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-neither-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2" + }, + test => { +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 1f63212f9015..4150e462c1c9 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -9507,7 +9507,8 @@ static int test_set_tmp_dh(int idx) + */ + static int test_dh_auto(int idx) + { +- SSL_CTX *cctx = NULL, *sctx = NULL; ++ SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); ++ SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + EVP_PKEY *tmpkey = NULL; +@@ -9515,14 +9516,21 @@ static int test_dh_auto(int idx) + size_t expdhsize = 0; + const char *ciphersuite = "DHE-RSA-AES128-SHA"; + ++ if (!TEST_ptr(sctx) || !TEST_ptr(cctx)) ++ goto end; ++ + switch (idx) { + case 0: + /* The FIPS provider doesn't support this DH size - so we ignore it */ +- if (is_fips) +- return 1; ++ if (is_fips) { ++ testresult = 1; ++ goto end; ++ } + thiscert = cert1024; + thiskey = privkey1024; + expdhsize = 1024; ++ SSL_CTX_set_security_level(sctx, 1); ++ SSL_CTX_set_security_level(cctx, 1); + break; + case 1: + /* 2048 bit prime */ +@@ -9548,8 +9556,10 @@ static int test_dh_auto(int idx) + /* No certificate cases */ + case 5: + /* The FIPS provider doesn't support this DH size - so we ignore it */ +- if (is_fips) +- return 1; ++ if (is_fips) { ++ testresult = 1; ++ goto end; ++ } + ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; + expdhsize = 1024; + break; +@@ -9562,8 +9572,8 @@ static int test_dh_auto(int idx) + goto end; + } + +- if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), +- TLS_client_method(), ++ if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, ++ NULL, + 0, + 0, + &sctx, &cctx, thiscert, thiskey))) diff --git a/debian/patches/Remove-the-provider-section.patch b/debian/patches/Remove-the-provider-section.patch new file mode 100644 index 0000000..300735d --- /dev/null +++ b/debian/patches/Remove-the-provider-section.patch @@ -0,0 +1,40 @@ +From: Sebastian Andrzej Siewior +Date: Wed, 8 Jun 2022 20:45:32 +0200 +Subject: Remove the provider section. + +The provider section breaks libssl1.1 users. Remove it for now. + +Link: https://bugs.debian.org/1011051 +Signed-off-by: Sebastian Andrzej Siewior +--- + apps/openssl.cnf | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 03330e0120a2..215768bfe710 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -51,11 +51,11 @@ tsa_policy3 = 1.2.3.4.5.7 + # .include fipsmodule.cnf + + [openssl_init] +-providers = provider_sect ++# providers = provider_sect + + # List of providers to load +-[provider_sect] +-default = default_sect ++# [provider_sect] ++# default = default_sect + # The fips section name should match the section name inside the + # included fipsmodule.cnf. + # fips = fips_sect +@@ -68,7 +68,7 @@ default = default_sect + # becomes unavailable in openssl. As a consequence applications depending on + # OpenSSL may not work correctly which could lead to significant system + # problems including inability to remotely access the system. +-[default_sect] ++# [default_sect] + # activate = 1 + + diff --git a/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch b/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch deleted file mode 100644 index 3f003e2..0000000 --- a/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch +++ /dev/null @@ -1,386 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Wed, 17 Jun 2020 21:47:15 +0200 -Subject: TEST: Provide a default openssl.cnf for tests - -The modified .cnf leads to failure of tests which expect ---- - test/openssl.cnf | 353 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - test/run_tests.pl | 2 +- - 2 files changed, 354 insertions(+), 1 deletion(-) - create mode 100644 test/openssl.cnf - -diff --git a/test/openssl.cnf b/test/openssl.cnf -new file mode 100644 -index 000000000000..4fd5286d2e25 ---- /dev/null -+++ b/test/openssl.cnf -@@ -0,0 +1,353 @@ -+# -+# OpenSSL example configuration file. -+# This is mostly being used for generation of certificate requests. -+# -+ -+# Note that you can include other files from the main configuration -+# file using the .include directive. -+#.include filename -+ -+# This definition stops the following lines choking if HOME isn't -+# defined. -+HOME = . -+ -+# Extra OBJECT IDENTIFIER info: -+#oid_file = $ENV::HOME/.oid -+oid_section = new_oids -+ -+# To use this configuration file with the "-extfile" option of the -+# "openssl x509" utility, name here the section containing the -+# X.509v3 extensions to use: -+# extensions = -+# (Alternatively, use a configuration file that has only -+# X.509v3 extensions in its main [= default] section.) -+ -+[ new_oids ] -+ -+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -+# Add a simple OID like this: -+# testoid1=1.2.3.4 -+# Or use config file substitution like this: -+# testoid2=${testoid1}.5.6 -+ -+# Policies used by the TSA examples. -+tsa_policy1 = 1.2.3.4.1 -+tsa_policy2 = 1.2.3.4.5.6 -+tsa_policy3 = 1.2.3.4.5.7 -+ -+#################################################################### -+[ ca ] -+default_ca = CA_default # The default ca section -+ -+#################################################################### -+[ CA_default ] -+ -+dir = ./demoCA # Where everything is kept -+certs = $dir/certs # Where the issued certs are kept -+crl_dir = $dir/crl # Where the issued crl are kept -+database = $dir/index.txt # database index file. -+#unique_subject = no # Set to 'no' to allow creation of -+ # several certs with same subject. -+new_certs_dir = $dir/newcerts # default place for new certs. -+ -+certificate = $dir/cacert.pem # The CA certificate -+serial = $dir/serial # The current serial number -+crlnumber = $dir/crlnumber # the current crl number -+ # must be commented out to leave a V1 CRL -+crl = $dir/crl.pem # The current CRL -+private_key = $dir/private/cakey.pem# The private key -+ -+x509_extensions = usr_cert # The extensions to add to the cert -+ -+# Comment out the following two lines for the "traditional" -+# (and highly broken) format. -+name_opt = ca_default # Subject Name options -+cert_opt = ca_default # Certificate field options -+ -+# Extension copying option: use with caution. -+# copy_extensions = copy -+ -+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -+# so this is commented out by default to leave a V1 CRL. -+# crlnumber must also be commented out to leave a V1 CRL. -+# crl_extensions = crl_ext -+ -+default_days = 365 # how long to certify for -+default_crl_days= 30 # how long before next CRL -+default_md = default # use public key default MD -+preserve = no # keep passed DN ordering -+ -+# A few difference way of specifying how similar the request should look -+# For type CA, the listed attributes must be the same, and the optional -+# and supplied fields are just that :-) -+policy = policy_match -+ -+# For the CA policy -+[ policy_match ] -+countryName = match -+stateOrProvinceName = match -+organizationName = match -+organizationalUnitName = optional -+commonName = supplied -+emailAddress = optional -+ -+# For the 'anything' policy -+# At this point in time, you must list all acceptable 'object' -+# types. -+[ policy_anything ] -+countryName = optional -+stateOrProvinceName = optional -+localityName = optional -+organizationName = optional -+organizationalUnitName = optional -+commonName = supplied -+emailAddress = optional -+ -+#################################################################### -+[ req ] -+default_bits = 2048 -+default_keyfile = privkey.pem -+distinguished_name = req_distinguished_name -+attributes = req_attributes -+x509_extensions = v3_ca # The extensions to add to the self signed cert -+ -+# Passwords for private keys if not present they will be prompted for -+# input_password = secret -+# output_password = secret -+ -+# This sets a mask for permitted string types. There are several options. -+# default: PrintableString, T61String, BMPString. -+# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -+# utf8only: only UTF8Strings (PKIX recommendation after 2004). -+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -+# MASK:XXXX a literal mask value. -+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -+string_mask = utf8only -+ -+# req_extensions = v3_req # The extensions to add to a certificate request -+ -+[ req_distinguished_name ] -+countryName = Country Name (2 letter code) -+countryName_default = AU -+countryName_min = 2 -+countryName_max = 2 -+ -+stateOrProvinceName = State or Province Name (full name) -+stateOrProvinceName_default = Some-State -+ -+localityName = Locality Name (eg, city) -+ -+0.organizationName = Organization Name (eg, company) -+0.organizationName_default = Internet Widgits Pty Ltd -+ -+# we can do this but it is not needed normally :-) -+#1.organizationName = Second Organization Name (eg, company) -+#1.organizationName_default = World Wide Web Pty Ltd -+ -+organizationalUnitName = Organizational Unit Name (eg, section) -+#organizationalUnitName_default = -+ -+commonName = Common Name (e.g. server FQDN or YOUR name) -+commonName_max = 64 -+ -+emailAddress = Email Address -+emailAddress_max = 64 -+ -+# SET-ex3 = SET extension number 3 -+ -+[ req_attributes ] -+challengePassword = A challenge password -+challengePassword_min = 4 -+challengePassword_max = 20 -+ -+unstructuredName = An optional company name -+ -+[ usr_cert ] -+ -+# These extensions are added when 'ca' signs a request. -+ -+# This goes against PKIX guidelines but some CAs do it and some software -+# requires this to avoid interpreting an end user certificate as a CA. -+ -+basicConstraints=CA:FALSE -+ -+# This is typical in keyUsage for a client certificate. -+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment -+ -+# PKIX recommendations harmless if included in all certificates. -+subjectKeyIdentifier=hash -+authorityKeyIdentifier=keyid,issuer -+ -+# This stuff is for subjectAltName and issuerAltname. -+# Import the email address. -+# subjectAltName=email:copy -+# An alternative to produce certificates that aren't -+# deprecated according to PKIX. -+# subjectAltName=email:move -+ -+# Copy subject details -+# issuerAltName=issuer:copy -+ -+# This is required for TSA certificates. -+# extendedKeyUsage = critical,timeStamping -+ -+[ v3_req ] -+ -+# Extensions to add to a certificate request -+ -+basicConstraints = CA:FALSE -+keyUsage = nonRepudiation, digitalSignature, keyEncipherment -+ -+[ v3_ca ] -+ -+ -+# Extensions for a typical CA -+ -+ -+# PKIX recommendation. -+ -+subjectKeyIdentifier=hash -+ -+authorityKeyIdentifier=keyid:always,issuer -+ -+basicConstraints = critical,CA:true -+ -+# Key usage: this is typical for a CA certificate. However since it will -+# prevent it being used as an test self-signed certificate it is best -+# left out by default. -+# keyUsage = cRLSign, keyCertSign -+ -+# Include email address in subject alt name: another PKIX recommendation -+# subjectAltName=email:copy -+# Copy issuer details -+# issuerAltName=issuer:copy -+ -+# DER hex encoding of an extension: beware experts only! -+# obj=DER:02:03 -+# Where 'obj' is a standard or added object -+# You can even override a supported extension: -+# basicConstraints= critical, DER:30:03:01:01:FF -+ -+[ crl_ext ] -+ -+# CRL extensions. -+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. -+ -+# issuerAltName=issuer:copy -+authorityKeyIdentifier=keyid:always -+ -+[ proxy_cert_ext ] -+# These extensions should be added when creating a proxy certificate -+ -+# This goes against PKIX guidelines but some CAs do it and some software -+# requires this to avoid interpreting an end user certificate as a CA. -+ -+basicConstraints=CA:FALSE -+ -+# This is typical in keyUsage for a client certificate. -+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment -+ -+# PKIX recommendations harmless if included in all certificates. -+subjectKeyIdentifier=hash -+authorityKeyIdentifier=keyid,issuer -+ -+# This stuff is for subjectAltName and issuerAltname. -+# Import the email address. -+# subjectAltName=email:copy -+# An alternative to produce certificates that aren't -+# deprecated according to PKIX. -+# subjectAltName=email:move -+ -+# Copy subject details -+# issuerAltName=issuer:copy -+ -+# This really needs to be in place for it to be a proxy certificate. -+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo -+ -+#################################################################### -+[ tsa ] -+ -+default_tsa = tsa_config1 # the default TSA section -+ -+[ tsa_config1 ] -+ -+# These are used by the TSA reply generation only. -+dir = ./demoCA # TSA root directory -+serial = $dir/tsaserial # The current serial number (mandatory) -+crypto_device = builtin # OpenSSL engine to use for signing -+signer_cert = $dir/tsacert.pem # The TSA signing certificate -+ # (optional) -+certs = $dir/cacert.pem # Certificate chain to include in reply -+ # (optional) -+signer_key = $dir/private/tsakey.pem # The TSA private key (optional) -+signer_digest = sha256 # Signing digest to use. (Optional) -+default_policy = tsa_policy1 # Policy if request did not specify it -+ # (optional) -+other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) -+accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -+clock_precision_digits = 0 # number of digits after dot. (optional) -+ordering = yes # Is ordering defined for timestamps? -+ # (optional, default: no) -+tsa_name = yes # Must the TSA name be included in the reply? -+ # (optional, default: no) -+ess_cert_id_chain = no # Must the ESS cert id chain be included? -+ # (optional, default: no) -+ess_cert_id_alg = sha1 # algorithm to compute certificate -+ # identifier (optional, default: sha1) -+ -+[insta] # CMP using Insta Demo CA -+# Message transfer -+server = pki.certificate.fi:8700 -+# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 -+# tls_use = 0 -+path = pkix/ -+ -+# Server authentication -+recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer -+ignore_keyusage = 1 # potentially needed quirk -+unprotected_errors = 1 # potentially needed quirk -+extracertsout = insta.extracerts.pem -+ -+# Client authentication -+ref = 3078 # user identification -+secret = pass:insta # can be used for both client and server side -+ -+# Generic message options -+cmd = ir # default operation, can be overridden on cmd line with, e.g., kur -+ -+# Certificate enrollment -+subject = "/CN=openssl-cmp-test" -+newkey = insta.priv.pem -+out_trusted = insta.ca.crt -+certout = insta.cert.pem -+ -+[pbm] # Password-based protection for Insta CA -+# Server and client authentication -+ref = $insta::ref # 3078 -+secret = $insta::secret # pass:insta -+ -+[signature] # Signature-based protection for Insta CA -+# Server authentication -+trusted = insta.ca.crt # does not include keyUsage digitalSignature -+ -+# Client authentication -+secret = # disable PBM -+key = $insta::newkey # insta.priv.pem -+cert = $insta::certout # insta.cert.pem -+ -+[ir] -+cmd = ir -+ -+[cr] -+cmd = cr -+ -+[kur] -+# Certificate update -+cmd = kur -+oldcert = $insta::certout # insta.cert.pem -+ -+[rr] -+# Certificate revocation -+cmd = rr -+oldcert = $insta::certout # insta.cert.pem -diff --git a/test/run_tests.pl b/test/run_tests.pl -index 4384ebe28e0d..f82284e224b8 100644 ---- a/test/run_tests.pl -+++ b/test/run_tests.pl -@@ -33,7 +33,7 @@ my $recipesdir = catdir($srctop, "test", "recipes"); - my $libdir = rel2abs(catdir($srctop, "util", "perl")); - my $jobs = $ENV{HARNESS_JOBS} // 