Richard Levitte [Fri, 15 Oct 2021 10:37:56 +0000 (12:37 +0200)]
Fix VMS installation - deassign the same logical names that were defined
The logical name for the engines directory is named one way in
VMS/openssl_startup.com.in, but a different name was deassigned in
VMS/openssl_shutdown.com.in.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
Richard Levitte [Fri, 15 Oct 2021 10:36:15 +0000 (12:36 +0200)]
Fix VMS installation - use platform->shlib_version_as_filename() consistently
It's used in Configurations/descrip.mms.tmpl, but was forgotten in the
VMS installation scripts.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
Richard Levitte [Fri, 15 Oct 2021 10:32:43 +0000 (12:32 +0200)]
Fix VMS installation - Define the logical name OSSL$MODULES
Also, the modules installation directory is version agnostic on other
platforms, there's no real reason why it shouldn't be on VMS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
Richard Levitte [Fri, 15 Oct 2021 10:27:50 +0000 (12:27 +0200)]
Fix VMS installation - $config{pointer_size} -> $target{pointer_size}
Configurations/descrip.mms.tmpl uses $target{pointer_size}, not
$config{pointer_size}, so the same should be used in installation
scripts, for consistency.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
Richard Levitte [Fri, 15 Oct 2021 10:22:04 +0000 (12:22 +0200)]
Fix VMS installation - consistent program names with version info
The program name version info is supposed to be the major release
version number. This was forgotten when the versioning scheme was
changed for 3.0, so the minor release version number slipped in as
well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
Bernd Edlinger [Sat, 11 Dec 2021 19:28:11 +0000 (20:28 +0100)]
Tomas Mraz [Wed, 8 Dec 2021 17:26:03 +0000 (18:26 +0100)]
bn2binpad: Use memset as the buffer will be used later
Apparently using OPENSSL_cleanse() confuses the fuzzer so it
makes the buffer to appear uninitialized. And memset can be
safely used here and it is also potentially faster.
Fixes #17237
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17240)
(cherry picked from commit
858d5ac16d256db24f78b8c84e723b7d34c8b1ea)
Richard Levitte [Fri, 10 Dec 2021 12:18:42 +0000 (13:18 +0100)]
test/evp_extra_test.c: Add EVP_PKEY comparisons in test_EC_priv_pub()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit
edc8566f475d63278d5f85cd25f324cf2fe9aaf9)
Richard Levitte [Fri, 10 Dec 2021 12:15:10 +0000 (13:15 +0100)]
test/evp_extra_test.c: Refactor test_fromdata()
test_fromdata() turns out to be a bit inflexible, so we split it into
two functions, make_key_fromdata() and test_selection(), and adjust
test_EVP_PKEY_ffc_priv_pub() and test_EC_priv_pub() accordingly. This
allows us to check the resulting keys further, not only to check that
the bits we expect are there, but also that the bits that we expect
not to be there to actually not be there!
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit
5fbe15fd3b7c90a0cfb9f00be16225d8ed18b0dd)
Richard Levitte [Wed, 29 Sep 2021 11:45:55 +0000 (13:45 +0200)]
Enhance the explanation of selector bits in provider-keymgmt(7)
This uncovers what has been a mere comment in an attempt to clarify
that the use of selector bits is very much at the discretion of the
provider implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit
e67254e4c3d82b1b8f5102bc4a0e7914f0b87ef0)
Richard Levitte [Wed, 29 Sep 2021 09:05:41 +0000 (11:05 +0200)]
Adapt our OSSL_FUNC_keymgmt_match() implementations to the EVP_PKEY_eq() fix
The match function (called OSSL_FUNC_keymgmt_match() in our documentation)
in our KEYMGMT implementations were interpretting the selector bits a
bit too strictly, so they get a bit relaxed to make it reasonable to
match diverse key contents.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit
ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a)
Richard Levitte [Wed, 29 Sep 2021 08:58:21 +0000 (10:58 +0200)]
Fix EVP_PKEY_eq() to be possible to use with strictly private keys
EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key
component if it has a private key component. However, this assumption
no longer strictly holds true, at least for provider backed keys.
EVP_PKEY_eq() therefore needs to be modified to specify that the
private key should be checked too (at the discretion of what's
reasonable for the implementation doing the actual comparison).
