From fe74dc2fdd8b48bfc3cf2c5b9525ce07d7c4586d Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:12:39 +0200 Subject: [PATCH 01/66] Rebuilt with OpenSSL 3.0.0 --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 51d1e10..1f680df 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 1%{?dist} +Release: 2%{?dist} License: Python @@ -1640,6 +1640,9 @@ CheckPython optimized # ====================================================== %changelog +* Tue Sep 14 2021 Sahana Prasad - 3.6.15-2 +- Rebuilt with OpenSSL 3.0.0 + * Sun Sep 05 2021 Miro Hrončok - 3.6.15-1 - Update to 3.6.15 From 5e29c038c1bebde9942d2a8c9c598c568506cdbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 20 Sep 2021 14:35:58 +0200 Subject: [PATCH 02/66] Explicitly buildrequire OpenSSL 1.1, as Python 3.6 is not compatible with OpenSSL 3.0 --- python3.6.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index 1f680df..89eff0a 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -239,7 +239,7 @@ BuildRequires: redhat-rpm-config >= 127 BuildRequires: sqlite-devel BuildRequires: gdb -BuildRequires: openssl-devel +BuildRequires: openssl1.1-devel BuildRequires: tar BuildRequires: tcl-devel @@ -1640,8 +1640,8 @@ CheckPython optimized # ====================================================== %changelog -* Tue Sep 14 2021 Sahana Prasad - 3.6.15-2 -- Rebuilt with OpenSSL 3.0.0 +* Mon Sep 20 2021 Miro Hrončok - 3.6.15-2 +- Explicitly buildrequire OpenSSL 1.1, as Python 3.6 is not compatible with OpenSSL 3.0 * Sun Sep 05 2021 Miro Hrončok - 3.6.15-1 - Update to 3.6.15 From 7a09f61e31becceaf90c30cd3555837ff380744a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Fri, 12 Nov 2021 22:26:57 +0100 Subject: [PATCH 03/66] Rebuild(libnsl2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 89eff0a..ea872eb 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 2%{?dist} +Release: 3%{?dist} License: Python @@ -1640,6 +1640,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Nov 12 2021 Björn Esser - 3.6.15-3 +- Rebuild(libnsl2) + * Mon Sep 20 2021 Miro Hrončok - 3.6.15-2 - Explicitly buildrequire OpenSSL 1.1, as Python 3.6 is not compatible with OpenSSL 3.0 From 6dfa40e8ede8b6475c5355b8c06cd5c1ee89f781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Sat, 8 Jan 2022 11:12:35 +0100 Subject: [PATCH 04/66] Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34 --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index ea872eb..6453d3e 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 3%{?dist} +Release: 4%{?dist} License: Python @@ -1640,6 +1640,9 @@ CheckPython optimized # ====================================================== %changelog +* Sat Jan 08 2022 Miro Hrončok - 3.6.15-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34 + * Fri Nov 12 2021 Björn Esser - 3.6.15-3 - Rebuild(libnsl2) From f87568f8efe71be4f54e0a50cb0a1c04b08573cd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 21 Jan 2022 16:49:04 +0000 Subject: [PATCH 05/66] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 6453d3e..8718469 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 4%{?dist} +Release: 5%{?dist} License: Python @@ -1640,6 +1640,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jan 21 2022 Fedora Release Engineering - 3.6.15-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Sat Jan 08 2022 Miro Hrončok - 3.6.15-4 - Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34 From 855625415922aa74c81925c6ea380b70bc864819 Mon Sep 17 00:00:00 2001 From: Karolina Surma Date: Tue, 25 Jan 2022 09:10:53 +0100 Subject: [PATCH 06/66] Fix precision in test_turtle to enable build with i686 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2038843 --- ...est_distance-to-enable-build-on-i686.patch | 33 +++++++++++++++++++ python3.6.spec | 13 +++++++- 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 00375-fix-test_distance-to-enable-build-on-i686.patch diff --git a/00375-fix-test_distance-to-enable-build-on-i686.patch b/00375-fix-test_distance-to-enable-build-on-i686.patch new file mode 100644 index 0000000..0eb47b5 --- /dev/null +++ b/00375-fix-test_distance-to-enable-build-on-i686.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 24 Jan 2022 09:28:30 +0100 +Subject: [PATCH] 00375: Fix test_distance to enable build on i686 + +Fix precision in test_distance (test.test_turtle.TestVec2D). +See: https://bugzilla.redhat.com/show_bug.cgi?id=2038843 +--- + Lib/test/test_turtle.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Lib/test/test_turtle.py b/Lib/test/test_turtle.py +index 2fd10ccd50..2d2034ef8a 100644 +--- a/Lib/test/test_turtle.py ++++ b/Lib/test/test_turtle.py +@@ -220,7 +220,7 @@ class TestVec2D(VectorComparisonMixin, unittest.TestCase): + def test_distance(self): + vec = Vec2D(6, 8) + expected = 10 +- self.assertEqual(abs(vec), expected) ++ self.assertAlmostEqual(abs(vec), expected) + + vec = Vec2D(0, 0) + expected = 0 +@@ -228,7 +228,7 @@ class TestVec2D(VectorComparisonMixin, unittest.TestCase): + + vec = Vec2D(2.5, 6) + expected = 6.5 +- self.assertEqual(abs(vec), expected) ++ self.assertAlmostEqual(abs(vec), expected) + + def test_rotate(self): + diff --git a/python3.6.spec b/python3.6.spec index 8718469..11b5755 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 5%{?dist} +Release: 6%{?dist} License: Python @@ -450,6 +450,13 @@ Patch353: 00353-architecture-names-upstream-downstream.patch # - 8766cb74e186d3820db0a855ccd780d6d84461f7 Patch358: 00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch +# 00375 # 5488ab84d2447aa8df8b3502e76f151ac2488947 +# Fix test_distance to enable build on i686 +# +# Fix precision in test_distance (test.test_turtle.TestVec2D). +# See: https://bugzilla.redhat.com/show_bug.cgi?id=2038843 +Patch375: 00375-fix-test_distance-to-enable-build-on-i686.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1640,6 +1647,10 @@ CheckPython optimized # ====================================================== %changelog +* Tue Jan 25 2022 Karolina Surma - 3.6.15-6 +- Fix test to enable build with i686 +Resolves: rhbz#2038843 + * Fri Jan 21 2022 Fedora Release Engineering - 3.6.15-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From ca58751035496b75ebc1a5dd46ebdbecca825a14 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 16 Feb 2022 09:04:08 +0100 Subject: [PATCH 07/66] Switch from system wheels to bundled ones --- python3.6.rpmlintrc | 6 +++ python3.6.spec | 116 +++++++++++++++++++++++++++++++++++++++----- 2 files changed, 109 insertions(+), 13 deletions(-) diff --git a/python3.6.rpmlintrc b/python3.6.rpmlintrc index 2b57ecd..2b5059d 100644 --- a/python3.6.rpmlintrc +++ b/python3.6.rpmlintrc @@ -77,3 +77,9 @@ addFilter(r'\bpython3(\.\d+)?\.(src|spec): (E|W): specfile-error\s+$') # SPELLING ERRORS addFilter(r'spelling-error .* en_US (bytecode|pyc|filename|tkinter|namespaces|pytest) ') + +# These bundled provides are declared twice, as they're bundled twice +# separately in pip and setuptools. +addFilter(r'useless-provides bundled\(python3dist\(packaging\)\)') +addFilter(r'useless-provides bundled\(python3dist\(setuptools\)\)') +addFilter(r'useless-provides bundled\(python3dist\(six\)\)') diff --git a/python3.6.spec b/python3.6.spec index 11b5755..9e9b2b4 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,8 +17,38 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 6%{?dist} -License: Python +Release: 7%{?dist} +# Python is Python +# pip MIT is and bundles: +# appdirs: MIT +# distlib: Python +# distro: ASL 2.0 +# html5lib: MIT +# six: MIT +# colorama: BSD +# cachecontrol: ASL 2.0 +# msgpack-python: ASL 2.0 +# lockfile: MIT +# progress: ISC +# ipaddress: Python +# packaging: ASL 2.0 or BSD +# pep517: MIT +# pyparsing: MIT +# pytoml: MIT +# retrying: ASL 2.0 +# requests: ASL 2.0 +# chardet: LGPLv2 +# idna: BSD +# urllib3: MIT +# certifi: MPLv2.0 +# setuptools: MIT +# webencodings: BSD +# setuptools is MIT and bundles: +# packaging: ASL 2.0 or BSD +# pyparsing: MIT +# six: MIT +# appdirs: MIT +License: Python and MIT and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) # ================================== @@ -37,7 +67,8 @@ License: Python # Whether to use RPM build wheels from the python-{pip,setuptools}-wheel package # Uses upstream bundled prebuilt wheels otherwise -%bcond_without rpmwheels +# pip 22 no longer supports Python 3.6 +%bcond_with rpmwheels # Expensive optimizations (mainly, profile-guided optimizations) %ifarch %{ix86} x86_64 @@ -362,12 +393,6 @@ Patch170: 00170-gc-assertions.patch # # We keep them in /usr/share/python-wheels Patch189: 00189-use-rpm-wheels.patch -# The following versions of setuptools/pip are bundled when this patch is not applied. -# The versions are written in Lib/ensurepip/__init__.py, this patch removes them. -# When the bundled setuptools/pip wheel is updated, the patch no longer applies cleanly. -# In such cases, the patch needs to be amended and the versions updated here: -%global pip_version 18.1 -%global setuptools_version 40.6.2 # 00251 # 2eabd04356402d488060bc8fe316ad13fc8a3356 # Change user install location @@ -544,8 +569,39 @@ Summary: Python runtime libraries Requires: python-setuptools-wheel Requires: python-pip-wheel %else -Provides: bundled(python3dist(pip)) = %{pip_version} -Provides: bundled(python3dist(setuptools)) = %{setuptools_version} +# Versions of bundled libs are based on: +# https://github.com/pypa/pip/blob/18.1/src/pip/_vendor/vendor.txt and +# https://github.com/pypa/setuptools/blob/v40.6.2/pkg_resources/_vendor/vendored.txt +Provides: bundled(python3dist(pip)) = 18.1 +Provides: bundled(python3dist(appdirs)) = 1.4.3 +Provides: bundled(python3dist(distlib)) = 0.2.7 +Provides: bundled(python3dist(distro)) = 1.3 +Provides: bundled(python3dist(html5lib)) = 1.0.1 +Provides: bundled(python3dist(six)) = 1.11 +Provides: bundled(python3dist(colorama)) = 0.3.9 +Provides: bundled(python3dist(cachecontrol)) = 0.12.5 +Provides: bundled(python3dist(msgpack-python)) = 0.5.6 +Provides: bundled(python3dist(lockfile)) = 0.12.2 +Provides: bundled(python3dist(progress)) = 1.4 +Provides: bundled(python3dist(ipaddress)) = 1.0.22 +Provides: bundled(python3dist(packaging)) = 18 +Provides: bundled(python3dist(pep517)) = 0.2 +Provides: bundled(python3dist(pyparsing)) = 2.2.1 +Provides: bundled(python3dist(pytoml)) = 0.1.19 +Provides: bundled(python3dist(retrying)) = 1.3.3 +Provides: bundled(python3dist(requests)) = 2.19.1 +Provides: bundled(python3dist(chardet)) = 3.0.4 +Provides: bundled(python3dist(idna)) = 2.7 +Provides: bundled(python3dist(urllib3)) = 1.23 +Provides: bundled(python3dist(certifi)) = 2018.8.24 +Provides: bundled(python3dist(setuptools)) = 40.4.3 +Provides: bundled(python3dist(webencodings)) = 0.5.1 + +Provides: bundled(python3dist(setuptools)) = 40.6.2 +Provides: bundled(python3dist(packaging)) = 16.8 +Provides: bundled(python3dist(pyparsing)) = 2.2.1 +Provides: bundled(python3dist(six)) = 1.10 +Provides: bundled(python3dist(appdirs)) = 1.4.3 %endif # Provides for the bundled libmpdec @@ -693,8 +749,39 @@ so extensions for both versions can co-exist in the same directory. Requires: python-setuptools-wheel Requires: python-pip-wheel %else -Provides: bundled(python3dist(pip)) = %{pip_version} -Provides: bundled(python3dist(setuptools)) = %{setuptools_version} +# Versions of bundled libs are based on: +# https://github.com/pypa/pip/blob/18.1/src/pip/_vendor/vendor.txt and +# https://github.com/pypa/setuptools/blob/v40.6.2/pkg_resources/_vendor/vendored.txt +Provides: bundled(python3dist(pip)) = 18.1 +Provides: bundled(python3dist(appdirs)) = 1.4.3 +Provides: bundled(python3dist(distlib)) = 0.2.7 +Provides: bundled(python3dist(distro)) = 1.3 +Provides: bundled(python3dist(html5lib)) = 1.0.1 +Provides: bundled(python3dist(six)) = 1.11 +Provides: bundled(python3dist(colorama)) = 0.3.9 +Provides: bundled(python3dist(cachecontrol)) = 0.12.5 +Provides: bundled(python3dist(msgpack-python)) = 0.5.6 +Provides: bundled(python3dist(lockfile)) = 0.12.2 +Provides: bundled(python3dist(progress)) = 1.4 +Provides: bundled(python3dist(ipaddress)) = 1.0.22 +Provides: bundled(python3dist(packaging)) = 18 +Provides: bundled(python3dist(pep517)) = 0.2 +Provides: bundled(python3dist(pyparsing)) = 2.2.1 +Provides: bundled(python3dist(pytoml)) = 0.1.19 +Provides: bundled(python3dist(retrying)) = 1.3.3 +Provides: bundled(python3dist(requests)) = 2.19.1 +Provides: bundled(python3dist(chardet)) = 3.0.4 +Provides: bundled(python3dist(idna)) = 2.7 +Provides: bundled(python3dist(urllib3)) = 1.23 +Provides: bundled(python3dist(certifi)) = 2018.8.24 +Provides: bundled(python3dist(setuptools)) = 40.4.3 +Provides: bundled(python3dist(webencodings)) = 0.5.1 + +Provides: bundled(python3dist(setuptools)) = 40.6.2 +Provides: bundled(python3dist(packaging)) = 16.8 +Provides: bundled(python3dist(pyparsing)) = 2.2.1 +Provides: bundled(python3dist(six)) = 1.10 +Provides: bundled(python3dist(appdirs)) = 1.4.3 %endif # Provides for the bundled libmpdec @@ -1647,6 +1734,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Feb 16 2022 Lumír Balhar - 3.6.15-7 +- Switch from system wheels to bundled ones + * Tue Jan 25 2022 Karolina Surma - 3.6.15-6 - Fix test to enable build with i686 Resolves: rhbz#2038843 From f77352bc0e4016cd4f446e59354d6311a4d60a82 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 3 Mar 2022 02:47:11 +0100 Subject: [PATCH 08/66] Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#2056970 --- 00378-support-expat-2-4-5.patch | 100 ++++++++++++++++++++++++++++++++ python3.6.spec | 27 ++++++++- 2 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 00378-support-expat-2-4-5.patch diff --git a/00378-support-expat-2-4-5.patch b/00378-support-expat-2-4-5.patch new file mode 100644 index 0000000..9bbf2a9 --- /dev/null +++ b/00378-support-expat-2-4-5.patch @@ -0,0 +1,100 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Mon, 21 Feb 2022 15:48:32 +0100 +Subject: [PATCH] 00378: Support expat 2.4.5 + +Curly brackets were never allowed in namespace URIs +according to RFC 3986, and so-called namespace-validating +XML parsers have the right to reject them a invalid URIs. + +libexpat >=2.4.5 has become strcter in that regard due to +related security issues; with ET.XML instantiating a +namespace-aware parser under the hood, this test has no +future in CPython. + +References: +- https://datatracker.ietf.org/doc/html/rfc3968 +- https://www.w3.org/TR/xml-names/ + +Also, test_minidom.py: Support Expat >=2.4.5 + +Upstream: https://bugs.python.org/issue46811 + +Co-authored-by: Sebastian Pipping +--- + Lib/test/test_minidom.py | 17 +++++++++++++++-- + Lib/test/test_xml_etree.py | 6 ------ + .../2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 + + 3 files changed, 16 insertions(+), 8 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst + +diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py +index d55e25edba..03fee2704e 100644 +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -5,10 +5,12 @@ import pickle + from test import support + import unittest + ++import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Node, Document, parseString + from xml.dom.minidom import getDOMImplementation ++from xml.parsers.expat import ExpatError + + + tstfile = support.findfile("test.xml", subdir="xmltestdata") +@@ -1156,7 +1158,13 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- self.assertRaises(UnicodeDecodeError, parseString, ++ if pyexpat.version_info >= (2, 4, 5): ++ self.assertRaises(ExpatError, parseString, ++ b'') ++ self.assertRaises(ExpatError, parseString, ++ b'Comment \xe7a va ? Tr\xe8s bien ?') ++ else: ++ self.assertRaises(UnicodeDecodeError, parseString, + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1602,7 +1610,12 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- with self.assertRaisesRegex(ValueError, 'Unsupported syntax'): ++ if pyexpat.version_info >= (2, 4, 5): ++ context = self.assertRaisesRegex(ExpatError, 'syntax error') ++ else: ++ context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') ++ ++ with context: + parseString('') + + def testDocRemoveChild(self): +diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py +index b01709e901..acaa519f42 100644 +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1668,12 +1668,6 @@ class BugsTest(unittest.TestCase): + b"\n" + b'tãg') + +- def test_issue3151(self): +- e = ET.XML('') +- self.assertEqual(e.tag, '{${stuff}}localname') +- t = ET.ElementTree(e) +- self.assertEqual(ET.tostring(e), b'') +- + def test_issue6565(self): + elem = ET.XML("") + self.assertEqual(summarize_list(elem), ['tag']) +diff --git a/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst +new file mode 100644 +index 0000000000..6969bd1898 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst +@@ -0,0 +1 @@ ++Make test suite support Expat >=2.4.5 diff --git a/python3.6.spec b/python3.6.spec index 9e9b2b4..9adff7c 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 7%{?dist} +Release: 8%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -482,6 +482,27 @@ Patch358: 00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms. # See: https://bugzilla.redhat.com/show_bug.cgi?id=2038843 Patch375: 00375-fix-test_distance-to-enable-build-on-i686.patch +# 00378 # b0c3e36a85f7eec22d64222176ea5139c0bc097d +# Support expat 2.4.5 +# +# Curly brackets were never allowed in namespace URIs +# according to RFC 3986, and so-called namespace-validating +# XML parsers have the right to reject them a invalid URIs. +# +# libexpat >=2.4.5 has become strcter in that regard due to +# related security issues; with ET.XML instantiating a +# namespace-aware parser under the hood, this test has no +# future in CPython. +# +# References: +# - https://datatracker.ietf.org/doc/html/rfc3968 +# - https://www.w3.org/TR/xml-names/ +# +# Also, test_minidom.py: Support Expat >=2.4.5 +# +# Upstream: https://bugs.python.org/issue46811 +Patch378: 00378-support-expat-2-4-5.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1734,6 +1755,10 @@ CheckPython optimized # ====================================================== %changelog +* Thu Mar 03 2022 Charalampos Stratakis - 3.6.15-8 +- Fix the test suite support for Expat >= 2.4.5 +Resolves: rhbz#2056970 + * Wed Feb 16 2022 Lumír Balhar - 3.6.15-7 - Switch from system wheels to bundled ones From b82ac11fcb83bb45862553e6d0a2a46f50e0bd49 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 3 Mar 2022 02:47:11 +0100 Subject: [PATCH 09/66] Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#2056970 --- 00378-support-expat-2-4-5.patch | 100 ++++++++++++++++++++++++++++++++ python3.6.spec | 27 ++++++++- 2 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 00378-support-expat-2-4-5.patch diff --git a/00378-support-expat-2-4-5.patch b/00378-support-expat-2-4-5.patch new file mode 100644 index 0000000..9bbf2a9 --- /dev/null +++ b/00378-support-expat-2-4-5.patch @@ -0,0 +1,100 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Mon, 21 Feb 2022 15:48:32 +0100 +Subject: [PATCH] 00378: Support expat 2.4.5 + +Curly brackets were never allowed in namespace URIs +according to RFC 3986, and so-called namespace-validating +XML parsers have the right to reject them a invalid URIs. + +libexpat >=2.4.5 has become strcter in that regard due to +related security issues; with ET.XML instantiating a +namespace-aware parser under the hood, this test has no +future in CPython. + +References: +- https://datatracker.ietf.org/doc/html/rfc3968 +- https://www.w3.org/TR/xml-names/ + +Also, test_minidom.py: Support Expat >=2.4.5 + +Upstream: https://bugs.python.org/issue46811 + +Co-authored-by: Sebastian Pipping +--- + Lib/test/test_minidom.py | 17 +++++++++++++++-- + Lib/test/test_xml_etree.py | 6 ------ + .../2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 + + 3 files changed, 16 insertions(+), 8 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst + +diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py +index d55e25edba..03fee2704e 100644 +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -5,10 +5,12 @@ import pickle + from test import support + import unittest + ++import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Node, Document, parseString + from xml.dom.minidom import getDOMImplementation ++from xml.parsers.expat import ExpatError + + + tstfile = support.findfile("test.xml", subdir="xmltestdata") +@@ -1156,7 +1158,13 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- self.assertRaises(UnicodeDecodeError, parseString, ++ if pyexpat.version_info >= (2, 4, 5): ++ self.assertRaises(ExpatError, parseString, ++ b'') ++ self.assertRaises(ExpatError, parseString, ++ b'Comment \xe7a va ? Tr\xe8s bien ?') ++ else: ++ self.assertRaises(UnicodeDecodeError, parseString, + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1602,7 +1610,12 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- with self.assertRaisesRegex(ValueError, 'Unsupported syntax'): ++ if pyexpat.version_info >= (2, 4, 5): ++ context = self.assertRaisesRegex(ExpatError, 'syntax error') ++ else: ++ context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') ++ ++ with context: + parseString('') + + def testDocRemoveChild(self): +diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py +index b01709e901..acaa519f42 100644 +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1668,12 +1668,6 @@ class BugsTest(unittest.TestCase): + b"\n" + b'tãg') + +- def test_issue3151(self): +- e = ET.XML('') +- self.assertEqual(e.tag, '{${stuff}}localname') +- t = ET.ElementTree(e) +- self.assertEqual(ET.tostring(e), b'') +- + def test_issue6565(self): + elem = ET.XML("") + self.assertEqual(summarize_list(elem), ['tag']) +diff --git a/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst +new file mode 100644 +index 0000000000..6969bd1898 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst +@@ -0,0 +1 @@ ++Make test suite support Expat >=2.4.5 diff --git a/python3.6.spec b/python3.6.spec index 51d1e10..7a0abd3 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 1%{?dist} +Release: 2%{?dist} License: Python @@ -450,6 +450,27 @@ Patch353: 00353-architecture-names-upstream-downstream.patch # - 8766cb74e186d3820db0a855ccd780d6d84461f7 Patch358: 00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch +# 00378 # b0c3e36a85f7eec22d64222176ea5139c0bc097d +# Support expat 2.4.5 +# +# Curly brackets were never allowed in namespace URIs +# according to RFC 3986, and so-called namespace-validating +# XML parsers have the right to reject them a invalid URIs. +# +# libexpat >=2.4.5 has become strcter in that regard due to +# related security issues; with ET.XML instantiating a +# namespace-aware parser under the hood, this test has no +# future in CPython. +# +# References: +# - https://datatracker.ietf.org/doc/html/rfc3968 +# - https://www.w3.org/TR/xml-names/ +# +# Also, test_minidom.py: Support Expat >=2.4.5 +# +# Upstream: https://bugs.python.org/issue46811 +Patch378: 00378-support-expat-2-4-5.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1640,6 +1661,10 @@ CheckPython optimized # ====================================================== %changelog +* Thu Mar 03 2022 Charalampos Stratakis - 3.6.15-2 +- Fix the test suite support for Expat >= 2.4.5 +Resolves: rhbz#2056970 + * Sun Sep 05 2021 Miro Hrončok - 3.6.15-1 - Update to 3.6.15 From b2e0ed1e1a9972bb214e466c73dfa2eac0dfaac1 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 10 Jun 2022 03:41:08 +0200 Subject: [PATCH 10/66] Security fix for CVE-2015-20107 Resolves: rhbz#2075390 --- 00382-cve-2015-20107.patch | 150 +++++++++++++++++++++++++++++++++++++ python3.6.spec | 16 +++- 2 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 00382-cve-2015-20107.patch diff --git a/00382-cve-2015-20107.patch b/00382-cve-2015-20107.patch new file mode 100644 index 0000000..9e981e2 --- /dev/null +++ b/00382-cve-2015-20107.patch @@ -0,0 +1,150 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Fri, 3 Jun 2022 11:43:35 +0200 +Subject: [PATCH] 00382: CVE-2015-20107 + +Make mailcap refuse to match unsafe filenames/types/params (GH-91993) + +Upstream: https://github.com/python/cpython/issues/68966 + +Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390 +--- + Doc/library/mailcap.rst | 12 +++++++++ + Lib/mailcap.py | 26 +++++++++++++++++-- + Lib/test/test_mailcap.py | 8 ++++-- + ...2-04-27-18-25-30.gh-issue-68966.gjS8zs.rst | 4 +++ + 4 files changed, 46 insertions(+), 4 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst + +diff --git a/Doc/library/mailcap.rst b/Doc/library/mailcap.rst +index 896afd1d73..849d0bc05f 100644 +--- a/Doc/library/mailcap.rst ++++ b/Doc/library/mailcap.rst +@@ -54,6 +54,18 @@ standard. However, mailcap files are supported on most Unix systems. + use) to determine whether or not the mailcap line applies. :func:`findmatch` + will automatically check such conditions and skip the entry if the check fails. + ++ .. versionchanged:: 3.11 ++ ++ To prevent security issues with shell metacharacters (symbols that have ++ special effects in a shell command line), ``findmatch`` will refuse ++ to inject ASCII characters other than alphanumerics and ``@+=:,./-_`` ++ into the returned command line. ++ ++ If a disallowed character appears in *filename*, ``findmatch`` will always ++ return ``(None, None)`` as if no entry was found. ++ If such a character appears elsewhere (a value in *plist* or in *MIMEtype*), ++ ``findmatch`` will ignore all mailcap entries which use that value. ++ A :mod:`warning ` will be raised in either case. + + .. function:: getcaps() + +diff --git a/Lib/mailcap.py b/Lib/mailcap.py +index bd0fc0981c..dcd4b449e8 100644 +--- a/Lib/mailcap.py ++++ b/Lib/mailcap.py +@@ -2,6 +2,7 @@ + + import os + import warnings ++import re + + __all__ = ["getcaps","findmatch"] + +@@ -13,6 +14,11 @@ def lineno_sort_key(entry): + else: + return 1, 0 + ++_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search ++ ++class UnsafeMailcapInput(Warning): ++ """Warning raised when refusing unsafe input""" ++ + + # Part 1: top-level interface. + +@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]): + entry to use. + + """ ++ if _find_unsafe(filename): ++ msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,) ++ warnings.warn(msg, UnsafeMailcapInput) ++ return None, None + entries = lookup(caps, MIMEtype, key) + # XXX This code should somehow check for the needsterminal flag. + for e in entries: + if 'test' in e: + test = subst(e['test'], filename, plist) ++ if test is None: ++ continue + if test and os.system(test) != 0: + continue + command = subst(e[key], MIMEtype, filename, plist) +- return command, e ++ if command is not None: ++ return command, e + return None, None + + def lookup(caps, MIMEtype, key=None): +@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, plist=[]): + elif c == 's': + res = res + filename + elif c == 't': ++ if _find_unsafe(MIMEtype): ++ msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,) ++ warnings.warn(msg, UnsafeMailcapInput) ++ return None + res = res + MIMEtype + elif c == '{': + start = i +@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, plist=[]): + i = i+1 + name = field[start:i] + i = i+1 +- res = res + findparam(name, plist) ++ param = findparam(name, plist) ++ if _find_unsafe(param): ++ msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name) ++ warnings.warn(msg, UnsafeMailcapInput) ++ return None ++ res = res + param + # XXX To do: + # %n == number of parts if type is multipart/* + # %F == list of alternating type and filename for parts +diff --git a/Lib/test/test_mailcap.py b/Lib/test/test_mailcap.py +index c08423c670..920283d9a2 100644 +--- a/Lib/test/test_mailcap.py ++++ b/Lib/test/test_mailcap.py +@@ -121,7 +121,8 @@ class HelperFunctionTest(unittest.TestCase): + (["", "audio/*", "foo.txt"], ""), + (["echo foo", "audio/*", "foo.txt"], "echo foo"), + (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"), +- (["echo %t", "audio/*", "foo.txt"], "echo audio/*"), ++ (["echo %t", "audio/*", "foo.txt"], None), ++ (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"), + (["echo \\%t", "audio/*", "foo.txt"], "echo %t"), + (["echo foo", "audio/*", "foo.txt", plist], "echo foo"), + (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3") +@@ -205,7 +206,10 @@ class FindmatchTest(unittest.TestCase): + ('"An audio fragment"', audio_basic_entry)), + ([c, "audio/*"], + {"filename": fname}, +- ("/usr/local/bin/showaudio audio/*", audio_entry)), ++ (None, None)), ++ ([c, "audio/wav"], ++ {"filename": fname}, ++ ("/usr/local/bin/showaudio audio/wav", audio_entry)), + ([c, "message/external-body"], + {"plist": plist}, + ("showexternal /dev/null default john python.org /tmp foo bar", message_entry)) +diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst +new file mode 100644 +index 0000000000..da81a1f699 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst +@@ -0,0 +1,4 @@ ++The deprecated mailcap module now refuses to inject unsafe text (filenames, ++MIME types, parameters) into shell commands. Instead of using such text, it ++will warn and act as if a match was not found (or for test commands, as if ++the test failed). diff --git a/python3.6.spec b/python3.6.spec index 9adff7c..c03b015 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 8%{?dist} +Release: 9%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -503,6 +503,16 @@ Patch375: 00375-fix-test_distance-to-enable-build-on-i686.patch # Upstream: https://bugs.python.org/issue46811 Patch378: 00378-support-expat-2-4-5.patch +# 00382 # 9e275dcdf3934b827994ecc3247d583d5bab7985 +# CVE-2015-20107 +# +# Make mailcap refuse to match unsafe filenames/types/params (GH-91993) +# +# Upstream: https://github.com/python/cpython/issues/68966 +# +# Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390 +Patch382: 00382-cve-2015-20107.