1; - --$ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "apps", "openssl.cnf")); -+$ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "test", "openssl.cnf")); - $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test")); - $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); - $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); diff --git a/debian/patches/c_rehash-compat.patch b/debian/patches/c_rehash-compat.patch index 9450485..47e2f06 100644 --- a/debian/patches/c_rehash-compat.patch +++ b/debian/patches/c_rehash-compat.patch @@ -1,13 +1,13 @@ From: Ludwig Nussel Date: Wed, 21 Apr 2010 15:52:10 +0200 -Subject: [PATCH] also create old hash for compatibility +Subject: also create old hash for compatibility --- - tools/c_rehash.in | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) + tools/c_rehash.in | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index d51d8856d709..047a7cbfd8cf 100644 +index 343cdc1e7575..229a37f3b608 100644 --- a/tools/c_rehash.in +++ b/tools/c_rehash.in @@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}) -}; @@ -31,42 +31,33 @@ index d51d8856d709..047a7cbfd8cf 100644 help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; -@@ -128,7 +123,9 @@ sub hash_dir { - next; - } - link_hash_cert($fname) if ($cert); -+ link_hash_cert_old($fname) if ($cert); - link_hash_crl($fname) if ($crl); -+ link_hash_crl_old($fname) if ($crl); - } - } - -@@ -161,6 +158,7 @@ sub check_file { +@@ -203,22 +198,24 @@ sub compute_hash { + # certificate fingerprints sub link_hash_cert { - my $fname = $_[0]; -+ my $x509hash = $_[1] || '-subject_hash'; - $fname =~ s/\"/\\\"/g; - my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; - chomp $hash; -@@ -198,10 +196,20 @@ sub link_hash_cert { - $hashlist{$hash} = $fprint; +- link_hash($_[0], 'cert'); ++ link_hash($_[0], 'cert', '-subject_hash'); ++ link_hash($_[0], 'cert', '-subject_hash_old'); } -+sub link_hash_cert_old { -+ link_hash_cert($_[0], '-subject_hash_old'); -+} -+ -+sub link_hash_crl_old { -+ link_hash_crl($_[0], '-hash_old'); -+} -+ -+ # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { - my $fname = $_[0]; -+ my $crlhash = $_[1] || "-hash"; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; +- link_hash($_[0], 'crl'); ++ link_hash($_[0], 'crl', '-hash'); ++ link_hash($_[0], 'crl', '-hash_old'); + } + + sub link_hash { +- my ($fname, $type) = @_; +- my $is_cert = $type eq 'cert'; ++ my ($fname, $type, $hash_name) = @_; ++ my $is_cert = $type eq 'cert' or $type eq 'cert_old'; + + my ($hash, $fprint) = compute_hash($openssl, + $is_cert ? "x509" : "crl", +- $is_cert ? $x509hash : $crlhash, ++ $hash_name, + "-fingerprint", "-noout", + "-in", $fname); chomp $hash; diff --git a/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch b/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch new file mode 100644 index 0000000..7eb6e7f --- /dev/null +++ b/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch @@ -0,0 +1,102 @@ +From: Sebastian Andrzej Siewior +Date: Mon, 19 Sep 2022 20:51:31 +0200 +Subject: conf: Serialize allocation/free of ssl_names. + +The access to `ssl_names' is not fully serialized. With multiple threads +it is possible that more than one thread starts to clean up `ssl_names'. +This leads to occasional segfaults if more than one terminates and +performs the clean up. + +Fixes: #19243 + +Signed-off-by: Sebastian Andrzej Siewior +--- + crypto/conf/conf_ssl.c | 35 ++++++++++++++++++++++++++++++++--- + 1 file changed, 32 insertions(+), 3 deletions(-) + +diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c +index 84c5b2afe581..d6596e60c3b5 100644 +--- a/crypto/conf/conf_ssl.c ++++ b/crypto/conf/conf_ssl.c +@@ -12,6 +12,7 @@ + #include + #include + #include "internal/sslconf.h" ++#include "internal/thread_once.h" + #include "conf_local.h" + + /* +@@ -35,12 +36,25 @@ struct ssl_conf_cmd_st { + char *arg; + }; + ++static CRYPTO_ONCE init_ssl_names_lock = CRYPTO_ONCE_STATIC_INIT; ++static CRYPTO_RWLOCK *ssl_names_lock; + static struct ssl_conf_name_st *ssl_names; + static size_t ssl_names_count; + +-static void ssl_module_free(CONF_IMODULE *md) ++DEFINE_RUN_ONCE_STATIC(do_init_ssl_names_lock) ++{ ++ ssl_names_lock = CRYPTO_THREAD_lock_new(); ++ if (ssl_names_lock == NULL) { ++ ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return 1; ++} ++ ++static void ssl_module_free_unlocked(CONF_IMODULE *md) + { + size_t i, j; ++ + if (ssl_names == NULL) + return; + for (i = 0; i < ssl_names_count; i++) { +@@ -58,6 +72,14 @@ static void ssl_module_free(CONF_IMODULE *md) + ssl_names_count = 0; + } + ++static void ssl_module_free(CONF_IMODULE *md) ++{ ++ if (!CRYPTO_THREAD_write_lock(ssl_names_lock)) ++ return; ++ ssl_module_free_unlocked(md); ++ CRYPTO_THREAD_unlock(ssl_names_lock); ++} ++ + static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + { + size_t i, j, cnt; +@@ -65,6 +87,12 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + const char *ssl_conf_section; + STACK_OF(CONF_VALUE) *cmd_lists; + ++ if (!RUN_ONCE(&init_ssl_names_lock, do_init_ssl_names_lock)) ++ return 0; ++ ++ if (!CRYPTO_THREAD_write_lock(ssl_names_lock)) ++ return 0; ++ + ssl_conf_section = CONF_imodule_get_value(md); + cmd_lists = NCONF_get_section(cnf, ssl_conf_section); + if (sk_CONF_VALUE_num(cmd_lists) <= 0) { +@@ -77,7 +105,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + goto err; + } + cnt = sk_CONF_VALUE_num(cmd_lists); +- ssl_module_free(md); ++ ssl_module_free_unlocked(md); + ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); + if (ssl_names == NULL) + goto err; +@@ -126,7 +154,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + rv = 1; + err: + if (rv == 0) +- ssl_module_free(md); ++ ssl_module_free_unlocked(md); ++ CRYPTO_THREAD_unlock(ssl_names_lock); + return rv; + } + diff --git a/debian/patches/debian-targets.patch b/debian/patches/debian-targets.patch index 238e343..acb3c98 100644 --- a/debian/patches/debian-targets.patch +++ b/debian/patches/debian-targets.patch @@ -3,19 +3,19 @@ Date: Sun, 5 Nov 2017 15:09:09 +0100 Subject: debian-targets --- - Configurations/20-debian.conf | 215 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 215 insertions(+) + Configurations/20-debian.conf | 169 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 169 insertions(+) create mode 100644 Configurations/20-debian.conf diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf new file mode 100644 -index 000000000000..a060666a0f6a +index 000000000000..c6860ed4b7d7 --- /dev/null +++ b/Configurations/20-debian.conf -@@ -0,0 +1,215 @@ +@@ -0,0 +1,169 @@ +my %targets = ( + "debian" => { -+ cflags => add("-Wa,--noexecstack -Wall"), ++ cflags => add("-Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2"), + }, + "debian-alpha" => { + inherit_from => [ "linux-alpha-gcc", "debian" ], @@ -28,6 +28,9 @@ index 000000000000..a060666a0f6a + inherit_from => [ "debian-alpha" ], + cflags => add("-mcpu=ev5"), + }, ++ "debian-arc" => { ++ inherit_from => [ "linux-latomic", "debian" ], ++ }, + "debian-arm64" => { + inherit_from => [ "linux-aarch64", "debian" ], + }, @@ -66,9 +69,13 @@ index 000000000000..a060666a0f6a + }, + "debian-ia64" => { + inherit_from => [ "linux-ia64", "debian" ], ++ cflags => add("-fzero-call-used-regs=skip"), ++ }, ++ "debian-loong64" => { ++ inherit_from => [ "linux64-loongarch64", "debian" ], + }, + "debian-m68k" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + cflags => add("-DB_ENDIAN"), + }, + "debian-mips" => { @@ -96,59 +103,6 @@ index 000000000000..a060666a0f6a + cflags => add("-DL_ENDIAN"), + }, + -+ # Temporary MIPS R6 targets. Those will vanish approx in 1.1.1 because -+ # aes-mips.pl creates proper R6 ASM code. After that, we can inherit from -+ # the linux*-mips* targets. -+ "linux-mips32r6" => { -+ # Configure script adds minimally required -march for assembly -+ # support, if no -march was specified at command line. -+ inherit_from => [ "linux-generic32"], -+ cflags => add("-mabi=32"), -+ perlasm_scheme => "o32", -+ shared_ldflag => add("-mabi=32"), -+ }, -+ # mips32 and mips64 below refer to contemporary MIPS Architecture -+ # specifications, MIPS32 and MIPS64, rather than to kernel bitness. -+ "linux-mips64r6" => { -+ inherit_from => [ "linux-generic32"], -+ cflags => add("-mabi=n32"), -+ bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", -+ perlasm_scheme => "n32", -+ shared_ldflag => add("-mabi=n32"), -+ multilib => "32", -+ }, -+ "linux64-mips64r6" => { -+ inherit_from => [ "linux-generic64"], -+ cflags => add("-mabi=64"), -+ perlasm_scheme => "64", -+ shared_ldflag => add("-mabi=64"), -+ multilib => "64", -+ }, -+ "debian-mipsr6" => { -+ inherit_from => [ "linux-mips32r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsr6el" => { -+ inherit_from => [ "linux-mips32r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mipsn32r6" => { -+ inherit_from => [ "linux-mips64r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsn32r6el" => { -+ inherit_from => [ "linux-mips64r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mips64r6" => { -+ inherit_from => [ "linux64-mips64r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mips64r6el" => { -+ inherit_from => [ "linux64-mips64r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ + "debian-musl-linux-arm64" => { + inherit_from => [ "linux-aarch64", "debian" ], + }, @@ -168,7 +122,7 @@ index 000000000000..a060666a0f6a + }, + + "debian-nios2" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-powerpc" => { + inherit_from => [ "linux-ppc", "debian" ], @@ -178,9 +132,9 @@ index 000000000000..a060666a0f6a + }, + "debian-ppc64" => { + inherit_from => [ "linux-generic64", "debian", ], -+ asm_arch => 'ppc64', ++ asm_arch => 'ppc64', + cflags => add("-DB_ENDIAN"), -+ perlasm_scheme => "linux64", ++ perlasm_scheme => "linux64", + }, + "debian-ppc64el" => { + inherit_from => [ "linux-ppc64le", "debian" ], @@ -195,22 +149,22 @@ index 000000000000..a060666a0f6a + inherit_from => [ "linux64-s390x", "debian" ], + }, + "debian-sh3" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sh3eb" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sh4" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sh4eb" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-m32r" => { -+ inherit_from => [ "linux-generic32", "debian" ], ++ inherit_from => [ "linux-latomic", "debian" ], + }, + "debian-sparc" => { -+ inherit_from => [ "linux-generic32", "debian", ], ++ inherit_from => [ "linux-latomic", "debian", ], + asm_arch => 'sparcv9', + cflags => add("-DB_ENDIAN -DBN_DIV2W"), + }, diff --git a/debian/patches/man-section.patch b/debian/patches/man-section.patch index 78a1447..fa83729 100644 --- a/debian/patches/man-section.patch +++ b/debian/patches/man-section.patch @@ -7,7 +7,7 @@ Subject: man-section 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 3e779960671b..39194f13696f 100644 +index ebf20965b7a9..5b7e317b51d1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -318,7 +318,8 @@ HTMLDIR=$(DOCDIR)/html @@ -20,7 +20,7 @@ index 3e779960671b..39194f13696f 100644 HTMLSUFFIX=html # For "optional" echo messages, to get "real" silence -@@ -1535,7 +1536,7 @@ EOF +@@ -1537,7 +1538,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: $pod diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..516852f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,9 @@ +debian-targets.patch +man-section.patch +no-symbolic.patch +pic.patch +c_rehash-compat.patch +Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch +Remove-the-provider-section.patch +conf-Serialize-allocation-free-of-ssl_names.patch +Fix-tests-for-new-default-security-level.patch diff --git a/debian/patches/skip_tls1.1_seclevel3_tests.patch b/debian/patches/skip_tls1.1_seclevel3_tests.patch deleted file mode 100644 index 3fbbb98..0000000 --- a/debian/patches/skip_tls1.1_seclevel3_tests.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: Simon Chopin -Date: Fri, 6 Jan 2023 15:09:08 +0000 -Subject: Skip TLS 1.1 tests on seclevel 3 - -Forwarded: not-needed -Last-Update: 2022-03-21 - -In the Ubuntu package, we changed the semantics of seclevel 2 (and above) to -also disable TLS <= 1.2. This makes those tests fail. -Last-Update: 2022-03-21 ---- - test/recipes/80-test_ssl_old.t | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index 8c52b637fc82..d74ccd6f8712 100644 ---- a/test/recipes/80-test_ssl_old.t -+++ b/test/recipes/80-test_ssl_old.t -@@ -583,32 +583,32 @@ sub testssl { - if $no_tls1_1; - - SKIP: { -- skip "skipping auto DHE PSK test at SECLEVEL 3", 1 -- if ($no_dh || $no_psk); -+ skip "skipping auto DHE PSK test at SECLEVEL 3", 1; -+ # if ($no_dh || $no_psk); - - ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), - 'test auto DHE PSK meets security strength'); - } - - SKIP: { -- skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 -- if ($no_ec || $no_psk); -+ skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1; -+ # if ($no_ec || $no_psk); - - ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), - 'test auto ECDHE PSK meets security strength'); - } - - SKIP: { -- skip "skipping no RSA PSK at SECLEVEL 3 test", 1 -- if ($no_rsa || $no_psk); -+ skip "skipping no RSA PSK at SECLEVEL 3 test", 1; -+ # if ($no_rsa || $no_psk); - - ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), - 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); - } - - SKIP: { -- skip "skipping no PSK at SECLEVEL 3 test", 1 -- if ($no_psk); -+ skip "skipping no PSK at SECLEVEL 3 test", 1; -+ # if ($no_psk); - - ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), - 'test auto PSK does not meet security level 3 requirements (PFS)'); diff --git a/debian/patches/tests-use-seclevel-1.patch b/debian/patches/tests-use-seclevel-1.patch deleted file mode 100644 index d863193..0000000 --- a/debian/patches/tests-use-seclevel-1.patch +++ /dev/null @@ -1,260 +0,0 @@ -From: Dimitri John Ledkov -Date: Fri, 6 Jan 2023 15:09:08 +0000 -Subject: Change testsuite to use SECLEVEL 1 by default - -By default the testsuite assumes that SECLEVEL is set to 1, and many -tests fail, when one raises security level to 2. Many test certs use -insecure hash algorithms and small key sizes. ---- - test/bad_dtls_test.c | 2 ++ - test/helpers/ssltestlib.c | 10 ++++++++++ - test/recipes/70-test_sslmessages.t | 2 +- - test/recipes/70-test_sslsigalgs.t | 14 +++++++------- - test/recipes/70-test_sslsignature.t | 4 ++-- - test/ssl_test.c | 10 ++++++++++ - util/perl/TLSProxy/Proxy.pm | 8 ++++---- - 7 files changed, 36 insertions(+), 14 deletions(-) - -diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c -index f8c6b142d84b..01bb02df2c89 100644 ---- a/test/bad_dtls_test.c -+++ b/test/bad_dtls_test.c -@@ -491,6 +491,8 @@ static int test_bad_dtls(void) - goto end; - - ctx = SSL_CTX_new(DTLS_client_method()); -+ if (TEST_ptr(ctx)) -+ SSL_CTX_set_security_level(ctx, 1); - if (!TEST_ptr(ctx) - || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) - || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) -diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c -index 2d992cde234c..c4d5b8c39bc4 100644 ---- a/test/helpers/ssltestlib.c -+++ b/test/helpers/ssltestlib.c -@@ -719,6 +719,11 @@ int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, - max_proto_version = TLS1_2_VERSION; - #endif - -+ if (serverctx != NULL && SSL_CTX_get_security_level(serverctx) == 2) -+ SSL_CTX_set_security_level(serverctx, 1); -+ if (clientctx != NULL && SSL_CTX_get_security_level(clientctx) == 2) -+ SSL_CTX_set_security_level(clientctx, 1); -+ - if (serverctx != NULL - && ((min_proto_version > 0 - && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, -@@ -887,6 +892,11 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, - else