Fixes #16267
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit
f3ba62653815b2f7991103cdbea1ac155c8c916a)
Pauli [Wed, 24 Nov 2021 01:38:51 +0000 (11:38 +1000)]
Fix Coverity
1494385 logically dead code.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17123)
(cherry picked from commit
23effeb81fbcdc436b1e871e7fff34456d6bfbaf with
manual corrections)
Richard Levitte [Thu, 25 Nov 2021 07:58:21 +0000 (08:58 +0100)]
Fix faulty detail in BN_rand() manual
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
Richard Levitte [Mon, 6 Dec 2021 20:06:06 +0000 (21:06 +0100)]
Teach OpenSSL::ParseC about OPENSSL_EXPORT and OPENSSL_EXTERN
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17215)
(cherry picked from commit
7a2ad00f3ecffa6be350e9e72992d4ec003f54ae)
Richard Levitte [Mon, 6 Dec 2021 19:54:17 +0000 (20:54 +0100)]
Make OSSL_provider_init() OPENSSL_EXPORT, not just extern
On non-Windows systems, there's no difference at all. On Windows systems,
__declspec(dllexport) is added, which ensures it gets exported no matter
what.
Fixes #17203
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17215)
(cherry picked from commit
d977a26ed8ca5066d4d72a6d73f1669c8619f4a1)
Tomas Mraz [Wed, 8 Dec 2021 11:54:52 +0000 (12:54 +0100)]
Windows CI: explicitly use windows-2019 instead of using windows-latest
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17234)
(cherry picked from commit
c37ebbd6f97d23b291c49c4ae2b94c27d732de30)
Sam Eaton [Fri, 3 Dec 2021 22:47:26 +0000 (14:47 -0800)]
changes opensssl typos to openssl
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17191)
(cherry picked from commit
44fde441937fc8db8ea6a7ac2e7c683ad9d5f8e0)
Dr. David von Oheimb [Tue, 7 Dec 2021 06:32:12 +0000 (07:32 +0100)]
APPS/cmp: Fix use of OPENSSL_NO_SOCK: options like -server do not make sense with no-sock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17226)
(cherry picked from commit
83b424c3f60a4401fa3e6e41ff7f08e85ee9df94)
Bernd Edlinger [Wed, 8 Dec 2021 13:14:48 +0000 (14:14 +0100)]
Minor code cleanup in o_names_init
This might result in a small memory leak.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17238)
(cherry picked from commit
c50bf14450f3cd242f2211ca7e500191053d8050)
Dr. David von Oheimb [Mon, 29 Nov 2021 09:07:08 +0000 (10:07 +0100)]
OSSL_HTTP_get(): Fix timeout handling on redirection
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17190)
(cherry picked from commit
f0d5a3b6ea1bbe4e5dac5b69d853c015db635621)
Dr. David von Oheimb [Tue, 7 Dec 2021 10:35:42 +0000 (11:35 +0100)]
APPS/cmp: fix -rspin option such that it works again without -reqin
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17222)
(cherry picked from commit
7ee0954a086ee3b4e0a8c6736600e3d6362485c0)
Dr. David von Oheimb [Tue, 7 Dec 2021 16:49:05 +0000 (17:49 +0100)]
OSSL_CMP_MSG_read(): Fix mem leak on file read error
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17225)
(cherry picked from commit
d580c2790f9f304533a3eda2a9cf6b8eb22830c3)
Gerd Hoffmann [Tue, 7 Dec 2021 09:22:38 +0000 (10:22 +0100)]
rename MIN() macro
MIN is a rather generic name and results in a name clash when trying to
port tianocore over to openssl 3.0. Use the usual ossl prefix and
rename the macro to ossl_min() to solve this.