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1755,6 +1765,10 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jun 10 2022 Charalampos Stratakis - 3.6.15-9 +- Security fix for CVE-2015-20107 +Resolves: rhbz#2075390 + * Thu Mar 03 2022 Charalampos Stratakis - 3.6.15-8 - Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#2056970 From c8e87487b1f8a1a865aab03c3d8a80e03ed5d270 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 21 Jul 2022 01:24:48 +0200 Subject: [PATCH 11/66] Fix test_tarfile on ppc64le Resolves: rhbz#2109120 --- 00319-test_tarfile_ppc64.patch | 72 ++++++++++++++++++++++++++++++++++ python3.6.spec | 15 ++++++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 00319-test_tarfile_ppc64.patch diff --git a/00319-test_tarfile_ppc64.patch b/00319-test_tarfile_ppc64.patch new file mode 100644 index 0000000..37b5be8 --- /dev/null +++ b/00319-test_tarfile_ppc64.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 21 Jan 2019 01:44:30 -0800 +Subject: [PATCH] 00319: test_tarfile_ppc64 + +Fix sparse file tests of test_tarfile on ppc64le with the tmpfs +filesystem. + +Upstream: https://bugs.python.org/issue35772 + +Co-authored-by: Victor Stinner +--- + Lib/test/pythoninfo.py | 2 ++ + Lib/test/test_tarfile.py | 9 +++++++-- + .../next/Tests/2019-01-18-12-19-19.bpo-35772.sGBbsn.rst | 6 ++++++ + 3 files changed, 15 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Tests/2019-01-18-12-19-19.bpo-35772.sGBbsn.rst + +diff --git a/Lib/test/pythoninfo.py b/Lib/test/pythoninfo.py +index c5586b45a5..96b6db1cb7 100644 +--- a/Lib/test/pythoninfo.py ++++ b/Lib/test/pythoninfo.py +@@ -515,6 +515,8 @@ def collect_resource(info_add): + value = resource.getrlimit(key) + info_add('resource.%s' % name, value) + ++ call_func(info_add, 'resource.pagesize', resource, 'getpagesize') ++ + + def collect_test_socket(info_add): + try: +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index 573be812ea..8e0b275972 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -980,16 +980,21 @@ class GNUReadTest(LongnameTest, ReadTest, unittest.TestCase): + def _fs_supports_holes(): + # Return True if the platform knows the st_blocks stat attribute and + # uses st_blocks units of 512 bytes, and if the filesystem is able to +- # store holes in files. ++ # store holes of 4 KiB in files. ++ # ++ # The function returns False if page size is larger than 4 KiB. ++ # For example, ppc64 uses pages of 64 KiB. + if sys.platform.startswith("linux"): + # Linux evidentially has 512 byte st_blocks units. + name = os.path.join(TEMPDIR, "sparse-test") + with open(name, "wb") as fobj: ++ # Seek to "punch a hole" of 4 KiB + fobj.seek(4096) ++ fobj.write(b'x' * 4096) + fobj.truncate() + s = os.stat(name) + support.unlink(name) +- return s.st_blocks == 0 ++ return (s.st_blocks * 512 < s.st_size) + else: + return False + +diff --git a/Misc/NEWS.d/next/Tests/2019-01-18-12-19-19.bpo-35772.sGBbsn.rst b/Misc/NEWS.d/next/Tests/2019-01-18-12-19-19.bpo-35772.sGBbsn.rst +new file mode 100644 +index 0000000000..cfd282f1d0 +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2019-01-18-12-19-19.bpo-35772.sGBbsn.rst +@@ -0,0 +1,6 @@ ++Fix sparse file tests of test_tarfile on ppc64 with the tmpfs filesystem. Fix ++the function testing if the filesystem supports sparse files: create a file ++which contains data and "holes", instead of creating a file which contains no ++data. tmpfs effective block size is a page size (tmpfs lives in the page cache). ++RHEL uses 64 KiB pages on aarch64, ppc64, ppc64le, only s390x and x86_64 use 4 ++KiB pages, whereas the test punch holes of 4 KiB. diff --git a/python3.6.spec b/python3.6.spec index c03b015..bc04740 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 9%{?dist} +Release: 10%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -431,6 +431,15 @@ Patch292: 00292-restore-PyExc_RecursionErrorInst-symbol.patch # See also: https://bugzilla.redhat.com/show_bug.cgi?id=1489816 Patch294: 00294-define-TLS-cipher-suite-on-build-time.patch +# 00319 # 137b120c34cd92a9694edc0196f0d78311071dba +# test_tarfile_ppc64 +# +# Fix sparse file tests of test_tarfile on ppc64le with the tmpfs +# filesystem. +# +# Upstream: https://bugs.python.org/issue35772 +Patch319: 00319-test_tarfile_ppc64.patch + # 00343 # c758d1d3051b80314a533a8a42244beb4670141e # Fix test_faulthandler on GCC 10 # @@ -1765,6 +1774,10 @@ CheckPython optimized # ====================================================== %changelog +* Wed Jul 20 2022 Charalampos Stratakis - 3.6.15-10 +- Fix test_tarfile on ppc64le +Resolves: rhbz#2109120 + * Fri Jun 10 2022 Charalampos Stratakis - 3.6.15-9 - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 From 938eff126a6a201f3ec70e46554b51d62284dee1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 22 Jul 2022 23:47:03 +0000 Subject: [PATCH 12/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index bc04740..a929521 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 10%{?dist} +Release: 11%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1774,6 +1774,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jul 22 2022 Fedora Release Engineering - 3.6.15-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Wed Jul 20 2022 Charalampos Stratakis - 3.6.15-10 - Fix test_tarfile on ppc64le Resolves: rhbz#2109120 From da1f948fa669bdf071762149074d3bc74fac3b63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 6 Sep 2022 10:26:37 +0000 Subject: [PATCH 13/66] Remove no longer needed %apply_patch workaround All supported Fedora releases have RPM 4.17+, so we can use %autopatch with a positional argument. --- python3.6.spec | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index a929521..0f6af35 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -848,25 +848,22 @@ or older Fedora releases. %gpgverify -k2 -s1 -d0 %autosetup -S git_am -N -n Python-%{upstream_version} -# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999 -%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}} - # Apply initial patches manually -%apply_patch -q %{PATCH1} +%autopatch 1 %if "%{_lib}" == "lib64" -%apply_patch -q %{PATCH102} +%autopatch 102 %endif -%apply_patch -q %{PATCH111} -%apply_patch -q %{PATCH132} -%apply_patch -q %{PATCH155} -%apply_patch -q %{PATCH160} -%apply_patch -q %{PATCH163} -%apply_patch -q %{PATCH170} +%autopatch 111 +%autopatch 132 +%autopatch 155 +%autopatch 160 +%autopatch 163 +%autopatch 170 %if %{with rpmwheels} -%apply_patch -q %{PATCH189} +%autopatch 189 rm Lib/ensurepip/_bundled/*.whl %endif From a86762f04c360f09b23ace80e3cd2117ba812e2d Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 14 Sep 2022 11:39:51 +0200 Subject: [PATCH 14/66] Return back global pip and setuptools versions They are ommited together with the patch if the rpmwheels are disabled. --- python3.6.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index 0f6af35..af4ceb3 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -393,6 +393,12 @@ Patch170: 00170-gc-assertions.patch # # We keep them in /usr/share/python-wheels Patch189: 00189-use-rpm-wheels.patch +# The following versions of setuptools/pip are bundled when this patch is not applied. +# The versions are written in Lib/ensurepip/__init__.py, this patch removes them. +# When the bundled setuptools/pip wheel is updated, the patch no longer applies cleanly. +# In such cases, the patch needs to be amended and the versions updated here: +%global pip_version 18.1 +%global setuptools_version 40.6.2 # 00251 # 2eabd04356402d488060bc8fe316ad13fc8a3356 # Change user install location @@ -792,7 +798,7 @@ Requires: python-pip-wheel # Versions of bundled libs are based on: # https://github.com/pypa/pip/blob/18.1/src/pip/_vendor/vendor.txt and # https://github.com/pypa/setuptools/blob/v40.6.2/pkg_resources/_vendor/vendored.txt -Provides: bundled(python3dist(pip)) = 18.1 +Provides: bundled(python3dist(pip)) = %{pip_version} Provides: bundled(python3dist(appdirs)) = 1.4.3 Provides: bundled(python3dist(distlib)) = 0.2.7 Provides: bundled(python3dist(distro)) = 1.3 @@ -817,7 +823,7 @@ Provides: bundled(python3dist(certifi)) = 2018.8.24 Provides: bundled(python3dist(setuptools)) = 40.4.3 Provides: bundled(python3dist(webencodings)) = 0.5.1 -Provides: bundled(python3dist(setuptools)) = 40.6.2 +Provides: bundled(python3dist(setuptools)) = %{setuptools_version} Provides: bundled(python3dist(packaging)) = 16.8 Provides: bundled(python3dist(pyparsing)) = 2.2.1 Provides: bundled(python3dist(six)) = 1.10 From 677649e03402062d4cc98a774ce3d25bc2195ff8 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 14 Sep 2022 11:45:01 +0200 Subject: [PATCH 15/66] Fix for CVE-2021-28861 --- 00386-cve-2021-28861.patch | 130 +++++++++++++++++++++++++++++++++++++ python3.6.spec | 20 +++++- 2 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 00386-cve-2021-28861.patch diff --git a/00386-cve-2021-28861.patch b/00386-cve-2021-28861.patch new file mode 100644 index 0000000..080026b --- /dev/null +++ b/00386-cve-2021-28861.patch @@ -0,0 +1,130 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Wed, 22 Jun 2022 15:05:00 -0700 +Subject: [PATCH] 00386: CVE-2021-28861 + +Fix an open redirection vulnerability in the `http.server` module when +an URI path starts with `//` that could produce a 301 Location header +with a misleading target. Vulnerability discovered, and logic fix +proposed, by Hamza Avvan (@hamzaavvan). + +Test and comments authored by Gregory P. Smith [Google]. +(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e) + +Upstream: https://github.com/python/cpython/pull/93879 +Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2120642 + +Co-authored-by: Gregory P. Smith +--- + Lib/http/server.py | 7 +++ + Lib/test/test_httpservers.py | 53 ++++++++++++++++++- + ...2-06-15-20-09-23.gh-issue-87389.QVaC3f.rst | 3 ++ + 3 files changed, 61 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst + +diff --git a/Lib/http/server.py b/Lib/http/server.py +index 60a4dadf03..ce05be13d3 100644 +--- a/Lib/http/server.py ++++ b/Lib/http/server.py +@@ -323,6 +323,13 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler): + return False + self.command, self.path, self.request_version = command, path, version + ++ # gh-87389: The purpose of replacing '//' with '/' is to protect ++ # against open redirect attacks possibly triggered if the path starts ++ # with '//' because http clients treat //path as an absolute URI ++ # without scheme (similar to http://path) rather than a path. ++ if self.path.startswith('//'): ++ self.path = '/' + self.path.lstrip('/') # Reduce to a single / ++ + # Examine the headers and look for a Connection directive. + try: + self.headers = http.client.parse_headers(self.rfile, +diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py +index 66e937e04b..5a0a7c3f74 100644 +--- a/Lib/test/test_httpservers.py ++++ b/Lib/test/test_httpservers.py +@@ -324,7 +324,7 @@ class SimpleHTTPServerTestCase(BaseTestCase): + pass + + def setUp(self): +- BaseTestCase.setUp(self) ++ super().setUp() + self.cwd = os.getcwd() + basetempdir = tempfile.gettempdir() + os.chdir(basetempdir) +@@ -343,7 +343,7 @@ class SimpleHTTPServerTestCase(BaseTestCase): + except: + pass + finally: +- BaseTestCase.tearDown(self) ++ super().tearDown() + + def check_status_and_reason(self, response, status, data=None): + def close_conn(): +@@ -399,6 +399,55 @@ class SimpleHTTPServerTestCase(BaseTestCase): + self.check_status_and_reason(response, HTTPStatus.OK, + data=support.TESTFN_UNDECODABLE) + ++ def test_get_dir_redirect_location_domain_injection_bug(self): ++ """Ensure //evil.co/..%2f../../X does not put //evil.co/ in Location. ++ ++ //netloc/ in a Location header is a redirect to a new host. ++ https://github.com/python/cpython/issues/87389 ++ ++ This checks that a path resolving to a directory on our server cannot ++ resolve into a redirect to another server. ++ """ ++ os.mkdir(os.path.join(self.tempdir, 'existing_directory')) ++ url = f'/python.org/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../{self.tempdir_name}/existing_directory' ++ expected_location = f'{url}/' # /python.org.../ single slash single prefix, trailing slash ++ # Canonicalizes to /tmp/tempdir_name/existing_directory which does ++ # exist and is a dir, triggering the 301 redirect logic. ++ response = self.request(url) ++ self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY) ++ location = response.getheader('Location') ++ self.assertEqual(location, expected_location, msg='non-attack failed!') ++ ++ # //python.org... multi-slash prefix, no trailing slash ++ attack_url = f'/{url}' ++ response = self.request(attack_url) ++ self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY) ++ location = response.getheader('Location') ++ self.assertFalse(location.startswith('//'), msg=location) ++ self.assertEqual(location, expected_location, ++ msg='Expected Location header to start with a single / and ' ++ 'end with a / as this is a directory redirect.') ++ ++ # ///python.org... triple-slash prefix, no trailing slash ++ attack3_url = f'//{url}' ++ response = self.request(attack3_url) ++ self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY) ++ self.assertEqual(response.getheader('Location'), expected_location) ++ ++ # If the second word in the http request (Request-URI for the http ++ # method) is a full URI, we don't worry about it, as that'll be parsed ++ # and reassembled as a full URI within BaseHTTPRequestHandler.send_head ++ # so no errant scheme-less //netloc//evil.co/ domain mixup can happen. ++ attack_scheme_netloc_2slash_url = f'https://pypi.org/{url}' ++ expected_scheme_netloc_location = f'{attack_scheme_netloc_2slash_url}/' ++ response = self.request(attack_scheme_netloc_2slash_url) ++ self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY) ++ location = response.getheader('Location') ++ # We're just ensuring that the scheme and domain make it through, if ++ # there are or aren't multiple slashes at the start of the path that ++ # follows that isn't important in this Location: header. ++ self.assertTrue(location.startswith('https://pypi.org/'), msg=location) ++ + def test_get(self): + #constructs the path relative to the root directory of the HTTPServer + response = self.request(self.base_url + '/test') +diff --git a/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst b/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst +new file mode 100644 +index 0000000000..029d437190 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst +@@ -0,0 +1,3 @@ ++:mod:`http.server`: Fix an open redirection vulnerability in the HTTP server ++when an URI path starts with ``//``. Vulnerability discovered, and initial ++fix proposed, by Hamza Avvan. diff --git a/python3.6.spec b/python3.6.spec index af4ceb3..a233067 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 11%{?dist} +Release: 12%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -528,6 +528,20 @@ Patch378: 00378-support-expat-2-4-5.patch # Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390 Patch382: 00382-cve-2015-20107.patch +# 00386 # 0e4bced7d3cd0f94ebfbcc209e10dbf81607b073 +# CVE-2021-28861 +# +# Fix an open redirection vulnerability in the `http.server` module when +# an URI path starts with `//` that could produce a 301 Location header +# with a misleading target. Vulnerability discovered, and logic fix +# proposed, by Hamza Avvan (@hamzaavvan). +# +# Test and comments authored by Gregory P. Smith [Google]. +# +# Upstream: https://github.com/python/cpython/pull/93879 +# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2120642 +Patch386: 00386-cve-2021-28861.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1777,6 +1791,10 @@ CheckPython optimized # ====================================================== %changelog +* Wed Sep 14 2022 Lumír Balhar - 3.6.15-12 +- Fix for CVE-2021-28861 +Resolves: rhbz#2120785 + * Fri Jul 22 2022 Fedora Release Engineering - 3.6.15-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 25e1d4a9014863245815b15dafd324f6460be9f2 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Wed, 21 Sep 2022 14:53:20 +0200 Subject: [PATCH 16/66] Fix CVE-2020-10735 Resolves: rhbz#1834423 --- ...-10735-prevent-dos-by-very-large-int.patch | 1411 +++++++++++++++++ python3.6.spec | 53 +- 2 files changed, 1463 insertions(+), 1 deletion(-) create mode 100644 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch diff --git a/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch b/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch new file mode 100644 index 0000000..8ec1957 --- /dev/null +++ b/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch @@ -0,0 +1,1411 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Thu, 15 Sep 2022 17:35:24 +0200 +Subject: [PATCH] 00387: CVE-2020-10735: Prevent DoS by very large int() + +gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504) + +Converting between `int` and `str` in bases other than 2 +(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now +raises a `ValueError` if the number of digits in string form is above a +limit to avoid potential denial of service attacks due to the algorithmic +complexity. This is a mitigation for CVE-2020-10735 +(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735). + +This new limit can be configured or disabled by environment variable, command +line flag, or :mod:`sys` APIs. See the `Integer String Conversion Length +Limitation` documentation. The default limit is 4300 +digits in string form. + +Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback +from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson. + +Notes on the backport to Python 3.6: + +* Use "Python 3.6.15-13" version in the documentation, whereas this + version will never be released +* Only add _Py_global_config_int_max_str_digits global variable: + Python 3.6 doesn't have PyConfig API (PEP 597) nor _PyRuntime. +* sys.flags.int_max_str_digits cannot be -1 on Python 3.6: it is + set to the default limit. Adapt test_int_max_str_digits() for that. +* Declare _PY_LONG_DEFAULT_MAX_STR_DIGITS and + _PY_LONG_MAX_STR_DIGITS_THRESHOLD macros in longobject.h but only + if the Py_BUILD_CORE macro is defined. +* Declare _Py_global_config_int_max_str_digits in pydebug.h. + +(cherry picked from commit 511ca9452033ef95bc7d7fc404b8161068226002) + +gh-95778: Mention sys.set_int_max_str_digits() in error message (#96874) + +When ValueError is raised if an integer is larger than the limit, +mention sys.set_int_max_str_digits() in the error message. + +(cherry picked from commit e841ffc915e82e5ea6e3b473205417d63494808d) + +gh-96848: Fix -X int_max_str_digits option parsing (#96988) + +Fix command line parsing: reject "-X int_max_str_digits" option with +no value (invalid) when the PYTHONINTMAXSTRDIGITS environment +variable is set to a valid limit. + +(cherry picked from commit 41351662bcd21672d8ccfa62fe44d72027e6bcf8) +--- + Doc/library/functions.rst | 8 + + Doc/library/json.rst | 11 + + Doc/library/stdtypes.rst | 159 ++++++++++++++ + Doc/library/sys.rst | 53 ++++- + Doc/library/test.rst | 10 + + Doc/using/cmdline.rst | 14 ++ + Doc/whatsnew/3.6.rst | 15 ++ + Include/longobject.h | 38 ++++ + Include/pydebug.h | 2 + + Lib/test/support/__init__.py | 10 + + Lib/test/test_ast.py | 8 + + Lib/test/test_cmd_line.py | 35 ++++ + Lib/test/test_compile.py | 13 ++ + Lib/test/test_decimal.py | 18 ++ + Lib/test/test_int.py | 196 ++++++++++++++++++ + Lib/test/test_json/test_decode.py | 8 + + Lib/test/test_sys.py | 11 +- + Lib/test/test_xmlrpc.py | 10 + + ...2-09-16-19-02-40.gh-issue-95778.cJmnst.rst | 3 + + ...08-07-16-53-38.gh-issue-95778.ch010gps.rst | 14 ++ + Modules/main.c | 7 + + Objects/longobject.c | 168 ++++++++++++++- + Python/ast.c | 26 ++- + Python/pylifecycle.c | 2 + + Python/sysmodule.c | 46 +++- + 25 files changed, 870 insertions(+), 15 deletions(-) + create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst + create mode 100644 Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst + +diff --git a/Doc/library/functions.rst b/Doc/library/functions.rst +index bc528dd171..72eaf17f64 100644 +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -748,6 +748,14 @@ are always available. They are listed here in alphabetical order. + .. versionchanged:: 3.6 + Grouping digits with underscores as in code literals is allowed. + ++ .. versionchanged:: 3.6.15-13 ++ :class:`int` string inputs and string representations can be limited to ++ help avoid denial of service attacks. A :exc:`ValueError` is raised when ++ the limit is exceeded while converting a string *x* to an :class:`int` or ++ when converting an :class:`int` into a string would exceed the limit. ++ See the :ref:`integer string conversion length limitation ++ ` documentation. ++ + + .. function:: isinstance(object, classinfo) + +diff --git a/Doc/library/json.rst b/Doc/library/json.rst +index 98ca86e4b9..51adb4a2ff 100644 +--- a/Doc/library/json.rst ++++ b/Doc/library/json.rst +@@ -18,6 +18,11 @@ is a lightweight data interchange format inspired by + `JavaScript `_ object literal syntax + (although it is not a strict subset of JavaScript [#rfc-errata]_ ). + ++.. warning:: ++ Be cautious when parsing JSON data from untrusted sources. A malicious ++ JSON string may cause the decoder to consume considerable CPU and memory ++ resources. Limiting the size of data to be parsed is recommended. ++ + :mod:`json` exposes an API familiar to users of the standard library + :mod:`marshal` and :mod:`pickle` modules. + +@@ -245,6 +250,12 @@ Basic Usage + be used to use another datatype or parser for JSON integers + (e.g. :class:`float`). + ++ .. versionchanged:: 3.6.15-13 ++ The default *parse_int* of :func:`int` now limits the maximum length of ++ the integer string via the interpreter's :ref:`integer string ++ conversion length limitation ` to help avoid denial ++ of service attacks. ++ + *parse_constant*, if specified, will be called with one of the following + strings: ``'-Infinity'``, ``'Infinity'``, ``'NaN'``. + This can be used to raise an exception if invalid JSON numbers +diff --git a/Doc/library/stdtypes.rst b/Doc/library/stdtypes.rst +index 00e1f4c1bf..7ae0f58c44 100644 +--- a/Doc/library/stdtypes.rst ++++ b/Doc/library/stdtypes.rst +@@ -4671,6 +4671,165 @@ types, where they are relevant. Some of these are not reported by the + [] + + ++.. _int_max_str_digits: ++ ++Integer string conversion length limitation ++=========================================== ++ ++CPython has a global limit for converting between :class:`int` and :class:`str` ++to mitigate denial of service attacks. This limit *only* applies to decimal or ++other non-power-of-two number bases. Hexadecimal, octal, and binary conversions ++are unlimited. The limit can be configured. ++ ++The :class:`int` type in CPython is an abitrary length number stored in binary ++form (commonly known as a "bignum"). There exists no algorithm that can convert ++a string to a binary integer or a binary integer to a string in linear time, ++*unless* the base is a power of 2. Even the best known algorithms for base 10 ++have sub-quadratic complexity. Converting a large value such as ``int('1' * ++500_000)`` can take over a second on a fast CPU. ++ ++Limiting conversion size offers a practical way to avoid `CVE-2020-10735 ++`_. ++ ++The limit is applied to the number of digit characters in the input or output ++string when a non-linear conversion algorithm would be involved. Underscores ++and the sign are not counted towards the limit. ++ ++When an operation would exceed the limit, a :exc:`ValueError` is raised: ++ ++.. doctest:: ++ ++ >>> import sys ++ >>> sys.set_int_max_str_digits(4300) # Illustrative, this is the default. ++ >>> _ = int('2' * 5432) ++ Traceback (most recent call last): ++ ... ++ ValueError: Exceeds the limit (4300) for integer string conversion: value has 5432 digits; use sys.set_int_max_str_digits() to increase the limit. ++ >>> i = int('2' * 4300) ++ >>> len(str(i)) ++ 4300 ++ >>> i_squared = i*i ++ >>> len(str(i_squared)) ++ Traceback (most recent call last): ++ ... ++ ValueError: Exceeds the limit (4300) for integer string conversion: value has 8599 digits; use sys.set_int_max_str_digits() to increase the limit. ++ >>> len(hex(i_squared)) ++ 7144 ++ >>> assert int(hex(i_squared), base=16) == i*i # Hexadecimal is unlimited. ++ ++The default limit is 4300 digits as provided in ++:data:`sys.int_info.default_max_str_digits `. ++The lowest limit that can be configured is 640 digits as provided in ++:data:`sys.int_info.str_digits_check_threshold `. ++ ++Verification: ++ ++.. doctest:: ++ ++ >>> import sys ++ >>> assert sys.int_info.default_max_str_digits == 4300, sys.int_info ++ >>> assert sys.int_info.str_digits_check_threshold == 640, sys.int_info ++ >>> msg = int('578966293710682886880994035146873798396722250538762761564' ++ ... '9252925514383915483333812743580549779436104706260696366600' ++ ... '571186405732').to_bytes(53, 'big') ++ ... ++ ++.. versionadded:: 3.6.15-13 ++ ++Affected APIs ++------------- ++ ++The limitation only applies to potentially slow conversions between :class:`int` ++and :class:`str` or :class:`bytes`: ++ ++* ``int(string)`` with default base 10. ++* ``int(string, base)`` for all bases that are not a power of 2. ++* ``str(integer)``. ++* ``repr(integer)`` ++* any other string conversion to base 10, for example ``f"{integer}"``, ++ ``"{}".format(integer)``, or ``b"%d" % integer``. ++ ++The limitations do not apply to functions with a linear algorithm: ++ ++* ``int(string, base)`` with base 2, 4, 8, 16, or 32. ++* :func:`int.from_bytes` and :func:`int.to_bytes`. ++* :func:`hex`, :func:`oct`, :func:`bin`. ++* :ref:`formatspec` for hex, octal, and binary numbers. ++* :class:`str` to :class:`float`. ++* :class:`str` to :class:`decimal.Decimal`. ++ ++Configuring the limit ++--------------------- ++ ++Before Python starts up you can use an environment variable or an interpreter ++command line flag to configure the limit: ++ ++* :envvar:`PYTHONINTMAXSTRDIGITS`, e.g. ++ ``PYTHONINTMAXSTRDIGITS=640 python3`` to set the limit to 640 or ++ ``PYTHONINTMAXSTRDIGITS=0 python3`` to disable the limitation. ++* :option:`-X int_max_str_digits <-X>`, e.g. ++ ``python3 -X int_max_str_digits=640`` ++* :data:`sys.flags.int_max_str_digits` contains the value of ++ :envvar:`PYTHONINTMAXSTRDIGITS` or :option:`-X int_max_str_digits <-X>`. ++ If both the env var and the ``-X`` option are set, the ``-X`` option takes ++ precedence. A value of *-1* indicates that both were unset, thus a value of ++ :data:`sys.int_info.default_max_str_digits` was used during initilization. ++ ++From code, you can inspect the current limit and set a new one using these ++:mod:`sys` APIs: ++ ++* :func:`sys.get_int_max_str_digits` and :func:`sys.set_int_max_str_digits` are ++ a getter and setter for the interpreter-wide limit. Subinterpreters have ++ their own limit. ++ ++Information about the default and minimum can be found in :attr:`sys.int_info`: ++ ++* :data:`sys.int_info.default_max_str_digits ` is the compiled-in ++ default limit. ++* :data:`sys.int_info.str_digits_check_threshold ` is the lowest ++ accepted value for the limit (other than 0 which disables it). ++ ++.. versionadded:: 3.6.15-13 ++ ++.. caution:: ++ ++ Setting a low limit *can* lead to problems. While rare, code exists that ++ contains integer constants in decimal in their source that exceed the ++ minimum threshold. A consequence of setting the limit is that Python source ++ code containing decimal integer literals longer than the limit will ++ encounter an error during parsing, usually at startup time or import time or ++ even at installation time - anytime an up to date ``.pyc`` does not already ++ exist for the code. A workaround for source that contains such large ++ constants is to convert them to ``0x`` hexadecimal form as it has no limit. ++ ++ Test your application thoroughly if you use a low limit. Ensure your tests ++ run with the limit set early via the environment or flag so that it applies ++ during startup and even during any installation step that may invoke Python ++ to precompile ``.py`` sources to ``.pyc`` files. ++ ++Recommended configuration ++------------------------- ++ ++The default :data:`sys.int_info.default_max_str_digits` is expected to be ++reasonable for most applications. If your application requires a different ++limit, set it from your main entry point using Python version agnostic code as ++these APIs were added in security patch releases in versions before 3.11. ++ ++Example:: ++ ++ >>> import sys ++ >>> if hasattr(sys, "set_int_max_str_digits"): ++ ... upper_bound = 68000 ++ ... lower_bound = 4004 ++ ... current_limit = sys.get_int_max_str_digits() ++ ... if current_limit == 0 or current_limit > upper_bound: ++ ... sys.set_int_max_str_digits(upper_bound) ++ ... elif current_limit < lower_bound: ++ ... sys.set_int_max_str_digits(lower_bound) ++ ++If you need to disable it entirely, set it to ``0``. ++ ++ + .. rubric:: Footnotes + + .. [1] Additional information on these special methods may be found in the Python +diff --git a/Doc/library/sys.rst b/Doc/library/sys.rst +index 91984667bf..f1e6f3bcf0 100644 +--- a/Doc/library/sys.rst ++++ b/Doc/library/sys.rst +@@ -296,6 +296,7 @@ always