if (!TEST_ptr(clientssl = SSL_new(clientctx))) - goto error; - -+ if (SSL_get_security_level(serverssl) == 2) -+ SSL_set_security_level(serverssl, 1); -+ if (SSL_get_security_level(clientssl) == 2) -+ SSL_set_security_level(clientssl, 1); -+ - if (SSL_is_dtls(clientssl)) { - if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) - || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) -diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t -index abb0f5aff905..e252fc81c7d7 100644 ---- a/test/recipes/70-test_sslmessages.t -+++ b/test/recipes/70-test_sslmessages.t -@@ -421,7 +421,7 @@ SKIP: { - $proxy->clear(); - $proxy->clientflags("-no_tls1_3"); - $proxy->serverflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - checkhandshake($proxy, checkhandshake::EC_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS -diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t -index 48b9e43c3b39..ae4e5e89f004 100644 ---- a/test/recipes/70-test_sslsigalgs.t -+++ b/test/recipes/70-test_sslsigalgs.t -@@ -129,7 +129,7 @@ SKIP: { - # should succeed - $proxy->clear(); - $proxy->serverflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->filter(undef); - $proxy->start(); - ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); -@@ -173,7 +173,7 @@ SKIP: { - $proxy->clear(); - $testtype = EMPTY_SIG_ALGS_EXT; - $proxy->clientflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); - -@@ -181,7 +181,7 @@ SKIP: { - $proxy->clear(); - $testtype = NO_KNOWN_SIG_ALGS; - $proxy->clientflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); - -@@ -190,7 +190,7 @@ SKIP: { - $proxy->clear(); - $testtype = NO_PSS_SIG_ALGS; - $proxy->clientflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); - -@@ -198,7 +198,7 @@ SKIP: { - $proxy->clear(); - $testtype = PSS_ONLY_SIG_ALGS; - $proxy->serverflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); - -@@ -209,7 +209,7 @@ SKIP: { - $proxy->clear(); - $testtype = PSS_ONLY_SIG_ALGS; - $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); - -@@ -217,7 +217,7 @@ SKIP: { - # matches the certificate should fail in TLSv1.2 - $proxy->clear(); - $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->filter(undef); - $proxy->start(); - ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); -diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t -index a9a77d5b8f1c..48b8357c2f59 100644 ---- a/test/recipes/70-test_sslsignature.t -+++ b/test/recipes/70-test_sslsignature.t -@@ -103,8 +103,8 @@ SKIP: { - $proxy->clear(); - $testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE; - $proxy->clientflags("-no_tls1_3"); -- $proxy->cipherc('DHE-RSA-AES128-SHA'); -- $proxy->ciphers('DHE-RSA-AES128-SHA'); -+ $proxy->cipherc('DHE-RSA-AES128-SHA:\@SECLEVEL=1'); -+ $proxy->ciphers('DHE-RSA-AES128-SHA:\@SECLEVEL=1'); - $proxy->start(); - ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange"); - } -diff --git a/test/ssl_test.c b/test/ssl_test.c -index 4c2553ce27c1..eb37452e8fcd 100644 ---- a/test/ssl_test.c -+++ b/test/ssl_test.c -@@ -409,6 +409,7 @@ static int test_handshake(int idx) - #ifndef OPENSSL_NO_DTLS - if (test_ctx->method == SSL_TEST_METHOD_DTLS) { - server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()); -+ SSL_CTX_set_security_level(server_ctx, 1); - if (!TEST_true(SSL_CTX_set_options(server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION)) - || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) -@@ -420,19 +421,23 @@ static int test_handshake(int idx) - || !TEST_true(SSL_CTX_set_options(server2_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) - goto err; -+ SSL_CTX_set_security_level(server2_ctx, 1); - } - client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method()); -+ SSL_CTX_set_security_level(client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) - goto err; - if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, - DTLS_server_method()); -+ SSL_CTX_set_security_level(resume_server_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)) - || !TEST_true(SSL_CTX_set_options(resume_server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) - goto err; - resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, - DTLS_client_method()); -+ SSL_CTX_set_security_level(resume_client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) - goto err; - if (!TEST_ptr(resume_server_ctx) -@@ -452,6 +457,7 @@ static int test_handshake(int idx) - #endif - - server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); -+ SSL_CTX_set_security_level(server_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion)) - || !TEST_true(SSL_CTX_set_options(server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) -@@ -464,17 +470,20 @@ static int test_handshake(int idx) - || !TEST_true(SSL_CTX_set_options(server2_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) - goto err; -+ SSL_CTX_set_security_level(server2_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, - maxversion))) - goto err; - } - client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); -+ SSL_CTX_set_security_level(client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, maxversion))) - goto err; - - if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, - TLS_server_method()); -+ SSL_CTX_set_security_level(resume_server_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, - maxversion)) - || !TEST_true(SSL_CTX_set_options(resume_server_ctx, -@@ -482,6 +491,7 @@ static int test_handshake(int idx) - goto err; - resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, - TLS_client_method()); -+ SSL_CTX_set_security_level(resume_client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, - maxversion))) - goto err; -diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm -index 3de10eccb94e..d3defae64eb0 100644 ---- a/util/perl/TLSProxy/Proxy.pm -+++ b/util/perl/TLSProxy/Proxy.pm -@@ -97,9 +97,9 @@ sub new - execute => $execute, - cert => $cert, - debug => $debug, -- cipherc => "", -+ cipherc => "DEFAULT:\@SECLEVEL=1", - ciphersuitesc => "", -- ciphers => "AES128-SHA", -+ ciphers => "AES128-SHA:\@SECLEVEL=1", - ciphersuitess => "TLS_AES_128_GCM_SHA256", - flight => -1, - direction => -1, -@@ -145,7 +145,7 @@ sub clearClient - { - my $self = shift; - -- $self->{cipherc} = ""; -+ $self->{cipherc} = "DEFAULT:\@SECLEVEL=1"; - $self->{ciphersuitec} = ""; - $self->{flight} = -1; - $self->{direction} = -1; -@@ -167,7 +167,7 @@ sub clear - my $self = shift; - - $self->clearClient; -- $self->{ciphers} = "AES128-SHA"; -+ $self->{ciphers} = "AES128-SHA:\@SECLEVEL=1"; - $self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256"; - $self->{serverflags} = ""; - $self->{serverconnects} = 1; diff --git a/debian/patches/tls1.2-min-seclevel2.patch b/debian/patches/tls1.2-min-seclevel2.patch deleted file mode 100644 index daa417d..0000000 --- a/debian/patches/tls1.2-min-seclevel2.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Openkylin Developers -Date: Fri, 6 Jan 2023 15:09:08 +0000 -Subject: TLS versions below 1.2 are not permitted as security level 2. - ---- - doc/man3/SSL_CTX_set_security_level.pod | 9 ++++----- - ssl/ssl_cert.c | 14 ++++---------- - 2 files changed, 8 insertions(+), 15 deletions(-) - -diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod -index a4595490013b..a58552848855 100644 ---- a/doc/man3/SSL_CTX_set_security_level.pod -+++ b/doc/man3/SSL_CTX_set_security_level.pod -@@ -86,22 +86,20 @@ bits. - Security level set to 112 bits of security. As a result RSA, DSA and DH keys - shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. - In addition to the level 1 exclusions any cipher suite using RC4 is also --prohibited. SSL version 3 is also not allowed. Compression is disabled. -+prohibited. On Ubuntu, TLS versions below 1.2 are not permitted. Compression is disabled. - - =item B - - Security level set to 128 bits of security. As a result RSA, DSA and DH keys - shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. - In addition to the level 2 exclusions cipher suites not offering forward --secrecy are prohibited. TLS versions below 1.1 are not permitted. Session --tickets are disabled. -+secrecy are prohibited. Session tickets are disabled. - - =item B - - Security level set to 192 bits of security. As a result RSA, DSA and - DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are --prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS --versions below 1.2 are not permitted. -+prohibited. Cipher suites using SHA1 for the MAC are prohibited. - - =item B - -@@ -118,6 +116,7 @@ I - - The default security level can be configured when OpenSSL is compiled by - setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. -+On Ubuntu, 2 is used. - - The security framework disables or reject parameters inconsistent with the - set security level. In the past this was difficult as applications had to set -diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c -index 8d90fa54df7b..f03079648e71 100644 ---- a/ssl/ssl_cert.c -+++ b/ssl/ssl_cert.c -@@ -1044,18 +1044,12 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - } - case SSL_SECOP_VERSION: - if (!SSL_IS_DTLS(s)) { -- /* SSLv3 not allowed at level 2 */ -- if (nid <= SSL3_VERSION && level >= 2) -- return 0; -- /* TLS v1.1 and above only for level 3 */ -- if (nid <= TLS1_VERSION && level >= 3) -- return 0; -- /* TLS v1.2 only for level 4 and above */ -- if (nid <= TLS1_1_VERSION && level >= 4) -+ /* TLS v1.2 only for level 2 and above */ -+ if (nid <= TLS1_1_VERSION && level >= 2) - return 0; - } else { -- /* DTLS v1.2 only for level 4 and above */ -- if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4) -+ /* DTLS v1.2 only for level 2 and above */ -+ if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 2) - return 0; - } - break; diff --git a/debian/rules b/debian/rules index 2ad9c39..9078f4f 100755 --- a/debian/rules +++ b/debian/rules @@ -12,7 +12,6 @@ include /usr/share/dpkg/architecture.mk include /usr/share/dpkg/pkg-info.mk export DEB_BUILD_MAINT_OPTIONS = hardening=+all future=+lfs -export DEB_CFLAGS_MAINT_APPEND = -DOPENSSL_TLS_SECURITY_LEVEL=2 SHELL=/bin/bash @@ -30,8 +29,8 @@ ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) MAKEFLAGS += -j$(NUMJOBS) endif -CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng -OPT_alpha = ev4 ev5 +CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand +#OPT_alpha = ev4 ev5 ARCHOPTS = OPT_$(DEB_HOST_ARCH) OPTS = $($(ARCHOPTS)) @@ -86,8 +85,8 @@ else set -xe; \ $(MAKE) -C build_$$opt test $(TESTSUITE_FLAGS); \ done - #$(MAKE) -C build_static test $(TESTSUITE_FLAGS) - #$(MAKE) -C build_shared test $(TESTSUITE_FLAGS) + $(MAKE) -C build_static test $(TESTSUITE_FLAGS) + $(MAKE) -C build_shared test $(TESTSUITE_FLAGS) endif override_dh_auto_clean: @@ -112,18 +111,14 @@ override_dh_auto_install-indep: fi override_dh_auto_install-arch: - # We need the -udeb directories now! - dh_installdirs $(MAKE) -C build_shared install DESTDIR=`pwd`/debian/tmp # pic static libraries, nobody should need them cp -pf build_static/libcrypto.a debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a cp -pf build_static/libssl.a debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a mkdir -p debian/tmp/etc/ssl - mkdir -p debian/libcrypto1.1-udeb/usr/lib/ - mkdir -p debian/libcrypto1.1-udeb/usr/lib/ssl - mkdir -p debian/libssl1.1-udeb/usr/lib/ mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ + ln -s /etc/ssl/certs/ca-certificates.crt debian/tmp/usr/lib/ssl/cert.pem ifeq (,$(filter noudeb,$(DEB_BUILD_PROFILES))) cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto3-udeb/usr/lib/ cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/*.so debian/libcrypto3-udeb/usr/lib/ossl-modules @@ -149,15 +144,6 @@ override_dh_fixperms: fi dh_fixperms -a -X etc/ssl/private -override_dh_compress: - dh_compress - # symlink doc files - for p in openssl libssl-dev; do \ - for f in changelog.Debian.gz changelog.gz copyright; do \ - ln -sf ../libssl3/$$f debian/$$p/usr/share/doc/$$p/$$f; \ - done; \ - done - override_dh_perl: dh_perl -d diff --git a/debian/tests/control b/debian/tests/control index 874a65e..ac7f2cb 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,3 +1,3 @@ Tests: run-25-test-verify -Depends: openssl, perl:native +Depends: openssl, perl Restrictions: rw-build-tree, allow-stderr diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc index 52787f5..b01f284 100644 --- a/debian/upstream/signing-key.asc +++ b/debian/upstream/signing-key.asc @@ -1,398 +1,513 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFAAbq4BEACzaRctf1/dafs2TQtOrMebzky4TGw1BrWFWn/xdc9HLm61+Y9c -GkEFquLwvDDds/cSt+J6U+6vqPpWVt0pqmvo7bXF5w62QGA88c5R/2owB6fw54rx -GvdJneRtHbsqPuBtW+/8EiAjpCvShw5/YB/VT/zbBguwH4JRzNY3yRrpFJ0cwRD7 -lo1wntACMFPG5eMu8flU/yXhP6Hp92pnNukBjxgayuvivYpCl3lmJrE2QBIvaIES -2W9XBq8Madx/JlN7TvnGhAz2Gn1Z4h8Y/EPtuy7OXV7mtQfW0ByPdv4FmXO+dfKv -hyrTJg+KQlpnoyIVcS6gOALUOLYlPIBEmwZTDpx5A5ZRsfUzxquwvsvvDVDBikuQ -Al261hO5P5Xxy5ZaLo8fi+xMA8j8HfVVgsgFPAvAy8iM/pNt3BFUulVxjZBxrq9p -d5PXdxLxtqpAEZ+Xnzw5QgjJe3MMWX85eE2nQTLyevzERKFWi6M9dBpCEM34uKF5 -9ZUQ/i6GSOkoxpokNVWnOnpiOgp6AAEOtC8G9+Z+pjQlPCf9LU5Xmb/1Kx/DRkmL -us4nHY9qtaiV1XUSAP1WZSrXUlVQMOwiJgvewWJqFivy82lM7n4Wkk1wfjI8bR8r -QAKBiHiwVDnpXgr9bDDWu3OSZ7CU5bizAoGgIliwgXcigZqrPUBNkjY2CwARAQAB -tBxLdXJ0IFJvZWNreCA8a3VydEByb2Vja3guYmU+iQI3BBMBCgAhBQJQAG6uAhsD -BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJECBkxTZBwl5dzCQP+gOSp8Xz63jE -ZGmsUPElufn6OLARL9pKZnCruzdcOOWsir1xRZhZunsrJ0qCMaqQZUxK4tXluMq6 -t7qdsIylpI67WoE39obc///eQhnRT7T1pHwR1Ehg5Um6j4/jnGtegtLzSugkCtFJ -xaQ8aDqaT3FbY654xWwtKV2HXMoMBv9TMWhks+l6QrzOfbs1XSReoUxXGNhGAp9y -g2PRTtnqrZ6OLUegjCX3UR23pOaNubAw7N6EuPnqS8U/WHXammKbf7LPmuvFejxn -W6erUanFdj+/QKIE1kAEdfWprTz2wmSKUSsunHkbhELxVAX4ofRPiTo/sQ//hIO7 -xYOXM2he09VZh3em2KpThSB6ApX8CyKCdR4fhTagx3KLV+7pbKXEYEmPqJRci27Z -WjXJzAID4Hyxz84iLLpvgbrsvRWCyKWk5sB8z5issawv4EvJ7khh6V5Efp/4UnIM -4yHHNyalDd7vtUx5Y8Sqp2sY3I5CoNZ1CIM8pem3CSdKs7KYV+FiqjCF2kDwKpEK -CewHvGNENCRbaDFs1463UP9+10rhmeED5u65eLtVXohITDLDrkLoJWOvxhFsMmC4 -dCUpOFWoBIrnOx7nIb5s3sccXGSoJitsXANG5tBMADe2z2Mq+yHL9fpG9hegmFFc -mbl+7GTJ6WfqQkc7SoqN1Zjc4qfU0oStuDMEVaub5RYJKwYBBAHaRw8BAQdAHp9Y -bPAXkR2TsdnPFLmhQf9C2mY0XO37TPS1IEMmeT6JAn8EGAEKAAkFAlWrm+UCGwIA -agkQIGTFNkHCXl1fIAQZFgoABgUCVaub5QAKCRAIbqUF3KLT8/MxAP9ISev0B/SM -Qv0UZJArqEDvpGlvxIQ7EijvPSDez/flQQEA3cw/RVGItC2FZIlX+WAguY3kwCh2 -fCfOpm+TGnfyCQgAIRAAhwwrwXR3Gaf1L7E0ttaYq1fnUUhp8SO86RXvJLXzm6d5 -CwjqR9eTind36F92Xvxc+h+CazSkAR0aLvOUxYEcFimO164bHaVN4BPH14xxqYyr -60DHi6kv95q5a/8xw9VFMc9tSaXgJxPRUHNMFM6MjlgFW+5SW4BuAq+c5wnLY2VD -YuMbM7wqB25xw4iKSWy4sYkm8G/NeltBjhDUjhhEpSInoTqnkgZMyPWnLH3XnI07 -6SQ+6nMeR9QHHrZn+32ZcGOLsfK9qcxoFa1gVQxvT6pit/jm9G45S+kGSn+Gb0h1 -PwyZ00b/Ay5ALsWAx0TnuX0MET5AFV7+bfngnwnzKAYs5ScMuSCMzxn1aVxfq+Og -mHdCO4tD2FUuOS2WCmtJ3H0bu1IMbYufp9A/0XY9ZrYgWtXBJlp7B9LYjJJ0HOEw -dH4+Ciss1zayI6eBGIDv/GwX6Bm7k5+lnaU2zb5xbIyaen+xCTJmC0sVQdb/CE0k -eo9LlC08S2HbHiEkCbz1VxVzlTpxhke7crpYptKnKsZ/pe35pdQK5BZHbb+WBrI+ -7pHI2Xpazv2oLhu2vhQsdntqTqBbI6CPD87pkMSk/PYXP+WMhG9Zqsc5jBDWIrgf -rU8/Cfx5zU3Dlz3wjsH+eCOrLOc/UD3nFnOCwLbgrdC3IZh3bznBCOluynlgaKy5 -Ag0EUABurgEQAPBbF7My7232h0PktP61YzyCJx8ZNDYARe5ugGXndfxOBFN4Oxnj -x7ZIKymFmQ6Gw8orJaROxvh2ggxzVkm3T05BHJuNBQpTFR3Ye3HFat5gPI6Cr3h5 -/U9lP5LNqRf9RX0DR/D7ske+0Tp0DepIi/aPIb2eS4tj4APUG1kQRdWfhg9EBPu9 -jhvYBN8ZGu74tU+ypFFwDAP+MsWdMMBWEp/OeEfBAQ6GK3UsUtmOw3ObG8JZ5qMZ -1kU8KwM3e3BiLdQbvYLg8VHYkK6noYsAaijX8udlyUe9dkQ8eoFX0mz8ZriOKurR -Tbsx6yYMNPiq+aO1J+jnKsnhM4nI8qgyJk/DKy530ITvgwhcCDdP9vtahzrWXGEt -QUrR/lm1ZmbN/TJUjyCS6SmF6BVnPPvezmiT1woaxp3Ucvn0KCOayuBfs2fGeGyo -WH14QHKYrDdn17uHIvu1+ZjftfiZZWmji/ibKBq7SzstunSkAeMLApV7x9do/nVX -wiXFVEVBFFRToHTL6902P/EPq7LitsmWPyA89EXPBn2t27BlqWW9GxXvfiVZEYqq -rn82nr+D/R9S5wVL3+bnfLmwEFDrLwcruRziaSCClcaD6aMzlPJgIUauKnyJFF5s -NCUFzlTnk5KfOYi2VRXUkN+teVLustJoesZO54HUjmo/1cZhW+zNlDxLABEBAAGJ -Ah8EGAEKAAkFAlAAbq4CGwwACgkQIGTFNkHCXl2HiA//Zo6g+mb7d716LnhWMyzr -TnB4wmCZZwSRlX77DY3aQ8oWibVwGtFbWEvJG+YT/iRAl2EzrDWGYTRSBDnbdPAx -Ev7gUtQA8sXuRuVUp9KuTjIXRyBp4oZH8HpTw+JInErliHNs9IPMMEu0HiDa/aVA -vnG5M8LvAy+ysE2759sm8YJ3j3/oQ0Tu2doCl2BSzU0t6NYQQ5nBXvXuVSufjng3 -LEk033Cy9LQw4Qp0NizRBYYcg0/Q/g5tWIb1gR+/inPj2Tzk9EvV4YaoqJR5zZHp -+J479oRU+GF8VxnjAGI+461tvpsQ6/Q5f8v8jgRuT6YzBzMVwaTnlq3w/DaFwOZk -BRcWYXZXlfyVIEwbbq+xa+YMM+R0uyxM2B2+jTbiX4aZAkG6ezfwMTCprSBPvm2G -Zupv/vcGyAgFpN6OGnp8DK2RErG0uvOPy49lI04nrel17h79JgKIWBnMh0ZxrWTc -Y9EFsxEbdOFACC/028FaW8c8GBE0CbbziRw1CCXJq6Tyz2cPXmZ8Lg5m9yo1Bco4 -laE0oqqdWIepzDaVp/bPlbwcmbBo7PVWqbAW0J3s3vPj1r7a7sjxILkqG5hXAWGS -77cv2tGfnG5I1r9Y7jxJsFzJVwjTWJ9dyQ0045RlD+4kbPFd6fLghjUQo7FrGxuQ -JMeog4NgWTChpQSDcCTgv4K5Ag0EUADi4gEQALnZQB3RhzQwM8SmVGvUzEBpGlQL -PbImzQhRUPIpat7cyLP78QpBY6TakiaQwKut82rIlApq1BnwzUFvyGEar//SQWQb -/OM9SPSH2I2pe7iomqi+cQAxSDUuX58SBLhYrSleI0oqJ8G1LpiVqFg6xWLQYUSA -AkmfySMWZe4QcE5Xx+iozr+531ihjEBfljocvqbG6YTTVpVMa6pg1emkb0kOBg5Y -XgxD/dw56sGC73yd0252xWn7qd1Q3dg9d7+mS06lzfA5pA7lNyPaB29pCm98ZE9r -UVBprt4NIVPy1n/eZvMlqf8iLqUkNW3PqvRv0MpzvfAuaePRPA5jkxwAD+8SuJ/R -+RGwJtlFX1PErYLMNwSfeqJYQRyPjCoYi6I+8iNX/WwKkXYphtDjp75nTa/KS6O0 -lak8H19ZvHgP97YMQyFvbTW/m3xeD8xGQuhjoAKUTHmAlqYzG31pnzcaqtrIgUp+ -u3OQaTMZdX/r4nm3+p1RHhZXKF2zQPbfVEy/RXhK2v0oQFOMpm46wwb3eXax9dhH -98/X5Up3R8xXg1n3vuPj1YonAsBLmIZtxb+9n0II6xDNhwu9/vVG/B5+Ufk0CJ7d -VHjxVnWGN7ghA6Pj0hshn/4qssi8a6idXaj2bxVCu6C3kU/fMiSr0aPpXWHfdL99 -TU0enPWoSr+kSw7hABEBAAGJBD4EGAEKAAkFAlAA4uICGwICKQkQIGTFNkHCXl3B -XSAEGQEKAAYFAlAA4uIACgkQoZ8sMBpVIt0CCw/9H2+XvbVfdJGO7g2xvy99Rpag -KgsQ+S9FcRbLb2ch//EUTGfMN8jID+92RhevH5nZgls7rQDUMWPU4MU4rL7ocF22 -lrHptGB9vUJPFwCADKoc7OfQxVkrtIqDAmMVYsoYcs1VX2dJtw78z45G7I13yVkj -xwK82u43OwWR8BKgNX4uGqiu77vgT/whpY110Fh1ceMhUQFV84XGjW0OnK9L6snn -KLXhiR5seVt40KhmuvHYIM89V5o0uCbl7r8PGOxs5xsMIPWdKLXBzaPpAbQ5tyoX -1zXk4yBwYPlOOTKr1xNL+ZoQkr5zymL/ClPJIbyMX9QLh6/dk4ndq0/TZoEEI783 -QisB5xqYftI2jFlcHE/79Ud0vY0NEI/zXKIu3d+qLuXzbXI11LPuw6g/uqTonHmk -EYPMoCYrjFWGFcwVopPqYQJUzXNU34D7MLyPTwUBJyYGV32o2fWFyU1TerBSC/7U -8lLJB2di4GUG5kg7kdx07CXb7Twm5GCvkSHFACHAS9JVtqiW7ZMJRk+zay2QyRWE -tB0jc7+tha+QjuWfRwyplNogfKZ3MYJQ3LI0+PD7oX1mtgk+qKEtCcrlpjwLzIeV -ZWLy9325g/s0x3cQuJiqSHTD1WkMlSnO7lOZ3VvNz0Wek4SMQLSwEc4ts9KivlPd -tyu9xOoJyPCdMhC4cdj+8BAAgNqdDtS+YLcgJ3wkxrZ9DSwg19qNEipUFRAXajAW -Io4n0duMUdvb/QjPcoNhlZs/sYi2kXWds3CXCUPx+R0ZVwkSwVNPq+KVrdZO3hr6 -7YeWPjIp6kR6hs/NwUA2B3/snGYZK+WQou5Mnh6WTcjw7gFeBoffuQge+SUq/oMQ -Xa4yg0dAbl1eGlVM4ZoQXRX4mYX88CWh/8gK532/P/viA3/1J2lYI+vtkGlHMHCI -+k0r3XMz84Lp74xAeWM7mYYcICRtiM1yoo1nCYcv3ZexsRTQioAKS11EhuW9eMDQ -jDLms1AaMLMfbS/YLT8JkfDOz0h49m+wfxvY4fqP5PDirnpU9tpkOOp3LlDK0zXr -f552sM3PTHGlvEpKqrl52LCMU/MJjaKx5DycR+fPQC3GZnzb++M10G3OHlQjhVW+ -NTSMKyp4vE3lRMOz4C2jM4zIo4dfHnxJxv3VQYHdNWf1+fbq3BHWbx+981dytwFV -zIUQ68GKhndn3QoZW4B6edsWIZ63EGOoBUh/wQ2k6ncMXBz13ou/vLhg+crwBXAC -31I3rvkZLC0FnFxsJVXzZf7TSSRaNE3VsUUA+nl8FYvxHdlTYHnU5NVWKCJSKL4x -CgnOpvonSXTDY3RRJk5uHZKmoYgrgx+eicIH/tM7f3FfbOXkAsx/lJXHjEqqwJ7T -BX25Ag0EVH8XxQEQALTvIQg6VEY5u49MCR8OxmfEllnypF0ZTLX/tXbRbF8Y1Rs8 -brf3H43cXSGJvsRvMrtJDl4iz6DaoF7Oy8gj+KrpB7wNBYuO4wlhR/sat9NfFUB+ -tMLO5SZU7CgBPjZ+4x7yfdb+h752g52BqkertVSG2YMqFSI8mie3W6elsdnx5ZxW -8ol2ZLGZKYQS7uK2eWomYKyYKdunuIXz3wEJZT9seeh8pNWmV0/n9kyoqZ+25EOd -oA//Wov3Q8nwCmuv9UhoHOetRDNrAVfS4tvaHIzleTc73BQz1anXjI7v1nDzbJti -umOJCW/ACJPDz7nCfkyR3Z4BI3ROFl2qp+TWqaX8XDirwvjoNYB5jSbqgK/Yve9e -dYVZfM0QNXoqmFPzUEBMs/czA/0Y66bWkS9JGRmiITWpQooujOpLY1pizb91iv+6 -dBsZRSvvsDMJjZ84AI1nSPhIusHijEvvezlFiObZL8/TreEzqIuO+sYvK8zFVx/a -vnqaOBXceyiLti3ZWjwHFyyfSLfmIlYtlt//pg7bFdyAGKepixPvnVe5eCPmsg50 -x3et2x6MPc1EEH1wbsJ7b4UgT88lrFMlaCYHJuKoHvI+l/lLUn0zUvLR5cZNwtLV -zyvDqTTwIbkKY5URQ2eL1yWb6NoaugigDPaQIecUQxD0POY31qs7vrMxSNghABEB -AAGJBD4EGAEKAAkFAlR/F8UCGwICKQkQIGTFNkHCXl3BXSAEGQEKAAYFAlR/F8UA -CgkQ48TdzR5MEkTHLA//fXUEdBCTH/9HXnrJgfpaSAJRwOEX1UxSoJlrRmRESxXN -FHPZd5a3Ff99VISd5BQJeT1EJoQGZToATbI6F6742Uv2mkeEz/iBbYEPTnJvcVux -E8zEGY4RdTiBYEUVunRTXizF7mh3kswIVZc3jya5JsBLe2NSDv6TLoBdjz/OsLmc -YD+eiE4vT47SfofDI2TMxq6JH7ezMBrVciibcXH3MSyacDbmgj2DzisrWnkdDvAP -Ry4+0dg5bo0KKo2e1cm0aOZZyE467ynO7+y+QrFRIZrvZozgvHtyAqstWVrM5gAV -xyJtPCpY4k3+UmwQ61wqGM2lPqlnskyCA+VeO7LyYiUop4GmEi/z99jg7RtiY0mQ -Tq19mAZd5dBwxjCRI7Zb7Pw8sMqzEpbmu9etmdmJvzODlSqi100EYCG44fPbUfss -/6Uj6k0YQ7NFEqLezUYQcZRT8l3REx8J7HQwcQ5vYZfP/OBxp94xPuBqpOLgWQb0 -WR5V4QzCNpRpn0AKt4NrFB4v1su0nuQlMdvjLL2T222tPpxDkFmlfI/TyzsIO4s/ -54gBbZkbF324OwFTNL4Gbbqf2Uun1cGgt16k7HvX/YtOiUidS6emhakVmxpZe11j -og7rwP1LInm95gPPZ/AhS2focWzXSbg9BxB1GxQaUxGiz1zHZ67WuzKtRXB1Rsn6 -ahAAmm1+BUUVmtf0+e5ITls9fff7Gc1Hhxfa99Eloz3J32YMXjusqZQyRoU1IRfx -F7wKbEM/I9S95KEcXIFT1HyRpUjd02+uJTakWg95S2Rw29hFe/q0qQrjH6sCK6Vt -unDg4bLjnw4wxiCeAUVzzGwiYsx9rbNDJVYepM/0kcX0elztgJbZhFfWwDdl+JN2 -ezWrDNJ64EV3nb5MMky990COFFXAOB4KhDY0Qtw7pRVODViz51w0PpFbzdmr2n9L -7noG+rzGjN64tLcLwB4ngqr3ypqv2GyoPg+t+iDWMv0e/7WOYRT0kmznk/Dc+0sN -2i2NQ9taNnjvZlH/WD9AYM0fMS5r0eTTEvFLZC3ilik5zGfGGf3EPfuB9GUzvNj+ -FvjgG8oBZwjUuXfSGli3l/iOFDY9UkzEXGUqm9lXE0U8f4hST7Med/ifum/GBEFP -rudn/i0xgmZi2wLqm7gBRwRSpGmQAmnk/Eap/quN6/7QnHfYJIwF9mJqGlEO2tq7 -XUTiC81d42Ys8tu9/zqQS6Y2wND4rbCJ4Z/yD7ercyDrL+9OKDmbOgLo09dJ0QQF -fKwjKnST3x2RZsuN1Be7fd+lUXHqF2IpV6UiFDLmsT0F0qouNnEj/2+HzPyVj+Qq -d/1OlzNpIX81R4Xm7XXyjuvIoAeJl/JLXqb88HAyikF06OeZAQ0EUYAuwgEIAMGS -HrN/Ft7BbYomNoxqKyFKunG6JVpTK9aCl7oyhp7sk0JbxrKElvAC2xDr1IYDiBST -KtHo8G8MxVgSJipnBcH/cgStK0RKNy76CRuaxrRdzAemQTeI3sjxpTrrIy3vXScY -SZytHkTi7g242ge2c4EoSH5EIsanmajqHBtRhTMbd5Qj/OLaEsCk+loBNecPdmSG -C0dXeWfdnXqdRZAB0hVOjFiG9WejYRCyp7xDeJ+XZR/Rilo3X0EMGvEzdY84Apsm -TQBvVuOARp1q+sUEI6X0KttOF7BEaaQ53ElZpWQRFcxKGXNTOMm8o5QRQY7EkKad -9CKY9CgJ1DJUUuAd9EUAEQEAAbQfTWF0dCBDYXN3ZWxsIDxtYXR0QG9wZW5zc2wu -b3JnPokBOAQTAQIAIgUCU96+vAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA -CgkQ2cTSbQ5gRJGgPQf/WUQld+vrqt2+yTI6LTNTQBG9RceNuaZiRnsROR1eHtVr -9OOfzVPenCavcXghwsY0sPPgSDrvFur9PyuuwQ87HmdX+ZGdRP3tSaxC4udHbAsZ -tEG7bgUozuhfcpC+Ah0lZ3EccmyOkYJWITWYgUBEDOU37qne09udDMA2NHLuL89h -T+eIZ2pVwyFydkJfkXtgfrDq3RmZgfebVB5ESdap/G7t7Iewi95syApMj9swbxns -qUtmFr0fCsVdAA8hJPqx9zVuUon0g1QMz2IroNH+6WTDt7SGYcuqNapizk/PJd6g -2ew9cm3r3CIANiqPgo0Mh02nVGgX2p9vWcT4MzquBrQgTWF0dCBDYXN3ZWxsIDxm -cm9kb0BiYWdnaW5zLm9yZz6JATgEEwECACIFAlGALsICGwMGCwkIBwMCBhUIAgkK -CwQWAgMBAh4BAheAAAoJENnE0m0OYESRY/4H/RKxZJ4saj6+Khvz3flSKt6LgW+f -MY5RXXD92AMtLNq+bKxXFvir2mynW+PUoS2bXy/Nk7v0B4BEbBZNBgaYWas1FZnY -OBuMbIngtLmQsGpD0VoXu9QW2aXpHTjLH5FOBBODrTVewCN5Ty5JquZ5mAZUwAie -x0ytRzviUl5YpKei+vggU52CJT96e/X20rfnlux9O9vSSwTlDvCeehFd0vI163QB -Z/h52dYMSdFvpwhUMXbxRGPEfrIh+oBV7tWe4MHhJ+5yThHiBgVL/EZ9OChw9QNn -itTPzCV4YvAMiJTsamKWa1lOXUVM+QVr+aptwmB1VMmotk7m8hImRm+oTlS5AQ0E -UYAuwgEIAM9nUJAEpsVBYwK92PP9Mlo1/etXp6JgBI68sOCJxTwzBrbTzIlevVQX -qW9zdODD6ObKcgGNuG+G6Nwn54P6McRpd2dxor9YA+yaI0yT6CVnhxsXjwc/vuQ4 -tBAL6tfuMAXRVIeEVk22cKk4HJB68ImXCCRdyRi9HIE5iTrZHsHC4sjAsirhlc0o -8hU3gqkKh2Ehwa6+U8lzNx06hoFEZxIVRteoz1jzCHImF7EXztEcDIamO8uckVKA -uKbJgFGkU3bkvNgWlc8Pgx4tRUNJGC1LE4nYqaSEwee1SpA/VewiDObj97PozCTF -zRCUBCnSvaAlTnpA90TnODH7ar+L5aEAEQEAAYkBHwQYAQIACQUCUYAuwgIbDAAK -CRDZxNJtDmBEkQs2B/96XB9hyFpX/bhu41YNr7nSA65dDi9d+PkMqvLppickG3VR -4xXWywzEJTw6W2DNMyFO6mOtdXWgNdgDF7HKZYvHBr6pyttLAMP7BfWBvU7YY59u -KmUSc5vl0NzsaSbx5PDSQEkSICLI+/hIwuEXOb6Z7gOrX7F1uy83TmHFOOjD2mLl -5isUzFhaLVk0fZSY+mCgg3/inbwb8g3191Ybk2LfXmndaEsdEzMLrT0g6wIgmybz -6UdVuVPfSPGly0VWVAG1sNPOCpAuJpNV6+VxrdViAx3vQPbx3XzqDFS1ISlnd0qS -/7RXwMuFDpVH/BDvzQcoikWnpRY/loPGkSg4TB7amQENBFIOPE4BCAC65kaDpN/H -2OawMMUjPE4OR0dq9o0/qf6ZEEX3NVFIRZR6FUI0f6LsobNB4gf5iC1aUMPSGky5 -BIY+AtTmVKM/3py8+pg2+lSvrHmuhkAFJlQfhjrvGz8dd9zO4Sfd7M6xEFJIYfaL -ia9tq4tNkGeoO5q7zJBJJKK1og+Is3pvJLELp4LGFDx8zbhRPgMU0vOFJMgyXuGX -fWVoqDtOKZlw073hasHiEGFhwU/9hS5yabbz29LHehCILryxtNQwOWmhJFVl1fui -AYRenKjezgYxRKSZM/npyNayTN+9dCdOacuT4y2kCSrzNQAuzytYiysnCIouBOE1 -u5icWbgxKi/7ABEBAAG0HFJpY2ggU2FseiA8cnNhbHpAYWthbWFpLmNvbT6JAVUE -EwECAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE0JloTcfCHgLhSor+ -8jR5RVxRsnwFAlogQlsFCQvVvoUACgkQ8jR5RVxRsnxKcAf/arP6yZ8tin2yieuN -Ov2Hj2FGdzeFBbEVrlDRiXVnwGw6Yb6FNBZCjrXRTtVzmIeDZgiTN06WjBIQpYXZ -Ff8bbayxu2LQjhg3NZt66iqRrBYbMu4CLMQDK+XPHWqJLFjSjjThE8LWktYNWaTW -kkVrSQLcCdJgm04ZnpOUygU6+m93HKvbv3D8kUAUzivoRBU58lr2hox6W7kS46PU -tV31H7IKrihkLrodXeNnKCWB45LJ3NykwH2ldqxQmXRJksIOeMoRGrEWNtJCie9o -I+PJxIv0YoPmn2P8nPF9+JeC0uyfSZaMFW3B4ZLLyMDvh+3W6p4dpqDWV2oe3GJ/ -gSZzCLQdUmljaCBTYWx6IDxyc2FsekBvcGVuc3NsLm9yZz6JAVUEEwECAD8CGwMG -CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE0JloTcfCHgLhSor+8jR5RVxRsnwF -AlogQlsFCQvVvoUACgkQ8jR5RVxRsnx70gf9Gw1vdnDihY/ZyW7L9mSr+bqnANpH -BKjJPSLyjMmBsW0ac3Es9Q+hsucE1QFNp9SJ9WXwy7bynGUE66PbeDaQd//4uDmi -uos358pAkGZVoNAMTNRbHSEIwPiiyB5/qNN14R4WorDhGdmOdz64vwnMBEKen+WR -iqrNiHLiUQG4AGSDapkBrki83Z4ZnZ5vQPgLAnUN/IEVVrTyZQaeDMBZztui0IuE -mmNlykoLPCv6h2ImjH3Ox76yTOt1BAzzMRMZZrOl5TLqRFulBtsqvtJ6nyDYtfTI -FTDvhMzKn4n5yUcWvbtutnAQG6JuX0EhwDta/UooEffDjsVCwqT6H+o/vbQfUmlj -aCBTYWx6IDxyaWNoLnNhbHpAZ21haWwuY29tPokBVQQTAQIAPwIbAwYLCQgHAwIG -FQgCCQoLBBYCAwECHgECF4AWIQTQmWhNx8IeAuFKiv7yNHlFXFGyfAUCWiBCUwUJ -C9W+hQAKCRDyNHlFXFGyfJsXB/9dJApKTorE1QHzy/G2+mHIBRkjnlfEB369Axaw -XwLPmBOlpnmmuv7mESiEmTj4oDVvslSpaEkmvzZiEw0qcwZ7ejbYbKY9q9qUDUKl -tNDWowW+nvPZ/XmySIxSxRhNvNYNwqld3x77Yjar7j08dzPbcxDblIL21wegvPz8 -gfePYPT14roK+FSm1RdJ5AmAzSnmzM/31le2/z1QcY+PYeNzO/uCiKNs9D5Qp6WA -Y2NYcoM/12/M+an2OZlVQxoQzoCxMbHB8Vm9GH86qKfHG+ZZSryADqENo41fdSnS -N0XLuozsE94T9q1NrGcZnMovISAYIT9XXZbxDxsCh/UGZVgtuQENBFIOPE4BCADE -H2XYHa+Hk8EisPQzpDuTNDHUw2lFOY3QiRFx1PKRVUyYCzNlWIWtOh3cYf8tamc/ -nfZ/tDXTKyXxe/pmPQO6gJWzl1Yvws6vc710vqNt/7KJDJfiWPdIlW0x3+8O3rtE -gFT6asywj+WuG7LHODByysbvVOVq2vYStz+Pn3tEdoTTCnJS/IFyJq5yeU7rUPHH -d2xgOMycPtYxAigesS3C3IPYbWPV5+3ELpemkJPHc3GlWwOGw9vt6tUmurcPVKtw -hh9lso217e+5Dhn8PLUO2Dm98KLTUZxEOTvfww3i5nphuEDTu15nGNF+QWra+jv6 -08AQBEv5GHfs9JUV32WvABEBAAGJATwEGAECACYCGwwWIQTQmWhNx8IeAuFKiv7y -NHlFXFGyfAUCWiBDlgUJC9W/yAAKCRDyNHlFXFGyfDUFB/4/pRvFCXse+GDcYa9c -G9nfB+hwL3OSQCHnmmHkKTQiV3JF+swZtmhkm/8l5gQQ2K/F3pNkj1Sr8DddX+w2 -aORGWtv6Xsq+6a9SrlMb25frVlkdcSqffqWbtUHcvxUUJC6IGe5WVlyxAsFhNegL -54bh6Ic4FotB++0Yfu5lQ71pzifEqBbvi5lBySErFcNrOpFxx8CBjc63btqwUPBp -DrKpvH+3pzMKJzybg/KJy6P6dd9g8R7dbv2zY9avO+IQkYRasL4pJKxUp+4tX/yo -a/aXP1vazrpAyCAYXNBtq3gPCw4VS2pDTCbxIwDWs6pW+NPy2Gng4IaF93QCY5gE -7tbXmQINBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pX -vmqx5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+ -OmvlG7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGK -ZMnr94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5X -Tj+BiVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1Kd -qlwDF+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2Dsgl -jQuWSj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gG -QTUJDeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+ -t/iH3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whi -tGG+y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VP -Mt2L732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQAR -AQABtB9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+iQI4BBMBAgAiBQJU -MGwdAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDV6eQ/ffnujKu0D/4j -YQRAyWEU62HOiQJkSIOmMoio3jsfJF7VQnvfqgswvmPXocmQeQ8pdGG3o/YzSXRA -ycwxys1cFODa33n3E1qlDkAzW6QpRrV3EB5VLYY0RD1qcgBB9ToQ+TQ00jCOWGCm -QxH4jeqBKVpXO1itJl2bmOZhzqNAd8jQ31fOOfuwhjyvc7hOev3/Ui5gmhbApDTB -m71eMmy0aAX2XZwuTTzisiV0NExtAm8RjICDeXDqwaYVPmaz2GPqeIxKA+a7xboE -JePqEbL8coKSVebfKXtYoTTIZs7twqUbTI5kQHcyvtu2fKe5vATkbqAvjW11aXJo -yLnlw5GHcT/tPalMsPMRN/fLQLhF6WwlaEOvG+jQwgaaMIL1Lt+M8Q59MCnbdmBh -wes+ype2/EcnFht2PLvx7PpekHoRJosulCl5e81tzyIt9fdlsxJVIu07Rv27agum -D7NFN0kDJDVs8JI2yjPWwuIDxTCtOWvEBDXOujPlElozYNE4gJBj/Tw5aWMobY4n -Ak4C+dZQ5vCwV6/XG8712r+yXOjVYe2W8vPa9Q7Dxc3w5HHDl+p0p6mDCEpr0VBq -xn4K5HnjNDDbvd2j067PtH8avhySGRIV/2AskDeI6jPoUBofWzsDOwWnGj/Rfb56 -toQytliF5VgoV/UO9MQK1YiasyPP++j4dYpz242yXLQlUmljaGFyZCBMZXZpdHRl -IDxsZXZpdHRlQG9wZW5zc2wub3JnPokCOAQTAQIAIgUCVDBsCgIbAwYLCQgHAwIG -FQgCCQoLBBYCAwECHgECF4AACgkQ1enkP3357ozVsA//RvKgkyIyyzBqlsHKlAJP -+9CZqheNnM1xTioAqUHkQyUeTGXVPzK0RfGY0x397SW1X0cAt4GpfV5gdLuhMbes -xcq5hVhM7X14zbAuIJbrrgRS06wH3MCemnpf7xRYyg0SlaUQeCR2UANDTEiusfem -3b1IBt3HRCy/CRY9rASgoyhSIY+dVjiEC3tfH2AOZYRrZPq0TF32ygEFMi4ilMfc -xsAQey+cFt3Jqs2W0YX+ldgYyYZpiZTRa6OorOqkGnLfPB3RHHUqazl7RlzKlXOr -HdeBy55bx9sw9Nlsb5n3bYZQUMnXf1aMADYWwwn0RLtcgigmH/id8HCT49dyPb1O -J4OeXat3jHtjGeqnhXNq74gBHP1WvU4gVWVBtpJ1d+YMWL9+9V/0IlmdbBxLCSqn -imTnRnKcQD7xPMRCPTyN2PT7Ksk29tHGpshp/NKahTvtsA2ziBzRY51NOm+/iGid -RBE4BGkb8lPjuETsBNUY10XtuZY0TIRgW1kx0Y/TEP4rTESCyKvrlqu5WLFWs0rE -5f3CrHokbMdNJOC0BVgC8wixYlMu4JdlsxGaaaa5t/JVowCKzPlQhgP5MI+dy4nV -0xRb1Yi4s0UYtNEYeuLTURZ7Z6lodlYDRYHRxBlp4alzsL3zpayQOL1ID1nMIgZb -ihAgFBeVEmONjEgEKePG1Ra0JVJpY2hhcmQgTGV2aXR0ZSA8cmljaGFyZEBsZXZp -dHRlLm9yZz6JAjsEEwECACUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJU -MG0mAhkBAAoJENXp5D99+e6MmN0P/AmpB8DasBnjh9fAlBM8kEZ23MHVdEguPWX8 -KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh4V86hIYgLK9tisZyby+5NT4d -El6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvdooy/4ThXNS16HcsJRckan6oF -jCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1C3I+oL3+qWwiqAG9hp/zedsI -sNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6MZPiFBRGsARRRFfTRGkzI9W1 -M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFAnwf5MeO3MqzvjocoUyoZNc4t -7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4+1WmLxwcF0n3xaB04KCvXTaB -Z5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbYk81XfXBuBKv7Vxk0fRYf9+HJ -7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9fyZn/sv+UCLrMR6fyD/5Etzg -zW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W3mDDxJoaYe5bE2p0ca+mwEHZ -QpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlFIEUgucXLOLQHyEl+kEkCLEmS -bn71WsM8tCVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAb3BlbnNzbC5jb20+iQI4 -BBMBAgAiBQJUO42DAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDV6eQ/ -ffnujLPhD/4n7Jl5/FIKKNPIDJDAYmq/Z36t1m+m0IvSL0yuZh2WSCDo+xurZWVL -PQIrP14ORvWJJzZTmRLUWTxQPDF0z3S4kkopMyqTeHl++to/4eTQPF0QkpLcDXVK -zRe5jzRUTYC8x7mtJHdgKjmWqbgqm63RJg2PphRSbFqoPkfoZ0/kNdzG3bkELlpW -8YphA4guQBlU3N7p52KOavVny03UDLN1jVE/QmD641g4E7iNNxyXNs15iRi884Ox -4+EjBZOQFygx7RtrWXVokOS4Ba4fp3yDnkAdqhN3DtjKGPv7oqMcJuJpuBP6F1Rm -d7eJPS6+nIfJac0EnhDu25k5m248mUAgvtX8PR9n6OB39G6UEKnBoBFpmDpUCJKe -OLwGjvkpB04gAVdIbWJVXVkYVUyX6i2VRQiVEEmEsTNRZKrjyWtHyAzfSg0oEKUT -xijtVbkHZk33SuCSATq+8qKMXDDJHhcpX8/K3zgVOMDTRexY5Zpe47IiL0/CbK3M -N+SnBfgZzsw/TNasJ0a/AUw+FDGIq71UNysVL7dKHeKQX3nRRvHp7blpdCf0bOlB -c4Ni5Rk/QYMAR1zVHgXHOrANzTim1dUHensnlquYGx3sdws2d7G3p0VX5Ke+Drea -l5NraRhMYk0hJTgOy34vf+z1UGejbViVkEgts1X2nRmBInJhZOSyP7QvUmljaGFy -ZCBMZXZpdHRlIDxyaWNoYXJkQG9wZW5zc2xmb3VuZGF0aW9uLmNvbT6JAjgEEwEC -ACIFAlQwa/UCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENXp5D99+e6M -3KkP/izg32cHPYfDZaWDVbzV1V1EcyMM1hpsQm4C3bo2UY/06NtLescn/6kUwAlh -Bnn9jfqbhoPzqJXc/kbNxtVRc5JvZxhulBj+UdgoB3wiyrY8tM0+eYMWB4Tej483 -0s4c5rUenM2OrUNrpaLVL5pFm1M7k4m5xaMIkKUVQB0PaCms9NB4yplSIEcL9c3M -5UFm/ipQYML6qp07qknd/NTbNNPUfZreLYQiAr/kZxsjZR4mcCMaal8rcRZVhzkG -wX78aReu0xIdkPaNfJAvrO7NMCz7U3yntwbXmRi1jw4PAXvZjAfgRbOv7ug1xPcV -dbr7YbhL3miyYXH8H72muLvslOvba2CBAE4x6wZi7IEx3VNG9aklOx09PDZy29ty -Px4AhMLPj9GnGROUcMzC3+ZvOPmteaQjdA1MmR2PEAdm1OZLJ1Lb78FcGoWBXdWm -I0XFM09YxAAD1YNvVijPnS193jtTqesKtu57D4PEqLPUupHZZpic9X9T17veSjbI -6B1VCi46HHF4MEbQt7pTsGiNMKS2i/YVTap29Fj8x+cTxAmV2Fb8BWPjdLee5VGy -H8dwDYtMXK7fE6hQFZX3Vn7RXInv4onouolcyq7aPvxYPVnGdijNSMDtHdFx78vS -t9kMx75s8jyJ0ILojuAqB7C2G/ScybtQNYBXAIZtFZWLiPuEuQINBFQwazYBEADP -NcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpjU45kx/wO -5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV9qT3i0eS -Spa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdkHsEoMSVU -6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHMel8ZcEgT -ah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1nbMQ/dEv -MQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAtc/+iwMUk -QQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQJe31m7se -zA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+sjauCZQW -3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbhddJBHsd7 -GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz5JTjMkj1 -s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABiQIfBBgBAgAJBQJU -MGs2AhsMAAoJENXp5D99+e6M69gP/2MzECejKPv0lN9vHTnqLHiP7BcqbivPNqT4 -V3yal/JfB9c8h2ylsuZSy4r9TKDTgv/KVm6b9kJVsjdzyqwerKwpZ6T8ohyDt+/5 -UAXKY7wH8vR1qZdtRQ8Z/UbsZ2vyDGMKutBIxOYfDcpzZ+e78nRd6k3E6pIbR1ut -S972wQHM/VTEmsvUFZtX+qszOVm2y8adbHzY0FikqN/NZI7NVY+8gkwaybpd6knl -9ArEQe1heVWDGpaTUxz0SKglqc0zHDtxOUkhiCcvgKsAGWbxYspRq0rLsek51RFS -dO7NJ59co96uyIu2r/sGhpk3+/QdAMmb9CGeI+DVFhTZxobBtWxLphS5EJeyHfzO -tZNMijrrB3cw3GWws3nMsMNcN1g/o+MLxpHwcuJkEai4so7rbDf3acUUZFCwEzBP -kx/SeXjatAObEUWmshIgNUw3AFnxdD7QOLJjctRsiGq6GwvsZ/ABDYuHnmGQW3w3 -4fKEYRLCAkOq7NPfMImM/I7Wf6Tq7s24g+2Sg8vr4yrWKoIxp4qB0GpSQmayk1J0 -RKR9dNqYNQsOr9jnI4l7KlOS+2K4b9Y0CJbiCNOdVSCf0AVnubk+2IiTrDCzEBlr -5Dmz1xGC5XdlBeoSujB+HqZMFf8Nbjap5byHhBYB0ypkh738JQBeuJVIgwlHVhMV -8mypBNjWmQENBE76Z9YBCAClJEJJTPrqEX9P84lgfWoeAz6MqIgDxxmIjFMeJZ+s -p47tHnPaam0t4+8v+63RpsIlepNZtsufUyeIVq104YB+2pLWlTLCG0vQRmA5D6Ri -D7PeadLnAZtBMzhTNRyx0gD2hLM9HN19KftTa9ar4SfIVd2e/N6vgSSJKsI12x9M -4G3Zd0poEnz897HGftxg5APVsJoBw7tSQKHmKxLgJWAmxFV7bMxquF8tGSgaEeV+ -AceRKQmVWFWBb2JIa2qihptuJOfIlSke6h09oVa1jZ6kI3ATWCbzAWUjcT9nHCmE -VzT/Fha7JNW5JT8tyO08B5b82HyL+83n+87FVbOkncULABEBAAG0HFRpbSBIdWRz -b24gPHRqaEBvcGVuc3NsLm9yZz6JATgEEwECACIFAlOctAQCGyMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAAAoJEJGVxIJB+/fdlikH/RLnyBDNaQuyPkl09ZDKYiYq -g0uL/BtjEdzZzGzfV5uk9RctMd5UMU5Lh6phdc/Jei0d/VpQnSxhSoWmQHn6reYf -q9SabApzZzQcscBxL9g0P4mMj4PzYGmhYCkkh1GOTtDtm5wleTaoIKz8KTHzvc7b -LP5XIwrzwrtiRAiAfCCdmKz9hVqllM7yV9HZZzXnd5lAqoxV9wt6eiGfB4ORVJFa -sQsPAA0/+YoWhc8Zta819MRABKw+egfWoRm+DVAEVl+5hPBOJGzrFpZdPVPiGt16 -QgmHVKVh9z46OBup/CfhvXWHY7J7X28c0/zHgI1dFJBOlgGxAzvBGmXkYNLXXMG0 -JlRpbSBIdWRzb24gPHRqaEBvcGVuc3NsZm91bmRhdGlvbi5jb20+iQE4BBMBAgAi -BQJO+mfWAhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCRlcSCQfv33cdH -CACS9HhOWAyEAGNhCPjOhYsJRY0iQk57Ekxh2kWTO66NLfX6HwnmOv+6z2uMo6Xx -IDqLtCMFYoURkOUuoYNhZBhbLNNCqBY47382zuivs4X4RUNuewQGCmQd5ASzbCxt -Z6eqMG6qJpnn8lsAbI9yGQ8ofwqSs98CTbRsv4P1DVacwXFqGDeu4qKQ2liIdbQm -CP9mkl7dkwJ2BJrc5X8msu226WVeT7z3lPWlmEWnYtJLnjaLeGjP4wEcaUDm6Lub -RWxUAZ7gqRWqP8dX37Y9VSZvKHOmUINrvLAmhhYlZvt8z32PUA+hICJ7AMwB3V4H -oNy/qJfAtkWqODvnG2HT00BduQENBE76Z9YBCAC5xpa7smrlstM6q6gnBkjTs1Tb -68mtEXTGPpc8ds6T/79sApVbyIq3xXCinqtSwYeH/kkYnB3+kBQDgDsSFos8XpxB -Lqr9mrVk2Bu4Pz/c5/vF9L2uhf1p8nt/V+HlC9p7Q7ZCf/TRFQj+3WFafHbBjzDZ -w6kkJm7gBtzNj6FTHNUxv1t3NzbPSeW7tQbo6ptrclLk+S7rgEnG5t8VOYbo60I6 -bniGUvUVYMVVR49BsZ5tW7jrLToZf5wQEE2C6iud46poPpcDNiBiPi/LBFHCr71K -zGnAWsfHu8lt7v9MarEuXDPoC045DLQyWSKHGP9/uSuesEOpnb63J9gDlgaPABEB -AAGJAR8EGAECAAkFAk76Z9YCGwwACgkQkZXEgkH7990gaAf9FD6fsKERbpB5aSiy -CyXWm4vgIla4U2WE8ttGRNOVX646XHN/lA3W9r84HOsFgK4JvbLomiwZLQS+bvSj -9qplO+s5OqzfWyZpdpjZNhAeb4GsfaYThrT0mCngb6gVnAEpvtf/6+4KIQSxqvbe -GXJyaHtWhhXtqd8qzV6RbXDc5kCDJQMSZiwTxHUo7UmWR3fPJDTfhyyLlD+fjI/H -hHwR140q1xnP2L/4wWF8pNqxX3qcMkXm6uDfRgY0eCdT/BlrJAQ0lfa09h6fsMkH -soHd5Pvpz+TkGHUI7TNMj3oOSrSKSu+qI6kJnOUY9PFNwTq4ljvTdbNLymjJiugL -yosU15kBDQRVlEpGAQgAmdVZaxAD6wKTiQ/VUd6EIuOocLXUuU4v9yRooArbbpLN -lgTyzlDRcNYFpvW5gZ/KXt7sfE72pbDWV2HVFfcf8zyTMygz+2tzDL9ldWTAEqYe -is4NYIH9yQToZGoc1oEkgBYwKoEQUnpq2A4IMggRaD4KSc/7W98raf63IrBOK2u9 -tfg6CZDgKHRsv6d5AHSZTFrJR7vh9EIg33z/qzaebZ5lO7woV0q69yqUdzBsdFEc -20fUUIEv2PsWcfNKx+BzKmbddlfwSWVv6xua7KDFge6uDrg3ISWQWCwd8iz3jOUs -eeiaLYk5QOUJapWyKBqYJiOAbbQSTzkVuQMMB4QSmQARAQABtBdNYXJrIENveCA8 -bWFya0Bhd2UuY29tPokBOgQTAQIAJAIbLwIeAQIXgAULCQgHAwUVCgkICwUWAwIB -AAUCVZUDDgIZAQAKCRA2zuTesAz+MyFiB/99TL4ML2eevVmxbtcN3f70VZtteoKv -wIcZ6hDw3sG8DVAjFlyiwtXtDG/mNOBxuW78o9dCceCI/ngbH4qHbCuiKUXpkh6L -Bw3VnS6eORHWJOk4xPwktHHl9YPf4DO4sraq8OeJyooSqcRO++eCMR1JQiUcG59q -oL93c9zibpanh8K7aoHe5P3bsACJED4kqis4sEa5oDA6JVu4LPccic2LTpOF9LDd -Zxn92Ii6MHdyia3E8tkJiFOXurOw2JNHZHbFBHZaARLES4GLAP28VEfuEZirPECI -w9tJ+jecmxMIYj0SdvMp/bOEdlH1ot/JGMhWEsAlZUG4OEj9V9UDkHP5tBlNYXJr -IENveCA8bWpjQGFwYWNoZS5vcmc+iQE3BBMBAgAhAhsvAh4BAheABQJVlQLqBQsJ -CAcDBRUKCQgLBRYDAgEAAAoJEDbO5N6wDP4zohwH/jOC5HbMlwaMbPHRVkDz5wdV -9qivHXuV1PxNKjCPEv9dEdOq8CcyQqTBfZoc2mUFLrulvZAUxpl3ki6afSL3yjl3 -VlXD8VtFmaAmdBgtLQvQ/PvovW2xnc2alM2iY3e/MXdyRCEx1b6zHYUWJALtZXyQ -a20UE6g9oTePNzaValNnup24ymmPDHy8YWdeHuDTL8dh6ji6v58nwAQkZ3NlYJgp -bUBj4TJfk38fm0h1BRnKCMgOxYp69lwLmC7EbvbgauzYn0Elwl68t02njv0Yga+8 -cHvo84nRQHnn7aVWBaJWwwYKMzMlXndJWsj52gPKXyO51X2Su4jAvGxM59m2VcG0 -GU1hcmsgQ294IDxtamNAcmVkaGF0LmNvbT6JATcEEwECACECGy8CHgECF4AFAlWV -Au4FCwkIBwMFFQoJCAsFFgMCAQAACgkQNs7k3rAM/jODoQf7BTBbQ7v7nJ8CxSr4 -P3Yqsr4jXgaY2O3M0ilodmeo0EgxhK384O1JZ4NV86YVzsGI//+6quGcYGt4fcsk -Rf/9cE4LhhnbP6N2Z4XyyyXVlwJNR6oDyH1zqpZTCtQNmou8hxm1MvmpM67ue2sm -LVg/p1g+h1NWbfjoo4L0UyRUlDlELun6Y737pg6usNK2IOcv6G9gv+QVi3DVGpmU -2+z2SK6Rxh/5Dk5sDoT4oM0e5DL7KTt5Po+dWrUyo+nUtm/3L3ugNHl48vA/Fvy2 -HBH4zxs+Y5kCyiotePiTww49l5QQDYPdFylab8Jd44wpwiJEV93cqxVuzIABFM3R -eFqU5bQbTWFyayBDb3ggPG1hcmtAb3BlbnNzbC5vcmc+iQE3BBMBAgAhAhsvAh4B -AheABQJVlQLuBQsJCAcDBRUKCQgLBRYDAgEAAAoJEDbO5N6wDP4zu7UH/0Y42wgW -GcVzDJu9zFlMX/XPMXJYbSENOsSyq+LUhGKLK7xPjXAl4eWVrUWsGFQTO+syA4fi -pMw1XbTPpXDaNxacfjSwayeTV25H3KmgnQgKQXH3Kkfze9Zxe10vG+knssaOkf5E -YEVtthbBL/k6qKC2zIrixzfS5MOpSK3sAepn1mNBFjtPSikaNwHtxcBXdIbikhuT -pImu/PfGlOaeYwgUm7Sx9BmfGnZLvTz8MGDtqziXld0NxO0lXTh5Y2+Ojv0yWisU -oXA44blslYYWC8aRR3FCWCxMmKfkDb9ztM5KQbQXS/nyYra6/Nsh/Acvgg4GBPOI -enT+uE82YZfpPWG5AQ0EVZT51AEIAO91fZyiPkiioZURT8zZfUtpQxLJOHnovp0h -1yo1xfX7okpq2nM1hytWu3ICZ0CpZw2kv+bmbRdD11xbobFnl/QWb42KThqDL7T/ -+chZz/uMzrHNFgzRCRiTJlkTcI+Q4jK71eyVzMWoiv0xnLRNf46x66AxieXYTkn0 -e7KPC2sUppfIbpRA2BshXuJqCzjaHH/z4+QI7JTAoROayyApVcGgO7njWKVAk+JO -d3iThS+wjnzU0sBIg12yT6q4w/M6MSMOBsqcwOMtx/iXmEHCWCuYzubhOL6Bv3k1 -1pkkBgArD+wZGA5JuFYfTSAnKsCWbDxVmJzGTkqwY9DgIAOpQgUAEQEAAYkCPgQY -AQIACQUCVZT51AIbAgEpCRA2zuTesAz+M8BdIAQZAQIABgUCVZT51AAKCRABClBA -fEyMvSc6B/9tpCI1LeZx9TxpYo8PLw1QcZdwpxQU9hanlg55ZeyL2j104cz/7fzE -qHd4zNlzS5J1fs2xiuDl3pLP+tPz3uOBxiergyAOcprXMCZOjAksvUpwuX/Ek8NI -HjUAk6iCbFB0awUrrXMQq7WY+yYfCP7dUxVkXP6dHOQGs2B94TMUYkJs7/QVYYE0 -qGb4XkgwENH07Wywt/oejBn9UXFo80pv7Rz6jdELoPF60hMT14ZuDu7f9Jxn2of9 -4QJGNlA3OuueQR4W25iaJQe4P4alr3PCTmyuoaFI5K0yHByB489JO4eSPLOer4pf -tNESsDyBwc8A4Fx8ro88xLuufYnoPwrTAkcH/3d/MGABEEmqDwRDXzH/cLh0h9/O -inNEgilOCc+zK+6+7bi7x/jUw+aAIN+bmO/6+EEnl1GQuUj7F2ZxXU9tPRvbYF0u -Coyd+ZMayHbuMc8etThWqvMNlbNeZegLHbNO7NsoDxPmDb/rPlc7tvKdxUVGKfZS -WT78tQAb4JeJUR4G1Rm+3jlkCNoiaFCV02C9HGXu3Amqkz33FJKjCnEv61tmwYZv -kLc9bYQzqXt8rvb3nlZbvbFYlf3oNU7YFV43a4W0y07NtxiXzPhC+E4FIAdiaBbJ -mv9EEXzrMRyXuZFOUZx9wGAC77dHcJ8cw7+MUxpJ5ja8aoFS7ly7sk442gK5AQ0E -VZT5+AEIALH40GSCbgSuXVHjhUYYLeo0TNBevlZD7Po1OEyhi2eEhrWYg/3cAwr0 -/neLXXD6xiAlOXcN01H+OjY4ZAmKzm290LCRBuo9WPsRvHIECAY9XZBeL+tu69bi -SXv07vhvqmMG8yZ6Hi8Q5wUHJvISo6MC6fbq2RUVnkscgqp4jlBVjRNo97Ngi+WE -co+znvu7pio7uXYGPT9UorIPX7cQ2kpbiYM4UU4i/ezbAELc8Ttq4IXzz5zi/Rea -/r7HR7aSpapzVB56Wwg87F3c4zcwK9bdxxgdpRfHnBJ84mrBZlSGwKN6a1ksN/zk -s6R6eNVhO9UbozzVqgl1Riz/aXlv2tsAEQEAAYkBHwQYAQIACQUCVZT5+AIbDAAK -CRA2zuTesAz+M2u5B/997Q3sXvQo3J2ZB/gSXYVIjh76pzabO9NIlhW2fX3Z41Vs -gZKX6tpTGlqUn9Q14EkntzpGBtX/3PtoycH+Ta0E+IfpoINwSy/7SQfWmPhYxjMn -u3LH0ho1mkGMuxXf/dMoapovKY3d//ud6KcPruq+W+8ZXD8CT4zay6z/5JIgFAP1 -viRNtyVmFh6NfZTIsKGyS+jaHniAR9N3cRa1Y7gutwT6cNV1zpTOAOBx0L75xLxG -y6WuyBLaaZIhk0f3ONryFQslIsVGGs/d2QJm2xxywvaq4JrSor+TPJxXu3JrumME -E9U0zENea7N8dQxWQBmXnChX88eRPHOIAdXEWrOj -=YY/2 +mQENBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay +hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3 +iN7I8aU66yMt710nGEmcrR5E4u4NuNoHtnOBKEh+RCLGp5mo6hwbUYUzG3eUI/zi +2hLApPpaATXnD3ZkhgtHV3ln3Z16nUWQAdIVToxYhvVno2EQsqe8Q3ifl2Uf0Ypa +N19BDBrxM3WPOAKbJk0Ab1bjgEadavrFBCOl9CrbThewRGmkOdxJWaVkERXMShlz +UzjJvKOUEUGOxJCmnfQimPQoCdQyVFLgHfRFABEBAAG0IE1hdHQgQ2Fzd2VsbCA8 +ZnJvZG9AYmFnZ2lucy5vcmc+iQFPBBMBAgAiBQJRgC7CAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAhCRDZxNJtDmBEkRYhBIZXq7Jg8Fax5RkIOdnE0m0OYESR +Y/4H/RKxZJ4saj6+Khvz3flSKt6LgW+fMY5RXXD92AMtLNq+bKxXFvir2mynW+PU +oS2bXy/Nk7v0B4BEbBZNBgaYWas1FZnYOBuMbIngtLmQsGpD0VoXu9QW2aXpHTjL +H5FOBBODrTVewCN5Ty5JquZ5mAZUwAiex0ytRzviUl5YpKei+vggU52CJT96e/X2 +0rfnlux9O9vSSwTlDvCeehFd0vI163QBZ/h52dYMSdFvpwhUMXbxRGPEfrIh+oBV +7tWe4MHhJ+5yThHiBgVL/EZ9OChw9QNnitTPzCV4YvAMiJTsamKWa1lOXUVM+QVr ++aptwmB1VMmotk7m8hImRm+oTlS0H01hdHQgQ2Fzd2VsbCA8bWF0dEBvcGVuc3Ns +Lm9yZz6JAU8EEwECACIFAlPevrwCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA +ACEJENnE0m0OYESRFiEEhlersmDwVrHlGQg52cTSbQ5gRJGgPQf/WUQld+vrqt2+ +yTI6LTNTQBG9RceNuaZiRnsROR1eHtVr9OOfzVPenCavcXghwsY0sPPgSDrvFur9 +PyuuwQ87HmdX+ZGdRP3tSaxC4udHbAsZtEG7bgUozuhfcpC+Ah0lZ3EccmyOkYJW +ITWYgUBEDOU37qne09udDMA2NHLuL89hT+eIZ2pVwyFydkJfkXtgfrDq3RmZgfeb +VB5ESdap/G7t7Iewi95syApMj9swbxnsqUtmFr0fCsVdAA8hJPqx9zVuUon0g1QM +z2IroNH+6WTDt7SGYcuqNapizk/PJd6g2ew9cm3r3CIANiqPgo0Mh02nVGgX2p9v +WcT4MzquBrkBDQRRgC7CAQgAz2dQkASmxUFjAr3Y8/0yWjX961enomAEjryw4InF +PDMGttPMiV69VBepb3N04MPo5spyAY24b4bo3Cfng/oxxGl3Z3Giv1gD7JojTJPo +JWeHGxePBz++5Di0EAvq1+4wBdFUh4RWTbZwqTgckHrwiZcIJF3JGL0cgTmJOtke +wcLiyMCyKuGVzSjyFTeCqQqHYSHBrr5TyXM3HTqGgURnEhVG16jPWPMIciYXsRfO +0RwMhqY7y5yRUoC4psmAUaRTduS82BaVzw+DHi1FQ0kYLUsTidippITB57VKkD9V +7CIM5uP3s+jMJMXNEJQEKdK9oCVOekD3ROc4Mftqv4vloQARAQABiQE2BBgBAgAJ +BQJRgC7CAhsMACEJENnE0m0OYESRFiEEhlersmDwVrHlGQg52cTSbQ5gRJELNgf/ +elwfYchaV/24buNWDa+50gOuXQ4vXfj5DKry6aYnJBt1UeMV1ssMxCU8OltgzTMh +TupjrXV1oDXYAxexymWLxwa+qcrbSwDD+wX1gb1O2GOfbiplEnOb5dDc7Gkm8eTw +0kBJEiAiyPv4SMLhFzm+me4Dq1+xdbsvN05hxTjow9pi5eYrFMxYWi1ZNH2UmPpg +oIN/4p28G/IN9fdWG5Ni315p3WhLHRMzC609IOsCIJsm8+lHVblT30jxpctFVlQB +tbDTzgqQLiaTVevlca3VYgMd70D28d186gxUtSEpZ3dKkv+0V8DLhQ6VR/wQ780H +KIpFp6UWP5aDxpEoOEwe2pkCDQRg8UwlARAAotCdQIMF8Y6wFfxmpuaOGmUlXDxQ +XDtG31jC+Zk/GVHN8TtXK+eQ7HG5F29uzivxUna6tWD+/qQrUmTrLTT2P+5OFczU +taPFaDMyWdywIlyOVgfyxxfF0ssxrhRHKP1U9YY072/BFtipXAQkemNts+Vpta1S +6ru0PG/339fjP5GljOgRYlCqnwWXaibgwzRURqha9CYwqJdA9b9b6JZZutdjgESq +c7lEjhEXXNdbrYnZBooWoKSQ8j+Wvqh2eBjc2ZGfgQXbrmQzFHRCoCtvD4tD9DZt +e10c19Tn9bl6IzL66KL+yvwZG6b/rr2aIkhAHg/hv/k8pPVS4Zso4vT/tJcGMh29 +wAoEt8BJc+wmcBYAd5IybzF/dzpQgDK7hYbf/uoULtM8dSj8cfueY/8O6Elcx/GZ +mDQ+ZDOM5RlZycSZOmgbvJWjgEWcOxBDc93PoXYKPgvpF6LLTbG4rkE0J5RRWiDO +1MtNvcFp5QikhJshJVvWQR5z4XIoYvFm36EXU3HXzK2sQhCFNRv6FcWCn81dpKGU +0pMD6aiWHJMox7O2Xs+QN81ZQFzxRFSxAhK9NhEqVsRWm5PIrQM9KDGUp+bW95QR +7NVxag7yWqjBNbp2rI49OmFLg4Ch8QlmS8aP3HyUa1cZUXLA4Gd7OD48SpAJs1F7 +ecm+ytxFVg0K4tMAEQEAAbQbVG9tw6HFoSBNcsOheiA8dG1AdDhtLmluZm8+iQJU +BBMBCAA+FiEEoh+rdLAIiqNhFSWGuO8aa6naLVwFAmDxTJECGwMFCRLMAwAFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQuO8aa6naLVxBqA//QskRTPLc3HULEAXk +HsChkxnSbz8fbGgyzuhFclPZRMvLyyjB55gJPvZslQX9FB8Qo1WW5b1xC+lP3giD +VvEwbvWR+egDJD0IL32ZBCq6QaD9sn5APf9q3woXnO45BVMAK1igAfIciz4gAV3Z +t70WTIYgQLBU7/a3a6/PVpwL3HfTlz8axDO5jZJAg1JUZH0cHcUns0rZif9fGzOZ +a5UeA4/TGFDonmCArLv54dbvQvkAzhq7qP8ZLuwfO6lUpyjODMtvP0bUnho0wTcN +0DxJrpgKyDTVAzWW3t3viJtt5ercj+55rS26NMD3EQfauCtRpZnnKs0oC7HX/GAj +mSmsfQy2gNn1lSQsqdtlI5Aph5FYHl5gcp3VlXX2MiTuCxiYTOwX5lhmv8iESkSm +RpSWr0WPlAJH6pFwm84RQyDMkU1N86iXyXF61Q7JbwdZjGwRiEe4Ji9h0k6DbzeR +NsYhGph20jr9M3tFcOQNTPEu9Yvoy1Enpxk4Iy3budviu0hi7coRv5AOTabzMgiw +TmGfuBz4GyMCi5XJuUkSes+LCi0mZlOxyzKevY13xkKo2GyaFBB7ArCznlTBojlW +aqGVkFnDB8vVbzgNBVceNca6XQy37fWnfnDP6GomFxFoamEZwTOXiB9AdxzpP5Ji +2enKzRPl+cRtaoaGYALqzDK4jxW0H1RvbcOhxaEgTXLDoXogPHRvbWFzQGFybGV0 +by5jej6JAlQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMagIbAwUJ +EswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXHrLD/4xu3Rb +/2BCJ+6eO8APqvuNyqK45PCy6XW/mIVRKV4Cyt8lDTnIIbPnvlMUpUuIw1fU4aSo +ARIEwp+lfLxFnuXY7y1XDlDRv8Md95LGSgzq2bdqhs8/VQXdrq9dNB4wN4mxgpTI +3ITEAnLZQBwQiP41e4PUrxSB6/6hAg56+dJYeJDXgWR/+oGBJwdVKpHPu8v9IKKZ +N5BHMTtNKio/XfED2rbKFhTgVujk9JXV+ZtfRC/seCrtv2sgcJqG7EMo93A1fHCT +fUMScQdQKiwClyt16REPEFBEaK+mdoELvWwkaEApd17vpX6odoJn6F6FomRYp6Ac +xBE7SCxFHTWtjLCYXjblck3/lv7638gClZew4D5Pp9+tH68ZkfJ+6ZEqQ6tdrPSe +Hopl+2lJW4Q19l4jKP5BktqKNrpQdPN6CatPVIniNmnMESJ+nxQDl8eAq/SEQJyr +bxsU9185AyfFpAv/kBO8FpI7Q/feJA9iX9RgqhSFj8fifPFV6eVG6GzhDWARlr3O +T5IueNWhSpF3uZryvZ9hZk93zngZ8oU9uye/VGEpDoPWZNKO5XCyr4F906jsEa8D +DhqsgSKx5C6ayG3l+SjgSMr7aL8k7qt6YhejnHzmLmSTnFeC551ujpPbIImtVoKj +cifhUnUperS2m83DOrGdSPLZlweAXKBxQfTdALQhVG9tw6HFoSBNcsOheiA8dG9t +YXNAb3BlbnNzbC5vcmc+iQJUBBMBCAA+FiEEoh+rdLAIiqNhFSWGuO8aa6naLVwF +AmDxTCUCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQuO8aa6na +LVyVHw//ahSVEV68q/P1ISiSAGEGsHN64EgnjGkoutH4D4bXgX/VTwOcPODii7Z2 +RXD3KbxqWh7kcY/pnITkqNh5GM+3rHk7Fm34Lg4gTX9bANCFuv1nyI6nxpYsP4pC +5/5gPBoC84DzxIhG2R/oGfidbbcb9eRPHVlUmCCyXJ+1S1/BIGHPd7moj23HOsBt +6gc+VA+xVuqYOgIxIc+o+MkAav3QFFC/Z3668fKeuePGrJQEeQO3tZFj0jJK1w+h +AnZSfC0Xmj44lq7ywrX9THJgECZF1/Tyx7T7ZF830/exnXBFrTxd6qbvZPICt0Av +3T6AAiLA1FNfprmqpUQdwKMy1RW0idpANAapx74Qfu3CAf2ZAGrIiNYyfVz8CSZ8 +2RpURRiZ1IOjEV//xSL5clYvoRbdQ0NrVjKOqXrtbDQwzjWCi+/zYRXnSYSEaGFI +kLXBLlqrU4zlJ+xK5GgtsqvIc1oGAntmn8tbFL8g7VI7pXVUzc1dYnODDwvkGeWR +MNrh3z9qBC5Sts1JS2SKbQcL4M6sOanMY9JwR6Gg00ciV61w1n/w7Mkug39bfFIn +aHOlt8zRISm2m702+ILVo4Yf0HsyTbckUoOEmdmcfhMYAJ4BXYSlJNNV8rS3BKmB +4zozumR6T9P/hO0/Mme7CMOQJwQv5pE26qeTbG5P7KaDdFpez2W5Ag0EYPFMqAEQ +AKYlkax43RLvRadsneyvd1abbbAFhnmaOmnQO5Cq3QfgxcMkHUECBhdTKMcym963 +DtrMaFP0p2P06cXVW0jtu9TC1HKqBHORfrsbl7KeE8ebOol2PcU8EHgYvKQFEEi5 +VnP8qGpBeLGoRvuftDVA6XYwhHr0cNpx1WzG8swAoAdFURK4aWOoDgSuy5B8FwBF +4daTfN+j9bNwyyyJ46DOdCBkCSyd/P3QXln/Zaiaw4n95WfQa+4dsR1YWo/tPIli +hV2/jA5FupVzrk/gPKcxym89U1YaKYnfTTnMPMLNNFZ6vUdP3YZPhU/NVyQuhpqA +Ytho4yqSzTM3wROiJCY4Z4DGPVs+bEn14cndMe2RnUt8PUoiF16McN+cKAtf1Huk +FWrJv5XQjUjR+t8vBuW+8DQPOP34VWvf07oPM8s0Y/aeRnu29cjG7VcvUXrfHtcQ +d8jiR/K48Jndd6HDQaxWIQ+G9fj9A0nK+E27q0d0uIMM2sAdo7iE6BC0BrHkfJ0I +PJOhZOb2fDGmLJTFNs2ux2t+/QvPgPYdAtpqG6rcOxqvDcwx9h+AYKctAnvAclp0 +RxCK2XCuL2Q08wX1vpWCQRxZTXNJoXldooer45s/eNHGpMy7xheuVAOvbbEvEP97 +Fh9kCxU8sHXBFGTYGUVp3JwGiziP58NcnXoMPBfrNQCxABEBAAGJBHIEGAEIACYW +IQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMqAIbAgUJC0c1AAJACRC47xprqdot +XMF0IAQZAQgAHRYhBNxwMmYq+IXi9H8kP1J0ZqIcp55tBQJg8UyoAAoJEFJ0ZqIc +p55t7/kP/jaWELjvtGue/qLcL7jd8aDLDpoop4J3eruX3n4vKgox4GCcZ2UIYoZO +DDsomOOgsSSJhSiOjNdx+UpbLmhjG5de3+VfHRO61Aw/Q/bQ+PoVXudOFLAHamih +xYRPMcliduIrfS5iF2N+fHEO4JvxMwP8AihHs9WfyFJceoaxugZwLhOhWIS00LeV +nAhmwNeyO9jNR+dK1/H2tPKjoOK88jRDnrM9WriN6bdVTsv1SaO1fqDtss+DTRga +owjdZjDpgZdbwZXWc+KGSb6qAhYMeAY+IfCx4pcoNjlmVeF4e31Bh9v0SHXwGIQk +8+PeTdbHQx3sPUHNzz9L1cs8KAiWNpqAomdeitKNtea4GACXGNiggorYY8PpLR2f +xNdPHJiSRNGVxvbBVXRegBxBKH2mEYFxL8BTsBAZ8rQKtpdXj5pU3unruf4UjGJW +p/d2KbBdraJfo8OxfmrKYCtiT1qgeBbLqcZ77wL8xga00xnwi+M+yvP+kJmKyQQc +sdFv5ZBbHmxHzs9EmP0b7GhkNyxJkJG5/gs9nNj8JiLmCYrLpxzQtax+pRdWtfQ9 +paXvNhId07FxLII7ctvrIbh7Cgl/7J0mvs8kqjG7BOqP/AKrrk+7ZHRzta2H6933 +7yHl/B1Y+jSptXspOrsghHG9PI6gVjhvLc6TbejyL4sq0Eayvp3Ei48P/Rk+C4WS +p3yzOaVQBVdI1an9vZVYZERw3ojZnaa6qb1t+XAEuyx9sL9sRo+PsBmiZpLK7oiY +9irTQFmvu1L3eMb57ay9xfZBuagtOIk8fZ54OKpYmQCNcBsU/3wCkteuS+bHU10b +3MsKJLIcbbD4Al3B/ydr/yQugRp+OKPKqPwixiGkwZOlfDX2OGKjRcjGjEQEEkPT +5NCl0MbMHcQEmmM002/d4JrqDu16yLu2ntZaaXi9xweYUNP8xdXFcwqy1337BGTV +Vv9f/VWponEzlj/HVf8pTfOnezb3yZPC+zvmCLBCmIShA3wlyGaxe2J7vUglokfC +wKsWaQcdv+paJpkCe0ZSqxwZFlBsgvFh2K/7MTkctLsUnrxhXHytrBTJ6SyYQugv +N9DtOQekhU1k6w/XPzQtkgw1kAq9U7ndxmet+AaME5UEYCaRiXNrOMDjGgEZ4Vba +/xmUIXwszoXGhwFTAV9BRHHvi5LYoRJ8xCSYHP280x/rd3yFvG0uHOuWJcAszAid +aGMgC5Q9QZWesIRUlVGa6LmFbvHYieAJX/foXGDlPxp28ot2xW0RoQVc/JQd03BH +j9NvoEkhQ+4g4tlrd4ZJmGGk+5N2BjNpLF3UNuUhjNWluHa8WqgI+bGePDl0zDU/ +Yq2t0y/6P16ehkYVRPIjpSSmxqKgvsHIR5jiuQINBGDxTCUBEADfyegcqR2Ls6sF +Qx/IawkCdLPSNXxXYrutLmni00D3gdiVcFeLfVmbDOplTBFGSRiKG5NmORRcy7B7 +Wz5UrOzF7S4ZS2tOYojF6qGbEuxGCPhgzTujj9Y/IfTp9iJORJyv9HVhkIJUmP68 +sPuUoXQIx0neIQkbwcX1+xSRja7yJCKfAMZU7zQUMrkeK5bjp30tS1xQ5Wk1sUQG +QSXQfxsgGwqippH25F2WzGRQPdxNrJKyyeugj4GivN6/g1IuvhMrzik5GcNDlOkt +JO8U+GdX9AG0vzjeRvMIy78Srvk5ndixyzFEzIkkO/ytIsOPqZrNfjDgVhQ1/Gkv +6aEXtDUu+/USJPh8uDhu/ovUaX+MFPmdkB21GK7p+oe/kckr/hNu0FgoDbgHZthf +HCLMUNwdJgGqan9hAiJDWz37Q5b/4g6swMQKGzSc5bCkK3EZhDyDqjcYt0z/h/OX +pMB03cMHT2+bvKYHoaQ7pnIsh32GewN3jZekbm0DCFkIEM8VG63lCZCox8C6KpEx +w2nyXiiO/tpyCOK96XkHxDdI2eR0lx0x7uOdtBVARzbrb7h6gstJ0K4b6FxHw+MK +GJNuzjsEih7tWXRBWuoiR3gFtH+qUjjJBDA0bRVr9P4VaTQ24QPowLMMw+Pl2A5P +sWXQzjbmvYpzvd9DBiNgbC0NZKLRUwARAQABiQI8BBgBCAAmFiEEoh+rdLAIiqNh +FSWGuO8aa6naLVwFAmDxTCUCGwwFCRLMAwAACgkQuO8aa6naLVwVNg/+Lxf+Ra5D +8+/I0pe2De+4HP7E6QRjIUMYWcSqX/vMRP6IoPfxfdATCmhQH5QoYhDD3Pg49Faw +hsD9sTE1TuCe5cO20690QbhE7lavEt14LZk5V8KEUC/dV7aBowI4X4KV24vwxMme +vt+EMDGK+O+K7CojLAXDEp1kw7qkapBWAGheC0Ww+kZFnJPgu5OKbPyiH5RCokhL +r6Y5NU6Ym8KErfsyHmSOrrEi1mxnAA6p1x3tBgpVKnDGGyIC81cl0EM1L368AM4v +F731vvEIT/geaGU+svGAQzR0A3CEwuDmGlR2J2VkvrT7T0GSuHbgJWUXf5QcSj2z +Vnnubnz4eQCxQCDaQVj9ApxylY/z93wXAq89mWGh+YkJqoUmyd5chSiaEEIK3J1m +5zliPdQ3YZrxNhiMp9SSRBU9mEKkR+dnQ1+YDpeTnME+z8VdY3NN24WbDgspQaKt +WHfYg91NG4IqiO9XRma12amkM7ooAkcZb/Jxfe0lBiwwrr6guXo5nnEAWJiwq4CI +kXCPhV0lZ2YVGJHgW4PbFwpWvJgoMRdUYR9kvc/W5ayxH9q/pf/D9PiFppmk7wm2 +e5CK1LGxr+xTQrm1QN1F3Mz6w0e4UAv8TQF9UVzBjZj67vcFbYJ5+9lJ3qA/3S2G +OuVP2RSzXkAJ6vXN1SSkNkyHY7xmyf5OKseZAg0EYCmvuwEQAKjJzMcw2BaJWDiM +yO12RvmPtywo90XHwHsUk0wWsv9n8jUGPAxNDt/Eq8M3rPeaMAwqFT7AIv29RJIx +S3LN79+jHT2fziNgPA3effujOSuFwMHTWJqIoIJ5E0RbqZ5Ozf9ok8YLOcg6T+Qw +eWdmdA9xKmEh7Gj9lTIHn2HqybPYu+hNmDRp5l4nB7Rx9pWdZgDVr3Cv5AkNDBGQ +Sp3LvvZwzTc+Gz+xFZ3j6cGo/VfFaVffRiNUaMOxjeAf0ADLihSdvu06aTlL0Ugq +4x2SRZ5TQBubz/fo59nIwVtkMAxs7yLe6fh4hA6Dm2PKdJdh6XeeUn9/ChId58+B +q8KQF2SeTzjYsz3Gvba34gqbL325bsUOq+PBs+gyDrPYlquXQWq7caEiMKYox7pM +F+RjAHh+nkq3NHCtKMOjXq+Qygzr2ZeoDvB/UlX4Eq8TpBN4823yLHiJvlzqY86s +WdgbVfe2Q05zj+ropwZu9LXExrHXarb/NJk+agm/NZOtIXyVANkqMydeeGtkxjyH +uW79ATgNDUz1TU8V1/q/Aus1ocd+L+tYpN5+ysanZMipTiWbjmnR8OuhioMwv6Cn +xExRkFTwzjAbCGW50SIKg4WNe7YQK++CsHskeuH4W0y65E/HirZ5E7vk16kN9mqa +njw8iqS3ZvdWOKw1x4HvS5iJRDZ5ABEBAAG0HVBhdWwgRGFsZSA8cGF1bGlAb3Bl +bnNzbC5vcmc+iQJOBBMBCgA4FiEEt8HBQ2DzU6NoYuTVIxyEzdzGnEUFAmApr7sC +GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQIxyEzdzGnEVrRhAAgCec16Tf +5Rdkv+7hHqGz+UmikL2n8wVsKcvRvXNmdvMptu9rXQ8Dc8S/6zOHKUMp4MhsMoXX +ISMjgFM0ItLywsoRlZItMxbUxmGbFablN0V5uGiPpOON/GZ7gRPKTf6/eELdiWbS +OKoccSu61EA8hbVUMVBXEpk9qy/XKPdg2IFKS1NIfUyNlm2UNiOn3PdVNzO+s7cE +EklLFDkJjvj2kTC2PB0tOo5W2gkvy2Fncn2NKdIOyAVWn+k81XHFX3xh3z0mozfg +y864PeNhI4S0xQImAwVc1n9zb4Glatf6yw+qtj28Guruj3Ur45AdtvhnWmMr93MO +rXzcTfa5M5htyjuBr8moTtz33vNjR+BCwjOF0S94LigzJ3PAdD1bMdRhHsC1OAX2 +QqxMfLwfrJ7e5okwgxIR0C8jibEb+T/Mb9Aqsi3WdQmH8zu67YhP18z4ChH7ZVXW +7W+KbGkKk5elMHiZMhHlh+JpF9ecebnmKr+h3FWP/JWoVRy6PL5gL1ICgpEYlFBX +Qpm6vXEA4myDBQnWJclnDKmjCQjn2OnCXapYJ9khLVmukh5uJWThkFocN7W/Xvy4 +s7chqxlHscu9wPsRJfxTzyeDwnWdcer5RzviPkNzoIxN3lZhOQW+GM7fcmIedwrw +Itg4Wyd0gZe2z84SGnTw3kkQscJ5K67hQhu5Ag0EYCmvuwEQAM1DrDqNA2rFbEcO +MnNxdyVAkU8HaqVP/l4xrtB45iInkOZjZVA/QyW2SatzxP8j019EWloHtn7zMTmW +aNKLc3l9haOGhmn2g/RZh9It5/gqkPsp8QRNoGiGfxzDQq36eYQ33TjD2SksT5YC +8PSpEqeKVwJRYTkSzvX1bx0yH/xwHoWIIjnybIi9XrfINXUOI3IRwo15qwgUXyfc +UJ3SBY9ddL0V7ua5CkgngtvanfKWpxj1RpTyf4tABvUsvWQLjrwxTQsGGGQKdnYF +pxacm7smvNDU2KGT4lHJe3RABFyCwhO3z7etB1kNvqjqNOLEKU1c4nYsZkwAjY2t +Cml+fe4GfLTq97J172XeuLC05jCoR8RO3o413LSA53jN6U86d8y3PAN48LSbRvmJ +s2wwZVga7lua7hcVmuTyK9wCISDhMkdxi1SZ443K6GZoJtwbyKfQZm9SBv9gtwGk +sGEUVRR3UAsF+LpxeW8WVJTQcdCg1EgDIW0LUNBoA5ZD2/bUpIXrMUb1CDfIcrL7 +EGNeN+nQhk6o3mOuZfFt+X/4tapQcPni2ZKIetR/UKJbqej7hYEj1/r/5AJUsUGh +K2U2ChG385whearVxMnalNI+XdLT4ehsIRqWUQYQNeqwbGZXaQ2bGxSSz+ScQYUS +Wn9e0yuHKSJwh1Bie0xpF5uWOumLABEBAAGJAjYEGAEKACAWIQS3wcFDYPNTo2hi +5NUjHITN3MacRQUCYCmvuwIbDAAKCRAjHITN3MacRbZ7D/4jMZVeAHfg14edotUN +O2JReCs2g5XjEVNL6S9lesYLmL6YyFp709yC8DKOywnt1U/ZEkFI2R93GtF3YPgc +Vx/d2f+frjoc2JOKeKt++hR/hUgDWN0On2qLGL/+07t+w/Kffl3rvY4D0ALdxwGC +OLpX1cDnxESicX5qnZsTQkElhMlmsRP1afIE8SN592k5FIdpeqKZ8c3n1BXmBcQV +ngKLWMK32fpYRvSij6RBORRvzPsX0/7uiOND7gquC2Vdv2KPELAx8ZE80iee6arI +onQ+FNXCEzUk12LnefBVj3w4YRldaIo8VDqUAbIstfBo5LO0oZJ2wU8r+2nJWKHC +ioeMkJTlK389WWm9EqFu2rbgV8O7tjIM7ZAOnb8X5Ah1WdQU7YjXF5vaT79PH7ed +8pg26L4AVq505uWthDM+uWzAnMKaYH85OS3C46qvae9CvYlTCZJpG90IB7wQj8cB +r+6OUDztPr0vhProrAFa4GQhhlDEW0KIL4GaSw8Jh71MFNmbb7zGTpSJIwq6vARJ +OQOP+5Qaa0YeLdxIk9JDnHjUI5IRz7/JnSR5BNKeeRWsHvVwyvbJV71ZaJSpSgdu +TCKLL1gAeSnvqMdtNGwKOzw7ai2KgBbTphvuvWJanq3CH+CIHOxUmd14/lKz/zlN +B+uXzHzImO/U5CIhGtNPPoZ1TZkCDQRQAG6uARAAs2kXLX9f3Wn7Nk0LTqzHm85M +uExsNQa1hVp/8XXPRy5utfmPXBpBBari8Lww3bP3ErfielPur6j6VlbdKapr6O21 +xecOtkBgPPHOUf9qMAen8OeK8Rr3SZ3kbR27Kj7gbVvv/BIgI6Qr0ocOf2Af1U/8 +2wYLsB+CUczWN8ka6RSdHMEQ+5aNcJ7QAjBTxuXjLvH5VP8l4T+h6fdqZzbpAY8Y +Gsrr4r2KQpd5ZiaxNkASL2iBEtlvVwavDGncfyZTe075xoQM9hp9WeIfGPxD7bsu +zl1e5rUH1tAcj3b+BZlzvnXyr4cq0yYPikJaZ6MiFXEuoDgC1Di2JTyARJsGUw6c +eQOWUbH1M8arsL7L7w1QwYpLkAJdutYTuT+V8cuWWi6PH4vsTAPI/B31VYLIBTwL +wMvIjP6TbdwRVLpVcY2Qca6vaXeT13cS8baqQBGfl588OUIIyXtzDFl/OXhNp0Ey +8nr8xEShVoujPXQaQhDN+LihefWVEP4uhkjpKMaaJDVVpzp6YjoKegABDrQvBvfm +fqY0JTwn/S1OV5m/9Ssfw0ZJi7rOJx2ParWoldV1EgD9VmUq11JVUDDsIiYL3sFi +ahYr8vNpTO5+FpJNcH4yPG0fK0ACgYh4sFQ56V4K/Www1rtzkmewlOW4swKBoCJY +sIF3IoGaqz1ATZI2NgsAEQEAAbQcS3VydCBSb2Vja3ggPGt1cnRAcm9lY2t4LmJl +PokCNwQTAQoAIQUCUABurgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAg +ZMU2QcJeXcwkD/oDkqfF8+t4xGRprFDxJbn5+jiwES/aSmZwq7s3XDjlrIq9cUWY +Wbp7KydKgjGqkGVMSuLV5bjKure6nbCMpaSOu1qBN/aG3P//3kIZ0U+09aR8EdRI +YOVJuo+P45xrXoLS80roJArRScWkPGg6mk9xW2OueMVsLSldh1zKDAb/UzFoZLPp +ekK8zn27NV0kXqFMVxjYRgKfcoNj0U7Z6q2eji1HoIwl91Edt6TmjbmwMOzehLj5 +6kvFP1h12ppim3+yz5rrxXo8Z1unq1GpxXY/v0CiBNZABHX1qa089sJkilErLpx5 +G4RC8VQF+KH0T4k6P7EP/4SDu8WDlzNoXtPVWYd3ptiqU4UgegKV/AsignUeH4U2 +oMdyi1fu6WylxGBJj6iUXItu2Vo1ycwCA+B8sc/OIiy6b4G67L0VgsilpObAfM+Y +rLGsL+BLye5IYeleRH6f+FJyDOMhxzcmpQ3e77VMeWPEqqdrGNyOQqDWdQiDPKXp +twknSrOymFfhYqowhdpA8CqRCgnsB7xjRDQkW2gxbNeOt1D/ftdK4ZnhA+buuXi7 +VV6ISEwyw65C6CVjr8YRbDJguHQlKThVqASK5zse5yG+bN7HHFxkqCYrbFwDRubQ +TAA3ts9jKvshy/X6RvYXoJhRXJm5fuxkyeln6kJHO0qKjdWY3OKn1NKErbgzBFWr +m+UWCSsGAQQB2kcPAQEHQB6fWGzwF5Edk7HZzxS5oUH/QtpmNFzt+0z0tSBDJnk+ +iQJ/BBgBCgAJBQJVq5vlAhsCAGoJECBkxTZBwl5dXyAEGRYKAAYFAlWrm+UACgkQ +CG6lBdyi0/PzMQD/SEnr9Af0jEL9FGSQK6hA76Rpb8SEOxIo7z0g3s/35UEBAN3M +P0VRiLQthWSJV/lgILmN5MAodnwnzqZvkxp38gkIACEQAIcMK8F0dxmn9S+xNLbW +mKtX51FIafEjvOkV7yS185uneQsI6kfXk4p3d+hfdl78XPofgms0pAEdGi7zlMWB +HBYpjteuGx2lTeATx9eMcamMq+tAx4upL/eauWv/McPVRTHPbUml4CcT0VBzTBTO +jI5YBVvuUluAbgKvnOcJy2NlQ2LjGzO8KgduccOIiklsuLGJJvBvzXpbQY4Q1I4Y +RKUiJ6E6p5IGTMj1pyx915yNO+kkPupzHkfUBx62Z/t9mXBji7HyvanMaBWtYFUM +b0+qYrf45vRuOUvpBkp/hm9IdT8MmdNG/wMuQC7FgMdE57l9DBE+QBVe/m354J8J +8ygGLOUnDLkgjM8Z9WlcX6vjoJh3QjuLQ9hVLjktlgprSdx9G7tSDG2Ln6fQP9F2 +PWa2IFrVwSZaewfS2IySdBzhMHR+PgorLNc2siOngRiA7/xsF+gZu5OfpZ2lNs2+ +cWyMmnp/sQkyZgtLFUHW/whNJHqPS5QtPEth2x4hJAm89VcVc5U6cYZHu3K6WKbS +pyrGf6Xt+aXUCuQWR22/lgayPu6RyNl6Ws79qC4btr4ULHZ7ak6gWyOgjw/O6ZDE +pPz2Fz/ljIRvWarHOYwQ1iK4H61PPwn8ec1Nw5c98I7B/ngjqyznP1A95xZzgsC2 +4K3QtyGYd285wQjpbsp5YGisuQINBFAAbq4BEADwWxezMu9t9odD5LT+tWM8gicf +GTQ2AEXuboBl53X8TgRTeDsZ48e2SCsphZkOhsPKKyWkTsb4doIMc1ZJt09OQRyb +jQUKUxUd2HtxxWreYDyOgq94ef1PZT+SzakX/UV9A0fw+7JHvtE6dA3qSIv2jyG9 +nkuLY+AD1BtZEEXVn4YPRAT7vY4b2ATfGRru+LVPsqRRcAwD/jLFnTDAVhKfznhH +wQEOhit1LFLZjsNzmxvCWeajGdZFPCsDN3twYi3UG72C4PFR2JCup6GLAGoo1/Ln +ZclHvXZEPHqBV9Js/Ga4jirq0U27MesmDDT4qvmjtSfo5yrJ4TOJyPKoMiZPwysu +d9CE74MIXAg3T/b7Woc61lxhLUFK0f5ZtWZmzf0yVI8gkukphegVZzz73s5ok9cK +Gsad1HL59CgjmsrgX7NnxnhsqFh9eEBymKw3Z9e7hyL7tfmY37X4mWVpo4v4myga +u0s7Lbp0pAHjCwKVe8fXaP51V8IlxVRFQRRUU6B0y+vdNj/xD6uy4rbJlj8gPPRF +zwZ9rduwZallvRsV734lWRGKqq5/Np6/g/0fUucFS9/m53y5sBBQ6y8HK7kc4mkg +gpXGg+mjM5TyYCFGrip8iRRebDQlBc5U55OSnzmItlUV1JDfrXlS7rLSaHrGTueB +1I5qP9XGYVvszZQ8SwARAQABiQIfBBgBCgAJBQJQAG6uAhsMAAoJECBkxTZBwl5d +h4gP/2aOoPpm+3e9ei54VjMs605weMJgmWcEkZV++w2N2kPKFom1cBrRW1hLyRvm +E/4kQJdhM6w1hmE0UgQ523TwMRL+4FLUAPLF7kblVKfSrk4yF0cgaeKGR/B6U8Pi +SJxK5YhzbPSDzDBLtB4g2v2lQL5xuTPC7wMvsrBNu+fbJvGCd49/6ENE7tnaApdg +Us1NLejWEEOZwV717lUrn454NyxJNN9wsvS0MOEKdDYs0QWGHINP0P4ObViG9YEf +v4pz49k85PRL1eGGqKiUec2R6fieO/aEVPhhfFcZ4wBiPuOtbb6bEOv0OX/L/I4E +bk+mMwczFcGk55at8Pw2hcDmZAUXFmF2V5X8lSBMG26vsWvmDDPkdLssTNgdvo02 +4l+GmQJBuns38DEwqa0gT75thmbqb/73BsgIBaTejhp6fAytkRKxtLrzj8uPZSNO +J63pde4e/SYCiFgZzIdGca1k3GPRBbMRG3ThQAgv9NvBWlvHPBgRNAm284kcNQgl +yauk8s9nD15mfC4OZvcqNQXKOJWhNKKqnViHqcw2laf2z5W8HJmwaOz1VqmwFtCd +7N7z49a+2u7I8SC5KhuYVwFhku+3L9rRn5xuSNa/WO48SbBcyVcI01ifXckNNOOU +ZQ/uJGzxXeny4IY1EKOxaxsbkCTHqIODYFkwoaUEg3Ak4L+CuQINBFAA4uIBEAC5 +2UAd0Yc0MDPEplRr1MxAaRpUCz2yJs0IUVDyKWre3Miz+/EKQWOk2pImkMCrrfNq +yJQKatQZ8M1Bb8hhGq//0kFkG/zjPUj0h9iNqXu4qJqovnEAMUg1Ll+fEgS4WK0p +XiNKKifBtS6YlahYOsVi0GFEgAJJn8kjFmXuEHBOV8foqM6/ud9YoYxAX5Y6HL6m +xumE01aVTGuqYNXppG9JDgYOWF4MQ/3cOerBgu98ndNudsVp+6ndUN3YPXe/pktO +pc3wOaQO5Tcj2gdvaQpvfGRPa1FQaa7eDSFT8tZ/3mbzJan/Ii6lJDVtz6r0b9DK +c73wLmnj0TwOY5McAA/vErif0fkRsCbZRV9TxK2CzDcEn3qiWEEcj4wqGIuiPvIj +V/1sCpF2KYbQ46e+Z02vykujtJWpPB9fWbx4D/e2DEMhb201v5t8Xg/MRkLoY6AC +lEx5gJamMxt9aZ83GqrayIFKfrtzkGkzGXV/6+J5t/qdUR4WVyhds0D231RMv0V4 +Str9KEBTjKZuOsMG93l2sfXYR/fP1+VKd0fMV4NZ977j49WKJwLAS5iGbcW/vZ9C +COsQzYcLvf71RvweflH5NAie3VR48VZ1hje4IQOj49IbIZ/+KrLIvGuonV2o9m8V +Qrugt5FP3zIkq9Gj6V1h33S/fU1NHpz1qEq/pEsO4QARAQABiQQ+BBgBCgAJBQJQ +AOLiAhsCAikJECBkxTZBwl5dwV0gBBkBCgAGBQJQAOLiAAoJEKGfLDAaVSLdAgsP +/R9vl721X3SRju4Nsb8vfUaWoCoLEPkvRXEWy29nIf/xFExnzDfIyA/vdkYXrx+Z +2YJbO60A1DFj1ODFOKy+6HBdtpax6bRgfb1CTxcAgAyqHOzn0MVZK7SKgwJjFWLK +GHLNVV9nSbcO/M+ORuyNd8lZI8cCvNruNzsFkfASoDV+Lhqoru+74E/8IaWNddBY +dXHjIVEBVfOFxo1tDpyvS+rJ5yi14YkebHlbeNCoZrrx2CDPPVeaNLgm5e6/Dxjs +bOcbDCD1nSi1wc2j6QG0ObcqF9c15OMgcGD5Tjkyq9cTS/maEJK+c8pi/wpTySG8 +jF/UC4ev3ZOJ3atP02aBBCO/N0IrAecamH7SNoxZXBxP+/VHdL2NDRCP81yiLt3f +qi7l821yNdSz7sOoP7qk6Jx5pBGDzKAmK4xVhhXMFaKT6mECVM1zVN+A+zC8j08F +AScmBld9qNn1hclNU3qwUgv+1PJSyQdnYuBlBuZIO5HcdOwl2+08JuRgr5EhxQAh +wEvSVbaolu2TCUZPs2stkMkVhLQdI3O/rYWvkI7ln0cMqZTaIHymdzGCUNyyNPjw ++6F9ZrYJPqihLQnK5aY8C8yHlWVi8vd9uYP7NMd3ELiYqkh0w9VpDJUpzu5Tmd1b +zc9FnpOEjEC0sBHOLbPSor5T3bcrvcTqCcjwnTIQuHHY/vAQAIDanQ7UvmC3ICd8 +JMa2fQ0sINfajRIqVBUQF2owFiKOJ9HbjFHb2/0Iz3KDYZWbP7GItpF1nbNwlwlD +8fkdGVcJEsFTT6vila3WTt4a+u2Hlj4yKepEeobPzcFANgd/7JxmGSvlkKLuTJ4e +lk3I8O4BXgaH37kIHvklKv6DEF2uMoNHQG5dXhpVTOGaEF0V+JmF/PAlof/ICud9 +vz/74gN/9SdpWCPr7ZBpRzBwiPpNK91zM/OC6e+MQHljO5mGHCAkbYjNcqKNZwmH +L92XsbEU0IqACktdRIblvXjA0Iwy5rNQGjCzH20v2C0/CZHwzs9IePZvsH8b2OH6 +j+Tw4q56VPbaZDjqdy5QytM163+edrDNz0xxpbxKSqq5ediwjFPzCY2iseQ8nEfn +z0AtxmZ82/vjNdBtzh5UI4VVvjU0jCsqeLxN5UTDs+AtozOMyKOHXx58Scb91UGB +3TVn9fn26twR1m8fvfNXcrcBVcyFEOvBioZ3Z90KGVuAennbFiGetxBjqAVIf8EN +pOp3DFwc9d6Lv7y4YPnK8AVwAt9SN675GSwtBZxcbCVV82X+00kkWjRN1bFFAPp5 +fBWL8R3ZU2B51OTVVigiUii+MQoJzqb6J0l0w2N0USZObh2SpqGIK4MfnonCB/7T +O39xX2zl5ALMf5SVx4xKqsCe0wV9uQINBFR/F8UBEAC07yEIOlRGObuPTAkfDsZn +xJZZ8qRdGUy1/7V20WxfGNUbPG639x+N3F0hib7EbzK7SQ5eIs+g2qBezsvII/iq +6Qe8DQWLjuMJYUf7GrfTXxVAfrTCzuUmVOwoAT42fuMe8n3W/oe+doOdgapHq7VU +htmDKhUiPJont1unpbHZ8eWcVvKJdmSxmSmEEu7itnlqJmCsmCnbp7iF898BCWU/ +bHnofKTVpldP5/ZMqKmftuRDnaAP/1qL90PJ8Aprr/VIaBznrUQzawFX0uLb2hyM +5Xk3O9wUM9Wp14yO79Zw82ybYrpjiQlvwAiTw8+5wn5Mkd2eASN0ThZdqqfk1qml +/Fw4q8L46DWAeY0m6oCv2L3vXnWFWXzNEDV6KphT81BATLP3MwP9GOum1pEvSRkZ +oiE1qUKKLozqS2NaYs2/dYr/unQbGUUr77AzCY2fOACNZ0j4SLrB4oxL73s5RYjm +2S/P063hM6iLjvrGLyvMxVcf2r56mjgV3Hsoi7Yt2Vo8Bxcsn0i35iJWLZbf/6YO +2xXcgBinqYsT751XuXgj5rIOdMd3rdsejD3NRBB9cG7Ce2+FIE/PJaxTJWgmBybi +qB7yPpf5S1J9M1Ly0eXGTcLS1c8rw6k08CG5CmOVEUNni9clm+jaGroIoAz2kCHn +FEMQ9DzmN9arO76zMUjYIQARAQABiQQ+BBgBCgAJBQJUfxfFAhsCAikJECBkxTZB +wl5dwV0gBBkBCgAGBQJUfxfFAAoJEOPE3c0eTBJExywP/311BHQQkx//R156yYH6 +WkgCUcDhF9VMUqCZa0ZkREsVzRRz2XeWtxX/fVSEneQUCXk9RCaEBmU6AE2yOheu ++NlL9ppHhM/4gW2BD05yb3FbsRPMxBmOEXU4gWBFFbp0U14sxe5od5LMCFWXN48m +uSbAS3tjUg7+ky6AXY8/zrC5nGA/nohOL0+O0n6HwyNkzMauiR+3szAa1XIom3Fx +9zEsmnA25oI9g84rK1p5HQ7wD0cuPtHYOW6NCiqNntXJtGjmWchOOu8pzu/svkKx +USGa72aM4Lx7cgKrLVlazOYAFccibTwqWOJN/lJsEOtcKhjNpT6pZ7JMggPlXjuy +8mIlKKeBphIv8/fY4O0bYmNJkE6tfZgGXeXQcMYwkSO2W+z8PLDKsxKW5rvXrZnZ +ib8zg5UqotdNBGAhuOHz21H7LP+lI+pNGEOzRRKi3s1GEHGUU/Jd0RMfCex0MHEO +b2GXz/zgcafeMT7gaqTi4FkG9FkeVeEMwjaUaZ9ACreDaxQeL9bLtJ7kJTHb4yy9 +k9ttrT6cQ5BZpXyP08s7CDuLP+eIAW2ZGxd9uDsBUzS+Bm26n9lLp9XBoLdepOx7 +1/2LTolInUunpoWpFZsaWXtdY6IO68D9SyJ5veYDz2fwIUtn6HFs10m4PQcQdRsU +GlMRos9cx2eu1rsyrUVwdUbJ+moQAJptfgVFFZrX9PnuSE5bPX33+xnNR4cX2vfR +JaM9yd9mDF47rKmUMkaFNSEX8Re8CmxDPyPUveShHFyBU9R8kaVI3dNvriU2pFoP +eUtkcNvYRXv6tKkK4x+rAiulbbpw4OGy458OMMYgngFFc8xsImLMfa2zQyVWHqTP +9JHF9Hpc7YCW2YRX1sA3ZfiTdns1qwzSeuBFd52+TDJMvfdAjhRVwDgeCoQ2NELc +O6UVTg1Ys+dcND6RW83Zq9p/S+56Bvq8xozeuLS3C8AeJ4Kq98qar9hsqD4Prfog +1jL9Hv+1jmEU9JJs55Pw3PtLDdotjUPbWjZ472ZR/1g/QGDNHzEua9Hk0xLxS2Qt +4pYpOcxnxhn9xD37gfRlM7zY/hb44BvKAWcI1Ll30hpYt5f4jhQ2PVJMxFxlKpvZ +VxNFPH+IUk+zHnf4n7pvxgRBT67nZ/4tMYJmYtsC6pu4AUcEUqRpkAJp5PxGqf6r +jev+0Jx32CSMBfZiahpRDtrau11E4gvNXeNmLPLbvf86kEumNsDQ+K2wieGf8g+3 +q3Mg6y/vTig5mzoC6NPXSdEEBXysIyp0k98dkWbLjdQXu33fpVFx6hdiKVelIhQy +5rE9BdKqLjZxI/9vh8z8lY/kKnf9TpczaSF/NUeF5u118o7ryKAHiZfyS16m/PBw +MopBdOjnmQINBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ym +G/pXvmqx5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAm +NIf+OmvlG7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYz +UbGKZMnr94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyF +oi5XTj+BiVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kP +o1KdqlwDF+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2 +DsgljQuWSj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA +05gGQTUJDeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQ +Ur8+t/iH3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw +1whitGG+y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt +1+VPMt2L732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9 +sQARAQABtB9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+iQI4BBMBAgAi +BQJUMGwdAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDV6eQ/ffnujKu0 +D/4jYQRAyWEU62HOiQJkSIOmMoio3jsfJF7VQnvfqgswvmPXocmQeQ8pdGG3o/Yz +SXRAycwxys1cFODa33n3E1qlDkAzW6QpRrV3EB5VLYY0RD1qcgBB9ToQ+TQ00jCO +WGCmQxH4jeqBKVpXO1itJl2bmOZhzqNAd8jQ31fOOfuwhjyvc7hOev3/Ui5gmhbA +pDTBm71eMmy0aAX2XZwuTTzisiV0NExtAm8RjICDeXDqwaYVPmaz2GPqeIxKA+a7 +xboEJePqEbL8coKSVebfKXtYoTTIZs7twqUbTI5kQHcyvtu2fKe5vATkbqAvjW11 +aXJoyLnlw5GHcT/tPalMsPMRN/fLQLhF6WwlaEOvG+jQwgaaMIL1Lt+M8Q59MCnb +dmBhwes+ype2/EcnFht2PLvx7PpekHoRJosulCl5e81tzyIt9fdlsxJVIu07Rv27 +agumD7NFN0kDJDVs8JI2yjPWwuIDxTCtOWvEBDXOujPlElozYNE4gJBj/Tw5aWMo +bY4nAk4C+dZQ5vCwV6/XG8712r+yXOjVYe2W8vPa9Q7Dxc3w5HHDl+p0p6mDCEpr +0VBqxn4K5HnjNDDbvd2j067PtH8avhySGRIV/2AskDeI6jPoUBofWzsDOwWnGj/R +fb56toQytliF5VgoV/UO9MQK1YiasyPP++j4dYpz242yXLQlUmljaGFyZCBMZXZp +dHRlIDxsZXZpdHRlQG9wZW5zc2wub3JnPokCOAQTAQIAIgUCVDBsCgIbAwYLCQgH +AwIGFQgCCQoLBBYCAwECHgECF4AACgkQ1enkP3357ozVsA//RvKgkyIyyzBqlsHK +lAJP+9CZqheNnM1xTioAqUHkQyUeTGXVPzK0RfGY0x397SW1X0cAt4GpfV5gdLuh +Mbesxcq5hVhM7X14zbAuIJbrrgRS06wH3MCemnpf7xRYyg0SlaUQeCR2UANDTEiu +sfem3b1IBt3HRCy/CRY9rASgoyhSIY+dVjiEC3tfH2AOZYRrZPq0TF32ygEFMi4i +lMfcxsAQey+cFt3Jqs2W0YX+ldgYyYZpiZTRa6OorOqkGnLfPB3RHHUqazl7RlzK +lXOrHdeBy55bx9sw9Nlsb5n3bYZQUMnXf1aMADYWwwn0RLtcgigmH/id8HCT49dy +Pb1OJ4OeXat3jHtjGeqnhXNq74gBHP1WvU4gVWVBtpJ1d+YMWL9+9V/0IlmdbBxL +CSqnimTnRnKcQD7xPMRCPTyN2PT7Ksk29tHGpshp/NKahTvtsA2ziBzRY51NOm+/ +iGidRBE4BGkb8lPjuETsBNUY10XtuZY0TIRgW1kx0Y/TEP4rTESCyKvrlqu5WLFW +s0rE5f3CrHokbMdNJOC0BVgC8wixYlMu4JdlsxGaaaa5t/JVowCKzPlQhgP5MI+d +y4nV0xRb1Yi4s0UYtNEYeuLTURZ7Z6lodlYDRYHRxBlp4alzsL3zpayQOL1ID1nM +IgZbihAgFBeVEmONjEgEKePG1Ra0JVJpY2hhcmQgTGV2aXR0ZSA8cmljaGFyZEBs +ZXZpdHRlLm9yZz6JAjsEEwECACUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA +BQJUMG0mAhkBAAoJENXp5D99+e6MmN0P/AmpB8DasBnjh9fAlBM8kEZ23MHVdEgu +PWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh4V86hIYgLK9tisZyby+5 +NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvdooy/4ThXNS16HcsJRcka +n6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1C3I+oL3+qWwiqAG9hp/z +edsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6MZPiFBRGsARRRFfTRGkz +I9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFAnwf5MeO3MqzvjocoUyoZ +Nc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4+1WmLxwcF0n3xaB04KCv +XTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbYk81XfXBuBKv7Vxk0fRYf +9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9fyZn/sv+UCLrMR6fyD/5 +EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W3mDDxJoaYe5bE2p0ca+m +wEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlFIEUgucXLOLQHyEl+kEkC +LEmSbn71WsM8tCVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAb3BlbnNzbC5jb20+ +iQI4BBMBAgAiBQJUO42DAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDV +6eQ/ffnujLPhD/4n7Jl5/FIKKNPIDJDAYmq/Z36t1m+m0IvSL0yuZh2WSCDo+xur +ZWVLPQIrP14ORvWJJzZTmRLUWTxQPDF0z3S4kkopMyqTeHl++to/4eTQPF0QkpLc +DXVKzRe5jzRUTYC8x7mtJHdgKjmWqbgqm63RJg2PphRSbFqoPkfoZ0/kNdzG3bkE +LlpW8YphA4guQBlU3N7p52KOavVny03UDLN1jVE/QmD641g4E7iNNxyXNs15iRi8 +84Ox4+EjBZOQFygx7RtrWXVokOS4Ba4fp3yDnkAdqhN3DtjKGPv7oqMcJuJpuBP6 +F1Rmd7eJPS6+nIfJac0EnhDu25k5m248mUAgvtX8PR9n6OB39G6UEKnBoBFpmDpU +CJKeOLwGjvkpB04gAVdIbWJVXVkYVUyX6i2VRQiVEEmEsTNRZKrjyWtHyAzfSg0o +EKUTxijtVbkHZk33SuCSATq+8qKMXDDJHhcpX8/K3zgVOMDTRexY5Zpe47IiL0/C +bK3MN+SnBfgZzsw/TNasJ0a/AUw+FDGIq71UNysVL7dKHeKQX3nRRvHp7blpdCf0 +bOlBc4Ni5Rk/QYMAR1zVHgXHOrANzTim1dUHensnlquYGx3sdws2d7G3p0VX5Ke+ +Dreal5NraRhMYk0hJTgOy34vf+z1UGejbViVkEgts1X2nRmBInJhZOSyP7QvUmlj +aGFyZCBMZXZpdHRlIDxyaWNoYXJkQG9wZW5zc2xmb3VuZGF0aW9uLmNvbT6JAjgE +EwECACIFAlQwa/UCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENXp5D99 ++e6M3KkP/izg32cHPYfDZaWDVbzV1V1EcyMM1hpsQm4C3bo2UY/06NtLescn/6kU +wAlhBnn9jfqbhoPzqJXc/kbNxtVRc5JvZxhulBj+UdgoB3wiyrY8tM0+eYMWB4Te +j4830s4c5rUenM2OrUNrpaLVL5pFm1M7k4m5xaMIkKUVQB0PaCms9NB4yplSIEcL +9c3M5UFm/ipQYML6qp07qknd/NTbNNPUfZreLYQiAr/kZxsjZR4mcCMaal8rcRZV +hzkGwX78aReu0xIdkPaNfJAvrO7NMCz7U3yntwbXmRi1jw4PAXvZjAfgRbOv7ug1 +xPcVdbr7YbhL3miyYXH8H72muLvslOvba2CBAE4x6wZi7IEx3VNG9aklOx09PDZy +29tyPx4AhMLPj9GnGROUcMzC3+ZvOPmteaQjdA1MmR2PEAdm1OZLJ1Lb78FcGoWB +XdWmI0XFM09YxAAD1YNvVijPnS193jtTqesKtu57D4PEqLPUupHZZpic9X9T17ve +SjbI6B1VCi46HHF4MEbQt7pTsGiNMKS2i/YVTap29Fj8x+cTxAmV2Fb8BWPjdLee +5VGyH8dwDYtMXK7fE6hQFZX3Vn7RXInv4onouolcyq7aPvxYPVnGdijNSMDtHdFx +78vSt9kMx75s8jyJ0ILojuAqB7C2G/ScybtQNYBXAIZtFZWLiPuEuQINBFQwazYB +EADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpjU45k +x/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV9qT3 +i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdkHsEo +MSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHMel8Z +cEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1nbMQ +/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAtc/+i +wMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQJe31 +m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+sjau +CZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbhddJB +Hsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz5JTj +Mkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABiQIfBBgBAgAJ +BQJUMGs2AhsMAAoJENXp5D99+e6M69gP/2MzECejKPv0lN9vHTnqLHiP7BcqbivP +NqT4V3yal/JfB9c8h2ylsuZSy4r9TKDTgv/KVm6b9kJVsjdzyqwerKwpZ6T8ohyD +t+/5UAXKY7wH8vR1qZdtRQ8Z/UbsZ2vyDGMKutBIxOYfDcpzZ+e78nRd6k3E6pIb +R1utS972wQHM/VTEmsvUFZtX+qszOVm2y8adbHzY0FikqN/NZI7NVY+8gkwaybpd +6knl9ArEQe1heVWDGpaTUxz0SKglqc0zHDtxOUkhiCcvgKsAGWbxYspRq0rLsek5 +1RFSdO7NJ59co96uyIu2r/sGhpk3+/QdAMmb9CGeI+DVFhTZxobBtWxLphS5EJey +HfzOtZNMijrrB3cw3GWws3nMsMNcN1g/o+MLxpHwcuJkEai4so7rbDf3acUUZFCw +EzBPkx/SeXjatAObEUWmshIgNUw3AFnxdD7QOLJjctRsiGq6GwvsZ/ABDYuHnmGQ +W3w34fKEYRLCAkOq7NPfMImM/I7Wf6Tq7s24g+2Sg8vr4yrWKoIxp4qB0GpSQmay +k1J0RKR9dNqYNQsOr9jnI4l7KlOS+2K4b9Y0CJbiCNOdVSCf0AVnubk+2IiTrDCz +EBlr5Dmz1xGC5XdlBeoSujB+HqZMFf8Nbjap5byHhBYB0ypkh738JQBeuJVIgwlH +VhMV8mypBNjWmQENBE76Z9YBCAClJEJJTPrqEX9P84lgfWoeAz6MqIgDxxmIjFMe +JZ+sp47tHnPaam0t4+8v+63RpsIlepNZtsufUyeIVq104YB+2pLWlTLCG0vQRmA5 +D6RiD7PeadLnAZtBMzhTNRyx0gD2hLM9HN19KftTa9ar4SfIVd2e/N6vgSSJKsI1 +2x9M4G3Zd0poEnz897HGftxg5APVsJoBw7tSQKHmKxLgJWAmxFV7bMxquF8tGSga +EeV+AceRKQmVWFWBb2JIa2qihptuJOfIlSke6h09oVa1jZ6kI3ATWCbzAWUjcT9n +HCmEVzT/Fha7JNW5JT8tyO08B5b82HyL+83n+87FVbOkncULABEBAAG0HFRpbSBI +dWRzb24gPHRqaEBvcGVuc3NsLm9yZz6JATgEEwECACIFAlOctAQCGyMGCwkIBwMC +BhUIAgkKCwQWAgMBAh4BAheAAAoJEJGVxIJB+/fdlikH/RLnyBDNaQuyPkl09ZDK +YiYqg0uL/BtjEdzZzGzfV5uk9RctMd5UMU5Lh6phdc/Jei0d/VpQnSxhSoWmQHn6 +reYfq9SabApzZzQcscBxL9g0P4mMj4PzYGmhYCkkh1GOTtDtm5wleTaoIKz8KTHz +vc7bLP5XIwrzwrtiRAiAfCCdmKz9hVqllM7yV9HZZzXnd5lAqoxV9wt6eiGfB4OR +VJFasQsPAA0/+YoWhc8Zta819MRABKw+egfWoRm+DVAEVl+5hPBOJGzrFpZdPVPi +Gt16QgmHVKVh9z46OBup/CfhvXWHY7J7X28c0/zHgI1dFJBOlgGxAzvBGmXkYNLX +XMG0JlRpbSBIdWRzb24gPHRqaEBvcGVuc3NsZm91bmRhdGlvbi5jb20+iQE4BBMB +AgAiBQJO+mfWAhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCRlcSCQfv3 +3cdHCACS9HhOWAyEAGNhCPjOhYsJRY0iQk57Ekxh2kWTO66NLfX6HwnmOv+6z2uM +o6XxIDqLtCMFYoURkOUuoYNhZBhbLNNCqBY47382zuivs4X4RUNuewQGCmQd5ASz +bCxtZ6eqMG6qJpnn8lsAbI9yGQ8ofwqSs98CTbRsv4P1DVacwXFqGDeu4qKQ2liI +dbQmCP9mkl7dkwJ2BJrc5X8msu226WVeT7z3lPWlmEWnYtJLnjaLeGjP4wEcaUDm +6LubRWxUAZ7gqRWqP8dX37Y9VSZvKHOmUINrvLAmhhYlZvt8z32PUA+hICJ7AMwB +3V4HoNy/qJfAtkWqODvnG2HT00BduQENBE76Z9YBCAC5xpa7smrlstM6q6gnBkjT +s1Tb68mtEXTGPpc8ds6T/79sApVbyIq3xXCinqtSwYeH/kkYnB3+kBQDgDsSFos8 +XpxBLqr9mrVk2Bu4Pz/c5/vF9L2uhf1p8nt/V+HlC9p7Q7ZCf/TRFQj+3WFafHbB +jzDZw6kkJm7gBtzNj6FTHNUxv1t3NzbPSeW7tQbo6ptrclLk+S7rgEnG5t8VOYbo +60I6bniGUvUVYMVVR49BsZ5tW7jrLToZf5wQEE2C6iud46poPpcDNiBiPi/LBFHC +r71KzGnAWsfHu8lt7v9MarEuXDPoC045DLQyWSKHGP9/uSuesEOpnb63J9gDlgaP +ABEBAAGJAR8EGAECAAkFAk76Z9YCGwwACgkQkZXEgkH7990gaAf9FD6fsKERbpB5 +aSiyCyXWm4vgIla4U2WE8ttGRNOVX646XHN/lA3W9r84HOsFgK4JvbLomiwZLQS+ +bvSj9qplO+s5OqzfWyZpdpjZNhAeb4GsfaYThrT0mCngb6gVnAEpvtf/6+4KIQSx +qvbeGXJyaHtWhhXtqd8qzV6RbXDc5kCDJQMSZiwTxHUo7UmWR3fPJDTfhyyLlD+f +jI/HhHwR140q1xnP2L/4wWF8pNqxX3qcMkXm6uDfRgY0eCdT/BlrJAQ0lfa09h6f +sMkHsoHd5Pvpz+TkGHUI7TNMj3oOSrSKSu+qI6kJnOUY9PFNwTq4ljvTdbNLymjJ +iugLyosU15kBDQRVlEpGAQgAmdVZaxAD6wKTiQ/VUd6EIuOocLXUuU4v9yRooArb +bpLNlgTyzlDRcNYFpvW5gZ/KXt7sfE72pbDWV2HVFfcf8zyTMygz+2tzDL9ldWTA +EqYeis4NYIH9yQToZGoc1oEkgBYwKoEQUnpq2A4IMggRaD4KSc/7W98raf63IrBO +K2u9tfg6CZDgKHRsv6d5AHSZTFrJR7vh9EIg33z/qzaebZ5lO7woV0q69yqUdzBs +dFEc20fUUIEv2PsWcfNKx+BzKmbddlfwSWVv6xua7KDFge6uDrg3ISWQWCwd8iz3 +jOUseeiaLYk5QOUJapWyKBqYJiOAbbQSTzkVuQMMB4QSmQARAQABtBdNYXJrIENv +eCA8bWFya0Bhd2UuY29tPokBOgQTAQIAJAIbLwIeAQIXgAULCQgHAwUVCgkICwUW +AwIBAAUCVZUDDgIZAQAKCRA2zuTesAz+MyFiB/99TL4ML2eevVmxbtcN3f70VZtt +eoKvwIcZ6hDw3sG8DVAjFlyiwtXtDG/mNOBxuW78o9dCceCI/ngbH4qHbCuiKUXp +kh6LBw3VnS6eORHWJOk4xPwktHHl9YPf4DO4sraq8OeJyooSqcRO++eCMR1JQiUc +G59qoL93c9zibpanh8K7aoHe5P3bsACJED4kqis4sEa5oDA6JVu4LPccic2LTpOF +9LDdZxn92Ii6MHdyia3E8tkJiFOXurOw2JNHZHbFBHZaARLES4GLAP28VEfuEZir +PECIw9tJ+jecmxMIYj0SdvMp/bOEdlH1ot/JGMhWEsAlZUG4OEj9V9UDkHP5tBlN +YXJrIENveCA8bWpjQGFwYWNoZS5vcmc+iQE3BBMBAgAhAhsvAh4BAheABQJVlQLq +BQsJCAcDBRUKCQgLBRYDAgEAAAoJEDbO5N6wDP4zohwH/jOC5HbMlwaMbPHRVkDz +5wdV9qivHXuV1PxNKjCPEv9dEdOq8CcyQqTBfZoc2mUFLrulvZAUxpl3ki6afSL3 +yjl3VlXD8VtFmaAmdBgtLQvQ/PvovW2xnc2alM2iY3e/MXdyRCEx1b6zHYUWJALt +ZXyQa20UE6g9oTePNzaValNnup24ymmPDHy8YWdeHuDTL8dh6ji6v58nwAQkZ3Nl +YJgpbUBj4TJfk38fm0h1BRnKCMgOxYp69lwLmC7EbvbgauzYn0Elwl68t02njv0Y +ga+8cHvo84nRQHnn7aVWBaJWwwYKMzMlXndJWsj52gPKXyO51X2Su4jAvGxM59m2 +VcG0GU1hcmsgQ294IDxtamNAcmVkaGF0LmNvbT6JATcEEwECACECGy8CHgECF4AF +AlWVAu4FCwkIBwMFFQoJCAsFFgMCAQAACgkQNs7k3rAM/jODoQf7BTBbQ7v7nJ8C +xSr4P3Yqsr4jXgaY2O3M0ilodmeo0EgxhK384O1JZ4NV86YVzsGI//+6quGcYGt4 +fcskRf/9cE4LhhnbP6N2Z4XyyyXVlwJNR6oDyH1zqpZTCtQNmou8hxm1MvmpM67u +e2smLVg/p1g+h1NWbfjoo4L0UyRUlDlELun6Y737pg6usNK2IOcv6G9gv+QVi3DV +GpmU2+z2SK6Rxh/5Dk5sDoT4oM0e5DL7KTt5Po+dWrUyo+nUtm/3L3ugNHl48vA/ +Fvy2HBH4zxs+Y5kCyiotePiTww49l5QQDYPdFylab8Jd44wpwiJEV93cqxVuzIAB +FM3ReFqU5bQbTWFyayBDb3ggPG1hcmtAb3BlbnNzbC5vcmc+iQE3BBMBAgAhAhsv +Ah4BAheABQJVlQLuBQsJCAcDBRUKCQgLBRYDAgEAAAoJEDbO5N6wDP4zu7UH/0Y4 +2wgWGcVzDJu9zFlMX/XPMXJYbSENOsSyq+LUhGKLK7xPjXAl4eWVrUWsGFQTO+sy +A4fipMw1XbTPpXDaNxacfjSwayeTV25H3KmgnQgKQXH3Kkfze9Zxe10vG+knssaO +kf5EYEVtthbBL/k6qKC2zIrixzfS5MOpSK3sAepn1mNBFjtPSikaNwHtxcBXdIbi +khuTpImu/PfGlOaeYwgUm7Sx9BmfGnZLvTz8MGDtqziXld0NxO0lXTh5Y2+Ojv0y +WisUoXA44blslYYWC8aRR3FCWCxMmKfkDb9ztM5KQbQXS/nyYra6/Nsh/Acvgg4G +BPOIenT+uE82YZfpPWG5AQ0EVZT51AEIAO91fZyiPkiioZURT8zZfUtpQxLJOHno +vp0h1yo1xfX7okpq2nM1hytWu3ICZ0CpZw2kv+bmbRdD11xbobFnl/QWb42KThqD +L7T/+chZz/uMzrHNFgzRCRiTJlkTcI+Q4jK71eyVzMWoiv0xnLRNf46x66AxieXY +Tkn0e7KPC2sUppfIbpRA2BshXuJqCzjaHH/z4+QI7JTAoROayyApVcGgO7njWKVA +k+JOd3iThS+wjnzU0sBIg12yT6q4w/M6MSMOBsqcwOMtx/iXmEHCWCuYzubhOL6B +v3k11pkkBgArD+wZGA5JuFYfTSAnKsCWbDxVmJzGTkqwY9DgIAOpQgUAEQEAAYkC +PgQYAQIACQUCVZT51AIbAgEpCRA2zuTesAz+M8BdIAQZAQIABgUCVZT51AAKCRAB +ClBAfEyMvSc6B/9tpCI1LeZx9TxpYo8PLw1QcZdwpxQU9hanlg55ZeyL2j104cz/ +7fzEqHd4zNlzS5J1fs2xiuDl3pLP+tPz3uOBxiergyAOcprXMCZOjAksvUpwuX/E +k8NIHjUAk6iCbFB0awUrrXMQq7WY+yYfCP7dUxVkXP6dHOQGs2B94TMUYkJs7/QV +YYE0qGb4XkgwENH07Wywt/oejBn9UXFo80pv7Rz6jdELoPF60hMT14ZuDu7f9Jxn +2of94QJGNlA3OuueQR4W25iaJQe4P4alr3PCTmyuoaFI5K0yHByB489JO4eSPLOe +r4pftNESsDyBwc8A4Fx8ro88xLuufYnoPwrTAkcH/3d/MGABEEmqDwRDXzH/cLh0 +h9/OinNEgilOCc+zK+6+7bi7x/jUw+aAIN+bmO/6+EEnl1GQuUj7F2ZxXU9tPRvb +YF0uCoyd+ZMayHbuMc8etThWqvMNlbNeZegLHbNO7NsoDxPmDb/rPlc7tvKdxUVG +KfZSWT78tQAb4JeJUR4G1Rm+3jlkCNoiaFCV02C9HGXu3Amqkz33FJKjCnEv61tm +wYZvkLc9bYQzqXt8rvb3nlZbvbFYlf3oNU7YFV43a4W0y07NtxiXzPhC+E4FIAdi +aBbJmv9EEXzrMRyXuZFOUZx9wGAC77dHcJ8cw7+MUxpJ5ja8aoFS7ly7sk442gK5 +AQ0EVZT5+AEIALH40GSCbgSuXVHjhUYYLeo0TNBevlZD7Po1OEyhi2eEhrWYg/3c +Awr0/neLXXD6xiAlOXcN01H+OjY4ZAmKzm290LCRBuo9WPsRvHIECAY9XZBeL+tu +69biSXv07vhvqmMG8yZ6Hi8Q5wUHJvISo6MC6fbq2RUVnkscgqp4jlBVjRNo97Ng +i+WEco+znvu7pio7uXYGPT9UorIPX7cQ2kpbiYM4UU4i/ezbAELc8Ttq4IXzz5zi +/Rea/r7HR7aSpapzVB56Wwg87F3c4zcwK9bdxxgdpRfHnBJ84mrBZlSGwKN6a1ks +N/zks6R6eNVhO9UbozzVqgl1Riz/aXlv2tsAEQEAAYkBHwQYAQIACQUCVZT5+AIb +DAAKCRA2zuTesAz+M2u5B/997Q3sXvQo3J2ZB/gSXYVIjh76pzabO9NIlhW2fX3Z +41VsgZKX6tpTGlqUn9Q14EkntzpGBtX/3PtoycH+Ta0E+IfpoINwSy/7SQfWmPhY +xjMnu3LH0ho1mkGMuxXf/dMoapovKY3d//ud6KcPruq+W+8ZXD8CT4zay6z/5JIg +FAP1viRNtyVmFh6NfZTIsKGyS+jaHniAR9N3cRa1Y7gutwT6cNV1zpTOAOBx0L75 +xLxGy6WuyBLaaZIhk0f3ONryFQslIsVGGs/d2QJm2xxywvaq4JrSor+TPJxXu3Jr +umMEE9U0zENea7N8dQxWQBmXnChX88eRPHOIAdXEWrOj +=Qsm0 -----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch index e976b5c..daadcae 100644 --- a/debian/watch +++ b/debian/watch @@ -1,2 +1,2 @@ -version=3 +version=4 opts=pgpsigurlmangle=s/$/.asc/ https://www.openssl.org/source/ openssl-(3.0.*).tar.gz diff --git a/test/ssl-tests/12-ct.cnf b/test/ssl-tests/12-ct.cnf index 2e6e9de..369c5d4 100644 --- a/test/ssl-tests/12-ct.cnf +++ b/test/ssl-tests/12-ct.cnf @@ -19,11 +19,11 @@ client = 0-ct-permissive-without-scts-client [0-ct-permissive-without-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-ct-permissive-without-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -46,11 +46,11 @@ client = 1-ct-permissive-with-scts-client [1-ct-permissive-with-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [1-ct-permissive-with-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer @@ -73,11 +73,11 @@ client = 2-ct-strict-without-scts-client [2-ct-strict-without-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-ct-strict-without-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -101,11 +101,11 @@ client = 3-ct-strict-with-scts-client [3-ct-strict-with-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [3-ct-strict-with-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer @@ -130,11 +130,11 @@ resume-client = 4-ct-permissive-resumption-client [4-ct-permissive-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [4-ct-permissive-resumption-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer @@ -162,11 +162,11 @@ resume-client = 5-ct-strict-resumption-resume-client [5-ct-strict-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [5-ct-strict-resumption-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer diff --git a/test/ssl-tests/12-ct.cnf.in b/test/ssl-tests/12-ct.cnf.in index ddafd3f..c11bcc9 100644 --- a/test/ssl-tests/12-ct.cnf.in +++ b/test/ssl-tests/12-ct.cnf.in @@ -19,8 +19,10 @@ our @tests = ( { name => "ct-permissive-without-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', extra => { "CTValidation" => "Permissive", }, @@ -32,10 +34,12 @@ our @tests = ( { name => "ct-permissive-with-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Permissive", @@ -48,8 +52,10 @@ our @tests = ( { name => "ct-strict-without-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', extra => { "CTValidation" => "Strict", }, @@ -62,10 +68,12 @@ our @tests = ( { name => "ct-strict-with-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Strict", @@ -78,10 +86,12 @@ our @tests = ( { name => "ct-permissive-resumption", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Permissive", @@ -96,10 +106,12 @@ our @tests = ( { name => "ct-strict-resumption", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Strict", diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index bafa4a6..f472dd7 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -93,13 +93,13 @@ client = 0-curve-prime256v1-client [0-curve-prime256v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime256v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-curve-prime256v1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime256v1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -122,13 +122,13 @@ client = 1-curve-secp384r1-client [1-curve-secp384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-curve-secp384r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp384r1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -151,13 +151,13 @@ client = 2-curve-secp521r1-client [2-curve-secp521r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp521r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-curve-secp521r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp521r1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -180,13 +180,13 @@ client = 3-curve-X25519-client [3-curve-X25519-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = X25519 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-curve-X25519-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = X25519 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -209,13 +209,13 @@ client = 4-curve-X448-client [4-curve-X448-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = X448 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-curve-X448-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = X448 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -238,13 +238,13 @@ client = 5-curve-sect233k1-client [5-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-curve-sect233k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -267,13 +267,13 @@ client = 6-curve-sect233r1-client [6-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-curve-sect233r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -296,13 +296,13 @@ client = 7-curve-sect283k1-client [7-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-curve-sect283k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -325,13 +325,13 @@ client = 8-curve-sect283r1-client [8-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-curve-sect283r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -354,13 +354,13 @@ client = 9-curve-sect409k1-client [9-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-curve-sect409k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -383,13 +383,13 @@ client = 10-curve-sect409r1-client [10-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-curve-sect409r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -412,13 +412,13 @@ client = 11-curve-sect571k1-client [11-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-curve-sect571k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -441,13 +441,13 @@ client = 12-curve-sect571r1-client [12-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-curve-sect571r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -470,13 +470,13 @@ client = 13-curve-secp224r1-client [13-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-curve-secp224r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -499,13 +499,13 @@ client = 14-curve-sect163k1-client [14-curve-sect163k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-curve-sect163k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -528,13 +528,13 @@ client = 15-curve-sect163r2-client [15-curve-sect163r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-curve-sect163r2-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -557,13 +557,13 @@ client = 16-curve-prime192v1-client [16-curve-prime192v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-curve-prime192v1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -586,13 +586,13 @@ client = 17-curve-sect163r1-client [17-curve-sect163r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-curve-sect163r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -615,13 +615,13 @@ client = 18-curve-sect193r1-client [18-curve-sect193r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-curve-sect193r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -644,13 +644,13 @@ client = 19-curve-sect193r2-client [19-curve-sect193r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-curve-sect193r2-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -673,13 +673,13 @@ client = 20-curve-sect239k1-client [20-curve-sect239k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-curve-sect239k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -702,13 +702,13 @@ client = 21-curve-secp160k1-client [21-curve-secp160k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-curve-secp160k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -731,13 +731,13 @@ client = 22-curve-secp160r1-client [22-curve-secp160r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-curve-secp160r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -760,13 +760,13 @@ client = 23-curve-secp160r2-client [23-curve-secp160r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-curve-secp160r2-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -789,13 +789,13 @@ client = 24-curve-secp192k1-client [24-curve-secp192k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-curve-secp192k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -818,13 +818,13 @@ client = 25-curve-secp224k1-client [25-curve-secp224k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-curve-secp224k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -847,13 +847,13 @@ client = 26-curve-secp256k1-client [26-curve-secp256k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-curve-secp256k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -876,13 +876,13 @@ client = 27-curve-brainpoolP256r1-client [27-curve-brainpoolP256r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-curve-brainpoolP256r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -905,13 +905,13 @@ client = 28-curve-brainpoolP384r1-client [28-curve-brainpoolP384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-curve-brainpoolP384r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -934,13 +934,13 @@ client = 29-curve-brainpoolP512r1-client [29-curve-brainpoolP512r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-curve-brainpoolP512r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1713,13 +1713,13 @@ client = 55-curve-sect233k1-tls13-client [55-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [55-curve-sect233k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1740,13 +1740,13 @@ client = 56-curve-sect233r1-tls13-client [56-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [56-curve-sect233r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1767,13 +1767,13 @@ client = 57-curve-sect283k1-tls13-client [57-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [57-curve-sect283k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1794,13 +1794,13 @@ client = 58-curve-sect283r1-tls13-client [58-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [58-curve-sect283r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1821,13 +1821,13 @@ client = 59-curve-sect409k1-tls13-client [59-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [59-curve-sect409k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1848,13 +1848,13 @@ client = 60-curve-sect409r1-tls13-client [60-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [60-curve-sect409r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1875,13 +1875,13 @@ client = 61-curve-sect571k1-tls13-client [61-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [61-curve-sect571k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1902,13 +1902,13 @@ client = 62-curve-sect571r1-tls13-client [62-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [62-curve-sect571r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1929,13 +1929,13 @@ client = 63-curve-secp224r1-tls13-client [63-curve-secp224r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [63-curve-secp224r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1956,13 +1956,13 @@ client = 64-curve-sect163k1-tls13-client [64-curve-sect163k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [64-curve-sect163k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1983,13 +1983,13 @@ client = 65-curve-sect163r2-tls13-client [65-curve-sect163r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [65-curve-sect163r2-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2010,13 +2010,13 @@ client = 66-curve-prime192v1-tls13-client [66-curve-prime192v1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [66-curve-prime192v1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2037,13 +2037,13 @@ client = 67-curve-sect163r1-tls13-client [67-curve-sect163r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [67-curve-sect163r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2064,13 +2064,13 @@ client = 68-curve-sect193r1-tls13-client [68-curve-sect193r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [68-curve-sect193r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2091,13 +2091,13 @@ client = 69-curve-sect193r2-tls13-client [69-curve-sect193r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [69-curve-sect193r2-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2118,13 +2118,13 @@ client = 70-curve-sect239k1-tls13-client [70-curve-sect239k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [70-curve-sect239k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2145,13 +2145,13 @@ client = 71-curve-secp160k1-tls13-client [71-curve-secp160k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [71-curve-secp160k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2172,13 +2172,13 @@ client = 72-curve-secp160r1-tls13-client [72-curve-secp160r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [72-curve-secp160r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2199,13 +2199,13 @@ client = 73-curve-secp160r2-tls13-client [73-curve-secp160r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [73-curve-secp160r2-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2226,13 +2226,13 @@ client = 74-curve-secp192k1-tls13-client [74-curve-secp192k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [74-curve-secp192k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2253,13 +2253,13 @@ client = 75-curve-secp224k1-tls13-client [75-curve-secp224k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [75-curve-secp224k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2280,13 +2280,13 @@ client = 76-curve-secp256k1-tls13-client [76-curve-secp256k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [76-curve-secp256k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2307,13 +2307,13 @@ client = 77-curve-brainpoolP256r1-tls13-client [77-curve-brainpoolP256r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [77-curve-brainpoolP256r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2334,13 +2334,13 @@ client = 78-curve-brainpoolP384r1-tls13-client [78-curve-brainpoolP384r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [78-curve-brainpoolP384r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2361,13 +2361,13 @@ client = 79-curve-brainpoolP512r1-tls13-client [79-curve-brainpoolP512r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [79-curve-brainpoolP512r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in index 5653e70..0b49d08 100644 --- a/test/ssl-tests/14-curves.cnf.in +++ b/test/ssl-tests/14-curves.cnf.in @@ -36,10 +36,11 @@ sub generate_tests() { name => "curve-${curve}", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MaxProtocol" => "TLSv1.3", "Curves" => $curve }, @@ -56,10 +57,11 @@ sub generate_tests() { name => "curve-${curve}", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MaxProtocol" => "TLSv1.2", "Curves" => $curve }, @@ -100,10 +102,11 @@ sub generate_tests() { name => "curve-${curve}-tls13", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MinProtocol" => "TLSv1.3", "Curves" => $curve }, diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf index c85d312..a70f01b 100644 --- a/test/ssl-tests/22-compression.cnf +++ b/test/ssl-tests/22-compression.cnf @@ -21,12 +21,12 @@ client = 0-tlsv1_3-both-compress-client [0-tlsv1_3-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-tlsv1_3-both-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -47,11 +47,11 @@ client = 1-tlsv1_3-client-compress-client [1-tlsv1_3-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-tlsv1_3-client-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -72,12 +72,12 @@ client = 2-tlsv1_3-server-compress-client [2-tlsv1_3-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-tlsv1_3-server-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -97,11 +97,11 @@ client = 3-tlsv1_3-neither-compress-client [3-tlsv1_3-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-tlsv1_3-neither-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -121,12 +121,12 @@ client = 4-tlsv1_2-both-compress-client [4-tlsv1_2-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-tlsv1_2-both-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -148,11 +148,11 @@ client = 5-tlsv1_2-client-compress-client [5-tlsv1_2-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-tlsv1_2-client-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -174,12 +174,12 @@ client = 6-tlsv1_2-server-compress-client [6-tlsv1_2-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-tlsv1_2-server-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -200,11 +200,11 @@ client = 7-tlsv1_2-neither-compress-client [7-tlsv1_2-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-tlsv1_2-neither-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in index 69a2e7f..0b8f010 100644 --- a/test/ssl-tests/22-compression.cnf.in +++ b/test/ssl-tests/22-compression.cnf.in @@ -21,9 +21,11 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-both-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, test => { @@ -34,8 +36,10 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-client-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, test => { @@ -46,9 +50,11 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-server-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, test => { "CompressionExpected" => "No", @@ -58,8 +64,10 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-neither-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, test => { "CompressionExpected" => "No", @@ -71,9 +79,11 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-both-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression", "MaxProtocol" => "TLSv1.2" }, @@ -85,8 +95,10 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-client-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression", "MaxProtocol" => "TLSv1.2" }, @@ -98,9 +110,11 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-server-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.2" }, test => { @@ -111,8 +125,10 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-neither-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.2" }, test => { diff --git a/test/sslapitest.c b/test/sslapitest.c index 1f63212..4150e46 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -9507,7 +9507,8 @@ static int test_set_tmp_dh(int idx) */ static int test_dh_auto(int idx) { - SSL_CTX *cctx = NULL, *sctx = NULL; + SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); + SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; EVP_PKEY *tmpkey = NULL; @@ -9515,14 +9516,21 @@ static int test_dh_auto(int idx) size_t expdhsize = 0; const char *ciphersuite = "DHE-RSA-AES128-SHA"; + if (!TEST_ptr(sctx) || !TEST_ptr(cctx)) + goto end; + switch (idx) { case 0: /* The FIPS provider doesn't support this DH size - so we ignore it */ - if (is_fips) - return 1; + if (is_fips) { + testresult = 1; + goto end; + } thiscert = cert1024; thiskey = privkey1024; expdhsize = 1024; + SSL_CTX_set_security_level(sctx, 1); + SSL_CTX_set_security_level(cctx, 1); break; case 1: /* 2048 bit prime */ @@ -9548,8 +9556,10 @@ static int test_dh_auto(int idx) /* No certificate cases */ case 5: /* The FIPS provider doesn't support this DH size - so we ignore it */ - if (is_fips) - return 1; + if (is_fips) { + testresult = 1; + goto end; + } ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; expdhsize = 1024; break; @@ -9562,8 +9572,8 @@ static int test_dh_auto(int idx) goto end; } - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), + if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, + NULL, 0, 0, &sctx, &cctx, thiscert, thiskey))) diff --git a/tools/c_rehash.in b/tools/c_rehash.in index 343cdc1..229a37f 100644 --- a/tools/c_rehash.in +++ b/tools/c_rehash.in @@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}) -}; my $errorcount = 0; my $openssl = $ENV{OPENSSL} || "openssl"; my $pwd; -my $x509hash = "-subject_hash"; -my $crlhash = "-hash"; my $verbose = 0; my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; @@ -27,10 +25,7 @@ my $removelinks = 1; while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); - if ( $flag eq '-old') { - $x509hash = "-subject_hash_old"; - $crlhash = "-hash_old"; - } elsif ( $flag eq '-h' || $flag eq '-help' ) { + if ( $flag eq '-h' || $flag eq '-help' ) { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; @@ -203,22 +198,24 @@ sub compute_hash { # certificate fingerprints sub link_hash_cert { - link_hash($_[0], 'cert'); + link_hash($_[0], 'cert', '-subject_hash'); + link_hash($_[0], 'cert', '-subject_hash_old'); } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { - link_hash($_[0], 'crl'); + link_hash($_[0], 'crl', '-hash'); + link_hash($_[0], 'crl', '-hash_old'); } sub link_hash { - my ($fname, $type) = @_; - my $is_cert = $type eq 'cert'; + my ($fname, $type, $hash_name) = @_; + my $is_cert = $type eq 'cert' or $type eq 'cert_old'; my ($hash, $fprint) = compute_hash($openssl, $is_cert ? "x509" : "crl", - $is_cert ? $x509hash : $crlhash, + $hash_name, "-fingerprint", "-noout", "-in", $fname); chomp $hash;