CLA: trivial
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17219)
(cherry picked from commit
f4f77c2d9756cee12875397276799a93f057d412)
Peiwei Hu [Mon, 6 Dec 2021 09:33:42 +0000 (17:33 +0800)]
bio_enc.c: add memory allocation check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17206)
(cherry picked from commit
684326d3bd3131debcdc410790e8dcf16f96103f)
Alex Pawelko [Sat, 4 Dec 2021 05:41:10 +0000 (00:41 -0500)]
Fix Markdown links in SUPPORT.md
Add link to CONTRIBUTING and fix (presumably broken?) link to Github issues
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17192)
(cherry picked from commit
3410f1045af1913c89f5dc06ad4998a60e57fd90)
Matt Caswell [Mon, 6 Dec 2021 11:37:26 +0000 (11:37 +0000)]
Fix documentation for tlsext_ticket_key
The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
(cherry picked from commit
b0be101326f369f0dd547556d2f3eb3ef5ed0e33)
Dr. David von Oheimb [Wed, 10 Nov 2021 08:39:55 +0000 (09:39 +0100)]
X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN
Also slightly improve the style of the respective code in crypto/x509/v3_san.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
(cherry picked from commit
317acac5cc0a2cb31bc4b91353c2b752a3989d8a)
Dr. David von Oheimb [Wed, 10 Nov 2021 08:31:11 +0000 (09:31 +0100)]
X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey
This does not change the semantics of expected usage because only either one may be given.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
(cherry picked from commit
15ac84e603678140ba32832c288e5f1745a258f8)
Matt Caswell [Mon, 6 Dec 2021 11:13:02 +0000 (11:13 +0000)]
Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions
We should not be freeing the caller's key in the event of error.
Fixes #17196
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17209)
(cherry picked from commit
e819b5727312477f8c1f56bf928e611ad7e78315)
Dr. David von Oheimb [Fri, 3 Dec 2021 10:34:23 +0000 (11:34 +0100)]
OSSL_HTTP_open(): clarify doc of 'server' arg and its use of BIO_new_connect()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
(cherry picked from commit
119f8145c3bde29aae5d5b18c44d1663df975ef5)
Dr. David von Oheimb [Wed, 1 Dec 2021 07:01:31 +0000 (08:01 +0100)]
OSSL_HTTP_open(): Complete documentation of checks for server and proxy args
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
(cherry picked from commit
59b6b5a94f5a5f756aa323d1fb061697ca9eadf8)
Dr. David von Oheimb [Tue, 30 Nov 2021 19:06:09 +0000 (20:06 +0100)]
OSSL_HTTP_set1_request(): Fix check for presence of port option and its documentation
For HTTP (not HTTPS) with proxy, server must be given, port is optional
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
(cherry picked from commit
266383b44c4ebce5ddf551547e73ab6eec47805b)
Dr. David von Oheimb [Fri, 3 Dec 2021 14:18:07 +0000 (15:18 +0100)]
OBJ_obj2txt(): fix off-by-one documentation of the result
This backports the doc improvements of #17188.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17189)
Matt Caswell [Tue, 23 Nov 2021 15:22:27 +0000 (15:22 +0000)]
Don't run the symbol presence test on windows
Fixes #17109
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17119)
(cherry picked from commit
d09f4501e47e0b969caec5a3059af52d227e961a)
Tomas Mraz [Thu, 2 Dec 2021 21:08:25 +0000 (22:08 +0100)]
test_rsa: Test for PVK format conversion
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit
a44eb8421d0e84c069a5fa55ced796878e6b0966)
Tomas Mraz [Thu, 2 Dec 2021 21:07:38 +0000 (22:07 +0100)]
key_to_type_specific_pem_bio_cb: Use passphrase callback from the arguments
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit
c22b6592135bfba95a315e438ac7bfc6db461407)
Tomas Mraz [Thu, 2 Dec 2021 21:06:36 +0000 (22:06 +0100)]
PVK decoder: prompt for PVK passphrase and not PEM
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit
28257d60577932e66934096d0ee8a5dfaca1191e)
Tomas Mraz [Thu, 2 Dec 2021 21:04:21 +0000 (22:04 +0100)]
Fix pvk encoder to properly query for the passphrase
The passphrase callback data was not properly initialized.
Fixes #17054
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit
baa88d9d170b95fd6f177b3e5f8d8818e024a55d)
Tomas Mraz [Fri, 3 Dec 2021 10:59:07 +0000 (11:59 +0100)]
CI: Replace windows-2016 with windows-2022
Windows 2016 environment is going to be discontinued.