available. + :const:`bytes_warning` :option:`-b` + :const:`quiet` :option:`-q` + :const:`hash_randomization` :option:`-R` ++ :const:`int_max_str_digits` :option:`-X int_max_str_digits <-X>` (:ref:`integer string conversion length limitation `) + ============================= ============================= + + .. versionchanged:: 3.2 +@@ -310,6 +311,9 @@ always available. + .. versionchanged:: 3.4 + Added ``isolated`` attribute for :option:`-I` ``isolated`` flag. + ++ .. versionchanged:: 3.6.15-13 ++ Added the ``int_max_str_digits`` attribute. ++ + .. data:: float_info + + A :term:`struct sequence` holding information about the float type. It +@@ -468,6 +472,15 @@ always available. + + .. versionadded:: 3.6 + ++ ++.. function:: get_int_max_str_digits() ++ ++ Returns the current value for the :ref:`integer string conversion length ++ limitation `. See also :func:`set_int_max_str_digits`. ++ ++ .. versionadded:: 3.6.15-13 ++ ++ + .. function:: getrefcount(object) + + Return the reference count of the *object*. The count returned is generally one +@@ -730,19 +743,31 @@ always available. + + .. tabularcolumns:: |l|L| + +- +-------------------------+----------------------------------------------+ +- | Attribute | Explanation | +- +=========================+==============================================+ +- | :const:`bits_per_digit` | number of bits held in each digit. Python | +- | | integers are stored internally in base | +- | | ``2**int_info.bits_per_digit`` | +- +-------------------------+----------------------------------------------+ +- | :const:`sizeof_digit` | size in bytes of the C type used to | +- | | represent a digit | +- +-------------------------+----------------------------------------------+ ++ +----------------------------------------+-----------------------------------------------+ ++ | Attribute | Explanation | ++ +========================================+===============================================+ ++ | :const:`bits_per_digit` | number of bits held in each digit. Python | ++ | | integers are stored internally in base | ++ | | ``2**int_info.bits_per_digit`` | ++ +----------------------------------------+-----------------------------------------------+ ++ | :const:`sizeof_digit` | size in bytes of the C type used to | ++ | | represent a digit | ++ +----------------------------------------+-----------------------------------------------+ ++ | :const:`default_max_str_digits` | default value for | ++ | | :func:`sys.get_int_max_str_digits` when it | ++ | | is not otherwise explicitly configured. | ++ +----------------------------------------+-----------------------------------------------+ ++ | :const:`str_digits_check_threshold` | minimum non-zero value for | ++ | | :func:`sys.set_int_max_str_digits`, | ++ | | :envvar:`PYTHONINTMAXSTRDIGITS`, or | ++ | | :option:`-X int_max_str_digits <-X>`. | ++ +----------------------------------------+-----------------------------------------------+ + + .. versionadded:: 3.1 + ++ .. versionchanged:: 3.6.15-13 ++ Added ``default_max_str_digits`` and ``str_digits_check_threshold``. ++ + + .. data:: __interactivehook__ + +@@ -1001,6 +1026,14 @@ always available. + + Availability: Unix. + ++.. function:: set_int_max_str_digits(n) ++ ++ Set the :ref:`integer string conversion length limitation ++ ` used by this interpreter. See also ++ :func:`get_int_max_str_digits`. ++ ++ .. versionadded:: 3.6.15-13 ++ + .. function:: setprofile(profilefunc) + + .. index:: +diff --git a/Doc/library/test.rst b/Doc/library/test.rst +index 04d6cd87ea..a15e7768bb 100644 +--- a/Doc/library/test.rst ++++ b/Doc/library/test.rst +@@ -625,6 +625,16 @@ The :mod:`test.support` module defines the following functions: + .. versionadded:: 3.6 + + ++.. function:: adjust_int_max_str_digits(max_digits) ++ ++ This function returns a context manager that will change the global ++ :func:`sys.set_int_max_str_digits` setting for the duration of the ++ context to allow execution of test code that needs a different limit ++ on the number of digits when converting between an integer and string. ++ ++ .. versionadded:: 3.6.15-13 ++ ++ + The :mod:`test.support` module defines the following classes: + + .. class:: TransientResource(exc, **kwargs) +diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst +index 65aa3ad0f5..fe7a926ba1 100644 +--- a/Doc/using/cmdline.rst ++++ b/Doc/using/cmdline.rst +@@ -422,6 +422,9 @@ Miscellaneous options + * ``-X showalloccount`` to output the total count of allocated objects for + each type when the program finishes. This only works when Python was built with + ``COUNT_ALLOCS`` defined. ++ * ``-X int_max_str_digits`` configures the :ref:`integer string conversion ++ length limitation `. See also ++ :envvar:`PYTHONINTMAXSTRDIGITS`. + + It also allows passing arbitrary values and retrieving them through the + :data:`sys._xoptions` dictionary. +@@ -438,6 +441,9 @@ Miscellaneous options + .. versionadded:: 3.6 + The ``-X showalloccount`` option. + ++ .. versionadded:: 3.6.15-13 ++ The ``-X int_max_str_digits`` option. ++ + + Options you shouldn't use + ~~~~~~~~~~~~~~~~~~~~~~~~~ +@@ -571,6 +577,14 @@ conflict. + .. versionadded:: 3.2.3 + + ++.. envvar:: PYTHONINTMAXSTRDIGITS ++ ++ If this variable is set to an integer, it is used to configure the ++ interpreter's global :ref:`integer string conversion length limitation ++ `. ++ ++ .. versionadded:: 3.6.15-13 ++ + .. envvar:: PYTHONIOENCODING + + If this is set before running the interpreter, it overrides the encoding used +diff --git a/Doc/whatsnew/3.6.rst b/Doc/whatsnew/3.6.rst +index 5f8f478eb3..19811f4a81 100644 +--- a/Doc/whatsnew/3.6.rst ++++ b/Doc/whatsnew/3.6.rst +@@ -2488,3 +2488,18 @@ ASCII newline ``\n``, ``\r`` and tab ``\t`` characters are stripped from the + URL by the parser :func:`urllib.parse` preventing such attacks. The removal + characters are controlled by a new module level variable + ``urllib.parse._UNSAFE_URL_BYTES_TO_REMOVE``. (See :issue:`43882`) ++ ++ ++Notable security feature in 3.6.15-13 ++===================================== ++ ++Converting between :class:`int` and :class:`str` in bases other than 2 ++(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) ++now raises a :exc:`ValueError` if the number of digits in string form is ++above a limit to avoid potential denial of service attacks due to the ++algorithmic complexity. This is a mitigation for `CVE-2020-10735 ++`_. ++This limit can be configured or disabled by environment variable, command ++line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion ++length limitation ` documentation. The default limit ++is 4300 digits in string form. +diff --git a/Include/longobject.h b/Include/longobject.h +index efd409c75a..d8a080a3bc 100644 +--- a/Include/longobject.h ++++ b/Include/longobject.h +@@ -209,6 +209,44 @@ PyAPI_FUNC(long) PyOS_strtol(const char *, char **, int); + PyAPI_FUNC(PyObject *) _PyLong_GCD(PyObject *, PyObject *); + #endif /* !Py_LIMITED_API */ + ++#ifdef Py_BUILD_CORE ++/* ++ * Default int base conversion size limitation: Denial of Service prevention. ++ * ++ * Chosen such that this isn't wildly slow on modern hardware and so that ++ * everyone's existing deployed numpy test suite passes before ++ * https://github.com/numpy/numpy/issues/22098 is widely available. ++ * ++ * $ python -m timeit -s 's = "1"*4300' 'int(s)' ++ * 2000 loops, best of 5: 125 usec per loop ++ * $ python -m timeit -s 's = "1"*4300; v = int(s)' 'str(v)' ++ * 1000 loops, best of 5: 311 usec per loop ++ * (zen2 cloud VM) ++ * ++ * 4300 decimal digits fits a ~14284 bit number. ++ */ ++#define _PY_LONG_DEFAULT_MAX_STR_DIGITS 4300 ++/* ++ * Threshold for max digits check. For performance reasons int() and ++ * int.__str__() don't checks values that are smaller than this ++ * threshold. Acts as a guaranteed minimum size limit for bignums that ++ * applications can expect from CPython. ++ * ++ * % python -m timeit -s 's = "1"*640; v = int(s)' 'str(int(s))' ++ * 20000 loops, best of 5: 12 usec per loop ++ * ++ * "640 digits should be enough for anyone." - gps ++ * fits a ~2126 bit decimal number. ++ */ ++#define _PY_LONG_MAX_STR_DIGITS_THRESHOLD 640 ++ ++#if ((_PY_LONG_DEFAULT_MAX_STR_DIGITS != 0) && \ ++ (_PY_LONG_DEFAULT_MAX_STR_DIGITS < _PY_LONG_MAX_STR_DIGITS_THRESHOLD)) ++# error "_PY_LONG_DEFAULT_MAX_STR_DIGITS smaller than threshold." ++#endif ++ ++#endif /* Py_BUILD_CORE */ ++ + #ifdef __cplusplus + } + #endif +diff --git a/Include/pydebug.h b/Include/pydebug.h +index 6e23a896c3..657c55266a 100644 +--- a/Include/pydebug.h ++++ b/Include/pydebug.h +@@ -28,6 +28,8 @@ PyAPI_DATA(int) Py_IsolatedFlag; + PyAPI_DATA(int) Py_LegacyWindowsStdioFlag; + #endif + ++PyAPI_DATA(int) _Py_global_config_int_max_str_digits; ++ + /* this is a wrapper around getenv() that pays attention to + Py_IgnoreEnvironmentFlag. It should be used for getting variables like + PYTHONPATH and PYTHONHOME from the environment */ +diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py +index 66c0fed841..9ca9ae79e6 100644 +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -2868,3 +2868,13 @@ class FakePath: + raise self.path + else: + return self.path ++ ++@contextlib.contextmanager ++def adjust_int_max_str_digits(max_digits): ++ """Temporarily change the integer string conversion length limit.""" ++ current = sys.get_int_max_str_digits() ++ try: ++ sys.set_int_max_str_digits(max_digits) ++ yield ++ finally: ++ sys.set_int_max_str_digits(current) +diff --git a/Lib/test/test_ast.py b/Lib/test/test_ast.py +index e68d0de2f8..7f2d793634 100644 +--- a/Lib/test/test_ast.py ++++ b/Lib/test/test_ast.py +@@ -571,6 +571,14 @@ class ASTHelpers_Test(unittest.TestCase): + exec(code, ns) + self.assertIn('sleep', ns) + ++ def test_literal_eval_str_int_limit(self): ++ with support.adjust_int_max_str_digits(4000): ++ ast.literal_eval('3'*4000) # no error ++ with self.assertRaises(SyntaxError) as err_ctx: ++ ast.literal_eval('3'*4001) ++ self.assertIn('Exceeds the limit ', str(err_ctx.exception)) ++ self.assertIn(' Consider hexadecimal ', str(err_ctx.exception)) ++ + + class ASTValidatorTests(unittest.TestCase): + +diff --git a/Lib/test/test_cmd_line.py b/Lib/test/test_cmd_line.py +index 5922ed917c..fe456eece8 100644 +--- a/Lib/test/test_cmd_line.py ++++ b/Lib/test/test_cmd_line.py +@@ -502,6 +502,41 @@ class CmdLineTest(unittest.TestCase): + self.assertEqual(proc.returncode, 0, proc) + self.assertEqual(proc.stdout.strip(), b'0') + ++ def test_int_max_str_digits(self): ++ code = "import sys; print(sys.flags.int_max_str_digits, sys.get_int_max_str_digits())" ++ ++ assert_python_failure('-X', 'int_max_str_digits', '-c', code) ++ assert_python_failure('-X', 'int_max_str_digits=foo', '-c', code) ++ assert_python_failure('-X', 'int_max_str_digits=100', '-c', code) ++ assert_python_failure('-X', 'int_max_str_digits', '-c', code, ++ PYTHONINTMAXSTRDIGITS='4000') ++ ++ assert_python_failure('-c', code, PYTHONINTMAXSTRDIGITS='foo') ++ assert_python_failure('-c', code, PYTHONINTMAXSTRDIGITS='100') ++ ++ def res2int(res): ++ out = res.out.strip().decode("utf-8") ++ return tuple(int(i) for i in out.split()) ++ ++ res = assert_python_ok('-c', code) ++ self.assertEqual(res2int(res), (sys.get_int_max_str_digits(), sys.get_int_max_str_digits())) ++ res = assert_python_ok('-X', 'int_max_str_digits=0', '-c', code) ++ self.assertEqual(res2int(res), (0, 0)) ++ res = assert_python_ok('-X', 'int_max_str_digits=4000', '-c', code) ++ self.assertEqual(res2int(res), (4000, 4000)) ++ res = assert_python_ok('-X', 'int_max_str_digits=100000', '-c', code) ++ self.assertEqual(res2int(res), (100000, 100000)) ++ ++ res = assert_python_ok('-c', code, PYTHONINTMAXSTRDIGITS='0') ++ self.assertEqual(res2int(res), (0, 0)) ++ res = assert_python_ok('-c', code, PYTHONINTMAXSTRDIGITS='4000') ++ self.assertEqual(res2int(res), (4000, 4000)) ++ res = assert_python_ok( ++ '-X', 'int_max_str_digits=6000', '-c', code, ++ PYTHONINTMAXSTRDIGITS='4000' ++ ) ++ self.assertEqual(res2int(res), (6000, 6000)) ++ + + def test_main(): + test.support.run_unittest(CmdLineTest) +diff --git a/Lib/test/test_compile.py b/Lib/test/test_compile.py +index 13cc8821b0..00e6468141 100644 +--- a/Lib/test/test_compile.py ++++ b/Lib/test/test_compile.py +@@ -189,6 +189,19 @@ if 1: + self.assertEqual(eval("0o777"), 511) + self.assertEqual(eval("-0o0000010"), -8) + ++ def test_int_literals_too_long(self): ++ n = 3000 ++ source = f"a = 1\nb = 2\nc = {'3'*n}\nd = 4" ++ with support.adjust_int_max_str_digits(n): ++ compile(source, "", "exec") # no errors. ++ with support.adjust_int_max_str_digits(n-1): ++ with self.assertRaises(SyntaxError) as err_ctx: ++ compile(source, "", "exec") ++ exc = err_ctx.exception ++ self.assertEqual(exc.lineno, 3) ++ self.assertIn('Exceeds the limit ', str(exc)) ++ self.assertIn(' Consider hexadecimal ', str(exc)) ++ + def test_unary_minus(self): + # Verify treatment of unary minus on negative numbers SF bug #660455 + if sys.maxsize == 2147483647: +diff --git a/Lib/test/test_decimal.py b/Lib/test/test_decimal.py +index 8808a670f9..4459b82cff 100644 +--- a/Lib/test/test_decimal.py ++++ b/Lib/test/test_decimal.py +@@ -2442,6 +2442,15 @@ class CUsabilityTest(UsabilityTest): + class PyUsabilityTest(UsabilityTest): + decimal = P + ++ def setUp(self): ++ super().setUp() ++ self._previous_int_limit = sys.get_int_max_str_digits() ++ sys.set_int_max_str_digits(7000) ++ ++ def tearDown(self): ++ sys.set_int_max_str_digits(self._previous_int_limit) ++ super().tearDown() ++ + class PythonAPItests(unittest.TestCase): + + def test_abc(self): +@@ -4499,6 +4508,15 @@ class CCoverage(Coverage): + class PyCoverage(Coverage): + decimal = P + ++ def setUp(self): ++ super().setUp() ++ self._previous_int_limit = sys.get_int_max_str_digits() ++ sys.set_int_max_str_digits(7000) ++ ++ def tearDown(self): ++ sys.set_int_max_str_digits(self._previous_int_limit) ++ super().tearDown() ++ + class PyFunctionality(unittest.TestCase): + """Extra functionality in decimal.py""" + +diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py +index a36076e010..6cd9a5ed89 100644 +--- a/Lib/test/test_int.py ++++ b/Lib/test/test_int.py +@@ -1,4 +1,5 @@ + import sys ++import time + + import unittest + from test import support +@@ -514,5 +515,200 @@ class IntTestCases(unittest.TestCase): + self.assertEqual(int('1_2_3_4_5_6_7', 32), 1144132807) + + ++class IntStrDigitLimitsTests(unittest.TestCase): ++ ++ int_class = int # Override this in subclasses to reuse the suite. ++ ++ def setUp(self): ++ super().setUp() ++ self._previous_limit = sys.get_int_max_str_digits() ++ sys.set_int_max_str_digits(2048) ++ ++ def tearDown(self): ++ sys.set_int_max_str_digits(self._previous_limit) ++ super().tearDown() ++ ++ def test_disabled_limit(self): ++ self.assertGreater(sys.get_int_max_str_digits(), 0) ++ self.assertLess(sys.get_int_max_str_digits(), 20_000) ++ with support.adjust_int_max_str_digits(0): ++ self.assertEqual(sys.get_int_max_str_digits(), 0) ++ i = self.int_class('1' * 20_000) ++ str(i) ++ self.assertGreater(sys.get_int_max_str_digits(), 0) ++ ++ def test_max_str_digits_edge_cases(self): ++ """Ignore the +/- sign and space padding.""" ++ int_class = self.int_class ++ maxdigits = sys.get_int_max_str_digits() ++ ++ int_class('1' * maxdigits) ++ int_class(' ' + '1' * maxdigits) ++ int_class('1' * maxdigits + ' ') ++ int_class('+' + '1' * maxdigits) ++ int_class('-' + '1' * maxdigits) ++ self.assertEqual(len(str(10 ** (maxdigits - 1))), maxdigits) ++ ++ def check(self, i, base=None): ++ with self.assertRaises(ValueError): ++ if base is None: ++ self.int_class(i) ++ else: ++ self.int_class(i, base) ++ ++ def test_max_str_digits(self): ++ maxdigits = sys.get_int_max_str_digits() ++ ++ self.check('1' * (maxdigits + 1)) ++ self.check(' ' + '1' * (maxdigits + 1)) ++ self.check('1' * (maxdigits + 1) + ' ') ++ self.check('+' + '1' * (maxdigits + 1)) ++ self.check('-' + '1' * (maxdigits + 1)) ++ self.check('1' * (maxdigits + 1)) ++ ++ i = 10 ** maxdigits ++ with self.assertRaises(ValueError): ++ str(i) ++ ++ def test_denial_of_service_prevented_int_to_str(self): ++ """Regression test: ensure we fail before performing O(N**2) work.""" ++ maxdigits = sys.get_int_max_str_digits() ++ assert maxdigits < 50_000, maxdigits # A test prerequisite. ++ get_time = time.process_time ++ if get_time() <= 0: # some platforms like WASM lack process_time() ++ get_time = time.monotonic ++ ++ huge_int = int(f'0x{"c"*65_000}', base=16) # 78268 decimal digits. ++ digits = 78_268 ++ with support.adjust_int_max_str_digits(digits): ++ start = get_time() ++ huge_decimal = str(huge_int) ++ seconds_to_convert = get_time() - start ++ self.assertEqual(len(huge_decimal), digits) ++ # Ensuring that we chose a slow enough conversion to measure. ++ # It takes 0.1 seconds on a Zen based cloud VM in an opt build. ++ if seconds_to_convert < 0.005: ++ raise unittest.SkipTest('"slow" conversion took only ' ++ f'{seconds_to_convert} seconds.') ++ ++ # We test with the limit almost at the size needed to check performance. ++ # The performant limit check is slightly fuzzy, give it a some room. ++ with support.adjust_int_max_str_digits(int(.995 * digits)): ++ with self.assertRaises(ValueError) as err: ++ start = get_time() ++ str(huge_int) ++ seconds_to_fail_huge = get_time() - start ++ self.assertIn('conversion', str(err.exception)) ++ self.assertLess(seconds_to_fail_huge, seconds_to_convert/8) ++ ++ # Now we test that a conversion that would take 30x as long also fails ++ # in a similarly fast fashion. ++ extra_huge_int = int(f'0x{"c"*500_000}', base=16) # 602060 digits. ++ with self.assertRaises(ValueError) as err: ++ start = get_time() ++ # If not limited, 8 seconds said Zen based cloud VM. ++ str(extra_huge_int) ++ seconds_to_fail_extra_huge = get_time() - start ++ self.assertIn('conversion', str(err.exception)) ++ self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8) ++ ++ def test_denial_of_service_prevented_str_to_int(self): ++ """Regression test: ensure we fail before performing O(N**2) work.""" ++ maxdigits = sys.get_int_max_str_digits() ++ assert maxdigits < 100_000, maxdigits # A test prerequisite. ++ get_time = time.process_time ++ if get_time() <= 0: # some platforms like WASM lack process_time() ++ get_time = time.monotonic ++ ++ digits = 133700 ++ huge = '8'*digits ++ with support.adjust_int_max_str_digits(digits): ++ start = get_time() ++ int(huge) ++ seconds_to_convert = get_time() - start ++ # Ensuring that we chose a slow enough conversion to measure. ++ # It takes 0.1 seconds on a Zen based cloud VM in an opt build. ++ if seconds_to_convert < 0.005: ++ raise unittest.SkipTest('"slow" conversion took only ' ++ f'{seconds_to_convert} seconds.') ++ ++ with support.adjust_int_max_str_digits(digits - 1): ++ with self.assertRaises(ValueError) as err: ++ start = get_time() ++ int(huge) ++ seconds_to_fail_huge = get_time() - start ++ self.assertIn('conversion', str(err.exception)) ++ self.assertLess(seconds_to_fail_huge, seconds_to_convert/8) ++ ++ # Now we test that a conversion that would take 30x as long also fails ++ # in a similarly fast fashion. ++ extra_huge = '7'*1_200_000 ++ with self.assertRaises(ValueError) as err: ++ start = get_time() ++ # If not limited, 8 seconds in the Zen based cloud VM. ++ int(extra_huge) ++ seconds_to_fail_extra_huge = get_time() - start ++ self.assertIn('conversion', str(err.exception)) ++ self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8) ++ ++ def test_power_of_two_bases_unlimited(self): ++ """The limit does not apply to power of 2 bases.""" ++ maxdigits = sys.get_int_max_str_digits() ++ ++ for base in (2, 4, 8, 16, 32): ++ with self.subTest(base=base): ++ self.int_class('1' * (maxdigits + 1), base) ++ assert maxdigits < 100_000 ++ self.int_class('1' * 100_000, base) ++ ++ def test_underscores_ignored(self): ++ maxdigits = sys.get_int_max_str_digits() ++ ++ triples = maxdigits // 3 ++ s = '111' * triples ++ s_ = '1_11' * triples ++ self.int_class(s) # succeeds ++ self.int_class(s_) # succeeds ++ self.check(f'{s}111') ++ self.check(f'{s_}_111') ++ ++ def test_sign_not_counted(self): ++ int_class = self.int_class ++ max_digits = sys.get_int_max_str_digits() ++ s = '5' * max_digits ++ i = int_class(s) ++ pos_i = int_class(f'+{s}') ++ assert i == pos_i ++ neg_i = int_class(f'-{s}') ++ assert -pos_i == neg_i ++ str(pos_i) ++ str(neg_i) ++ ++ def _other_base_helper(self, base): ++ int_class = self.int_class ++ max_digits = sys.get_int_max_str_digits() ++ s = '2' * max_digits ++ i = int_class(s, base) ++ if base > 10: ++ with self.assertRaises(ValueError): ++ str(i) ++ elif base < 10: ++ str(i) ++ with self.assertRaises(ValueError) as err: ++ int_class(f'{s}1', base) ++ ++ def test_int_from_other_bases(self): ++ base = 3 ++ with self.subTest(base=base): ++ self._other_base_helper(base) ++ base = 36 ++ with self.subTest(base=base): ++ self._other_base_helper(base) ++ ++ ++class IntSubclassStrDigitLimitsTests(IntStrDigitLimitsTests): ++ int_class = IntSubclass ++ ++ + if __name__ == "__main__": + unittest.main() +diff --git a/Lib/test/test_json/test_decode.py b/Lib/test/test_json/test_decode.py +index 738f109fe6..b5fd4f2291 100644 +--- a/Lib/test/test_json/test_decode.py ++++ b/Lib/test/test_json/test_decode.py +@@ -2,6 +2,7 @@ import decimal + from io import StringIO, BytesIO + from collections import OrderedDict + from test.test_json import PyTest, CTest ++from test import support + + + class TestDecode: +@@ -95,5 +96,12 @@ class TestDecode: + d = self.json.JSONDecoder() + self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000) + ++ def test_limit_int(self): ++ maxdigits = 5000 ++ with support.adjust_int_max_str_digits(maxdigits): ++ self.loads('1' * maxdigits) ++ with self.assertRaises(ValueError): ++ self.loads('1' * (maxdigits + 1)) ++ + class TestPyDecode(TestDecode, PyTest): pass + class TestCDecode(TestDecode, CTest): pass +diff --git a/Lib/test/test_sys.py b/Lib/test/test_sys.py +index b41239ab7a..f2b9e08017 100644 +--- a/Lib/test/test_sys.py ++++ b/Lib/test/test_sys.py +@@ -444,11 +444,17 @@ class SysModuleTest(unittest.TestCase): + self.assertIsInstance(sys.executable, str) + self.assertEqual(len(sys.float_info), 11) + self.assertEqual(sys.float_info.radix, 2) +- self.assertEqual(len(sys.int_info), 2) ++ self.assertEqual(len(sys.int_info), 4) + self.assertTrue(sys.int_info.bits_per_digit % 5 == 0) + self.assertTrue(sys.int_info.sizeof_digit >= 1) ++ self.assertGreaterEqual(sys.int_info.default_max_str_digits, 500) ++ self.assertGreaterEqual(sys.int_info.str_digits_check_threshold, 100) ++ self.assertGreater(sys.int_info.default_max_str_digits, ++ sys.int_info.str_digits_check_threshold) + self.assertEqual(type(sys.int_info.bits_per_digit), int) + self.assertEqual(type(sys.int_info.sizeof_digit), int) ++ self.assertIsInstance(sys.int_info.default_max_str_digits, int) ++ self.assertIsInstance(sys.int_info.str_digits_check_threshold, int) + self.assertIsInstance(sys.hexversion, int) + + self.assertEqual(len(sys.hash_info), 9) +@@ -552,7 +558,8 @@ class SysModuleTest(unittest.TestCase): + attrs = ("debug", + "inspect", "interactive", "optimize", "dont_write_bytecode", + "no_user_site", "no_site", "ignore_environment", "verbose", +- "bytes_warning", "quiet", "hash_randomization", "isolated") ++ "bytes_warning", "quiet", "hash_randomization", "isolated", ++ "int_max_str_digits") + for attr in attrs: + self.assertTrue(hasattr(sys.flags, attr), attr) + self.assertEqual(type(getattr(sys.flags, attr)), int, attr) +diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py +index fc601d4552..58553dd91a 100644 +--- a/Lib/test/test_xmlrpc.py ++++ b/Lib/test/test_xmlrpc.py +@@ -286,6 +286,16 @@ class XMLRPCTestCase(unittest.TestCase): + check('9876543210.0123456789', + decimal.Decimal('9876543210.0123456789')) + ++ def test_limit_int(self): ++ check = self.check_loads ++ maxdigits = 5000 ++ with support.adjust_int_max_str_digits(maxdigits): ++ s = '1' * (maxdigits + 1) ++ with self.assertRaises(ValueError): ++ check(f'{s}', None) ++ with self.assertRaises(ValueError): ++ check(f'{s}', None) ++ + def test_get_host_info(self): + # see bug #3613, this raised a TypeError + transp = xmlrpc.client.Transport() +diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst +new file mode 100644 +index 0000000000..ebf63778a6 +--- /dev/null ++++ b/Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst +@@ -0,0 +1,3 @@ ++When :exc:`ValueError` is raised if an integer is larger than the limit, ++mention the :func:`sys.set_int_max_str_digits` function in the error message. ++Patch by Victor Stinner. +diff --git a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst b/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst +new file mode 100644 +index 0000000000..8eb8a34884 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst +@@ -0,0 +1,14 @@ ++Converting between :class:`int` and :class:`str` in bases other than 2 ++(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now ++raises a :exc:`ValueError` if the number of digits in string form is above a ++limit to avoid potential denial of service attacks due to the algorithmic ++complexity. This is a mitigation for `CVE-2020-10735 ++`_. ++ ++This new limit can be configured or disabled by environment variable, command ++line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion length ++limitation ` documentation. The default limit is 4300 ++digits in string form. ++ ++Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback ++from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson. +diff --git a/Modules/main.c b/Modules/main.c +index 96d8be4685..405e8838c7 100644 +--- a/Modules/main.c ++++ b/Modules/main.c +@@ -84,6 +84,9 @@ static const char usage_3[] = "\ + also PYTHONWARNINGS=arg\n\ + -x : skip first line of source, allowing use of non-Unix forms of #!cmd\n\ + -X opt : set implementation-specific option\n\ ++-X int_max_str_digits=number: limit the size of int<->str conversions.\n\ ++ This helps avoid denial of service attacks when parsing untrusted data.\n\ ++ The default is sys.int_info.default_max_str_digits. 0 disables.\n\ + "; + static const char usage_4[] = "\ + file : program read from script file\n\ +@@ -105,6 +108,10 @@ static const char usage_6[] = + " to seed the hashes of str, bytes and datetime objects. It can also be\n" + " set to an integer in the range [0,4294967295] to get hash values with a\n" + " predictable seed.\n" ++"PYTHONINTMAXSTRDIGITS: limits the maximum digit characters in an int value\n" ++" when converting from a string and when converting an int back to a str.\n" ++" A value of 0 disables the limit. Conversions to or from bases 2, 4, 8,\n" ++" 16, and 32 are never limited.\n" + "PYTHONMALLOC: set the Python memory allocators and/or install debug hooks\n" + " on Python memory allocators. Use PYTHONMALLOC=debug to install debug\n" + " hooks.