Fixes #17177
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17183)
(cherry picked from commit
c87a4dd7a728288da943cb4e2e51150df5dfd1b8)
Matt Caswell [Thu, 2 Dec 2021 11:33:49 +0000 (11:33 +0000)]
Clarify the deprecation warnings in the docs
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.
https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html
We clarify the wording to make it clear that the warning applies to the
following functions.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)
(cherry picked from commit
3dbf82438004b31258627f324841476c4f586c19)
Dr. David von Oheimb [Tue, 30 Nov 2021 15:44:59 +0000 (16:44 +0100)]
OSSL_HTTP_REQ_CTX_nbio(): Fix parsing of responses with status code != 200
This way keep-alive is not (needlessly) cancelled on error.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)
(cherry picked from commit
38288f424faa0cf61bd705c497bb1a1657611da1)
Dr. David von Oheimb [Tue, 30 Nov 2021 15:20:26 +0000 (16:20 +0100)]
parse_http_line1(): Fix diagnostic output on error and return code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)
(cherry picked from commit
e2b7dc353b353efccd1d228f743baa7c2d2f9f49)
Dr. David von Oheimb [Mon, 29 Nov 2021 07:36:14 +0000 (08:36 +0100)]
OSSL_HTTP_transfer.pod: Some clarifications on the BIO connect/disconnect callback function
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)
(cherry picked from commit
2080134ee98a6b23f7456c17901e7b06e4a42ed5)
Dr. David von Oheimb [Mon, 22 Nov 2021 10:29:25 +0000 (11:29 +0100)]
OSSL_HTTP_transfer.pod: Fix omission documenting the 'ok' parameter of OSSL_HTTP_close()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)
(cherry picked from commit
4ee464cf8e0b8dc39970306bfbb49a6e06863e1c)
Dr. David von Oheimb [Fri, 19 Nov 2021 19:38:27 +0000 (20:38 +0100)]
BIO_push.pod: fix confusing text and add details on corner cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17086)
(cherry picked from commit
7a37fd09a8f3607ed8acf55e03479861595be069)
x2018 [Wed, 1 Dec 2021 07:22:30 +0000 (15:22 +0800)]
s_cb.c: check the return value of X509_get0_pubkey()
Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1()
Also fix wrong coding style in the s_cb.c file.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17176)
(cherry picked from commit
5fae09f3d8da7c182c6cfb6a295dcfd15ae828ae)
x2018 [Tue, 30 Nov 2021 12:33:32 +0000 (20:33 +0800)]
check the return value of BN_dup() in rsa_lib.c:1248
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17168)
(cherry picked from commit
9d1a27051dcd4e7a621df54a073587c6c4486476)
Tomas Mraz [Tue, 30 Nov 2021 10:52:10 +0000 (11:52 +0100)]
various kdfs: Always reset buflen after clearing the buffer
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17165)
(cherry picked from commit
d2217c88df6e65c756013417e5ee4f470dd12470)
Richard Levitte [Thu, 25 Nov 2021 08:55:09 +0000 (09:55 +0100)]
TEST: Enable and fix test_bn2padded() in test/bntest.c
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)
(cherry picked from commit
23750f677ef61b6bea4e81f23f335ad08fc49b51)
Dmitry Belyavskiy [Tue, 23 Nov 2021 14:18:52 +0000 (15:18 +0100)]
More detailed explanation how do engines work in 3.0
Related: #16868, #17081, #17107
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17115)
(cherry picked from commit
29a27cb2c5c1757831f42117871f8c59058343a9)
Dmitry Belyavskiy [Sun, 28 Nov 2021 09:21:21 +0000 (10:21 +0100)]
No EtM for GOST ciphers in TLS 1.2
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)
(cherry picked from commit
d724da69389196cdb9ef8db036656882fbc5a6ab)
PW Hu [Tue, 9 Nov 2021 16:25:47 +0000 (00:25 +0800)]
Return -1 properly from do_X509_REQ_verify and do_X509_verify
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17001)
(cherry picked from commit
bc42cf51c8b2a22282bb3cdf6303e230dc7b7873)
olszomal [Wed, 27 Oct 2021 10:36:08 +0000 (12:36 +0200)]
Don't include any TLSv1.3 ciphersuites that are disabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16925)
(cherry picked from commit
6cb814de6f276106eea39dbb813b9134b1b72041)
Pauli [Thu, 25 Nov 2021 23:47:40 +0000 (09:47 +1000)]
doc: remove non-existent callbacks
These used to exist but were removed before release.
Updating the documentation was missed.
Fixes #17138
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17141)
(cherry picked from commit
6d770c5ba36d43f495b232392cfaa8fa460f17af)
Tom Cosgrove [Thu, 25 Nov 2021 15:49:26 +0000 (15:49 +0000)]
Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
When an integer value was specified, it was not being passed back via
the orig_p2 weirdness.
Regression test included.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17136)
(cherry picked from commit
6f87463b62f9b2849510d74ff0fd6a62955ea947)
Matt Caswell [Wed, 24 Nov 2021 10:11:45 +0000 (10:11 +0000)]
Don't delete the doc/html directories when cleaning
The doc/html sub-dirs get created by Configure. Therefore they should
not be cleaned away by "nmake clean". Otherwise the following sequence
fails:
perl Configure VC-WIN64A
nmake clean
nmake
nmake install
Fixes #17114
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17128)
(cherry picked from commit
bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46)
x2018 [Wed, 24 Nov 2021 03:26:09 +0000 (11:26 +0800)]
check the return value of OPENSSL_strdup(CRYPTO_strdup) in apps/lib/app_rand.c:32
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17124)
(cherry picked from commit
3e0441520b9a349dc50662919ea18f03dfc0d624)
Pauli [Wed, 24 Nov 2021 03:32:47 +0000 (13:32 +1000)]
doc: fix macro name
OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT.
Fixes #17121
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17125)
(cherry picked from commit
01fde90eec721b64bc0e1c01cd94a9fd431adcc6)
x2018 [Tue, 23 Nov 2021 13:33:17 +0000 (21:33 +0800)]
check the return value of OPENSSL_strdup(CRYPTO_strdup) to prevent potential memory access error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17113)
(cherry picked from commit
b9648f31a4917b8594caebda3e6d8d313514fe24)
x2018 [Tue, 23 Nov 2021 11:25:43 +0000 (19:25 +0800)]
check the return value of OPENSSL_strdup to prevent potential memory access error
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17110)
(cherry picked from commit
dc7e42c6a12637bae1660561d3f4cef039001475)
Richard Levitte [Mon, 22 Nov 2021 16:10:10 +0000 (17:10 +0100)]
Allow sign extension in OSSL_PARAM_allocate_from_text()
This is done for the data type OSSL_PARAM_INTEGER by checking if the
most significant bit is set, and adding 8 to the number of buffer bits
if that is the case. Everything else is already in place.
Fixes #17103
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
(cherry picked from commit
946bc0e3ec19ca019fcfa95f93c37f34e12fe0bd)
Richard Levitte [Mon, 22 Nov 2021 16:08:19 +0000 (17:08 +0100)]
Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number
When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER,
negative input values should not be accepted.
Fixes #17103
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
(cherry picked from commit
8585b5bc62d0bf394ca6adf24f8590e9b9b18402)
Richard Levitte [Mon, 22 Nov 2021 15:38:43 +0000 (16:38 +0100)]
Test the performance of OSSL_PARAM_allocate_from_text with arbitrary size ints
With arbitrary size ints, we get to know exactly how large the minimum
buffer must be.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
(cherry picked from commit
b556713a6f2884eadc7f56428bc82a844e9a49e0)
Tomas Mraz [Tue, 23 Nov 2021 15:01:28 +0000 (16:01 +0100)]
Add test for copying uninitialized EVP_MD_CTX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17118)
(cherry picked from commit
8c86529fe1b9ade0794c6f557ca8936f0c0de431)
Tomas Mraz [Tue, 23 Nov 2021 14:52:04 +0000 (15:52 +0100)]
EVP_MD_CTX_copy_ex: Allow copying uninitialized digest contexts
Fixes #17117
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17118)
(cherry picked from commit
9ece8323ea2230092227bf20e5d93012d15d92e9)
Matt Caswell [Tue, 23 Nov 2021 12:24:39 +0000 (12:24 +0000)]
Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs
The restriction about setting a tag length prior to setting the IV only
applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG
can be called.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17111)
(cherry picked from commit
3607b8ad8ee1980a079e985333a196e0c79f8f00)
Allan Jude [Fri, 19 Nov 2021 15:14:30 +0000 (15:14 +0000)]
Fix detection of ARMv7 and ARM64 CPU features on FreeBSD
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT
resulting in all ARM acceleration features being disabled.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17082)
(cherry picked from commit
c1dabe26e3e96cdce0ffc929e9677840ad089ba5)
Richard Levitte [Sun, 21 Nov 2021 09:37:18 +0000 (10:37 +0100)]
DOC: Add a few previously documented functions
d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp()
were documented in OpenSSL 1.0.2. In a grand unification of the
documentation of (almost) all d2i and i2d functions, these were
dropped, most likely by mistake.