\n" +diff --git a/Objects/longobject.c b/Objects/longobject.c +index 3864cec97a..ea0116908f 100644 +--- a/Objects/longobject.c ++++ b/Objects/longobject.c +@@ -33,6 +33,9 @@ static PyLongObject small_ints[NSMALLNEGINTS + NSMALLPOSINTS]; + Py_ssize_t quick_int_allocs, quick_neg_int_allocs; + #endif + ++#define _MAX_STR_DIGITS_ERROR_FMT_TO_INT "Exceeds the limit (%d) for integer string conversion: value has %zd digits; use sys.set_int_max_str_digits() to increase the limit" ++#define _MAX_STR_DIGITS_ERROR_FMT_TO_STR "Exceeds the limit (%d) for integer string conversion; use sys.set_int_max_str_digits() to increase the limit" ++ + static PyObject * + get_small_int(sdigit ival) + { +@@ -1593,6 +1596,22 @@ long_to_decimal_string_internal(PyObject *aa, + size_a = Py_ABS(Py_SIZE(a)); + negative = Py_SIZE(a) < 0; + ++ /* quick and dirty pre-check for overflowing the decimal digit limit, ++ based on the inequality 10/3 >= log2(10) ++ ++ explanation in https://github.com/python/cpython/pull/96537 ++ */ ++ if (size_a >= 10 * _PY_LONG_MAX_STR_DIGITS_THRESHOLD ++ / (3 * PyLong_SHIFT) + 2) { ++ int max_str_digits = _Py_global_config_int_max_str_digits ; ++ if ((max_str_digits > 0) && ++ (max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10)) { ++ PyErr_Format(PyExc_ValueError, _MAX_STR_DIGITS_ERROR_FMT_TO_STR, ++ max_str_digits); ++ return -1; ++ } ++ } ++ + /* quick and dirty upper bound for the number of digits + required to express a in base _PyLong_DECIMAL_BASE: + +@@ -1652,6 +1671,16 @@ long_to_decimal_string_internal(PyObject *aa, + tenpow *= 10; + strlen++; + } ++ if (strlen > _PY_LONG_MAX_STR_DIGITS_THRESHOLD) { ++ int max_str_digits = _Py_global_config_int_max_str_digits ; ++ Py_ssize_t strlen_nosign = strlen - negative; ++ if ((max_str_digits > 0) && (strlen_nosign > max_str_digits)) { ++ Py_DECREF(scratch); ++ PyErr_Format(PyExc_ValueError, _MAX_STR_DIGITS_ERROR_FMT_TO_STR, ++ max_str_digits); ++ return -1; ++ } ++ } + if (writer) { + if (_PyUnicodeWriter_Prepare(writer, strlen, '9') == -1) { + Py_DECREF(scratch); +@@ -2166,6 +2195,7 @@ PyLong_FromString(const char *str, char **pend, int base) + + start = str; + if ((base & (base - 1)) == 0) { ++ /* binary bases are not limited by int_max_str_digits */ + int res = long_from_binary_base(&str, base, &z); + if (res < 0) { + /* Syntax error. */ +@@ -2318,6 +2348,16 @@ digit beyond the first. + goto onError; + } + ++ /* Limit the size to avoid excessive computation attacks. */ ++ if (digits > _PY_LONG_MAX_STR_DIGITS_THRESHOLD) { ++ int max_str_digits = _Py_global_config_int_max_str_digits ; ++ if ((max_str_digits > 0) && (digits > max_str_digits)) { ++ PyErr_Format(PyExc_ValueError, _MAX_STR_DIGITS_ERROR_FMT_TO_INT, ++ max_str_digits, digits); ++ return NULL; ++ } ++ } ++ + /* Create an int object that can contain the largest possible + * integer with this base and length. Note that there's no + * need to initialize z->ob_digit -- no slot is read up before +@@ -4820,6 +4860,7 @@ long_new(PyTypeObject *type, PyObject *args, PyObject *kwds) + } + return PyLong_FromLong(0L); + } ++ /* default base and limit, forward to standard implementation */ + if (obase == NULL) + return PyNumber_Long(x); + +@@ -5482,6 +5523,8 @@ internal representation of integers. The attributes are read only."); + static PyStructSequence_Field int_info_fields[] = { + {"bits_per_digit", "size of a digit in bits"}, + {"sizeof_digit", "size in bytes of the C type used to represent a digit"}, ++ {"default_max_str_digits", "maximum string conversion digits limitation"}, ++ {"str_digits_check_threshold", "minimum positive value for int_max_str_digits"}, + {NULL, NULL} + }; + +@@ -5489,7 +5532,7 @@ static PyStructSequence_Desc int_info_desc = { + "sys.int_info", /* name */ + int_info__doc__, /* doc */ + int_info_fields, /* fields */ +- 2 /* number of fields */ ++ 4 /* number of fields */ + }; + + PyObject * +@@ -5504,6 +5547,17 @@ PyLong_GetInfo(void) + PyLong_FromLong(PyLong_SHIFT)); + PyStructSequence_SET_ITEM(int_info, field++, + PyLong_FromLong(sizeof(digit))); ++ /* ++ * The following two fields were added after investigating uses of ++ * sys.int_info in the wild: Exceedingly rarely used. The ONLY use found was ++ * numba using sys.int_info.bits_per_digit as attribute access rather than ++ * sequence unpacking. Cython and sympy also refer to sys.int_info but only ++ * as info for debugging. No concern about adding these in a backport. ++ */ ++ PyStructSequence_SET_ITEM(int_info, field++, ++ PyLong_FromLong(_PY_LONG_DEFAULT_MAX_STR_DIGITS)); ++ PyStructSequence_SET_ITEM(int_info, field++, ++ PyLong_FromLong(_PY_LONG_MAX_STR_DIGITS_THRESHOLD)); + if (PyErr_Occurred()) { + Py_CLEAR(int_info); + return NULL; +@@ -5511,6 +5565,116 @@ PyLong_GetInfo(void) + return int_info; + } + ++ ++static int ++pymain_str_to_int(const char *str, int *result) ++{ ++ errno = 0; ++ const char *endptr = str; ++ long value = strtol(str, (char **)&endptr, 10); ++ if (*endptr != '\0' || errno == ERANGE) { ++ return -1; ++ } ++ if (value < INT_MIN || value > INT_MAX) { ++ return -1; ++ } ++ ++ *result = (int)value; ++ return 0; ++} ++ ++ ++static int ++long_get_max_str_digits_xoption(int *pmaxdigits) ++{ ++ PyObject *xoptions = PySys_GetXOptions(); ++ if (xoptions == NULL) { ++ return -1; ++ } ++ ++ PyObject *key = PyUnicode_FromString("int_max_str_digits"); ++ if (key == NULL) { ++ return -1; ++ } ++ ++ PyObject *value = PyDict_GetItemWithError(xoptions, key); /* borrowed */ ++ Py_DECREF(key); ++ if (value == NULL) { ++ if (PyErr_Occurred()) { ++ return -1; ++ } ++ return 0; ++ } ++ ++ if (!PyUnicode_Check(value)) { ++ return -1; ++ } ++ ++ PyObject *valuelong = PyLong_FromUnicodeObject(value, 10); ++ if (valuelong == NULL) { ++ return -1; ++ } ++ ++ int maxdigits = _PyLong_AsInt(valuelong); ++ Py_DECREF(valuelong); ++ if (maxdigits == -1 && PyErr_Occurred()) { ++ return -1; ++ } ++ ++ *pmaxdigits = maxdigits; ++ return 1; ++} ++ ++ ++static void ++long_init_max_str_digits(void) ++{ ++ // PYTHONINTMAXSTRDIGITS env var ++ char *opt = Py_GETENV("PYTHONINTMAXSTRDIGITS"); ++ int maxdigits; ++ if (opt) { ++ int valid = 0; ++ if (!pymain_str_to_int(opt, &maxdigits)) { ++ valid = ((maxdigits == 0) || (maxdigits >= _PY_LONG_MAX_STR_DIGITS_THRESHOLD)); ++ } ++ if (!valid) { ++#define STRINGIFY(VAL) _STRINGIFY(VAL) ++#define _STRINGIFY(VAL) #VAL ++ fprintf(stderr, "Error in PYTHONINTMAXSTRDIGITS: " ++ "invalid limit; must be >= " ++ STRINGIFY(_PY_LONG_MAX_STR_DIGITS_THRESHOLD) ++ " or 0 for unlimited.\n"); ++ exit(1); ++ } ++ _Py_global_config_int_max_str_digits = maxdigits; ++ } ++ ++ // -X int_max_str_digits command line option ++ int res = long_get_max_str_digits_xoption(&maxdigits); ++ if (res == 1) { ++ int valid = ((maxdigits == 0) || (maxdigits >= _PY_LONG_MAX_STR_DIGITS_THRESHOLD)); ++ if (!valid) { ++ res = -1; ++ } ++ } ++ if (res < 0) { ++ fprintf(stderr, "Error in -X int_max_str_digits: " ++ "invalid limit; must be >= " ++ STRINGIFY(_PY_LONG_MAX_STR_DIGITS_THRESHOLD) ++ " or 0 for unlimited.\n"); ++ exit(1); ++ } ++ if (res == 1) { ++ _Py_global_config_int_max_str_digits = maxdigits; ++ } ++ ++ // Default value ++ if (_Py_global_config_int_max_str_digits == -1) { ++ _Py_global_config_int_max_str_digits = _PY_LONG_DEFAULT_MAX_STR_DIGITS; ++ } ++} ++ ++ + int + _PyLong_Init(void) + { +@@ -5549,6 +5713,8 @@ _PyLong_Init(void) + return 0; + } + ++ long_init_max_str_digits(); ++ + return 1; + } + +diff --git a/Python/ast.c b/Python/ast.c +index 675063eff0..4b69d8664e 100644 +--- a/Python/ast.c ++++ b/Python/ast.c +@@ -2149,8 +2149,32 @@ ast_for_atom(struct compiling *c, const node *n) + } + case NUMBER: { + PyObject *pynum = parsenumber(c, STR(ch)); +- if (!pynum) ++ if (!pynum) { ++ PyThreadState *tstate = PyThreadState_GET(); ++ // The only way a ValueError should happen in _this_ code is via ++ // PyLong_FromString hitting a length limit. ++ if (tstate->curexc_type == PyExc_ValueError && ++ tstate->curexc_value != NULL) { ++ PyObject *type, *value, *tb; ++ // This acts as PyErr_Clear() as we're replacing curexc. ++ PyErr_Fetch(&type, &value, &tb); ++ Py_XDECREF(tb); ++ Py_DECREF(type); ++ PyObject *helpful_msg = PyUnicode_FromFormat( ++ "%S - Consider hexadecimal for huge integer literals " ++ "to avoid decimal conversion limits.", ++ value); ++ if (helpful_msg) { ++ const char* error_msg = PyUnicode_AsUTF8(helpful_msg); ++ if (error_msg) { ++ ast_error(c, ch, error_msg); ++ } ++ Py_DECREF(helpful_msg); ++ } ++ Py_DECREF(value); ++ } + return NULL; ++ } + + if (PyArena_AddPyObject(c->c_arena, pynum) < 0) { + Py_DECREF(pynum); +diff --git a/Python/pylifecycle.c b/Python/pylifecycle.c +index 0b985bf78b..095d1ef84f 100644 +--- a/Python/pylifecycle.c ++++ b/Python/pylifecycle.c +@@ -97,6 +97,8 @@ int Py_IsolatedFlag = 0; /* for -I, isolate from user's env */ + int Py_LegacyWindowsFSEncodingFlag = 0; /* Uses mbcs instead of utf-8 */ + int Py_LegacyWindowsStdioFlag = 0; /* Uses FileIO instead of WindowsConsoleIO */ + #endif ++/* Unusual name compared to the above for backporting from 3.12 reasons. */ ++int _Py_global_config_int_max_str_digits = -1; /* -X int_max_str_digits or PYTHONINTMAXSTRDIGITS */ + + PyThreadState *_Py_Finalizing = NULL; + +diff --git a/Python/sysmodule.c b/Python/sysmodule.c +index 7d1493cbe1..ecdb62cd1a 100644 +--- a/Python/sysmodule.c ++++ b/Python/sysmodule.c +@@ -1079,6 +1079,46 @@ sys_mdebug(PyObject *self, PyObject *args) + } + #endif /* USE_MALLOPT */ + ++static PyObject * ++sys_get_int_max_str_digits(PyObject *module, PyObject *Py_UNUSED(ignored)) ++{ ++ return PyLong_FromSsize_t(_Py_global_config_int_max_str_digits); ++} ++ ++PyDoc_STRVAR(sys_get_int_max_str_digits__doc__, ++"get_int_max_str_digits($module, /)\n" ++"--\n" ++"\n" ++"Set the maximum string digits limit for non-binary int<->str conversions."); ++ ++static PyObject * ++sys_set_int_max_str_digits(PyObject *module, PyObject *args, PyObject *kwds) ++{ ++ static char *kwlist[] = {"maxdigits", NULL}; ++ int maxdigits; ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwds, "i:set_int_max_str_digits", ++ kwlist, &maxdigits)) ++ return NULL; ++ ++ if ((!maxdigits) || (maxdigits >= _PY_LONG_MAX_STR_DIGITS_THRESHOLD)) { ++ _Py_global_config_int_max_str_digits = maxdigits; ++ Py_RETURN_NONE; ++ } else { ++ PyErr_Format( ++ PyExc_ValueError, "maxdigits must be 0 or larger than %d", ++ _PY_LONG_MAX_STR_DIGITS_THRESHOLD); ++ return NULL; ++ } ++} ++ ++PyDoc_STRVAR(sys_set_int_max_str_digits__doc__, ++"set_int_max_str_digits($module, /, maxdigits)\n" ++"--\n" ++"\n" ++"Set the maximum string digits limit for non-binary int<->str conversions."); ++ ++ + size_t + _PySys_GetSizeOf(PyObject *o) + { +@@ -1434,6 +1474,8 @@ static PyMethodDef sys_methods[] = { + METH_VARARGS | METH_KEYWORDS, set_asyncgen_hooks_doc}, + {"get_asyncgen_hooks", sys_get_asyncgen_hooks, METH_NOARGS, + get_asyncgen_hooks_doc}, ++ {"get_int_max_str_digits", sys_get_int_max_str_digits, METH_NOARGS, sys_get_int_max_str_digits__doc__}, ++ {"set_int_max_str_digits", (PyCFunction)sys_set_int_max_str_digits, METH_VARARGS|METH_KEYWORDS, sys_set_int_max_str_digits__doc__}, + {NULL, NULL} /* sentinel */ + }; + +@@ -1681,6 +1723,7 @@ static PyStructSequence_Field flags_fields[] = { + {"quiet", "-q"}, + {"hash_randomization", "-R"}, + {"isolated", "-I"}, ++ {"int_max_str_digits", "-X int_max_str_digits"}, + {0} + }; + +@@ -1688,7 +1731,7 @@ static PyStructSequence_Desc flags_desc = { + "sys.flags", /* name */ + flags__doc__, /* doc */ + flags_fields, /* fields */ +- 13 ++ 14 + }; + + static PyObject* +@@ -1719,6 +1762,7 @@ make_flags(void) + SetFlag(Py_QuietFlag); + SetFlag(Py_HashRandomizationFlag); + SetFlag(Py_IsolatedFlag); ++ SetFlag(_Py_global_config_int_max_str_digits); + #undef SetFlag + + if (PyErr_Occurred()) { diff --git a/python3.6.spec b/python3.6.spec index a233067..797c1ad 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 12%{?dist} +Release: 13%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -542,6 +542,53 @@ Patch382: 00382-cve-2015-20107.patch # Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2120642 Patch386: 00386-cve-2021-28861.patch +# 00387 # c687b2d407c9ec9ddf30a14f7151aa2064a8b0eb +# CVE-2020-10735: Prevent DoS by very large int() +# +# gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504) +# +# Converting between `int` and `str` in bases other than 2 +# (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now +# raises a `ValueError` if the number of digits in string form is above a +# limit to avoid potential denial of service attacks due to the algorithmic +# complexity. This is a mitigation for CVE-2020-10735 +# (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735). +# +# This new limit can be configured or disabled by environment variable, command +# line flag, or :mod:`sys` APIs. See the `Integer String Conversion Length +# Limitation` documentation. The default limit is 4300 +# digits in string form. +# +# Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback +# from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson. +# +# Notes on the backport to Python 3.6: +# +# * Use "Python 3.6.15-13" version in the documentation, whereas this +# version will never be released +# * Only add _Py_global_config_int_max_str_digits global variable: +# Python 3.6 doesn't have PyConfig API (PEP 597) nor _PyRuntime. +# * sys.flags.int_max_str_digits cannot be -1 on Python 3.6: it is +# set to the default limit. Adapt test_int_max_str_digits() for that. +# * Declare _PY_LONG_DEFAULT_MAX_STR_DIGITS and +# _PY_LONG_MAX_STR_DIGITS_THRESHOLD macros in longobject.h but only +# if the Py_BUILD_CORE macro is defined. +# * Declare _Py_global_config_int_max_str_digits in pydebug.h. +# +# +# gh-95778: Mention sys.set_int_max_str_digits() in error message (#96874) +# +# When ValueError is raised if an integer is larger than the limit, +# mention sys.set_int_max_str_digits() in the error message. +# +# +# gh-96848: Fix -X int_max_str_digits option parsing (#96988) +# +# Fix command line parsing: reject "-X int_max_str_digits" option with +# no value (invalid) when the PYTHONINTMAXSTRDIGITS environment +# variable is set to a valid limit. +Patch387: 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1791,6 +1838,10 @@ CheckPython optimized # ====================================================== %changelog +* Wed Oct 05 2022 Victor Stinner - 3.6.15-13 +- Prevent denial of service (DoS) by very large integers. + Resolves: rhbz#1834423 + * Wed Sep 14 2022 Lumír Balhar - 3.6.15-12 - Fix for CVE-2021-28861 Resolves: rhbz#2120785 From 6d49aa0b1c083a7c1c7a5cc59009020c92cf8c09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 10 Nov 2022 13:59:56 +0100 Subject: [PATCH 17/66] CVE-2022-37454: Fix buffer overflows in _sha3 module --- ...fix-buffer-overflows-in-_sha3-module.patch | 98 +++++++++++++++++++ python3.6.spec | 17 +++- 2 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch diff --git a/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch b/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch new file mode 100644 index 0000000..cd71363 --- /dev/null +++ b/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch @@ -0,0 +1,98 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Theo Buehler +Date: Fri, 21 Oct 2022 20:37:54 -0700 +Subject: [PATCH] 00392: CVE-2022-37454: Fix buffer overflows in _sha3 module + +This is a port of the applicable part of XKCP's fix [1] for +CVE-2022-37454 and avoids the segmentation fault and the infinite +loop in the test cases published in [2]. + +[1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a +[2]: https://mouha.be/sha-3-buffer-overflow/ + +(cherry picked from commit 0e4e058602d93b88256ff90bbef501ba20be9dd3) + +Co-authored-by: Gregory P. Smith [Google LLC] +--- + Lib/test/test_hashlib.py | 9 +++++++++ + .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 + + Modules/_sha3/kcp/KeccakSponge.inc | 15 ++++++++------- + 3 files changed, 18 insertions(+), 7 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst + +diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py +index 9711856853..08f0af3748 100644 +--- a/Lib/test/test_hashlib.py ++++ b/Lib/test/test_hashlib.py +@@ -418,6 +418,15 @@ class HashLibTestCase(unittest.TestCase): + def test_case_md5_uintmax(self, size): + self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3') + ++ @unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit systems') ++ @bigmemtest(size=_4G - 1, memuse=1, dry_run=False) ++ def test_sha3_update_overflow(self, size): ++ """Regression test for gh-98517 CVE-2022-37454.""" ++ h = hashlib.sha3_224() ++ h.update(b'\x01') ++ h.update(b'\x01'*0xffff_ffff) ++ self.assertEqual(h.hexdigest(), '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed') ++ + # use the three examples from Federal Information Processing Standards + # Publication 180-1, Secure Hash Standard, 1995 April 17 + # http://www.itl.nist.gov/div897/pubs/fip180-1.htm +diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst +new file mode 100644 +index 0000000000..2d23a6ad93 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst +@@ -0,0 +1 @@ ++Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454). +diff --git a/Modules/_sha3/kcp/KeccakSponge.inc b/Modules/_sha3/kcp/KeccakSponge.inc +index e10739deaf..cf92e4db4d 100644 +--- a/Modules/_sha3/kcp/KeccakSponge.inc ++++ b/Modules/_sha3/kcp/KeccakSponge.inc +@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { + #ifdef SnP_FastLoop_Absorb + /* processing full blocks first */ + +@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + } + else { + /* normal lane: using the message queue */ +- +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + #ifdef KeccakReference + displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); + #endif +@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { + for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { + SnP_Permute(instance->state); + SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); +@@ -299,9 +299,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + SnP_Permute(instance->state); + instance->byteIOIndex = 0; + } +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + i += partialBlock; + + SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); diff --git a/python3.6.spec b/python3.6.spec index 797c1ad..c80ed56 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 13%{?dist} +Release: 14%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -589,6 +589,17 @@ Patch386: 00386-cve-2021-28861.patch # variable is set to a valid limit. Patch387: 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch +# 00392 # 033f82b975577a72218ce385b5333dcc5c88dfd5 +# CVE-2022-37454: Fix buffer overflows in _sha3 module +# +# This is a port of the applicable part of XKCP's fix [1] for +# CVE-2022-37454 and avoids the segmentation fault and the infinite +# loop in the test cases published in [2]. +# +# [1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a +# [2]: https://mouha.be/sha-3-buffer-overflow/ +Patch392: 00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1838,6 +1849,10 @@ CheckPython optimized # ====================================================== %changelog +* Thu Nov 10 2022 Miro Hrončok - 3.6.15-14 +- CVE-2022-37454: Fix buffer overflows in _sha3 module + Related: rhbz#2140200 + * Wed Oct 05 2022 Victor Stinner - 3.6.15-13 - Prevent denial of service (DoS) by very large integers. Resolves: rhbz#1834423 From 7dc6fb6d8ca80c2cebb6ce655686613aa1f11a3f Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Mon, 19 Dec 2022 16:33:51 +0100 Subject: [PATCH 18/66] CVE-2022-45061: CPU denial of service via inefficient IDNA decoder --- ...service-via-inefficient-idna-decoder.patch | 95 +++++++++++++++++++ python3.6.spec | 15 ++- 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch diff --git a/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch b/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch new file mode 100644 index 0000000..2eb1aa0 --- /dev/null +++ b/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch @@ -0,0 +1,95 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 7 Nov 2022 19:22:14 -0800 +Subject: [PATCH] 00394: CVE-2022-45061: CPU denial of service via inefficient + IDNA decoder + +gh-98433: Fix quadratic time idna decoding. + +There was an unnecessary quadratic loop in idna decoding. This restores +the behavior to linear. + +(cherry picked from commit a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15) + +Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> +Co-authored-by: Gregory P. Smith +--- + Lib/encodings/idna.py | 32 +++++++++---------- + Lib/test/test_codecs.py | 6 ++++ + ...2-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 ++++ + 3 files changed, 27 insertions(+), 17 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst + +diff --git a/Lib/encodings/idna.py b/Lib/encodings/idna.py +index ea4058512f..bf98f51336 100644 +--- a/Lib/encodings/idna.py ++++ b/Lib/encodings/idna.py +@@ -39,23 +39,21 @@ def nameprep(label): + + # Check bidi + RandAL = [stringprep.in_table_d1(x) for x in label] +- for c in RandAL: +- if c: +- # There is a RandAL char in the string. Must perform further +- # tests: +- # 1) The characters in section 5.8 MUST be prohibited. +- # This is table C.8, which was already checked +- # 2) If a string contains any RandALCat character, the string +- # MUST NOT contain any LCat character. +- if any(stringprep.in_table_d2(x) for x in label): +- raise UnicodeError("Violation of BIDI requirement 2") +- +- # 3) If a string contains any RandALCat character, a +- # RandALCat character MUST be the first character of the +- # string, and a RandALCat character MUST be the last +- # character of the string. +- if not RandAL[0] or not RandAL[-1]: +- raise UnicodeError("Violation of BIDI requirement 3") ++ if any(RandAL): ++ # There is a RandAL char in the string. Must perform further ++ # tests: ++ # 1) The characters in section 5.8 MUST be prohibited. ++ # This is table C.8, which was already checked ++ # 2) If a string contains any RandALCat character, the string ++ # MUST NOT contain any LCat character. ++ if any(stringprep.in_table_d2(x) for x in label): ++ raise UnicodeError("Violation of BIDI requirement 2") ++ # 3) If a string contains any RandALCat character, a ++ # RandALCat character MUST be the first character of the ++ # string, and a RandALCat character MUST be the last ++ # character of the string. ++ if not RandAL[0] or not RandAL[-1]: ++ raise UnicodeError("Violation of BIDI requirement 3") + + return label + +diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py +index 56485de3f6..a798d1f287 100644 +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1640,6 +1640,12 @@ class IDNACodecTest(unittest.TestCase): + self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") + self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") + ++ def test_builtin_decode_length_limit(self): ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*1100).decode("idna") ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*70).decode("idna") ++ + def test_stream(self): + r = codecs.getreader("idna")(io.BytesIO(b"abc")) + r.read(3) +diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +new file mode 100644 +index 0000000000..5185fac2e2 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +@@ -0,0 +1,6 @@ ++The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` ++related name resolution functions no longer involves a quadratic algorithm. ++This prevents a potential CPU denial of service if an out-of-spec excessive ++length hostname involving bidirectional characters were decoded. Some protocols ++such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker ++to supply such a name. diff --git a/python3.6.spec b/python3.6.spec index c80ed56..889fecf 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 14%{?dist} +Release: 15%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -600,6 +600,15 @@ Patch387: 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch # [2]: https://mouha.be/sha-3-buffer-overflow/ Patch392: 00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch +# 00394 # 377cbc015f738fdea510969d0dbe266748b6bb09 +# CVE-2022-45061: CPU denial of service via inefficient IDNA decoder +# +# gh-98433: Fix quadratic time idna decoding. +# +# There was an unnecessary quadratic loop in idna decoding. This restores +# the behavior to linear. +Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1849,6 +1858,10 @@ CheckPython optimized # ====================================================== %changelog +* Mon Dec 19 2022 Charalampos Stratakis - 3.6.15-15 +- Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder + Related: rhbz#2144072 + * Thu Nov 10 2022 Miro Hrončok - 3.6.15-14 - CVE-2022-37454: Fix buffer overflows in _sha3 module Related: rhbz#2140200 From 8d2dded3107a9f699d19fa3392a60cb9d2099736 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 3 Jan 2023 12:33:35 +0100 Subject: [PATCH 19/66] Ensure the source mtime is clamped to $SOURCE_DATE_EPOCH before bytecompilation This is part of https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes --- python3.6.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 889fecf..4721d57 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 15%{?dist} +Release: 16%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1267,6 +1267,13 @@ find . -name "*~" -exec rm -f {} \; # Do bytecompilation with the newly installed interpreter. # This is similar to the script in macros.pybytecompile +# Clamp the source mtime first, see https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes +# The clamp_source_mtime module is only guaranteed to exist on Fedoras that enabled this option: +%if 0%{?clamp_mtime_to_source_date_epoch} +LD_LIBRARY_PATH="%{buildroot}%{dynload_dir}/:%{buildroot}%{_libdir}" \ +PYTHONPATH="%{_rpmconfigdir}/redhat" \ +%{buildroot}%{_bindir}/python%{pybasever} -s -B -m clamp_source_mtime %{buildroot}%{pylibdir} +%endif # compile *.pyc find %{buildroot} -type f -a -name "*.py" -print0 | \ LD_LIBRARY_PATH="%{buildroot}%{dynload_dir}/:%{buildroot}%{_libdir}" \ @@ -1858,6 +1865,9 @@ CheckPython optimized # ====================================================== %changelog +* Tue Jan 03 2023 Miro Hrončok - 3.6.15-16 +- Ensure the source mtime is clamped to $SOURCE_DATE_EPOCH before bytecompilation + * Mon Dec 19 2022 Charalampos Stratakis - 3.6.15-15 - Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder Related: rhbz#2144072 From 60835d7222c0d871d4eb3835c82f7f754a07669e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Wed, 11 Jan 2023 14:45:35 +0000 Subject: [PATCH 20/66] Opt-out from https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer See https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org/thread/6TQYCHMX4FZLF27U5BCEC7IFV6XNBKJP/ for rationale, namely https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org/message/ZVDEXGPU6JQFXB3XHYZ4IXVQNNR3YM3V/ Summary: Python is currently slower with frame pointers due to a slowdown in _PyEval_EvalFrameDefault, but we expect this to be solved in Python 3.12. Tracking bugzilla: https://bugzilla.redhat.com/2158729 This change does not require a release bump. It is only needed to be here to prevent the next builds from including frame pointers. --- python3.6.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/python3.6.spec b/python3.6.spec index 4721d57..4838fb2 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -231,6 +231,11 @@ License: Python and MIT and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and ( %global wordsize 32 %endif +# Opt-out from https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer +# Python is slower with frame pointers, but we expect to remove this in Python 3.12+ +# See https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org/thread/6TQYCHMX4FZLF27U5BCEC7IFV6XNBKJP/ +# Tracking bugzilla: https://bugzilla.redhat.com/2158729 +%undefine _include_frame_pointers # ======================= # Build-time requirements From 055e00d4abba9da0551c19340d279cebcbb4603c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 20 Jan 2023 18:45:28 +0000 Subject: [PATCH 21/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 4838fb2..91c010a 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 16%{?dist} +Release: 17%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1870,6 +1870,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jan 20 2023 Fedora Release Engineering - 3.6.15-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Tue Jan 03 2023 Miro Hrončok - 3.6.15-16 - Ensure the source mtime is clamped to $SOURCE_DATE_EPOCH before bytecompilation From 1fbd10cd986dc526b3c9dc594e79179d4869064f Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 26 May 2023 02:15:16 +0200 Subject: [PATCH 22/66] Security fix for CVE-2023-24329 Resolves: rhbz#2174013 --- 00399-cve-2023-24329.patch | 223 +++++++++++++++++++++++++++++++++++++ python3.6.spec | 18 ++- 2 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 00399-cve-2023-24329.patch diff --git a/00399-cve-2023-24329.patch b/00399-cve-2023-24329.patch new file mode 100644 index 0000000..36bf6e9 --- /dev/null +++ b/00399-cve-2023-24329.patch @@ -0,0 +1,223 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 22 May 2023 03:42:37 -0700 +Subject: [PATCH] 00399: CVE-2023-24329 + +gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) + +`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. + +This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). + +Backported from Python 3.12 + +(cherry picked from commit f48a96a28012d28ae37a2f4587a780a5eb779946) + +Co-authored-by: Illia Volochii +Co-authored-by: Gregory P. Smith [Google] +--- + Doc/library/urllib.parse.rst | 40 +++++++++++- + Lib/test/test_urlparse.py | 61 ++++++++++++++++++- + Lib/urllib/parse.py | 12 ++++ + ...