This simply adds them back.
Fixes #17091
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17094)
Tomas Mraz [Fri, 19 Nov 2021 15:54:39 +0000 (16:54 +0100)]
Add test for EVP_PKEY_sign_init_ex with RSA PSS padding
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)
(cherry picked from commit
5321333520b95a4f355916923af6c24dd10ed5dc)
Tomas Mraz [Fri, 19 Nov 2021 14:16:53 +0000 (15:16 +0100)]
rsa_signverify_init: Set the PARAMS after key is set
Also, default to unrestricted pss parameters until the key is set.
Fixes #17075
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)
(cherry picked from commit
eaae5d69eb5a8cd9c054b23cc388397cbb4ffb98)
Richard Levitte [Sun, 21 Nov 2021 08:48:05 +0000 (09:48 +0100)]
DOC: OSSL_PARAM_{set,get,construct}_BN() currently only supports nonnegative numbers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17074)
(cherry picked from commit
b33fb68a3230b8fc87f6663212ac3ffae0b361c5)
Richard Levitte [Fri, 19 Nov 2021 12:18:34 +0000 (13:18 +0100)]
Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers
Adding documentation to that fact as well.
Fixes #17070
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17074)
(cherry picked from commit
db65eabefe76e44818ff8bd19c68990e7dcc70d3)
Bernd Edlinger [Fri, 19 Nov 2021 15:38:55 +0000 (16:38 +0100)]
Add a test case for duplicate engine loading
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
(cherry picked from commit
2595eef82c2b67ea75cc3368529078b643a1ecb6)
Bernd Edlinger [Fri, 19 Nov 2021 10:33:34 +0000 (11:33 +0100)]
Avoid loading of a dynamic engine twice
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.
Fixes #17023
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
(cherry picked from commit
e2571e02d2b0cd83ed1c79d384fe941f27e603c0)
Peiwei Hu [Sun, 14 Nov 2021 16:27:31 +0000 (00:27 +0800)]
SSL_export_keying_material: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
40649e36c4c0c9438f62e1bf2ccb983f6854c662)
Peiwei Hu [Sun, 14 Nov 2021 15:46:47 +0000 (23:46 +0800)]
BIO_set_indent: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
a9ed63f1d1d8993a8b30fc978ce09674f97f061d)
Peiwei Hu [Sun, 14 Nov 2021 15:45:39 +0000 (23:45 +0800)]
BIO_set_prefix: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
ac6568ecc6050bc526adc6a7245835fd95d8dfed)
Peiwei Hu [Sun, 14 Nov 2021 15:16:57 +0000 (23:16 +0800)]
EVP_RAND_generate: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
a8f4cdd70c9d9ebe4553d7a72c67f73eaf0c169d)
Peiwei Hu [Sun, 14 Nov 2021 15:00:00 +0000 (23:00 +0800)]
asn1_item_embed_d2i: fix th return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
7f608e4b1d9473258445144ba66216fb0e63aebe)
Peiwei Hu [Sun, 14 Nov 2021 14:56:24 +0000 (22:56 +0800)]
TXT_DB_write: fix the return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
aba9943fef8dcc8416ac9a219c97c616c1fd6344)
Peiwei Hu [Sun, 14 Nov 2021 09:57:57 +0000 (17:57 +0800)]
Fix EVP_PKEY_decrypt return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
0650ac437b529274aca094c516a5a0127bbaf48c)
Peiwei Hu [Sun, 14 Nov 2021 09:15:11 +0000 (17:15 +0800)]
ossl_do_blob_header: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
546b9f6b5cf6d0fde60aa37084eec1bb7d0fbc72)
Peiwei Hu [Sun, 14 Nov 2021 08:55:45 +0000 (16:55 +0800)]
BIO_gets: fix the incomplete return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
(cherry picked from commit
7264068a15e7c4955efa25753430595a45caa16f)
Dr. David von Oheimb [Fri, 19 Nov 2021 10:12:09 +0000 (11:12 +0100)]
02-test_errstr.t: print errorcodes in hex (rather than decimal) format
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)
Dr. David von Oheimb [Wed, 17 Nov 2021 18:05:21 +0000 (19:05 +0100)]
Make ERR_str_reasons in err.c consistent again with err.h
Fixes printing generic reason strings, e.g., 'reason(524550)' vs. 'passed an invalid argument'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)
Dr. David von Oheimb [Thu, 18 Nov 2021 19:38:55 +0000 (20:38 +0100)]
HTTP client: workaround for #16028 (BIO_gets not supported by connect and SSL BIOs)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17066)
PW Hu [Wed, 10 Nov 2021 04:39:54 +0000 (12:39 +0800)]
Fix the return check of OBJ_obj2txt
Also update OBJ_nid2obj.pod to document the possible return values.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17005)
(cherry picked from commit
2349d7ba57c9327290df6f7bc18b7f0c3976ca9e)
Tomas Mraz [Thu, 18 Nov 2021 19:09:57 +0000 (20:09 +0100)]
d2i_PublicKey: Make it work with EC parameters in a provided key
Fixes #16989
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17065)
(cherry picked from commit
615a9b8798e6ec58f1b2e1ec08a0f6b3c8cb7f60)
Martin Schwenke [Tue, 9 Nov 2021 11:07:54 +0000 (22:07 +1100)]
perlasm/ppc-xlate.pl: Fix build on OS X
vsr2vr1() fails on OS X because the main loop doesn't strip the
non-numeric register prefixes for OS X.
Strip any non-numeric prefix (likely just "v") from registers before
doing numeric calculation, then put the prefix back on the result.
Fixes: #16995
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17026)
(cherry picked from commit
e67edf60f2e9be6e5f5465b52d01aa26bf715280)
Dr. David von Oheimb [Fri, 12 Nov 2021 11:51:44 +0000 (12:51 +0100)]
80-test_cmp_http: Make server diagnostics more verbose to aid debugging
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)
Dr. David von Oheimb [Fri, 12 Nov 2021 11:48:29 +0000 (12:48 +0100)]
cmp_server.c: Log received request type before checking details
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)
Dr. David von Oheimb [Mon, 12 Jul 2021 12:17:04 +0000 (14:17 +0200)]
Fix verbosity of CMP client diagnostics
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)
Pauli [Tue, 16 Nov 2021 00:31:44 +0000 (10:31 +1000)]
Add documentation for some of the missing environment variables.
Where document already exists, it has been linked to.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17044)
(cherry picked from commit
7f6496275157f8e40f544f75a223c2c0dc6b389e)
Peiwei Hu [Sun, 14 Nov 2021 16:41:21 +0000 (00:41 +0800)]
BIO_read_filename: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17033)
(cherry picked from commit
e3f0362407f6f40e413d6dcb35888514dbaed6f8)
Peiwei Hu [Sun, 14 Nov 2021 16:05:04 +0000 (00:05 +0800)]
EVP_PKEY_keygen_init: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17031)
(cherry picked from commit
bf4ceeded1497c79e72fba4f9ff15febae58108d)
Peiwei Hu [Sun, 14 Nov 2021 15:52:56 +0000 (23:52 +0800)]
EVP_PKEY_paramgen_init: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17030)
(cherry picked from commit
6e0b05f3008a3f22105fd2bed9314b0bfa381f93)
Peiwei Hu [Sun, 14 Nov 2021 14:42:35 +0000 (22:42 +0800)]
EVP_DigestVerifyFinal: fix test function and invocation
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17029)
(cherry picked from commit
e2e5e72d5aec4d8d633cc5e9930f762da7973ab6)
Peiwei Hu [Sun, 14 Nov 2021 08:39:42 +0000 (16:39 +0800)]
EVP_Cipher: fix the incomplete return check
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17027)
(cherry picked from commit
6d774732517f1d63b7999c5691fc0bf046023faf)
Matt Caswell [Mon, 15 Nov 2021 12:24:05 +0000 (12:24 +0000)]
Add a test for creating ECX private keys that are too short
We expect attempting to create such short keys to fail
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17041)
(cherry picked from commit
8c08c8b37cab0eb66ca74fc65a40af3ccec77c00)