-03-07-20-59-17.gh-issue-102153.14CLSZ.rst | 3 + + 4 files changed, 113 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst + +diff --git a/Doc/library/urllib.parse.rst b/Doc/library/urllib.parse.rst +index b717d7cc05..83a7a82089 100644 +--- a/Doc/library/urllib.parse.rst ++++ b/Doc/library/urllib.parse.rst +@@ -126,6 +126,12 @@ or on combining URL components into a URL string. + ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is + decomposed before parsing, no error will be raised. + ++ ++ .. warning:: ++ ++ :func:`urlparse` does not perform validation. See :ref:`URL parsing ++ security ` for details. ++ + .. versionchanged:: 3.2 + Added IPv6 URL parsing capabilities. + +@@ -288,8 +294,14 @@ or on combining URL components into a URL string. + ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is + decomposed before parsing, no error will be raised. + +- Following the `WHATWG spec`_ that updates RFC 3986, ASCII newline +- ``\n``, ``\r`` and tab ``\t`` characters are stripped from the URL. ++ Following some of the `WHATWG spec`_ that updates RFC 3986, leading C0 ++ control and space characters are stripped from the URL. ``\n``, ++ ``\r`` and tab ``\t`` characters are removed from the URL at any position. ++ ++ .. warning:: ++ ++ :func:`urlsplit` does not perform validation. See :ref:`URL parsing ++ security ` for details. + + .. versionchanged:: 3.6 + Out-of-range port numbers now raise :exc:`ValueError`, instead of +@@ -302,6 +314,9 @@ or on combining URL components into a URL string. + .. versionchanged:: 3.6.14 + ASCII newline and tab characters are stripped from the URL. + ++ .. versionchanged:: 3.6.15 ++ Leading WHATWG C0 control and space characters are stripped from the URL. ++ + .. _WHATWG spec: https://url.spec.whatwg.org/#concept-basic-url-parser + + .. function:: urlunsplit(parts) +@@ -371,6 +386,27 @@ or on combining URL components into a URL string. + .. versionchanged:: 3.2 + Result is a structured object rather than a simple 2-tuple. + ++.. _url-parsing-security: ++ ++URL parsing security ++-------------------- ++ ++The :func:`urlsplit` and :func:`urlparse` APIs do not perform **validation** of ++inputs. They may not raise errors on inputs that other applications consider ++invalid. They may also succeed on some inputs that might not be considered ++URLs elsewhere. Their purpose is for practical functionality rather than ++purity. ++ ++Instead of raising an exception on unusual input, they may instead return some ++component parts as empty strings. Or components may contain more than perhaps ++they should. ++ ++We recommend that users of these APIs where the values may be used anywhere ++with security implications code defensively. Do some verification within your ++code before trusting a returned component part. Does that ``scheme`` make ++sense? Is that a sensible ``path``? Is there anything strange about that ++``hostname``? etc. ++ + .. _parsing-ascii-encoded-bytes: + + Parsing ASCII Encoded Bytes +diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py +index 3509278a01..7fd61ffea9 100644 +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -660,6 +660,65 @@ class UrlParseTestCase(unittest.TestCase): + self.assertEqual(p.scheme, "https") + self.assertEqual(p.geturl(), "https://www.python.org/javascript:alert('msg')/?query=something#fragment") + ++ def test_urlsplit_strip_url(self): ++ noise = bytes(range(0, 0x20 + 1)) ++ base_url = "http://User:Pass@www.python.org:080/doc/?query=yes#frag" ++ ++ url = noise.decode("utf-8") + base_url ++ p = urllib.parse.urlsplit(url) ++ self.assertEqual(p.scheme, "http") ++ self.assertEqual(p.netloc, "User:Pass@www.python.org:080") ++ self.assertEqual(p.path, "/doc/") ++ self.assertEqual(p.query, "query=yes") ++ self.assertEqual(p.fragment, "frag") ++ self.assertEqual(p.username, "User") ++ self.assertEqual(p.password, "Pass") ++ self.assertEqual(p.hostname, "www.python.org") ++ self.assertEqual(p.port, 80) ++ self.assertEqual(p.geturl(), base_url) ++ ++ url = noise + base_url.encode("utf-8") ++ p = urllib.parse.urlsplit(url) ++ self.assertEqual(p.scheme, b"http") ++ self.assertEqual(p.netloc, b"User:Pass@www.python.org:080") ++ self.assertEqual(p.path, b"/doc/") ++ self.assertEqual(p.query, b"query=yes") ++ self.assertEqual(p.fragment, b"frag") ++ self.assertEqual(p.username, b"User") ++ self.assertEqual(p.password, b"Pass") ++ self.assertEqual(p.hostname, b"www.python.org") ++ self.assertEqual(p.port, 80) ++ self.assertEqual(p.geturl(), base_url.encode("utf-8")) ++ ++ # Test that trailing space is preserved as some applications rely on ++ # this within query strings. ++ query_spaces_url = "https://www.python.org:88/doc/?query= " ++ p = urllib.parse.urlsplit(noise.decode("utf-8") + query_spaces_url) ++ self.assertEqual(p.scheme, "https") ++ self.assertEqual(p.netloc, "www.python.org:88") ++ self.assertEqual(p.path, "/doc/") ++ self.assertEqual(p.query, "query= ") ++ self.assertEqual(p.port, 88) ++ self.assertEqual(p.geturl(), query_spaces_url) ++ ++ p = urllib.parse.urlsplit("www.pypi.org ") ++ # That "hostname" gets considered a "path" due to the ++ # trailing space and our existing logic... YUCK... ++ # and re-assembles via geturl aka unurlsplit into the original. ++ # django.core.validators.URLValidator (at least through v3.2) relies on ++ # this, for better or worse, to catch it in a ValidationError via its ++ # regular expressions. ++ # Here we test the basic round trip concept of such a trailing space. ++ self.assertEqual(urllib.parse.urlunsplit(p), "www.pypi.org ") ++ ++ # with scheme as cache-key ++ url = "//www.python.org/" ++ scheme = noise.decode("utf-8") + "https" + noise.decode("utf-8") ++ for _ in range(2): ++ p = urllib.parse.urlsplit(url, scheme=scheme) ++ self.assertEqual(p.scheme, "https") ++ self.assertEqual(p.geturl(), "https://www.python.org/") ++ + def test_attributes_bad_port(self): + """Check handling of invalid ports.""" + for bytes in (False, True): +@@ -667,7 +726,7 @@ class UrlParseTestCase(unittest.TestCase): + for port in ("foo", "1.5", "-1", "0x10"): + with self.subTest(bytes=bytes, parse=parse, port=port): + netloc = "www.example.net:" + port +- url = "http://" + netloc ++ url = "http://" + netloc + "/" + if bytes: + netloc = netloc.encode("ascii") + url = url.encode("ascii") +diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py +index ac6e7a9cee..717e990997 100644 +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -25,6 +25,10 @@ currently not entirely compliant with this RFC due to defacto + scenarios for parsing, and for backward compatibility purposes, some + parsing quirks from older RFCs are retained. The testcases in + test_urlparse.py provides a good indicator of parsing behavior. ++ ++The WHATWG URL Parser spec should also be considered. We are not compliant with ++it either due to existing user code API behavior expectations (Hyrum's Law). ++It serves as a useful guide when making changes. + """ + + import re +@@ -76,6 +80,10 @@ scheme_chars = ('abcdefghijklmnopqrstuvwxyz' + '0123456789' + '+-.') + ++# Leading and trailing C0 control and space to be stripped per WHATWG spec. ++# == "".join([chr(i) for i in range(0, 0x20 + 1)]) ++_WHATWG_C0_CONTROL_OR_SPACE = '\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f ' ++ + # Unsafe bytes to be removed per WHATWG spec + _UNSAFE_URL_BYTES_TO_REMOVE = ['\t', '\r', '\n'] + +@@ -426,6 +434,10 @@ def urlsplit(url, scheme='', allow_fragments=True): + url, scheme, _coerce_result = _coerce_args(url, scheme) + url = _remove_unsafe_bytes_from_url(url) + scheme = _remove_unsafe_bytes_from_url(scheme) ++ # Only lstrip url as some applications rely on preserving trailing space. ++ # (https://url.spec.whatwg.org/#concept-basic-url-parser would strip both) ++ url = url.lstrip(_WHATWG_C0_CONTROL_OR_SPACE) ++ scheme = scheme.strip(_WHATWG_C0_CONTROL_OR_SPACE) + allow_fragments = bool(allow_fragments) + key = url, scheme, allow_fragments, type(url), type(scheme) + cached = _parse_cache.get(key, None) +diff --git a/Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst b/Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst +new file mode 100644 +index 0000000000..e57ac4ed3a +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst +@@ -0,0 +1,3 @@ ++:func:`urllib.parse.urlsplit` now strips leading C0 control and space ++characters following the specification for URLs defined by WHATWG in ++response to CVE-2023-24329. Patch by Illia Volochii. diff --git a/python3.6.spec b/python3.6.spec index 91c010a..baca58c 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 17%{?dist} +Release: 18%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -614,6 +614,18 @@ Patch392: 00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch # the behavior to linear. Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch +# 00399 # dc0a803eea47d3b4f0657816b112b5a33491500f +# CVE-2023-24329 +# +# gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) +# +# `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. +# +# This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%%20any%%20leading%%20and%%20trailing%%20C0%%20control%%20or%%20space%%20from%%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). +# +# Backported from Python 3.12 +Patch399: 00399-cve-2023-24329.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1870,6 +1882,10 @@ CheckPython optimized # ====================================================== %changelog +* Fri May 26 2023 Charalampos Stratakis - 3.6.15-18 +- Security fix for CVE-2023-24329 +- Resolves: rhbz#2174013 + * Fri Jan 20 2023 Fedora Release Engineering - 3.6.15-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From ff2179f9fa4af8a37046536cdd508f50f4f0854d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 21 Jul 2023 15:42:43 +0000 Subject: [PATCH 23/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index baca58c..3492afe 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 18%{?dist} +Release: 19%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1882,6 +1882,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jul 21 2023 Fedora Release Engineering - 3.6.15-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Fri May 26 2023 Charalampos Stratakis - 3.6.15-18 - Security fix for CVE-2023-24329 - Resolves: rhbz#2174013 From 61a82b989bd275222894c2ad5f1d77e697cf0da1 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Mon, 22 May 2023 19:23:07 +0200 Subject: [PATCH 24/66] Remove extra distro-applied CFLAGS passed to user-built C extensions Only -fexceptions and -fcf-protection are preserved for binary compatibility with user-built python C extension. https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction --- python3.6.spec | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index 3492afe..82eca04 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 19%{?dist} +Release: 20%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1029,14 +1029,15 @@ topdir=$(pwd) # Standard library built here will still use the %%build_...flags, # Fedora packages utilizing %%py3_build will use them as well # https://fedoraproject.org/wiki/Changes/Python_Extension_Flags -export CFLAGS="%{extension_cflags} -D_GNU_SOURCE -fPIC -fwrapv" +# https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction +export CFLAGS="%{extension_cflags}" export CFLAGS_NODIST="%{build_cflags} -D_GNU_SOURCE -fPIC -fwrapv" -export CXXFLAGS="%{extension_cxxflags} -D_GNU_SOURCE -fPIC -fwrapv" +export CXXFLAGS="%{extension_cxxflags}" export CPPFLAGS="$(pkg-config --cflags-only-I libffi)" -export OPT="%{extension_cflags} -D_GNU_SOURCE -fPIC -fwrapv" +export OPT="%{extension_cflags}" export LINKCC="gcc" export CFLAGS="$CFLAGS $(pkg-config --cflags openssl)" -export LDFLAGS="%{extension_ldflags} -g $(pkg-config --libs-only-L openssl)" +export LDFLAGS="%{extension_ldflags} $(pkg-config --libs-only-L openssl)" export LDFLAGS_NODIST="%{build_ldflags} -g $(pkg-config --libs-only-L openssl)" # We can build several different configurations of Python: regular and debug. @@ -1882,6 +1883,10 @@ CheckPython optimized # ====================================================== %changelog +* Wed Aug 02 2023 Charalampos Stratakis - 3.6.15-20 +- Remove extra distro-applied CFLAGS passed to user built C extensions +- https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction + * Fri Jul 21 2023 Fedora Release Engineering - 3.6.15-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 2dfbe7e5df8413e00220fee3e0268da72bab0b3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 28 Nov 2023 15:01:38 +0100 Subject: [PATCH 25/66] Fix implicit-function-declarations in configure - Fixes: rhbz#2147519 --- ...igure-check-for-pthread_scope_system.patch | 47 ++++++++ ...13497-fix-broken-nice-configure-test.patch | 25 ++++ ...t-function-declarations-in-configure.patch | 114 ++++++++++++++++++ python3.6.spec | 26 +++- 4 files changed, 211 insertions(+), 1 deletion(-) create mode 100644 00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch create mode 100644 00409-bpo-13497-fix-broken-nice-configure-test.patch create mode 100644 00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch diff --git a/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch b/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch new file mode 100644 index 0000000..5e83173 --- /dev/null +++ b/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Erlend E. Aasland" +Date: Sun, 6 Nov 2022 22:39:34 +0100 +Subject: [PATCH] 00407: gh-99086: Fix implicit int compiler warning in + configure check for PTHREAD_SCOPE_SYSTEM + +Co-authored-by: Sam James +--- + .../next/Build/2022-11-04-02-58-10.gh-issue-99086.DV_4Br.rst | 1 + + configure | 2 +- + configure.ac | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2022-11-04-02-58-10.gh-issue-99086.DV_4Br.rst + +diff --git a/Misc/NEWS.d/next/Build/2022-11-04-02-58-10.gh-issue-99086.DV_4Br.rst b/Misc/NEWS.d/next/Build/2022-11-04-02-58-10.gh-issue-99086.DV_4Br.rst +new file mode 100644 +index 0000000000..e320ecfdfb +--- /dev/null ++++ b/Misc/NEWS.d/next/Build/2022-11-04-02-58-10.gh-issue-99086.DV_4Br.rst +@@ -0,0 +1 @@ ++Fix ``-Wimplicit-int`` compiler warning in :program:`configure` check for ``PTHREAD_SCOPE_SYSTEM``. +diff --git a/configure b/configure +index e39c16eee2..32c27a468d 100755 +--- a/configure ++++ b/configure +@@ -10837,7 +10837,7 @@ else + void *foo(void *parm) { + return NULL; + } +- main() { ++ int main() { + pthread_attr_t attr; + pthread_t id; + if (pthread_attr_init(&attr)) exit(-1); +diff --git a/configure.ac b/configure.ac +index d5ca7172ca..f7668224be 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3185,7 +3185,7 @@ if test "$posix_threads" = "yes"; then + void *foo(void *parm) { + return NULL; + } +- main() { ++ int main() { + pthread_attr_t attr; + pthread_t id; + if (pthread_attr_init(&attr)) exit(-1); diff --git a/00409-bpo-13497-fix-broken-nice-configure-test.patch b/00409-bpo-13497-fix-broken-nice-configure-test.patch new file mode 100644 index 0000000..b4a9205 --- /dev/null +++ b/00409-bpo-13497-fix-broken-nice-configure-test.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: ngie-eign <1574099+ngie-eign@users.noreply.github.com> +Date: Mon, 25 Feb 2019 21:34:24 -0800 +Subject: [PATCH] 00409: bpo-13497: Fix `broken nice` configure test + +Per POSIX, `nice(3)` requires `unistd.h` and `exit(3)` requires `stdlib.h`. + +Fixing the test will prevent false positives with pedantic compilers like clang. +--- + configure.ac | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.ac b/configure.ac +index f7668224be..2696661ab9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4946,6 +4946,8 @@ LIBS=$LIBS_no_readline + AC_MSG_CHECKING(for broken nice()) + AC_CACHE_VAL(ac_cv_broken_nice, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++#include ++#include + int main() + { + int val1 = nice(1); diff --git a/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch b/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch new file mode 100644 index 0000000..89e2a3e --- /dev/null +++ b/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch @@ -0,0 +1,114 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Joshua Root +Date: Mon, 14 Dec 2020 07:56:34 +1100 +Subject: [PATCH] 00410: bpo-42598: Fix implicit function declarations in + configure + +This is invalid in C99 and later and is an error with some compilers +(e.g. clang in Xcode 12), and can thus cause configure checks to +produce incorrect results. +--- + .../Build/2020-12-13-14-43-10.bpo-42598.7ipr5H.rst | 2 ++ + configure | 13 +++++++------ + configure.ac | 13 +++++++------ + 3 files changed, 16 insertions(+), 12 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2020-12-13-14-43-10.bpo-42598.7ipr5H.rst + +diff --git a/Misc/NEWS.d/next/Build/2020-12-13-14-43-10.bpo-42598.7ipr5H.rst b/Misc/NEWS.d/next/Build/2020-12-13-14-43-10.bpo-42598.7ipr5H.rst +new file mode 100644 +index 0000000000..7dafc105c4 +--- /dev/null ++++ b/Misc/NEWS.d/next/Build/2020-12-13-14-43-10.bpo-42598.7ipr5H.rst +@@ -0,0 +1,2 @@ ++Fix implicit function declarations in configure which could have resulted in ++incorrect configuration checks. Patch contributed by Joshua Root. +diff --git a/configure b/configure +index 32c27a468d..68a46deef5 100755 +--- a/configure ++++ b/configure +@@ -10840,10 +10840,10 @@ else + int main() { + pthread_attr_t attr; + pthread_t id; +- if (pthread_attr_init(&attr)) exit(-1); +- if (pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM)) exit(-1); +- if (pthread_create(&id, &attr, foo, NULL)) exit(-1); +- exit(0); ++ if (pthread_attr_init(&attr)) return (-1); ++ if (pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM)) return (-1); ++ if (pthread_create(&id, &attr, foo, NULL)) return (-1); ++ return (0); + } + _ACEOF + if ac_fn_c_try_run "$LINENO"; then : +@@ -14891,7 +14891,7 @@ else + int main() + { + /* Success: exit code 0 */ +- exit((((wchar_t) -1) < ((wchar_t) 0)) ? 0 : 1); ++ return ((((wchar_t) -1) < ((wchar_t) 0)) ? 0 : 1); + } + + _ACEOF +@@ -15213,7 +15213,7 @@ else + + int main() + { +- exit(((-1)>>3 == -1) ? 0 : 1); ++ return (((-1)>>3 == -1) ? 0 : 1); + } + + _ACEOF +@@ -15725,6 +15725,7 @@ else + /* end confdefs.h. */ + + #include ++#include + + int main() + { +diff --git a/configure.ac b/configure.ac +index 2696661ab9..9d2ad9afba 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3188,10 +3188,10 @@ if test "$posix_threads" = "yes"; then + int main() { + pthread_attr_t attr; + pthread_t id; +- if (pthread_attr_init(&attr)) exit(-1); +- if (pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM)) exit(-1); +- if (pthread_create(&id, &attr, foo, NULL)) exit(-1); +- exit(0); ++ if (pthread_attr_init(&attr)) return (-1); ++ if (pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM)) return (-1); ++ if (pthread_create(&id, &attr, foo, NULL)) return (-1); ++ return (0); + }]])], + [ac_cv_pthread_system_supported=yes], + [ac_cv_pthread_system_supported=no], +@@ -4743,7 +4743,7 @@ then + int main() + { + /* Success: exit code 0 */ +- exit((((wchar_t) -1) < ((wchar_t) 0)) ? 0 : 1); ++ return ((((wchar_t) -1) < ((wchar_t) 0)) ? 0 : 1); + } + ]])], + [ac_cv_wchar_t_signed=yes], +@@ -4818,7 +4818,7 @@ AC_CACHE_VAL(ac_cv_rshift_extends_sign, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + int main() + { +- exit(((-1)>>3 == -1) ? 0 : 1); ++ return (((-1)>>3 == -1) ? 0 : 1); + } + ]])], + [ac_cv_rshift_extends_sign=yes], +@@ -4970,6 +4970,7 @@ AC_MSG_CHECKING(for broken poll()) + AC_CACHE_VAL(ac_cv_broken_poll, + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include ++#include + + int main() + { diff --git a/python3.6.spec b/python3.6.spec index 82eca04..92ffa19 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 20%{?dist} +Release: 21%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -626,6 +626,26 @@ Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decode # Backported from Python 3.12 Patch399: 00399-cve-2023-24329.patch +# 00407 # f562db9763f424318fd311e3267d2aed0afadbbe +# gh-99086: Fix implicit int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM +Patch407: 00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch + +# 00409 # e9d6272416d44decf99497e4eca478e44be6a8e2 +# bpo-13497: Fix `broken nice` configure test +# +# Per POSIX, `nice(3)` requires `unistd.h` and `exit(3)` requires `stdlib.h`. +# +# Fixing the test will prevent false positives with pedantic compilers like clang. +Patch409: 00409-bpo-13497-fix-broken-nice-configure-test.patch + +# 00410 # ea9f02d63dc0f772362f520967bce90e4f4d3abd +# bpo-42598: Fix implicit function declarations in configure +# +# This is invalid in C99 and later and is an error with some compilers +# (e.g. clang in Xcode 12), and can thus cause configure checks to +# produce incorrect results. +Patch410: 00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1883,6 +1903,10 @@ CheckPython optimized # ====================================================== %changelog +* Tue Nov 28 2023 Miro Hrončok - 3.6.15-21 +- Fix implicit-function-declarations in configure +- Fixes: rhbz#2147519 + * Wed Aug 02 2023 Charalampos Stratakis - 3.6.15-20 - Remove extra distro-applied CFLAGS passed to user built C extensions - https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction From d0484132530c1bc572ac059c06e686fe7c4df210 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Mon, 18 Dec 2023 13:17:25 +0100 Subject: [PATCH 26/66] Security fix for CVE-2023-27043 (rhbz#2196191) --- ...-addresses-in-email-parseaddr-111116.patch | 500 ++++++++++++++++++ python3.6.spec | 14 +- 2 files changed, 513 insertions(+), 1 deletion(-) create mode 100644 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch diff --git a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch new file mode 100644 index 0000000..3ae30fa --- /dev/null +++ b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch @@ -0,0 +1,500 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 15 Dec 2023 16:10:40 +0100 +Subject: [PATCH] 00415: [CVE-2023-27043] gh-102988: Reject malformed addresses + in email.parseaddr() (#111116) + +Detect email address parsing errors and return empty tuple to +indicate the parsing error (old API). Add an optional 'strict' +parameter to getaddresses() and parseaddr() functions. Patch by +Thomas Dwyer. + +Co-Authored-By: Thomas Dwyer +--- + Doc/library/email.utils.rst | 19 +- + Lib/email/utils.py | 151 ++++++++++++- + Lib/test/test_email/test_email.py | 204 +++++++++++++++++- + ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + + 4 files changed, 361 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst + +diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst +index 63fae2ab84..d1e1898591 100644 +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -60,13 +60,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -84,12 +89,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by +- :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -99,6 +107,9 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: parsedate(date) + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index 39c2240607..f83b7e5d7e 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ TICK = "'" + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s contains surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None ++ ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) ++ ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ if not _check_parenthesis(v): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values + + + +@@ -214,16 +330,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py +index e4e40b612f..ce36efc1b1 100644 +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -19,6 +19,7 @@ except ImportError: + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.header import Header, decode_header, make_header +@@ -3207,15 +3208,154 @@ Foo + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + ++ def test_getaddresses_comma_in_name(self): ++ """GH-106669 regression test.""" ++ self.assertEqual( ++ utils.getaddresses( ++ [ ++ '"Bud, Person" ', ++ 'aperson@dom.ain (Al Person)', ++ '"Mariusz Felisiak" ', ++ ] ++ ), ++ [ ++ ('Bud, Person', 'bperson@dom.ain'), ++ ('Al Person', 'aperson@dom.ain'), ++ ('Mariusz Felisiak', 'to@example.com'), ++ ], ++ ) ++ ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') ++ ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) ++ + def test_getaddresses_nasty(self): +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +@@ -3397,6 +3537,54 @@ multipart/report + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): +diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +new file mode 100644 +index 0000000000..3d0e9e4078 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. diff --git a/python3.6.spec b/python3.6.spec index 92ffa19..38e23b8 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 21%{?dist} +Release: 22%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -646,6 +646,15 @@ Patch409: 00409-bpo-13497-fix-broken-nice-configure-test.patch # produce incorrect results. Patch410: 00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch +# 00415 # b2fcdad7812f48865b2186b08c1ae28e9af65975 +# [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (#111116) +# +# Detect email address parsing errors and return empty tuple to +# indicate the parsing error (old API). Add an optional 'strict' +# parameter to getaddresses() and parseaddr() functions. Patch by +# Thomas Dwyer. +Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1903,6 +1912,9 @@ CheckPython optimized # ====================================================== %changelog +* Mon Dec 18 2023 Lumír Balhar - 3.6.15-22 +- Security fix for CVE-2023-27043 (rhbz#2196191) + * Tue Nov 28 2023 Miro Hrončok - 3.6.15-21 - Fix implicit-function-declarations in configure - Fixes: rhbz#2147519 From dd9d75bd55a63f189be848a4898d4100c61e01ca Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 22 Jan 2024 09:22:16 +0000 Subject: [PATCH 27/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 38e23b8..f2037fd 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 22%{?dist} +Release: 23%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1912,6 +1912,9 @@ CheckPython optimized # ====================================================== %changelog +* Mon Jan 22 2024 Fedora Release Engineering - 3.6.15-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Mon Dec 18 2023 Lumír Balhar - 3.6.15-22 - Security fix for CVE-2023-27043 (rhbz#2196191) From 9b42bb214dbc8bc1084fcf16be90eca02cea7bd0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 26 Jan 2024 13:33:50 +0000 Subject: [PATCH 28/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index f2037fd..0eb41fc 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 23%{?dist} +Release: 24%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1912,6 +1912,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jan 26 2024 Fedora Release Engineering - 3.6.15-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Mon Jan 22 2024 Fedora Release Engineering - 3.6.15-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From ae70f067229b6d46178ad4d0f9eb258dcca26f29 Mon Sep 17 00:00:00 2001 From: Karolina Surma Date: Thu, 25 Jan 2024 15:25:54 +0100 Subject: [PATCH 29/66] Fix test_zlib with zlib-ng-compat --- ...h-non-int-suffix-gh-112771-gh-112774.patch | 66 +++++++++++++++++++ python3.6.spec | 11 +++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch diff --git a/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch b/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch new file mode 100644 index 0000000..6d68ee9 --- /dev/null +++ b/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Tue, 5 Dec 2023 21:02:06 +0100 +Subject: [PATCH] 00419: gh-112769: test_zlib: Fix comparison of + ZLIB_RUNTIME_VERSION with non-int suffix (GH-112771) (GH-112774) + +zlib-ng defines the version as "1.3.0.zlib-ng". +(cherry picked from commit d384813ff18b33280a90b6d2011654528a2b6ad1) +--- + Lib/test/test_zlib.py | 28 ++++++++++++++++------------ + 1 file changed, 16 insertions(+), 12 deletions(-) + +diff --git a/Lib/test/test_zlib.py b/Lib/test/test_zlib.py +index b7170b4ff5..93615e1e1e 100644 +--- a/Lib/test/test_zlib.py ++++ b/Lib/test/test_zlib.py +@@ -16,6 +16,20 @@ requires_Decompress_copy = unittest.skipUnless( + 'requires Decompress.copy()') + + ++def _zlib_runtime_version_tuple(zlib_version=zlib.ZLIB_RUNTIME_VERSION): ++ # Register "1.2.3" as "1.2.3.0" ++ # or "1.2.0-linux","1.2.0.f","1.2.0.f-linux" ++ v = zlib_version.split('-', 1)[0].split('.') ++ if len(v) < 4: ++ v.append('0') ++ elif not v[-1].isnumeric(): ++ v[-1] = '0' ++ return tuple(map(int, v)) ++ ++ ++ZLIB_RUNTIME_VERSION_TUPLE = _zlib_runtime_version_tuple() ++ ++ + class VersionTestCase(unittest.TestCase): + + def test_library_version(self): +@@ -437,9 +451,8 @@ class CompressObjectTestCase(BaseCompressTestCase, unittest.TestCase): + sync_opt = ['Z_NO_FLUSH', 'Z_SYNC_FLUSH', 'Z_FULL_FLUSH', + 'Z_PARTIAL_FLUSH'] + +- ver = tuple(int(v) for v in zlib.ZLIB_RUNTIME_VERSION.split('.')) + # Z_BLOCK has a known failure prior to 1.2.5.3 +- if ver >= (1, 2, 5, 3): ++ if ZLIB_RUNTIME_VERSION_TUPLE >= (1, 2, 5, 3): + sync_opt.append('Z_BLOCK') + + sync_opt = [getattr(zlib, opt) for opt in sync_opt +@@ -762,16 +775,7 @@ class CompressObjectTestCase(BaseCompressTestCase, unittest.TestCase): + + def test_wbits(self): + # wbits=0 only supported since zlib v1.2.3.5 +- # Register "1.2.3" as "1.2.3.0" +- # or "1.2.0-linux","1.2.0.f","1.2.0.f-linux" +- v = zlib.ZLIB_RUNTIME_VERSION.split('-', 1)[0].split('.') +- if len(v) < 4: +- v.append('0') +- elif not v[-1].isnumeric(): +- v[-1] = '0' +- +- v = tuple(map(int, v)) +- supports_wbits_0 = v >= (1, 2, 3, 5) ++ supports_wbits_0 = ZLIB_RUNTIME_VERSION_TUPLE >= (1, 2, 3, 5) + + co = zlib.compressobj(level=1, wbits=15) + zlib15 = co.compress(HAMLET_SCENE) + co.flush() diff --git a/python3.6.spec b/python3.6.spec index 0eb41fc..13b58fd 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 24%{?dist} +Release: 25%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -655,6 +655,12 @@ Patch410: 00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch # Thomas Dwyer. Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +# 00419 # f13682530cc7e4daec2e40acd56508846fdd3aad +# gh-112769: test_zlib: Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix (GH-112771) (GH-112774) +# +# zlib-ng defines the version as "1.3.0.zlib-ng". +Patch419: 00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1912,6 +1918,9 @@ CheckPython optimized # ====================================================== %changelog +* Mon Jan 29 2024 Karolina Surma - 3.6.15-25 +- Fix test_zlib when building with zlib-ng-compat + * Fri Jan 26 2024 Fedora Release Engineering - 3.6.15-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 882b7bd781fb79dac34e1780959da90b8d107a0c Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 28 Feb 2024 15:41:29 +0100 Subject: [PATCH 30/66] Fix tests for XMLPullParser with Expat 2.6.0 See also: https://bugzilla.redhat.com/2264859 --- ...s-for-xmlpullparser-with-expat-2-6-0.patch | 107 ++++++++++++++++++ python3.6.spec | 12 +- 2 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch diff --git a/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch b/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch new file mode 100644 index 0000000..e053302 --- /dev/null +++ b/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch @@ -0,0 +1,107 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Sun, 11 Feb 2024 12:08:39 +0200 +Subject: [PATCH] 00422: gh-115133: Fix tests for XMLPullParser with Expat + 2.6.0 + +Feeding the parser by too small chunks defers parsing to prevent +CVE-2023-52425. Future versions of Expat may be more reactive. + +(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) +--- + Lib/test/test_xml_etree.py | 58 ++++++++++++------- + ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 + + 2 files changed, 38 insertions(+), 22 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst + +diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py +index acaa519f42..2195eb9485 100644 +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -10,6 +10,7 @@ import html + import io + import operator + import pickle ++import pyexpat + import sys + import types + import unittest +@@ -97,6 +98,10 @@ EXTERNAL_ENTITY_XML = """\ + &entity; + """ + ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if pyexpat.version_info >= (2, 6, 0) else ++ lambda test: test) ++ + class ModuleTest(unittest.TestCase): + def test_sanity(self): + # Import sanity. +@@ -1044,28 +1049,37 @@ class XMLPullParserTest(unittest.TestCase): + self.assertEqual([(action, elem.tag) for action, elem in events], + expected) + +- def test_simple_xml(self): +- for chunk_size in (None, 1, 5): +- with self.subTest(chunk_size=chunk_size): +- parser = ET.XMLPullParser() +- self.assert_event_tags(parser, []) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, []) +- self._feed(parser, +- "\n text\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'element')]) +- self._feed(parser, "texttail\n", chunk_size) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [ +- ('end', 'element'), +- ('end', 'empty-element'), +- ]) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'root')]) +- self.assertIsNone(parser.close()) ++ def test_simple_xml(self, chunk_size=None): ++ parser = ET.XMLPullParser() ++ self.assert_event_tags(parser, []) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, []) ++ self._feed(parser, ++ "\n text\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'element')]) ++ self._feed(parser, "texttail\n", chunk_size) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [ ++ ('end', 'element'), ++ ('end', 'empty-element'), ++ ]) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'root')]) ++ self.assertIsNone(parser.close()) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_1(self): ++ self.test_simple_xml(chunk_size=1) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_5(self): ++ self.test_simple_xml(chunk_size=5) ++ ++ def test_simple_xml_chunk_22(self): ++ self.test_simple_xml(chunk_size=22) + + def test_feed_while_iterating(self): + parser = ET.XMLPullParser() +diff --git a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +new file mode 100644 +index 0000000000..6f1015235c +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +@@ -0,0 +1,2 @@ ++Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat ++2.6.0. diff --git a/python3.6.spec b/python3.6.spec index 13b58fd..77728f6 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 25%{?dist} +Release: 26%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -661,6 +661,13 @@ Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-par # zlib-ng defines the version as "1.3.0.zlib-ng". Patch419: 00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch +# 00422 # fefea32e0c70109a5c88e3d22ec9ff554fcbc6ab +# gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 +# +# Feeding the parser by too small chunks defers parsing to prevent +# CVE-2023-52425. Future versions of Expat may be more reactive. +Patch422: 00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1918,6 +1925,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Feb 28 2024 Charalampos Stratakis - 3.6.15-26 +- Fix tests for XMLPullParser with Expat 2.6.0 + * Mon Jan 29 2024 Karolina Surma - 3.6.15-25 - Fix test_zlib when building with zlib-ng-compat From 98e458e2e0184bc894599212c55c48d5885eba22 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 29 Feb 2024 02:20:46 +0100 Subject: [PATCH 31/66] Security fix for CVE-2007-4559 Fixes: rhzb#2141080 --- ...59-filter-api-for-tarfile-extractall.patch | 2465 +++++++++++++++++ pip-CVE-2007-4559.patch | 42 + python3.6.spec | 29 +- 3 files changed, 2535 insertions(+), 1 deletion(-) create mode 100644 00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch create mode 100644 pip-CVE-2007-4559.patch diff --git a/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch b/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch new file mode 100644 index 0000000..b158945 --- /dev/null +++ b/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch @@ -0,0 +1,2465 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Wed, 7 Jun 2023 14:53:48 +0200 +Subject: [PATCH] 00397: PEP 706, CVE-2007-4559: Filter API for + tarfile.extractall + +Add API for allowing checks on the content of tar files, allowing callers to mitigate +directory traversal (CVE-2007-4559) and related issues. + +Python 3.12 will warn if this API is not used. +Python 3.14 will fail if it's not used. + +Backport from https://github.com/python/cpython/issues/102950 + +Change document: https://peps.python.org/pep-0706/ +--- + Doc/library/shutil.rst | 31 +- + Doc/library/tarfile.rst | 447 ++++++++- + Doc/whatsnew/3.6.rst | 17 +- + Lib/shutil.py | 18 +- + Lib/tarfile.py | 359 ++++++- + Lib/test/support/__init__.py | 24 + + Lib/test/test_shutil.py | 40 +- + Lib/test/test_tarfile.py | 926 +++++++++++++++++- + ...-03-23-15-24-38.gh-issue-102953.YR4KaK.rst | 4 + + 9 files changed, 1789 insertions(+), 77 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst + +diff --git a/Doc/library/shutil.rst b/Doc/library/shutil.rst +index c3f7bd6640..29ef5259cb 100644 +--- a/Doc/library/shutil.rst ++++ b/Doc/library/shutil.rst +@@ -537,7 +537,7 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules. + Remove the archive format *name* from the list of supported formats. + + +-.. function:: unpack_archive(filename[, extract_dir[, format]]) ++.. function:: unpack_archive(filename[, extract_dir[, format[, filter]]]) + + Unpack an archive. *filename* is the full path of the archive. + +@@ -551,6 +551,24 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules. + registered for that extension. In case none is found, + a :exc:`ValueError` is raised. + ++ The keyword-only *filter* argument, which was added in Python 3.6.16, ++ is passed to the underlying unpacking function. ++ For zip files, *filter* is not accepted. ++ For tar files, it is recommended to set it to ``'data'``, ++ unless using features specific to tar and UNIX-like filesystems. ++ (See :ref:`tarfile-extraction-filter` for details.) ++ The ``'data'`` filter will become the default for tar files ++ in Python 3.14. ++ ++ .. warning:: ++ ++ Never extract archives from untrusted sources without prior inspection. ++ It is possible that files are created outside of the path specified in ++ the *extract_dir* argument, e.g. members that have absolute filenames ++ starting with "/" or filenames with two dots "..". ++ ++ .. versionchanged:: 3.6.16 ++ Added the *filter* argument. + + .. function:: register_unpack_format(name, extensions, function[, extra_args[, description]]) + +@@ -559,11 +577,14 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules. + ``.zip`` for Zip files. + + *function* is the callable that will be used to unpack archives. The +- callable will receive the path of the archive, followed by the directory +- the archive must be extracted to. ++ callable will receive: + +- When provided, *extra_args* is a sequence of ``(name, value)`` tuples that +- will be passed as keywords arguments to the callable. ++ - the path of the archive, as a positional argument; ++ - the directory the archive must be extracted to, as a positional argument; ++ - possibly a *filter* keyword argument, if it was given to ++ :func:`unpack_archive`; ++ - additional keyword arguments, specified by *extra_args* as a sequence ++ of ``(name, value)`` tuples. + + *description* can be provided to describe the format, and will be returned + by the :func:`get_unpack_formats` function. +diff --git a/Doc/library/tarfile.rst b/Doc/library/tarfile.rst +index 337c061107..f6dc9a7038 100644 +--- a/Doc/library/tarfile.rst ++++ b/Doc/library/tarfile.rst +@@ -199,6 +199,38 @@ The :mod:`tarfile` module defines the following exceptions: + Is raised by :meth:`TarInfo.frombuf` if the buffer it gets is invalid. + + ++.. exception:: FilterError ++ ++ Base class for members :ref:`refused ` by ++ filters. ++ ++ .. attribute:: tarinfo ++ ++ Information about the member that the filter refused to extract, ++ as :ref:`TarInfo `. ++ ++.. exception:: AbsolutePathError ++ ++ Raised to refuse extracting a member with an absolute path. ++ ++.. exception:: OutsideDestinationError ++ ++ Raised to refuse extracting a member outside the destination directory. ++ ++.. exception:: SpecialFileError ++ ++ Raised to refuse extracting a special file (e.g. a device or pipe). ++ ++.. exception:: AbsoluteLinkError ++ ++ Raised to refuse extracting a symbolic link with an absolute path. ++ ++.. exception:: LinkOutsideDestinationError ++ ++ Raised to refuse extracting a symbolic link pointing outside the destination ++ directory. ++ ++ + The following constants are available at the module level: + + .. data:: ENCODING +@@ -304,11 +336,8 @@ be finalized; only the internally used file object will be closed. See the + *debug* can be set from ``0`` (no debug messages) up to ``3`` (all debug + messages). The messages are written to ``sys.stderr``. + +- If *errorlevel* is ``0``, all errors are ignored when using :meth:`TarFile.extract`. +- Nevertheless, they appear as error messages in the debug output, when debugging +- is enabled. If ``1``, all *fatal* errors are raised as :exc:`OSError` +- exceptions. If ``2``, all *non-fatal* errors are raised as :exc:`TarError` +- exceptions as well. ++ *errorlevel* controls how extraction errors are handled, ++ see :attr:`the corresponding attribute <~TarFile.errorlevel>`. + + The *encoding* and *errors* arguments define the character encoding to be + used for reading or writing the archive and how conversion errors are going +@@ -375,7 +404,7 @@ be finalized; only the internally used file object will be closed. See the + available. + + +-.. method:: TarFile.extractall(path=".", members=None, *, numeric_owner=False) ++.. method:: TarFile.extractall(path=".", members=None, *, numeric_owner=False, filter=None) + + Extract all members from the archive to the current working directory or + directory *path*. If optional *members* is given, it must be a subset of the +@@ -389,6 +418,12 @@ be finalized; only the internally used file object will be closed. See the + are used to set the owner/group for the extracted files. Otherwise, the named + values from the tarfile are used. + ++ The *filter* argument, which was added in Python 3.6.16, specifies how ++ ``members`` are modified or rejected before extraction. ++ See :ref:`tarfile-extraction-filter` for details. ++ It is recommended to set this explicitly depending on which *tar* features ++ you need to support. ++ + .. warning:: + + Never extract archives from untrusted sources without prior inspection. +@@ -396,14 +431,20 @@ be finalized; only the internally used file object will be closed. See the + that have absolute filenames starting with ``"/"`` or filenames with two + dots ``".."``. + ++ Set ``filter='data'`` to prevent the most dangerous security issues, ++ and read the :ref:`tarfile-extraction-filter` section for details. ++ + .. versionchanged:: 3.5 + Added the *numeric_owner* parameter. + + .. versionchanged:: 3.6 + The *path* parameter accepts a :term:`path-like object`. + ++ .. versionchanged:: 3.6.16 ++ Added the *filter* parameter. + +-.. method:: TarFile.extract(member, path="", set_attrs=True, *, numeric_owner=False) ++ ++.. method:: TarFile.extract(member, path="", set_attrs=True, *, numeric_owner=False, filter=None) + + Extract a member from the archive to the current working directory, using its + full name. Its file information is extracted as accurately as possible. *member* +@@ -411,9 +452,8 @@ be finalized; only the internally used file object will be closed. See the + directory using *path*. *path* may be a :term:`path-like object`. + File attributes (owner, mtime, mode) are set unless *set_attrs* is false. + +- If *numeric_owner* is :const:`True`, the uid and gid numbers from the tarfile +- are used to set the owner/group for the extracted files. Otherwise, the named +- values from the tarfile are used. ++ The *numeric_owner* and *filter* arguments are the same as ++ for :meth:`extractall`. + + .. note:: + +@@ -424,6 +464,9 @@ be finalized; only the internally used file object will be closed. See the + + See the warning for :meth:`extractall`. + ++ Set ``filter='data'`` to prevent the most dangerous security issues, ++ and read the :ref:`tarfile-extraction-filter` section for details. ++ + .. versionchanged:: 3.2 + Added the *set_attrs* parameter. + +@@ -433,6 +476,9 @@ be finalized; only the internally used file object will be closed. See the + .. versionchanged:: 3.6 + The *path* parameter accepts a :term:`path-like object`. + ++ .. versionchanged:: 3.6.16 ++ Added the *filter* parameter. ++ + + .. method:: TarFile.extractfile(member) + +@@ -444,6 +490,56 @@ be finalized; only the internally used file object will be closed. See the + .. versionchanged:: 3.3 + Return an :class:`io.BufferedReader` object. + ++.. attribute:: TarFile.errorlevel ++ ++ If *errorlevel* is ``0``, errors are ignored when using :meth:`TarFile.extract` ++ and :meth:`TarFile.extractall`. ++ Nevertheless, they appear as error messages in the debug output when ++ *debug* is greater than 0. ++ If ``1`` (the default), all *fatal* errors are raised as :exc:`OSError` or ++ :exc:`FilterError` exceptions. If ``2``, all *non-fatal* errors are raised ++ as :exc:`TarError` exceptions as well. ++ ++ Some exceptions, e.g. ones caused by wrong argument types or data ++ corruption, are always raised. ++ ++ Custom :ref:`extraction filters ` ++ should raise :exc:`FilterError` for *fatal* errors ++ and :exc:`ExtractError` for *non-fatal* ones. ++ ++ Note that when an exception is raised, the archive may be partially ++ extracted. It is the user’s responsibility to clean up. ++ ++.. attribute:: TarFile.extraction_filter ++ ++ .. versionadded:: 3.6.16 ++ ++ The :ref:`extraction filter ` used ++ as a default for the *filter* argument of :meth:`~TarFile.extract` ++ and :meth:`~TarFile.extractall`. ++ ++ The attribute may be ``None`` or a callable. ++ String names are not allowed for this attribute, unlike the *filter* ++ argument to :meth:`~TarFile.extract`. ++ ++ If ``extraction_filter`` is ``None`` (the default), ++ calling an extraction method without a *filter* argument will ++ use the :func:`fully_trusted ` filter for ++ compatibility with previous Python versions. ++ ++ In Python 3.12+, leaving ``extraction_filter=None`` will emit a ++ ``DeprecationWarning``. ++ ++ In Python 3.14+, leaving ``extraction_filter=None`` will cause ++ extraction methods to use the :func:`data ` filter by default. ++ ++ The attribute may be set on instances or overridden in subclasses. ++ It also is possible to set it on the ``TarFile`` class itself to set a ++ global default, although, since it affects all uses of *tarfile*, ++ it is best practice to only do so in top-level applications or ++ :mod:`site configuration `. ++ To set a global default this way, a filter function needs to be wrapped in ++ :func:`staticmethod()` to prevent injection of a ``self`` argument. + + .. method:: TarFile.add(name, arcname=None, recursive=True, exclude=None, *, filter=None) + +@@ -522,7 +618,27 @@ permissions, owner etc.), it provides some useful methods to determine its type. + It does *not* contain the file's data itself. + + :class:`TarInfo` objects are returned by :class:`TarFile`'s methods +-:meth:`getmember`, :meth:`getmembers` and :meth:`gettarinfo`. ++:meth:`~TarFile.getmember`, :meth:`~TarFile.getmembers` and ++:meth:`~TarFile.gettarinfo`. ++ ++Modifying the objects returned by :meth:`~!TarFile.getmember` or ++:meth:`~!TarFile.getmembers` will affect all subsequent ++operations on the archive. ++For cases where this is unwanted, you can use :mod:`copy.copy() ` or ++call the :meth:`~TarInfo.replace` method to create a modified copy in one step. ++ ++Several attributes can be set to ``None`` to indicate that a piece of metadata ++is unused or unknown. ++Different :class:`TarInfo` methods handle ``None`` differently: ++ ++- The :meth:`~TarFile.extract` or :meth:`~TarFile.extractall` methods will ++ ignore the corresponding metadata, leaving it set to a default. ++- :meth:`~TarFile.addfile` will fail. ++- :meth:`~TarFile.list` will print a placeholder string. ++ ++ ++.. versionchanged:: 3.6.16 ++ Added :meth:`~TarInfo.replace` and handling of ``None``. + + + .. class:: TarInfo(name="") +@@ -567,13 +683,24 @@ A ``TarInfo`` object has the following public data attributes: + + .. attribute:: TarInfo.mtime + +- Time of last modification. ++ Time of last modification in seconds since the :ref:`epoch `, ++ as in :attr:`os.stat_result.st_mtime`. + ++ .. versionchanged:: 3.6.16 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.mode + +- Permission bits. ++ Permission bits, as for :func:`os.chmod`. + ++ .. versionchanged:: 3.6.16 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.type + +@@ -594,26 +721,61 @@ A ``TarInfo`` object has the following public data attributes: + + User ID of the user who originally stored this member. + ++ .. versionchanged:: 3.6.16 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.gid + + Group ID of the user who originally stored this member. + ++ .. versionchanged:: 3.6.16 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.uname + + User name. + ++ .. versionchanged:: 3.6.16 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.gname + + Group name. + ++ .. versionchanged:: 3.6.16 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.pax_headers + + A dictionary containing key-value pairs of an associated pax extended header. + ++.. method:: TarInfo.replace(name=..., mtime=..., mode=..., linkname=..., ++ uid=..., gid=..., uname=..., gname=..., ++ deep=True) ++ ++ .. versionadded:: 3.6.16 ++ ++ Return a *new* copy of the :class:`!TarInfo` object with the given attributes ++ changed. For example, to return a ``TarInfo`` with the group name set to ++ ``'staff'``, use:: ++ ++ new_tarinfo = old_tarinfo.replace(gname='staff') ++ ++ By default, a deep copy is made. ++ If *deep* is false, the copy is shallow, i.e. ``pax_headers`` ++ and any custom attributes are shared with the original ``TarInfo`` object. + + A :class:`TarInfo` object also provides some convenient query methods: + +@@ -663,9 +825,259 @@ A :class:`TarInfo` object also provides some convenient query methods: + Return :const:`True` if it is one of character device, block device or FIFO. + + ++.. _tarfile-extraction-filter: ++ ++Extraction filters ++------------------ ++ ++.. versionadded:: 3.6.16 ++ ++The *tar* format is designed to capture all details of a UNIX-like filesystem, ++which makes it very powerful. ++Unfortunately, the features make it easy to create tar files that have ++unintended -- and possibly malicious -- effects when extracted. ++For example, extracting a tar file can overwrite arbitrary files in various ++ways (e.g. by using absolute paths, ``..`` path components, or symlinks that ++affect later members). ++ ++In most cases, the full functionality is not needed. ++Therefore, *tarfile* supports extraction filters: a mechanism to limit ++functionality, and thus mitigate some of the security issues. ++ ++.. seealso:: ++ ++ :pep:`706` ++ Contains further motivation and rationale behind the design. ++ ++The *filter* argument to :meth:`TarFile.extract` or :meth:`~TarFile.extractall` ++can be: ++ ++* the string ``'fully_trusted'``: Honor all metadata as specified in the ++ archive. ++ Should be used if the user trusts the archive completely, or implements ++ their own complex verification. ++ ++* the string ``'tar'``: Honor most *tar*-specific features (i.e. features of ++ UNIX-like filesystems), but block features that are very likely to be ++ surprising or malicious. See :func:`tar_filter` for details. ++ ++* the string ``'data'``: Ignore or block most features specific to UNIX-like ++ filesystems. Intended for extracting cross-platform data archives. ++ See :func:`data_filter` for details. ++ ++* ``None`` (default): Use :attr:`TarFile.extraction_filter`. ++ ++ If that is also ``None`` (the default), the ``'fully_trusted'`` ++ filter will be used (for compatibility with earlier versions of Python). ++ ++ In Python 3.12, the default will emit a ``DeprecationWarning``. ++ ++ In Python 3.14, the ``'data'`` filter will become the default instead. ++ It's possible to switch earlier; see :attr:`TarFile.extraction_filter`. ++ ++* A callable which will be called for each extracted member with a ++ :ref:`TarInfo ` describing the member and the destination ++ path to where the archive is extracted (i.e. the same path is used for all ++ members):: ++ ++ filter(/, member: TarInfo, path: str) -> TarInfo | None ++ ++ The callable is called just before each member is extracted, so it can ++ take the current state of the disk into account. ++ It can: ++ ++ - return a :class:`TarInfo` object which will be used instead of the metadata ++ in the archive, or ++ - return ``None``, in which case the member will be skipped, or ++ - raise an exception to abort the operation or skip the member, ++ depending on :attr:`~TarFile.errorlevel`. ++ Note that when extraction is aborted, :meth:`~TarFile.extractall` may leave ++ the archive partially extracted. It does not attempt to clean up. ++ ++Default named filters ++~~~~~~~~~~~~~~~~~~~~~ ++ ++The pre-defined, named filters are available as functions, so they can be ++reused in custom filters: ++ ++.. function:: fully_trusted_filter(/, member, path) ++ ++ Return *member* unchanged. ++ ++ This implements the ``'fully_trusted'`` filter. ++ ++.. function:: tar_filter(/, member, path) ++ ++ Implements the ``'tar'`` filter. ++ ++ - Strip leading slashes (``/`` and :attr:`os.sep`) from filenames. ++ - :ref:`Refuse ` to extract files with absolute ++ paths (in case the name is absolute ++ even after stripping slashes, e.g. ``C:/foo`` on Windows). ++ This raises :class:`~tarfile.AbsolutePathError`. ++ - :ref:`Refuse ` to extract files whose absolute ++ path (after following symlinks) would end up outside the destination. ++ This raises :class:`~tarfile.OutsideDestinationError`. ++ - Clear high mode bits (setuid, setgid, sticky) and group/other write bits ++ (:attr:`~stat.S_IWGRP`|:attr:`~stat.S_IWOTH`). ++ ++ Return the modified ``TarInfo`` member. ++ ++.. function:: data_filter(/, member, path) ++ ++ Implements the ``'data'`` filter. ++ In addition to what ``tar_filter`` does: ++ ++ - :ref:`Refuse ` to extract links (hard or soft) ++ that link to absolute paths, or ones that link outside the destination. ++ ++ This raises :class:`~tarfile.AbsoluteLinkError` or ++ :class:`~tarfile.LinkOutsideDestinationError`. ++ ++ Note that such files are refused even on platforms that do not support ++ symbolic links. ++ ++ - :ref:`Refuse ` to extract device files ++ (including pipes). ++ This raises :class:`~tarfile.SpecialFileError`. ++ ++ - For regular files, including hard links: ++ ++ - Set the owner read and write permissions ++ (:attr:`~stat.S_IRUSR`|:attr:`~stat.S_IWUSR`). ++ - Remove the group & other executable permission ++ (:attr:`~stat.S_IXGRP`|:attr:`~stat.S_IXOTH`) ++ if the owner doesn’t have it (:attr:`~stat.S_IXUSR`). ++ ++ - For other files (directories), set ``mode`` to ``None``, so ++ that extraction methods skip applying permission bits. ++ - Set user and group info (``uid``, ``gid``, ``uname``, ``gname``) ++ to ``None``, so that extraction methods skip setting it. ++ ++ Return the modified ``TarInfo`` member. ++ ++ ++.. _tarfile-extraction-refuse: ++ ++Filter errors ++~~~~~~~~~~~~~ ++ ++When a filter refuses to extract a file, it will raise an appropriate exception, ++a subclass of :class:`~tarfile.FilterError`. ++This will abort the extraction if :attr:`TarFile.errorlevel` is 1 or more. ++With ``errorlevel=0`` the error will be logged and the member will be skipped, ++but extraction will continue. ++ ++ ++Hints for further verification ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Even with ``filter='data'``, *tarfile* is not suited for extracting untrusted ++files without prior inspection. ++Among other issues, the pre-defined filters do not prevent denial-of-service ++attacks. Users should do additional checks. ++ ++Here is an incomplete list of things to consider: ++ ++* Extract to a :func:`new temporary directory ` ++ to prevent e.g. exploiting pre-existing links, and to make it easier to ++ clean up after a failed extraction. ++* When working with untrusted data, use external (e.g. OS-level) limits on ++ disk, memory and CPU usage. ++* Check filenames against an allow-list of characters ++ (to filter out control characters, confusables, foreign path separators, ++ etc.). ++* Check that filenames have expected extensions (discouraging files that ++ execute when you “click on them”, or extension-less files like Windows special device names). ++* Limit the number of extracted files, total size of extracted data, ++ filename length (including symlink length), and size of individual files. ++* Check for files that would be shadowed on case-insensitive filesystems. ++ ++Also note that: ++ ++* Tar files may contain multiple versions of the same file. ++ Later ones are expected to overwrite any earlier ones. ++ This feature is crucial to allow updating tape archives, but can be abused ++ maliciously. ++* *tarfile* does not protect against issues with “live” data, ++ e.g. an attacker tinkering with the destination (or source) directory while ++ extraction (or archiving) is in progress. ++ ++ ++Supporting older Python versions ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Extraction filters were added to Python 3.12, and are backported to older ++versions as security updates. ++To check whether the feature is available, use e.g. ++``hasattr(tarfile, 'data_filter')`` rather than checking the Python version. ++ ++The following examples show how to support Python versions with and without ++the feature. ++Note that setting ``extraction_filter`` will affect any subsequent operations. ++ ++* Fully trusted archive:: ++ ++ my_tarfile.extraction_filter = (lambda member, path: member) ++ my_tarfile.extractall() ++ ++* Use the ``'data'`` filter if available, but revert to Python 3.11 behavior ++ (``'fully_trusted'``) if this feature is not available:: ++ ++ my_tarfile.extraction_filter = getattr(tarfile, 'data_filter', ++ (lambda member, path: member)) ++ my_tarfile.extractall() ++ ++* Use the ``'data'`` filter; *fail* if it is not available:: ++ ++ my_tarfile.extractall(filter=tarfile.data_filter) ++ ++ or:: ++ ++ my_tarfile.extraction_filter = tarfile.data_filter ++ my_tarfile.extractall() ++ ++* Use the ``'data'`` filter; *warn* if it is not available:: ++ ++ if hasattr(tarfile, 'data_filter'): ++ my_tarfile.extractall(filter='data') ++ else: ++ # remove this when no longer needed ++ warn_the_user('Extracting may be unsafe; consider updating Python') ++ my_tarfile.extractall() ++ ++ ++Stateful extraction filter example ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++While *tarfile*'s extraction methods take a simple *filter* callable, ++custom filters may be more complex objects with an internal state. ++It may be useful to write these as context managers, to be used like this:: ++ ++ with StatefulFilter() as filter_func: ++ tar.extractall(path, filter=filter_func) ++ ++Such a filter can be written as, for example:: ++ ++ class StatefulFilter: ++ def __init__(self): ++ self.file_count = 0 ++ ++ def __enter__(self): ++ return self ++ ++ def __call__(self, member, path): ++ self.file_count += 1 ++ return member ++ ++ def __exit__(self, *exc_info): ++ print(f'{self.file_count} files extracted') ++ ++ + .. _tarfile-commandline: + .. program:: tarfile + ++ + Command-Line Interface + ---------------------- + +@@ -735,6 +1147,15 @@ Command-line options + + Verbose output. + ++.. cmdoption:: --filter ++ ++ Specifies the *filter* for ``--extract``. ++ See :ref:`tarfile-extraction-filter` for details. ++ Only string names are accepted (that is, ``fully_trusted``, ``tar``, ++ and ``data``). ++ ++ .. versionadded:: 3.6.16 ++ + .. _tar-examples: + + Examples +diff --git a/Doc/whatsnew/3.6.rst b/Doc/whatsnew/3.6.rst +index 19811f4a81..7b018dfed7 100644 +--- a/Doc/whatsnew/3.6.rst ++++ b/Doc/whatsnew/3.6.rst +@@ -2489,7 +2489,6 @@ URL by the parser :func:`urllib.parse` preventing such attacks. The removal + characters are controlled by a new module level variable + ``urllib.parse._UNSAFE_URL_BYTES_TO_REMOVE``. (See :issue:`43882`) + +- + Notable security feature in 3.6.15-13 + ===================================== + +@@ -2503,3 +2502,19 @@ This limit can be configured or disabled by environment variable, command + line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion + length limitation ` documentation. The default limit + is 4300 digits in string form. ++ ++Notable Changes in a backport ++============================= ++ ++tarfile ++------- ++ ++* The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`, ++ have a new a *filter* argument that allows limiting tar features than may be ++ surprising or dangerous, such as creating files outside the destination ++ directory. ++ See :ref:`tarfile-extraction-filter` for details. ++ In Python 3.12, use without the *filter* argument will show a ++ :exc:`DeprecationWarning`. ++ In Python 3.14, the default will switch to ``'data'``. ++ (Contributed by Petr Viktorin in :pep:`706`.) +diff --git a/Lib/shutil.py b/Lib/shutil.py +index dd12448454..d687de1bbf 100644 +--- a/Lib/shutil.py ++++ b/Lib/shutil.py +@@ -908,7 +908,7 @@ def _unpack_zipfile(filename, extract_dir): + finally: + zip.close() + +-def _unpack_tarfile(filename, extract_dir): ++def _unpack_tarfile(filename, extract_dir, *, filter=None): + """Unpack tar/tar.gz/tar.bz2/tar.xz `filename` to `extract_dir` + """ + import tarfile # late import for breaking circular dependency +@@ -918,7 +918,7 @@ def _unpack_tarfile(filename, extract_dir): + raise ReadError( + "%s is not a compressed or uncompressed tar file" % filename) + try: +- tarobj.extractall(extract_dir) ++ tarobj.extractall(extract_dir, filter=filter) + finally: + tarobj.close() + +@@ -946,7 +946,7 @@ def _find_unpack_format(filename): + return name + return None + +-def unpack_archive(filename, extract_dir=None, format=None): ++def unpack_archive(filename, extract_dir=None, format=None, *, filter=None): + """Unpack an archive. + + `filename` is the name of the archive. +@@ -960,10 +960,19 @@ def unpack_archive(filename, extract_dir=None, format=None): + was registered for that extension. + + In case none is found, a ValueError is raised. ++ ++ If `filter` is given, it is passed to the underlying ++ extraction function. + """ + if extract_dir is None: + extract_dir = os.getcwd() + ++ ++ if filter is None: ++ filter_kwargs = {} ++ else: ++ filter_kwargs = {'filter': filter} ++ + if format is not None: + try: + format_info = _UNPACK_FORMATS[format] +@@ -971,7 +980,7 @@ def unpack_archive(filename, extract_dir=None, format=None): + raise ValueError("Unknown unpack format '{0}'".format(format)) + + func = format_info[1] +- func(filename, extract_dir, **dict(format_info[2])) ++ func(filename, extract_dir, **dict(format_info[2]), **filter_kwargs) + else: + # we need to look at the registered unpackers supported extensions + format = _find_unpack_format(filename) +@@ -980,6 +989,7 @@ def unpack_archive(filename, extract_dir=None, format=None): + + func = _UNPACK_FORMATS[format][1] + kwargs = dict(_UNPACK_FORMATS[format][2]) ++ kwargs.update(filter_kwargs) + func(filename, extract_dir, **kwargs) + + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index 2ea47978ff..c18590325a 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -48,6 +48,7 @@ import time + import struct + import copy + import re ++import warnings + + try: + import pwd +@@ -73,6 +74,7 @@ __all__ = ["TarFile", "TarInfo", "is_tarfile", "TarError", "ReadError", + "ENCODING", "USTAR_FORMAT", "GNU_FORMAT", "PAX_FORMAT", + "DEFAULT_FORMAT", "open"] + ++ + #--------------------------------------------------------- + # tar constants + #--------------------------------------------------------- +@@ -160,6 +162,8 @@ else: + def stn(s, length, encoding, errors): + """Convert a string to a null-terminated bytes object. + """ ++ if s is None: ++ raise ValueError("metadata cannot contain None") + s = s.encode(encoding, errors) + return s[:length] + (length - len(s)) * NUL + +@@ -721,9 +725,127 @@ class ExFileObject(io.BufferedReader): + super().__init__(fileobj) + #class ExFileObject + ++ ++#----------------------------- ++# extraction filters (PEP 706) ++#----------------------------- ++ ++class FilterError(TarError): ++ pass ++ ++class AbsolutePathError(FilterError): ++ def __init__(self, tarinfo): ++ self.tarinfo = tarinfo ++ super().__init__(f'member {tarinfo.name!r} has an absolute path') ++ ++class OutsideDestinationError(FilterError): ++ def __init__(self, tarinfo, path): ++ self.tarinfo = tarinfo ++ self._path = path ++ super().__init__(f'{tarinfo.name!r} would be extracted to {path!r}, ' ++ + 'which is outside the destination') ++ ++class SpecialFileError(FilterError): ++ def __init__(self, tarinfo): ++ self.tarinfo = tarinfo ++ super().__init__(f'{tarinfo.name!r} is a special file') ++ ++class AbsoluteLinkError(FilterError): ++ def __init__(self, tarinfo): ++ self.tarinfo = tarinfo ++ super().__init__(f'{tarinfo.name!r} is a symlink to an absolute path') ++ ++class LinkOutsideDestinationError(FilterError): ++ def __init__(self, tarinfo, path): ++ self.tarinfo = tarinfo ++ self._path = path ++ super().__init__(f'{tarinfo.name!r} would link to {path!r}, ' ++ + 'which is outside the destination') ++ ++def _get_filtered_attrs(member, dest_path, for_data=True): ++ new_attrs = {} ++ name = member.name ++ dest_path = os.path.realpath(dest_path) ++ # Strip leading / (tar's directory separator) from filenames. ++ # Include os.sep (target OS directory separator) as well. ++ if name.startswith(('/', os.sep)): ++ name = new_attrs['name'] = member.path.lstrip('/' + os.sep) ++ if os.path.isabs(name): ++ # Path is absolute even after stripping. ++ # For example, 'C:/foo' on Windows. ++ raise AbsolutePathError(member) ++ # Ensure we stay in the destination ++ target_path = os.path.realpath(os.path.join(dest_path, name)) ++ if os.path.commonpath([target_path, dest_path]) != dest_path: ++ raise OutsideDestinationError(member, target_path) ++ # Limit permissions (no high bits, and go-w) ++ mode = member.mode ++ if mode is not None: ++ # Strip high bits & group/other write bits ++ mode = mode & 0o755 ++ if for_data: ++ # For data, handle permissions & file types ++ if member.isreg() or member.islnk(): ++ if not mode & 0o100: ++ # Clear executable bits if not executable by user ++ mode &= ~0o111 ++ # Ensure owner can read & write ++ mode |= 0o600 ++ elif member.isdir() or member.issym(): ++ # Ignore mode for directories & symlinks ++ mode = None ++ else: ++ # Reject special files ++ raise SpecialFileError(member) ++ if mode != member.mode: ++ new_attrs['mode'] = mode ++ if for_data: ++ # Ignore ownership for 'data' ++ if member.uid is not None: ++ new_attrs['uid'] = None ++ if member.gid is not None: ++ new_attrs['gid'] = None ++ if member.uname is not None: ++ new_attrs['uname'] = None ++ if member.gname is not None: ++ new_attrs['gname'] = None ++ # Check link destination for 'data' ++ if member.islnk() or member.issym(): ++ if os.path.isabs(member.linkname): ++ raise AbsoluteLinkError(member) ++ target_path = os.path.realpath(os.path.join(dest_path, member.linkname)) ++ if os.path.commonpath([target_path, dest_path]) != dest_path: ++ raise LinkOutsideDestinationError(member, target_path) ++ return new_attrs ++ ++def fully_trusted_filter(member, dest_path): ++ return member ++ ++def tar_filter(member, dest_path): ++ new_attrs = _get_filtered_attrs(member, dest_path, False) ++ if new_attrs: ++ return member.replace(**new_attrs, deep=False) ++ return member ++ ++def data_filter(member, dest_path): ++ new_attrs = _get_filtered_attrs(member, dest_path, True) ++ if new_attrs: ++ return member.replace(**new_attrs, deep=False) ++ return member ++ ++_NAMED_FILTERS = { ++ "fully_trusted": fully_trusted_filter, ++ "tar": tar_filter, ++ "data": data_filter, ++} ++ + #------------------ + # Exported Classes + #------------------ ++ ++# Sentinel for replace() defaults, meaning "don't change the attribute" ++_KEEP = object() ++ + class TarInfo(object): + """Informational class which holds the details about an + archive member given by a tar header block. +@@ -779,12 +901,44 @@ class TarInfo(object): + def __repr__(self): + return "<%s %r at %#x>" % (self.__class__.__name__,self.name,id(self)) + ++ def replace(self, *, ++ name=_KEEP, mtime=_KEEP, mode=_KEEP, linkname=_KEEP, ++ uid=_KEEP, gid=_KEEP, uname=_KEEP, gname=_KEEP, ++ deep=True, _KEEP=_KEEP): ++ """Return a deep copy of self with the given attributes replaced. ++ """ ++ if deep: ++ result = copy.deepcopy(self) ++ else: ++ result = copy.copy(self) ++ if name is not _KEEP: ++ result.name = name ++ if mtime is not _KEEP: ++ result.mtime = mtime ++ if mode is not _KEEP: ++ result.mode = mode ++ if linkname is not _KEEP: ++ result.linkname = linkname ++ if uid is not _KEEP: ++ result.uid = uid ++ if gid is not _KEEP: ++ result.gid = gid ++ if uname is not _KEEP: ++ result.uname = uname ++ if gname is not _KEEP: ++ result.gname = gname ++ return result ++ + def get_info(self): + """Return the TarInfo's attributes as a dictionary. + """ ++ if self.mode is None: ++ mode = None ++ else: ++ mode = self.mode & 0o7777 + info = { + "name": self.name, +- "mode": self.mode & 0o7777, ++ "mode": mode, + "uid": self.uid, + "gid": self.gid, + "size": self.size, +@@ -807,6 +961,9 @@ class TarInfo(object): + """Return a tar header as a string of 512 byte blocks. + """ + info = self.get_info() ++ for name, value in info.items(): ++ if value is None: ++ raise ValueError("%s may not be None" % name) + + if format == USTAR_FORMAT: + return self.create_ustar_header(info, encoding, errors) +@@ -920,6 +1077,20 @@ class TarInfo(object): + """Return a header block. info is a dictionary with file + information, format must be one of the *_FORMAT constants. + """ ++ has_device_fields = info.get("type") in (CHRTYPE, BLKTYPE) ++ if has_device_fields: ++ devmajor = itn(info.get("devmajor", 0), 8, format) ++ devminor = itn(info.get("devminor", 0), 8, format) ++ else: ++ devmajor = stn("", 8, encoding, errors) ++ devminor = stn("", 8, encoding, errors) ++ ++ # None values in metadata should cause ValueError. ++ # itn()/stn() do this for all fields except type. ++ filetype = info.get("type", REGTYPE) ++ if filetype is None: ++ raise ValueError("TarInfo.type must not be None") ++ + parts = [ + stn(info.get("name", ""), 100, encoding, errors), + itn(info.get("mode", 0) & 0o7777, 8, format), +@@ -928,7 +1099,7 @@ class TarInfo(object): + itn(info.get("size", 0), 12, format), + itn(info.get("mtime", 0), 12, format), + b" ", # checksum field +- info.get("type", REGTYPE), ++ filetype, + stn(info.get("linkname", ""), 100, encoding, errors), + info.get("magic", POSIX_MAGIC), + stn(info.get("uname", ""), 32, encoding, errors), +@@ -1410,6 +1581,8 @@ class TarFile(object): + + fileobject = ExFileObject # The file-object for extractfile(). + ++ extraction_filter = None # The default filter for extraction. ++ + def __init__(self, name=None, mode="r", fileobj=None, format=None, + tarinfo=None, dereference=None, ignore_zeros=None, encoding=None, + errors="surrogateescape", pax_headers=None, debug=None, +@@ -1882,7 +2055,10 @@ class TarFile(object): + members = self + for tarinfo in members: + if verbose: +- _safe_print(stat.filemode(tarinfo.mode)) ++ if tarinfo.mode is None: ++ _safe_print("??????????") ++ else: ++ _safe_print(stat.filemode(tarinfo.mode)) + _safe_print("%s/%s" % (tarinfo.uname or tarinfo.uid, + tarinfo.gname or tarinfo.gid)) + if tarinfo.ischr() or tarinfo.isblk(): +@@ -1890,8 +2066,11 @@ class TarFile(object): + ("%d,%d" % (tarinfo.devmajor, tarinfo.devminor))) + else: + _safe_print("%10d" % tarinfo.size) +- _safe_print("%d-%02d-%02d %02d:%02d:%02d" \ +- % time.localtime(tarinfo.mtime)[:6]) ++ if tarinfo.mtime is None: ++ _safe_print("????-??-?? ??:??:??") ++ else: ++ _safe_print("%d-%02d-%02d %02d:%02d:%02d" \ ++ % time.localtime(tarinfo.mtime)[:6]) + + _safe_print(tarinfo.name + ("/" if tarinfo.isdir() else "")) + +@@ -1988,32 +2167,58 @@ class TarFile(object): + + self.members.append(tarinfo) + +- def extractall(self, path=".", members=None, *, numeric_owner=False): ++ def _get_filter_function(self, filter): ++ if filter is None: ++ filter = self.extraction_filter ++ if filter is None: ++ return fully_trusted_filter ++ if isinstance(filter, str): ++ raise TypeError( ++ 'String names are not supported for ' ++ + 'TarFile.extraction_filter. Use a function such as ' ++ + 'tarfile.data_filter directly.') ++ return filter ++ if callable(filter): ++ return filter ++ try: ++ return _NAMED_FILTERS[filter] ++ except KeyError: ++ raise ValueError(f"filter {filter!r} not found") from None ++ ++ def extractall(self, path=".", members=None, *, numeric_owner=False, ++ filter=None): + """Extract all members from the archive to the current working + directory and set owner, modification time and permissions on + directories afterwards. `path' specifies a different directory + to extract to. `members' is optional and must be a subset of the + list returned by getmembers(). If `numeric_owner` is True, only + the numbers for user/group names are used and not the names. ++ ++ The `filter` function will be called on each member just ++ before extraction. ++ It can return a changed TarInfo or None to skip the member. ++ String names of common filters are accepted. + """ + directories = [] + ++ filter_function = self._get_filter_function(filter) + if members is None: + members = self + +- for tarinfo in members: ++ for member in members: ++ tarinfo = self._get_extract_tarinfo(member, filter_function, path) ++ if tarinfo is None: ++ continue + if tarinfo.isdir(): +- # Extract directories with a safe mode. ++ # For directories, delay setting attributes until later, ++ # since permissions can interfere with extraction and ++ # extracting contents can reset mtime. + directories.append(tarinfo) +- tarinfo = copy.copy(tarinfo) +- tarinfo.mode = 0o700 +- # Do not set_attrs directories, as we will do that further down +- self.extract(tarinfo, path, set_attrs=not tarinfo.isdir(), +- numeric_owner=numeric_owner) ++ self._extract_one(tarinfo, path, set_attrs=not tarinfo.isdir(), ++ numeric_owner=numeric_owner) + + # Reverse sort directories. +- directories.sort(key=lambda a: a.name) +- directories.reverse() ++ directories.sort(key=lambda a: a.name, reverse=True) + + # Set correct owner, mtime and filemode on directories. + for tarinfo in directories: +@@ -2023,12 +2228,10 @@ class TarFile(object): + self.utime(tarinfo, dirpath) + self.chmod(tarinfo, dirpath) + except ExtractError as e: +- if self.errorlevel > 1: +- raise +- else: +- self._dbg(1, "tarfile: %s" % e) ++ self._handle_nonfatal_error(e) + +- def extract(self, member, path="", set_attrs=True, *, numeric_owner=False): ++ def extract(self, member, path="", set_attrs=True, *, numeric_owner=False, ++ filter=None): + """Extract a member from the archive to the current working directory, + using its full name. Its file information is extracted as accurately + as possible. `member' may be a filename or a TarInfo object. You can +@@ -2036,35 +2239,70 @@ class TarFile(object): + mtime, mode) are set unless `set_attrs' is False. If `numeric_owner` + is True, only the numbers for user/group names are used and not + the names. ++ ++ The `filter` function will be called before extraction. ++ It can return a changed TarInfo or None to skip the member. ++ String names of common filters are accepted. + """ +- self._check("r") ++ filter_function = self._get_filter_function(filter) ++ tarinfo = self._get_extract_tarinfo(member, filter_function, path) ++ if tarinfo is not None: ++ self._extract_one(tarinfo, path, set_attrs, numeric_owner) + ++ def _get_extract_tarinfo(self, member, filter_function, path): ++ """Get filtered TarInfo (or None) from member, which might be a str""" + if isinstance(member, str): + tarinfo = self.getmember(member) + else: + tarinfo = member + ++ unfiltered = tarinfo ++ try: ++ tarinfo = filter_function(tarinfo, path) ++ except (OSError, FilterError) as e: ++ self._handle_fatal_error(e) ++ except ExtractError as e: ++ self._handle_nonfatal_error(e) ++ if tarinfo is None: ++ self._dbg(2, "tarfile: Excluded %r" % unfiltered.name) ++ return None + # Prepare the link target for makelink(). + if tarinfo.islnk(): ++ tarinfo = copy.copy(tarinfo) + tarinfo._link_target = os.path.join(path, tarinfo.linkname) ++ return tarinfo ++ ++ def _extract_one(self, tarinfo, path, set_attrs, numeric_owner): ++ """Extract from filtered tarinfo to disk""" ++ self._check("r") + + try: + self._extract_member(tarinfo, os.path.join(path, tarinfo.name), + set_attrs=set_attrs, + numeric_owner=numeric_owner) + except OSError as e: +- if self.errorlevel > 0: +- raise +- else: +- if e.filename is None: +- self._dbg(1, "tarfile: %s" % e.strerror) +- else: +- self._dbg(1, "tarfile: %s %r" % (e.strerror, e.filename)) ++ self._handle_fatal_error(e) + except ExtractError as e: +- if self.errorlevel > 1: +- raise ++ self._handle_nonfatal_error(e) ++ ++ def _handle_nonfatal_error(self, e): ++ """Handle non-fatal error (ExtractError) according to errorlevel""" ++ if self.errorlevel > 1: ++ raise ++ else: ++ self._dbg(1, "tarfile: %s" % e) ++ ++ def _handle_fatal_error(self, e): ++ """Handle "fatal" error according to self.errorlevel""" ++ if self.errorlevel > 0: ++ raise ++ elif isinstance(e, OSError): ++ if e.filename is None: ++ self._dbg(1, "tarfile: %s" % e.strerror) + else: +- self._dbg(1, "tarfile: %s" % e) ++ self._dbg(1, "tarfile: %s %r" % (e.strerror, e.filename)) ++ else: ++ self._dbg(1, "tarfile: %s %s" % (type(e).__name__, e)) + + def extractfile(self, member): + """Extract a member from the archive as a file object. `member' may be +@@ -2150,9 +2388,13 @@ class TarFile(object): + """Make a directory called targetpath. + """ + try: +- # Use a safe mode for the directory, the real mode is set +- # later in _extract_member(). +- os.mkdir(targetpath, 0o700) ++ if tarinfo.mode is None: ++ # Use the system's default mode ++ os.mkdir(targetpath) ++ else: ++ # Use a safe mode for the directory, the real mode is set ++ # later in _extract_member(). ++ os.mkdir(targetpath, 0o700) + except FileExistsError: + pass + +@@ -2195,6 +2437,9 @@ class TarFile(object): + raise ExtractError("special devices not supported by system") + + mode = tarinfo.mode ++ if mode is None: ++ # Use mknod's default ++ mode = 0o600 + if tarinfo.isblk(): + mode |= stat.S_IFBLK + else: +@@ -2213,7 +2458,6 @@ class TarFile(object): + if tarinfo.issym(): + os.symlink(tarinfo.linkname, targetpath) + else: +- # See extract(). + if os.path.exists(tarinfo._link_target): + os.link(tarinfo._link_target, targetpath) + else: +@@ -2238,15 +2482,19 @@ class TarFile(object): + u = tarinfo.uid + if not numeric_owner: + try: +- if grp: ++ if grp and tarinfo.gname: + g = grp.getgrnam(tarinfo.gname)[2] + except KeyError: + pass + try: +- if pwd: ++ if pwd and tarinfo.uname: + u = pwd.getpwnam(tarinfo.uname)[2] + except KeyError: + pass ++ if g is None: ++ g = -1 ++ if u is None: ++ u = -1 + try: + if tarinfo.issym() and hasattr(os, "lchown"): + os.lchown(targetpath, u, g) +@@ -2258,6 +2506,8 @@ class TarFile(object): + def chmod(self, tarinfo, targetpath): + """Set file permissions of targetpath according to tarinfo. + """ ++ if tarinfo.mode is None: ++ return + if hasattr(os, 'chmod'): + try: + os.chmod(targetpath, tarinfo.mode) +@@ -2267,10 +2517,13 @@ class TarFile(object): + def utime(self, tarinfo, targetpath): + """Set modification time of targetpath according to tarinfo. + """ ++ mtime = tarinfo.mtime ++ if mtime is None: ++ return + if not hasattr(os, 'utime'): + return + try: +- os.utime(targetpath, (tarinfo.mtime, tarinfo.mtime)) ++ os.utime(targetpath, (mtime, mtime)) + except OSError: + raise ExtractError("could not change modification time") + +@@ -2337,13 +2590,26 @@ class TarFile(object): + members = self.getmembers() + + # Limit the member search list up to tarinfo. ++ skipping = False + if tarinfo is not None: +- members = members[:members.index(tarinfo)] ++ try: ++ index = members.index(tarinfo) ++ except ValueError: ++ # The given starting point might be a (modified) copy. ++ # We'll later skip members until we find an equivalent. ++ skipping = True ++ else: ++ # Happy fast path ++ members = members[:index] + + if normalize: + name = os.path.normpath(name) + + for member in reversed(members): ++ if skipping: ++ if tarinfo.offset == member.offset: ++ skipping = False ++ continue + if normalize: + member_name = os.path.normpath(member.name) + else: +@@ -2352,6 +2618,10 @@ class TarFile(object): + if name == member_name: + return member + ++ if skipping: ++ # Starting point was not found ++ raise ValueError(tarinfo) ++ + def _load(self): + """Read through the entire archive file and look for readable + members. +@@ -2444,6 +2714,7 @@ class TarFile(object): + #-------------------- + # exported functions + #-------------------- ++ + def is_tarfile(name): + """Return True if name points to a tar archive that we + are able to handle, else return False. +@@ -2465,6 +2736,10 @@ def main(): + parser = argparse.ArgumentParser(description=description) + parser.add_argument('-v', '--verbose', action='store_true', default=False, + help='Verbose output') ++ parser.add_argument('--filter', metavar='', ++ choices=_NAMED_FILTERS, ++ help='Filter for extraction') ++ + group = parser.add_mutually_exclusive_group() + group.add_argument('-l', '--list', metavar='', + help='Show listing of a tarfile') +@@ -2476,8 +2751,12 @@ def main(): + help='Create tarfile from sources') + group.add_argument('-t', '--test', metavar='', + help='Test if a tarfile is valid') ++ + args = parser.parse_args() + ++ if args.filter and not args.extract: ++ parser.exit(1, '--filter is only valid for extraction\n') ++ + if args.test: + src = args.test + if is_tarfile(src): +@@ -2508,7 +2787,7 @@ def main(): + + if is_tarfile(src): + with TarFile.open(src, 'r:*') as tf: +- tf.extractall(path=curdir) ++ tf.extractall(path=curdir, filter=args.filter) + if args.verbose: + if curdir == '.': + msg = '{!r} file is extracted.'.format(src) +diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py +index 9ca9ae79e6..da1f2ee719 100644 +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -1244,6 +1244,30 @@ def check_warnings(*filters, **kwargs): + return _filterwarnings(filters, quiet) + + ++@contextlib.contextmanager ++def check_no_warnings(testcase, message='', category=Warning, force_gc=False): ++ """Context manager to check that no warnings are emitted. ++ ++ This context manager enables a given warning within its scope ++ and checks that no warnings are emitted even with that warning ++ enabled. ++ ++ If force_gc is True, a garbage collection is attempted before checking ++ for warnings. This may help to catch warnings emitted when objects ++ are deleted, such as ResourceWarning. ++ ++ Other keyword arguments are passed to warnings.filterwarnings(). ++ """ ++ with warnings.catch_warnings(record=True) as warns: ++ warnings.filterwarnings('always', ++ message=message, ++ category=category) ++ yield ++ if force_gc: ++ gc_collect() ++ testcase.assertEqual(warns, []) ++ ++ + @contextlib.contextmanager + def check_no_resource_warning(testcase): + """Context manager to check that no ResourceWarning is emitted. +diff --git a/Lib/test/test_shutil.py b/Lib/test/test_shutil.py +index 81457c8f09..77101251ac 100644 +--- a/Lib/test/test_shutil.py ++++ b/Lib/test/test_shutil.py +@@ -1234,12 +1234,16 @@ class TestShutil(unittest.TestCase): + formats = [name for name, params in get_archive_formats()] + self.assertNotIn('xxx', formats) + +- def check_unpack_archive(self, format): +- self.check_unpack_archive_with_converter(format, lambda path: path) +- self.check_unpack_archive_with_converter(format, pathlib.Path) +- self.check_unpack_archive_with_converter(format, FakePath) ++ ### shutil.unpack_archive + +- def check_unpack_archive_with_converter(self, format, converter): ++ def check_unpack_archive(self, format, **kwargs): ++ self.check_unpack_archive_with_converter( ++ format, lambda path: path, **kwargs) ++ self.check_unpack_archive_with_converter( ++ format, pathlib.Path, **kwargs) ++ self.check_unpack_archive_with_converter(format, FakePath, **kwargs) ++ ++ def check_unpack_archive_with_converter(self, format, converter, **kwargs): + root_dir, base_dir = self._create_files() + expected = rlistdir(root_dir) + expected.remove('outer') +@@ -1249,35 +1253,45 @@ class TestShutil(unittest.TestCase): + + # let's try to unpack it now + tmpdir2 = self.mkdtemp() +- unpack_archive(filename, tmpdir2) ++ unpack_archive(filename, tmpdir2, **kwargs) + self.assertEqual(rlistdir(tmpdir2), expected) + + # and again, this time with the format specified + tmpdir3 = self.mkdtemp() +- unpack_archive(filename, tmpdir3, format=format) ++ unpack_archive(filename, tmpdir3, format=format, **kwargs) + self.assertEqual(rlistdir(tmpdir3), expected) + +- self.assertRaises(shutil.ReadError, unpack_archive, TESTFN) +- self.assertRaises(ValueError, unpack_archive, TESTFN, format='xxx') ++ with self.assertRaises(shutil.ReadError): ++ unpack_archive(TESTFN, **kwargs) ++ with self.assertRaises(ValueError): ++ unpack_archive(TESTFN, format='xxx', **kwargs) ++ ++ def check_unpack_tarball(self, format): ++ self.check_unpack_archive(format, filter='fully_trusted') ++ self.check_unpack_archive(format, filter='data') ++ with support.check_no_warnings(self): ++ self.check_unpack_archive(format) + + def test_unpack_archive_tar(self): +- self.check_unpack_archive('tar') ++ self.check_unpack_tarball('tar') + + @support.requires_zlib + def test_unpack_archive_gztar(self): +- self.check_unpack_archive('gztar') ++ self.check_unpack_tarball('gztar') + + @support.requires_bz2 + def test_unpack_archive_bztar(self): +- self.check_unpack_archive('bztar') ++ self.check_unpack_tarball('bztar') + + @support.requires_lzma + def test_unpack_archive_xztar(self): +- self.check_unpack_archive('xztar') ++ self.check_unpack_tarball('xztar') + + @support.requires_zlib + def test_unpack_archive_zip(self): + self.check_unpack_archive('zip') ++ with self.assertRaises(TypeError): ++ self.check_unpack_archive('zip', filter='data') + + def test_unpack_registry(self): + +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index 8e0b275972..f261048615 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -5,6 +5,10 @@ from hashlib import md5 + from contextlib import contextmanager + from random import Random + import pathlib ++import shutil ++import re ++import warnings ++import stat + + import unittest + import unittest.mock +@@ -2191,7 +2195,12 @@ class MiscTest(unittest.TestCase): + 'EmptyHeaderError', 'TruncatedHeaderError', + 'EOFHeaderError', 'InvalidHeaderError', + 'SubsequentHeaderError', 'ExFileObject', +- 'main'} ++ 'main', ++ 'fully_trusted_filter', 'data_filter', ++ 'tar_filter', 'FilterError', 'AbsoluteLinkError', ++ 'OutsideDestinationError', 'SpecialFileError', ++ 'AbsolutePathError', 'LinkOutsideDestinationError', ++ } + support.check__all__(self, tarfile, blacklist=blacklist) + + +@@ -2214,6 +2223,15 @@ class CommandLineTest(unittest.TestCase): + for tardata in files: + tf.add(tardata, arcname=os.path.basename(tardata)) + ++ def make_evil_tarfile(self, tar_name): ++ files = [support.findfile('tokenize_tests.txt')] ++ self.addCleanup(support.unlink, tar_name) ++ with tarfile.open(tar_name, 'w') as tf: ++ benign = tarfile.TarInfo('benign') ++ tf.addfile(benign, fileobj=io.BytesIO(b'')) ++ evil = tarfile.TarInfo('../evil') ++ tf.addfile(evil, fileobj=io.BytesIO(b'')) ++ + def test_test_command(self): + for tar_name in testtarnames: + for opt in '-t', '--test': +@@ -2357,6 +2375,25 @@ class CommandLineTest(unittest.TestCase): + finally: + support.rmtree(tarextdir) + ++ def test_extract_command_filter(self): ++ self.make_evil_tarfile(tmpname) ++ # Make an inner directory, so the member named '../evil' ++ # is still extracted into `tarextdir` ++ destdir = os.path.join(tarextdir, 'dest') ++ os.mkdir(tarextdir) ++ try: ++ with support.temp_cwd(destdir): ++ self.tarfilecmd_failure('-e', tmpname, ++ '-v', ++ '--filter', 'data') ++ out = self.tarfilecmd('-e', tmpname, ++ '-v', ++ '--filter', 'fully_trusted', ++ PYTHONIOENCODING='utf-8') ++ self.assertIn(b' file is extracted.', out) ++ finally: ++ support.rmtree(tarextdir) ++ + def test_extract_command_different_directory(self): + self.make_simple_tarfile(tmpname) + try: +@@ -2630,6 +2667,893 @@ class NumericOwnerTest(unittest.TestCase): + tarfl.extract, filename_1, TEMPDIR, False, True) + + ++class ReplaceTests(ReadTest, unittest.TestCase): ++ def test_replace_name(self): ++ member = self.tar.getmember('ustar/regtype') ++ replaced = member.replace(name='misc/other') ++ self.assertEqual(replaced.name, 'misc/other') ++ self.assertEqual(member.name, 'ustar/regtype') ++ self.assertEqual(self.tar.getmember('ustar/regtype').name, ++ 'ustar/regtype') ++ ++ def test_replace_deep(self): ++ member = self.tar.getmember('pax/regtype1') ++ replaced = member.replace() ++ replaced.pax_headers['gname'] = 'not-bar' ++ self.assertEqual(member.pax_headers['gname'], 'bar') ++ self.assertEqual( ++ self.tar.getmember('pax/regtype1').pax_headers['gname'], 'bar') ++ ++ def test_replace_shallow(self): ++ member = self.tar.getmember('pax/regtype1') ++ replaced = member.replace(deep=False) ++ replaced.pax_headers['gname'] = 'not-bar' ++ self.assertEqual(member.pax_headers['gname'], 'not-bar') ++ self.assertEqual( ++ self.tar.getmember('pax/regtype1').pax_headers['gname'], 'not-bar') ++ ++ def test_replace_all(self): ++ member = self.tar.getmember('ustar/regtype') ++ for attr_name in ('name', 'mtime', 'mode', 'linkname', ++ 'uid', 'gid', 'uname', 'gname'): ++ with self.subTest(attr_name=attr_name): ++ replaced = member.replace(**{attr_name: None}) ++ self.assertEqual(getattr(replaced, attr_name), None) ++ self.assertNotEqual(getattr(member, attr_name), None) ++ ++ def test_replace_internal(self): ++ member = self.tar.getmember('ustar/regtype') ++ with self.assertRaises(TypeError): ++ member.replace(offset=123456789) ++ ++ ++class NoneInfoExtractTests(ReadTest): ++ # These mainly check that all kinds of members are extracted successfully ++ # if some metadata is None. ++ # Some of the methods do additional spot checks. ++ ++ # We also test that the default filters can deal with None. ++ ++ extraction_filter = None ++ ++ @classmethod ++ def setUpClass(cls): ++ tar = tarfile.open(tarname, mode='r', encoding="iso8859-1") ++ cls.control_dir = pathlib.Path(TEMPDIR) / "extractall_ctrl" ++ tar.errorlevel = 0 ++ tar.extractall(cls.control_dir, filter=cls.extraction_filter) ++ tar.close() ++ cls.control_paths = set( ++ p.relative_to(cls.control_dir) ++ for p in pathlib.Path(cls.control_dir).glob('**/*')) ++ ++ @classmethod ++ def tearDownClass(cls): ++ shutil.rmtree(cls.control_dir) ++ ++ def check_files_present(self, directory): ++ got_paths = set( ++ p.relative_to(directory) ++ for p in pathlib.Path(directory).glob('**/*')) ++ self.assertEqual(self.control_paths, got_paths) ++ ++ @contextmanager ++ def extract_with_none(self, *attr_names): ++ DIR = pathlib.Path(TEMPDIR) / "extractall_none" ++ self.tar.errorlevel = 0 ++ for member in self.tar.getmembers(): ++ for attr_name in attr_names: ++ setattr(member, attr_name, None) ++ with support.temp_dir(DIR): ++ self.tar.extractall(DIR, filter='fully_trusted') ++ self.check_files_present(DIR) ++ yield DIR ++ ++ def test_extractall_none_mtime(self): ++ # mtimes of extracted files should be later than 'now' -- the mtime ++ # of a previously created directory. ++ now = pathlib.Path(TEMPDIR).stat().st_mtime ++ with self.extract_with_none('mtime') as DIR: ++ for path in pathlib.Path(DIR).glob('**/*'): ++ with self.subTest(path=path): ++ try: ++ mtime = path.stat().st_mtime ++ except OSError: ++ # Some systems can't stat symlinks, ignore those ++ if not path.is_symlink(): ++ raise ++ else: ++ self.assertGreaterEqual(path.stat().st_mtime, now) ++ ++ def test_extractall_none_mode(self): ++ # modes of directories and regular files should match the mode ++ # of a "normally" created directory or regular file ++ dir_mode = pathlib.Path(TEMPDIR).stat().st_mode ++ regular_file = pathlib.Path(TEMPDIR) / 'regular_file' ++ regular_file.write_text('') ++ regular_file_mode = regular_file.stat().st_mode ++ with self.extract_with_none('mode') as DIR: ++ for path in pathlib.Path(DIR).glob('**/*'): ++ with self.subTest(path=path): ++ if path.is_dir(): ++ self.assertEqual(path.stat().st_mode, dir_mode) ++ elif path.is_file(): ++ self.assertEqual(path.stat().st_mode, ++ regular_file_mode) ++ ++ def test_extractall_none_uid(self): ++ with self.extract_with_none('uid'): ++ pass ++ ++ def test_extractall_none_gid(self): ++ with self.extract_with_none('gid'): ++ pass ++ ++ def test_extractall_none_uname(self): ++ with self.extract_with_none('uname'): ++ pass ++ ++ def test_extractall_none_gname(self): ++ with self.extract_with_none('gname'): ++ pass ++ ++ def test_extractall_none_ownership(self): ++ with self.extract_with_none('uid', 'gid', 'uname', 'gname'): ++ pass ++ ++class NoneInfoExtractTests_Data(NoneInfoExtractTests, unittest.TestCase): ++ extraction_filter = 'data' ++ ++class NoneInfoExtractTests_FullyTrusted(NoneInfoExtractTests, ++ unittest.TestCase): ++ extraction_filter = 'fully_trusted' ++ ++class NoneInfoExtractTests_Tar(NoneInfoExtractTests, unittest.TestCase): ++ extraction_filter = 'tar' ++ ++class NoneInfoExtractTests_Default(NoneInfoExtractTests, ++ unittest.TestCase): ++ extraction_filter = None ++ ++class NoneInfoTests_Misc(unittest.TestCase): ++ def test_add(self): ++ # When addfile() encounters None metadata, it raises a ValueError ++ bio = io.BytesIO() ++ for tarformat in (tarfile.USTAR_FORMAT, tarfile.GNU_FORMAT, ++ tarfile.PAX_FORMAT): ++ with self.subTest(tarformat=tarformat): ++ tar = tarfile.open(fileobj=bio, mode='w', format=tarformat) ++ tarinfo = tar.gettarinfo(tarname) ++ try: ++ tar.addfile(tarinfo) ++ except Exception: ++ if tarformat == tarfile.USTAR_FORMAT: ++ # In the old, limited format, adding might fail for ++ # reasons like the UID being too large ++ pass ++ else: ++ raise ++ else: ++ for attr_name in ('mtime', 'mode', 'uid', 'gid', ++ 'uname', 'gname'): ++ with self.subTest(attr_name=attr_name): ++ replaced = tarinfo.replace(**{attr_name: None}) ++ with self.assertRaisesRegex(ValueError, ++ f"{attr_name}"): ++ tar.addfile(replaced) ++ ++ def test_list(self): ++ # Change some metadata to None, then compare list() output ++ # word-for-word. We want list() to not raise, and to only change ++ # printout for the affected piece of metadata. ++ # (n.b.: some contents of the test archive are hardcoded.) ++ for attr_names in ({'mtime'}, {'mode'}, {'uid'}, {'gid'}, ++ {'uname'}, {'gname'}, ++ {'uid', 'uname'}, {'gid', 'gname'}): ++ with self.subTest(attr_names=attr_names), \ ++ tarfile.open(tarname, encoding="iso8859-1") as tar: ++ tio_prev = io.TextIOWrapper(io.BytesIO(), 'ascii', newline='\n') ++ with support.swap_attr(sys, 'stdout', tio_prev): ++ tar.list() ++ for member in tar.getmembers(): ++ for attr_name in attr_names: ++ setattr(member, attr_name, None) ++ tio_new = io.TextIOWrapper(io.BytesIO(), 'ascii', newline='\n') ++ with support.swap_attr(sys, 'stdout', tio_new): ++ tar.list() ++ for expected, got in zip(tio_prev.detach().getvalue().split(), ++ tio_new.detach().getvalue().split()): ++ if attr_names == {'mtime'} and re.match(rb'2003-01-\d\d', expected): ++ self.assertEqual(got, b'????-??-??') ++ elif attr_names == {'mtime'} and re.match(rb'\d\d:\d\d:\d\d', expected): ++ self.assertEqual(got, b'??:??:??') ++ elif attr_names == {'mode'} and re.match( ++ rb'.([r-][w-][x-]){3}', expected): ++ self.assertEqual(got, b'??????????') ++ elif attr_names == {'uname'} and expected.startswith( ++ (b'tarfile/', b'lars/', b'foo/')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_group, exp_group) ++ self.assertRegex(got_user, b'[0-9]+') ++ elif attr_names == {'gname'} and expected.endswith( ++ (b'/tarfile', b'/users', b'/bar')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_user, exp_user) ++ self.assertRegex(got_group, b'[0-9]+') ++ elif attr_names == {'uid'} and expected.startswith( ++ (b'1000/')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_group, exp_group) ++ self.assertEqual(got_user, b'None') ++ elif attr_names == {'gid'} and expected.endswith((b'/100')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_user, exp_user) ++ self.assertEqual(got_group, b'None') ++ elif attr_names == {'uid', 'uname'} and expected.startswith( ++ (b'tarfile/', b'lars/', b'foo/', b'1000/')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_group, exp_group) ++ self.assertEqual(got_user, b'None') ++ elif attr_names == {'gname', 'gid'} and expected.endswith( ++ (b'/tarfile', b'/users', b'/bar', b'/100')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_user, exp_user) ++ self.assertEqual(got_group, b'None') ++ else: ++ # In other cases the output should be the same ++ self.assertEqual(expected, got) ++ ++def _filemode_to_int(mode): ++ """Inverse of `stat.filemode` (for permission bits) ++ ++ Using mode strings rather than numbers makes the later tests more readable. ++ """ ++ str_mode = mode[1:] ++ result = ( ++ {'r': stat.S_IRUSR, '-': 0}[str_mode[0]] ++ | {'w': stat.S_IWUSR, '-': 0}[str_mode[1]] ++ | {'x': stat.S_IXUSR, '-': 0, ++ 's': stat.S_IXUSR | stat.S_ISUID, ++ 'S': stat.S_ISUID}[str_mode[2]] ++ | {'r': stat.S_IRGRP, '-': 0}[str_mode[3]] ++ | {'w': stat.S_IWGRP, '-': 0}[str_mode[4]] ++ | {'x': stat.S_IXGRP, '-': 0, ++ 's': stat.S_IXGRP | stat.S_ISGID, ++ 'S': stat.S_ISGID}[str_mode[5]] ++ | {'r': stat.S_IROTH, '-': 0}[str_mode[6]] ++ | {'w': stat.S_IWOTH, '-': 0}[str_mode[7]] ++ | {'x': stat.S_IXOTH, '-': 0, ++ 't': stat.S_IXOTH | stat.S_ISVTX, ++ 'T': stat.S_ISVTX}[str_mode[8]] ++ ) ++ # check we did this right ++ assert stat.filemode(result)[1:] == mode[1:] ++ ++ return result ++ ++class ArchiveMaker: ++ """Helper to create a tar file with specific contents ++ ++ Usage: ++ ++ with ArchiveMaker() as t: ++ t.add('filename', ...) ++ ++ with t.open() as tar: ++ ... # `tar` is now a TarFile with 'filename' in it! ++ """ ++ def __init__(self): ++ self.bio = io.BytesIO() ++ ++ def __enter__(self): ++ self.tar_w = tarfile.TarFile(mode='w', fileobj=self.bio) ++ return self ++ ++ def __exit__(self, *exc): ++ self.tar_w.close() ++ self.contents = self.bio.getvalue() ++ self.bio = None ++ ++ def add(self, name, *, type=None, symlink_to=None, hardlink_to=None, ++ mode=None, **kwargs): ++ """Add a member to the test archive. Call within `with`.""" ++ name = str(name) ++ tarinfo = tarfile.TarInfo(name).replace(**kwargs) ++ if mode: ++ tarinfo.mode = _filemode_to_int(mode) ++ if symlink_to is not None: ++ type = tarfile.SYMTYPE ++ tarinfo.linkname = str(symlink_to) ++ if hardlink_to is not None: ++ type = tarfile.LNKTYPE ++ tarinfo.linkname = str(hardlink_to) ++ if name.endswith('/') and type is None: ++ type = tarfile.DIRTYPE ++ if type is not None: ++ tarinfo.type = type ++ if tarinfo.isreg(): ++ fileobj = io.BytesIO(bytes(tarinfo.size)) ++ else: ++ fileobj = None ++ self.tar_w.addfile(tarinfo, fileobj) ++ ++ def open(self, **kwargs): ++ """Open the resulting archive as TarFile. Call after `with`.""" ++ bio = io.BytesIO(self.contents) ++ return tarfile.open(fileobj=bio, **kwargs) ++ ++ ++class TestExtractionFilters(unittest.TestCase): ++ ++ # A temporary directory for the extraction results. ++ # All files that "escape" the destination path should still end ++ # up in this directory. ++ outerdir = pathlib.Path(TEMPDIR) / 'outerdir' ++ ++ # The destination for the extraction, within `outerdir` ++ destdir = outerdir / 'dest' ++ ++ @contextmanager ++ def check_context(self, tar, filter): ++ """Extracts `tar` to `self.destdir` and allows checking the result ++ ++ If an error occurs, it must be checked using `expect_exception` ++ ++ Otherwise, all resulting files must be checked using `expect_file`, ++ except the destination directory itself and parent directories of ++ other files. ++ When checking directories, do so before their contents. ++ """ ++ with support.temp_dir(self.outerdir): ++ try: ++ tar.extractall(self.destdir, filter=filter) ++ except Exception as exc: ++ self.raised_exception = exc ++ self.expected_paths = set() ++ else: ++ self.raised_exception = None ++ self.expected_paths = set(self.outerdir.glob('**/*')) ++ self.expected_paths.discard(self.destdir) ++ try: ++ yield ++ finally: ++ tar.close() ++ if self.raised_exception: ++ raise self.raised_exception ++ self.assertEqual(self.expected_paths, set()) ++ ++ def expect_file(self, name, type=None, symlink_to=None, mode=None): ++ """Check a single file. See check_context.""" ++ if self.raised_exception: ++ raise self.raised_exception ++ # use normpath() rather than resolve() so we don't follow symlinks ++ path = pathlib.Path(os.path.normpath(self.destdir / name)) ++ self.assertIn(path, self.expected_paths) ++ self.expected_paths.remove(path) ++ ++ # When checking mode, ignore Windows (which can only set user read and ++ # user write bits). Newer versions of Python use `os_helper.can_chmod()` ++ # instead of hardcoding Windows. ++ if mode is not None and sys.platform != 'win32': ++ got = stat.filemode(stat.S_IMODE(path.stat().st_mode)) ++ self.assertEqual(got, mode) ++ ++ if type is None and isinstance(name, str) and name.endswith('/'): ++ type = tarfile.DIRTYPE ++ if symlink_to is not None: ++ got = pathlib.Path(os.readlink(str(self.destdir / name))) ++ expected = pathlib.Path(symlink_to) ++ # The symlink might be the same (textually) as what we expect, ++ # but some systems change the link to an equivalent path, so ++ # we fall back to samefile(). ++ if expected != got: ++ self.assertTrue(got.samefile(expected)) ++ elif type == tarfile.REGTYPE or type is None: ++ self.assertTrue(path.is_file()) ++ elif type == tarfile.DIRTYPE: ++ self.assertTrue(path.is_dir()) ++ elif type == tarfile.FIFOTYPE: ++ self.assertTrue(path.is_fifo()) ++ else: ++ raise NotImplementedError(type) ++ for parent in path.parents: ++ self.expected_paths.discard(parent) ++ ++ def expect_exception(self, exc_type, message_re='.'): ++ with self.assertRaisesRegex(exc_type, message_re): ++ if self.raised_exception is not None: ++ raise self.raised_exception ++ self.raised_exception = None ++ ++ def test_benign_file(self): ++ with ArchiveMaker() as arc: ++ arc.add('benign.txt') ++ for filter in 'fully_trusted', 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ self.expect_file('benign.txt') ++ ++ def test_absolute(self): ++ # Test handling a member with an absolute path ++ # Inspired by 'absolute1' in https://github.com/jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add(self.outerdir / 'escaped.evil') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_file('../escaped.evil') ++ ++ for filter in 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ if str(self.outerdir).startswith('/'): ++ # We strip leading slashes, as e.g. GNU tar does ++ # (without --absolute-filenames). ++ outerdir_stripped = str(self.outerdir).lstrip('/') ++ self.expect_file(f'{outerdir_stripped}/escaped.evil') ++ else: ++ # On this system, absolute paths don't have leading ++ # slashes. ++ # So, there's nothing to strip. We refuse to unpack ++ # to an absolute path, nonetheless. ++ self.expect_exception( ++ tarfile.AbsolutePathError, ++ """['"].*escaped.evil['"] has an absolute path""") ++ ++ def test_parent_symlink(self): ++ # Test interplaying symlinks ++ # Inspired by 'dirsymlink2a' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('current', symlink_to='.') ++ arc.add('parent', symlink_to='current/..') ++ arc.add('parent/evil') ++ ++ if support.can_symlink(): ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if self.raised_exception is not None: ++ # Windows will refuse to create a file that's a symlink to itself ++ # (and tarfile doesn't swallow that exception) ++ self.expect_exception(FileExistsError) ++ # The other cases will fail with this error too. ++ # Skip the rest of this test. ++ return ++ else: ++ self.expect_file('current', symlink_to='.') ++ self.expect_file('parent', symlink_to='current/..') ++ self.expect_file('../evil') ++ ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ """'parent/evil' would be extracted to ['"].*evil['"], """ ++ + "which is outside the destination") ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.LinkOutsideDestinationError, ++ """'parent' would link to ['"].*outerdir['"], """ ++ + "which is outside the destination") ++ ++ else: ++ # No symlink support. The symlinks are ignored. ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_file('parent/evil') ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_file('parent/evil') ++ with self.check_context(arc.open(), 'data'): ++ self.expect_file('parent/evil') ++ ++ def test_parent_symlink2(self): ++ # Test interplaying symlinks ++ # Inspired by 'dirsymlink2b' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('current', symlink_to='.') ++ arc.add('current/parent', symlink_to='..') ++ arc.add('parent/evil') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if support.can_symlink(): ++ self.expect_file('current', symlink_to='.') ++ self.expect_file('parent', symlink_to='..') ++ self.expect_file('../evil') ++ else: ++ self.expect_file('current/') ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'tar'): ++ if support.can_symlink(): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'parent/evil' would be extracted to " ++ + """['"].*evil['"], which is outside """ ++ + "the destination") ++ else: ++ self.expect_file('current/') ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.LinkOutsideDestinationError, ++ """'current/parent' would link to ['"].*['"], """ ++ + "which is outside the destination") ++ ++ def test_absolute_symlink(self): ++ # Test symlink to an absolute path ++ # Inspired by 'dirsymlink' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('parent', symlink_to=self.outerdir) ++ arc.add('parent/evil') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if support.can_symlink(): ++ self.expect_file('parent', symlink_to=self.outerdir) ++ self.expect_file('../evil') ++ else: ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'tar'): ++ if support.can_symlink(): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'parent/evil' would be extracted to " ++ + """['"].*evil['"], which is outside """ ++ + "the destination") ++ else: ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.AbsoluteLinkError, ++ "'parent' is a symlink to an absolute path") ++ ++ def test_sly_relative0(self): ++ # Inspired by 'relative0' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('../moo', symlink_to='..//tmp/moo') ++ ++ try: ++ with self.check_context(arc.open(), filter='fully_trusted'): ++ if support.can_symlink(): ++ if isinstance(self.raised_exception, FileExistsError): ++ # XXX TarFile happens to fail creating a parent ++ # directory. ++ # This might be a bug, but fixing it would hurt ++ # security. ++ # Note that e.g. GNU `tar` rejects '..' components, ++ # so you could argue this is an invalid archive and we ++ # just raise an bad type of exception. ++ self.expect_exception(FileExistsError) ++ else: ++ self.expect_file('../moo', symlink_to='..//tmp/moo') ++ else: ++ # The symlink can't be extracted and is ignored ++ pass ++ except FileExistsError: ++ pass ++ ++ for filter in 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'../moo' would be extracted to " ++ + "'.*moo', which is outside " ++ + "the destination") ++ ++ def test_sly_relative2(self): ++ # Inspired by 'relative2' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('tmp/') ++ arc.add('tmp/../../moo', symlink_to='tmp/../..//tmp/moo') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_file('tmp', type=tarfile.DIRTYPE) ++ if support.can_symlink(): ++ self.expect_file('../moo', symlink_to='tmp/../../tmp/moo') ++ ++ for filter in 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'tmp/../../moo' would be extracted to " ++ + """['"].*moo['"], which is outside the """ ++ + "destination") ++ ++ def test_modes(self): ++ # Test how file modes are extracted ++ # (Note that the modes are ignored on platforms without working chmod) ++ with ArchiveMaker() as arc: ++ arc.add('all_bits', mode='?rwsrwsrwt') ++ arc.add('perm_bits', mode='?rwxrwxrwx') ++ arc.add('exec_group_other', mode='?rw-rwxrwx') ++ arc.add('read_group_only', mode='?---r-----') ++ arc.add('no_bits', mode='?---------') ++ arc.add('dir/', mode='?---rwsrwt') ++ ++ # On some systems, setting the sticky bit is a no-op. ++ # Check if that's the case. ++ tmp_filename = os.path.join(TEMPDIR, "tmp.file") ++ with open(tmp_filename, 'w'): ++ pass ++ os.chmod(tmp_filename, os.stat(tmp_filename).st_mode | stat.S_ISVTX) ++ have_sticky_files = (os.stat(tmp_filename).st_mode & stat.S_ISVTX) ++ os.unlink(tmp_filename) ++ ++ os.mkdir(tmp_filename) ++ os.chmod(tmp_filename, os.stat(tmp_filename).st_mode | stat.S_ISVTX) ++ have_sticky_dirs = (os.stat(tmp_filename).st_mode & stat.S_ISVTX) ++ os.rmdir(tmp_filename) ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if have_sticky_files: ++ self.expect_file('all_bits', mode='?rwsrwsrwt') ++ else: ++ self.expect_file('all_bits', mode='?rwsrwsrwx') ++ self.expect_file('perm_bits', mode='?rwxrwxrwx') ++ self.expect_file('exec_group_other', mode='?rw-rwxrwx') ++ self.expect_file('read_group_only', mode='?---r-----') ++ self.expect_file('no_bits', mode='?---------') ++ if have_sticky_dirs: ++ self.expect_file('dir/', mode='?---rwsrwt') ++ else: ++ self.expect_file('dir/', mode='?---rwsrwx') ++ ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_file('all_bits', mode='?rwxr-xr-x') ++ self.expect_file('perm_bits', mode='?rwxr-xr-x') ++ self.expect_file('exec_group_other', mode='?rw-r-xr-x') ++ self.expect_file('read_group_only', mode='?---r-----') ++ self.expect_file('no_bits', mode='?---------') ++ self.expect_file('dir/', mode='?---r-xr-x') ++ ++ with self.check_context(arc.open(), 'data'): ++ normal_dir_mode = stat.filemode(stat.S_IMODE( ++ self.outerdir.stat().st_mode)) ++ self.expect_file('all_bits', mode='?rwxr-xr-x') ++ self.expect_file('perm_bits', mode='?rwxr-xr-x') ++ self.expect_file('exec_group_other', mode='?rw-r--r--') ++ self.expect_file('read_group_only', mode='?rw-r-----') ++ self.expect_file('no_bits', mode='?rw-------') ++ self.expect_file('dir/', mode=normal_dir_mode) ++ ++ def test_pipe(self): ++ # Test handling of a special file ++ with ArchiveMaker() as arc: ++ arc.add('foo', type=tarfile.FIFOTYPE) ++ ++ for filter in 'fully_trusted', 'tar': ++ with self.check_context(arc.open(), filter): ++ if hasattr(os, 'mkfifo'): ++ self.expect_file('foo', type=tarfile.FIFOTYPE) ++ else: ++ # The pipe can't be extracted and is skipped. ++ pass ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.SpecialFileError, ++ "'foo' is a special file") ++ ++ def test_special_files(self): ++ # Creating device files is tricky. Instead of attempting that let's ++ # only check the filter result. ++ for special_type in tarfile.FIFOTYPE, tarfile.CHRTYPE, tarfile.BLKTYPE: ++ tarinfo = tarfile.TarInfo('foo') ++ tarinfo.type = special_type ++ trusted = tarfile.fully_trusted_filter(tarinfo, '') ++ self.assertIs(trusted, tarinfo) ++ tar = tarfile.tar_filter(tarinfo, '') ++ self.assertEqual(tar.type, special_type) ++ with self.assertRaises(tarfile.SpecialFileError) as cm: ++ tarfile.data_filter(tarinfo, '') ++ self.assertIsInstance(cm.exception.tarinfo, tarfile.TarInfo) ++ self.assertEqual(cm.exception.tarinfo.name, 'foo') ++ ++ def test_fully_trusted_filter(self): ++ # The 'fully_trusted' filter returns the original TarInfo objects. ++ with tarfile.TarFile.open(tarname) as tar: ++ for tarinfo in tar.getmembers(): ++ filtered = tarfile.fully_trusted_filter(tarinfo, '') ++ self.assertIs(filtered, tarinfo) ++ ++ def test_tar_filter(self): ++ # The 'tar' filter returns TarInfo objects with the same name/type. ++ # (It can also fail for particularly "evil" input, but we don't have ++ # that in the test archive.) ++ with tarfile.TarFile.open(tarname) as tar: ++ for tarinfo in tar.getmembers(): ++ filtered = tarfile.tar_filter(tarinfo, '') ++ self.assertIs(filtered.name, tarinfo.name) ++ self.assertIs(filtered.type, tarinfo.type) ++ ++ def test_data_filter(self): ++ # The 'data' filter either raises, or returns TarInfo with the same ++ # name/type. ++ with tarfile.TarFile.open(tarname) as tar: ++ for tarinfo in tar.getmembers(): ++ try: ++ filtered = tarfile.data_filter(tarinfo, '') ++ except tarfile.FilterError: ++ continue ++ self.assertIs(filtered.name, tarinfo.name) ++ self.assertIs(filtered.type, tarinfo.type) ++ ++ def test_default_filter_warns_not(self): ++ """Ensure the default filter does not warn (like in 3.12)""" ++ with ArchiveMaker() as arc: ++ arc.add('foo') ++ with support.check_no_warnings(self): ++ with self.check_context(arc.open(), None): ++ self.expect_file('foo') ++ ++ def test_change_default_filter_on_instance(self): ++ tar = tarfile.TarFile(tarname, 'r') ++ def strict_filter(tarinfo, path): ++ if tarinfo.name == 'ustar/regtype': ++ return tarinfo ++ else: ++ return None ++ tar.extraction_filter = strict_filter ++ with self.check_context(tar, None): ++ self.expect_file('ustar/regtype') ++ ++ def test_change_default_filter_on_class(self): ++ def strict_filter(tarinfo, path): ++ if tarinfo.name == 'ustar/regtype': ++ return tarinfo ++ else: ++ return None ++ tar = tarfile.TarFile(tarname, 'r') ++ with support.swap_attr(tarfile.TarFile, 'extraction_filter', ++ staticmethod(strict_filter)): ++ with self.check_context(tar, None): ++ self.expect_file('ustar/regtype') ++ ++ def test_change_default_filter_on_subclass(self): ++ class TarSubclass(tarfile.TarFile): ++ def extraction_filter(self, tarinfo, path): ++ if tarinfo.name == 'ustar/regtype': ++ return tarinfo ++ else: ++ return None ++ ++ tar = TarSubclass(tarname, 'r') ++ with self.check_context(tar, None): ++ self.expect_file('ustar/regtype') ++ ++ def test_change_default_filter_to_string(self): ++ tar = tarfile.TarFile(tarname, 'r') ++ tar.extraction_filter = 'data' ++ with self.check_context(tar, None): ++ self.expect_exception(TypeError) ++ ++ def test_custom_filter(self): ++ def custom_filter(tarinfo, path): ++ self.assertIs(path, self.destdir) ++ if tarinfo.name == 'move_this': ++ return tarinfo.replace(name='moved') ++ if tarinfo.name == 'ignore_this': ++ return None ++ return tarinfo ++ ++ with ArchiveMaker() as arc: ++ arc.add('move_this') ++ arc.add('ignore_this') ++ arc.add('keep') ++ with self.check_context(arc.open(), custom_filter): ++ self.expect_file('moved') ++ self.expect_file('keep') ++ ++ def test_bad_filter_name(self): ++ with ArchiveMaker() as arc: ++ arc.add('foo') ++ with self.check_context(arc.open(), 'bad filter name'): ++ self.expect_exception(ValueError) ++ ++ def test_stateful_filter(self): ++ # Stateful filters should be possible. ++ # (This doesn't really test tarfile. Rather, it demonstrates ++ # that third parties can implement a stateful filter.) ++ class StatefulFilter: ++ def __enter__(self): ++ self.num_files_processed = 0 ++ return self ++ ++ def __call__(self, tarinfo, path): ++ try: ++ tarinfo = tarfile.data_filter(tarinfo, path) ++ except tarfile.FilterError: ++ return None ++ self.num_files_processed += 1 ++ return tarinfo ++ ++ def __exit__(self, *exc_info): ++ self.done = True ++ ++ with ArchiveMaker() as arc: ++ arc.add('good') ++ arc.add('bad', symlink_to='/') ++ arc.add('good') ++ with StatefulFilter() as custom_filter: ++ with self.check_context(arc.open(), custom_filter): ++ self.expect_file('good') ++ self.assertEqual(custom_filter.num_files_processed, 2) ++ self.assertEqual(custom_filter.done, True) ++ ++ def test_errorlevel(self): ++ def extracterror_filter(tarinfo, path): ++ raise tarfile.ExtractError('failed with ExtractError') ++ def filtererror_filter(tarinfo, path): ++ raise tarfile.FilterError('failed with FilterError') ++ def oserror_filter(tarinfo, path): ++ raise OSError('failed with OSError') ++ def tarerror_filter(tarinfo, path): ++ raise tarfile.TarError('failed with base TarError') ++ def valueerror_filter(tarinfo, path): ++ raise ValueError('failed with ValueError') ++ ++ with ArchiveMaker() as arc: ++ arc.add('file') ++ ++ # If errorlevel is 0, errors affected by errorlevel are ignored ++ ++ with self.check_context(arc.open(errorlevel=0), extracterror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=0), filtererror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=0), oserror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=0), tarerror_filter): ++ self.expect_exception(tarfile.TarError) ++ ++ with self.check_context(arc.open(errorlevel=0), valueerror_filter): ++ self.expect_exception(ValueError) ++ ++ # If 1, all fatal errors are raised ++ ++ with self.check_context(arc.open(errorlevel=1), extracterror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=1), filtererror_filter): ++ self.expect_exception(tarfile.FilterError) ++ ++ with self.check_context(arc.open(errorlevel=1), oserror_filter): ++ self.expect_exception(OSError) ++ ++ with self.check_context(arc.open(errorlevel=1), tarerror_filter): ++ self.expect_exception(tarfile.TarError) ++ ++ with self.check_context(arc.open(errorlevel=1), valueerror_filter): ++ self.expect_exception(ValueError) ++ ++ # If 2, all non-fatal errors are raised as well. ++ ++ with self.check_context(arc.open(errorlevel=2), extracterror_filter): ++ self.expect_exception(tarfile.ExtractError) ++ ++ with self.check_context(arc.open(errorlevel=2), filtererror_filter): ++ self.expect_exception(tarfile.FilterError) ++ ++ with self.check_context(arc.open(errorlevel=2), oserror_filter): ++ self.expect_exception(OSError) ++ ++ with self.check_context(arc.open(errorlevel=2), tarerror_filter): ++ self.expect_exception(tarfile.TarError) ++ ++ with self.check_context(arc.open(errorlevel=2), valueerror_filter): ++ self.expect_exception(ValueError) ++ ++ # We only handle ExtractionError, FilterError & OSError specially. ++ ++ with self.check_context(arc.open(errorlevel='boo!'), filtererror_filter): ++ self.expect_exception(TypeError) # errorlevel is not int ++ ++ + def setUpModule(): + support.unlink(TEMPDIR) + os.makedirs(TEMPDIR) +diff --git a/Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst b/Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst +new file mode 100644 +index 0000000000..48a105a4a1 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst +@@ -0,0 +1,4 @@ ++The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`, ++have a new a *filter* argument that allows limiting tar features than may be ++surprising or dangerous, such as creating files outside the destination ++directory. See :ref:`tarfile-extraction-filter` for details. diff --git a/pip-CVE-2007-4559.patch b/pip-CVE-2007-4559.patch new file mode 100644 index 0000000..635f90c --- /dev/null +++ b/pip-CVE-2007-4559.patch @@ -0,0 +1,42 @@ +diff --git a/pip/_internal/utils/misc.py b/pip/_internal/utils/misc.py +index 84a421f..fbdb654 100644 +--- a/pip/_internal/utils/misc.py ++++ b/pip/_internal/utils/misc.py +@@ -532,6 +532,13 @@ def untar_file(filename, location): + if leading: + fn = split_leading_dir(fn)[1] + path = os.path.join(location, fn) ++ ++ # Call the `data` filter for its side effect (raising exception) ++ try: ++ tarfile.data_filter(member.replace(name=fn), location) ++ except tarfile.LinkOutsideDestinationError: ++ pass ++ + if member.isdir(): + ensure_dir(path) + elif member.issym(): +diff --git a/pip/_vendor/distlib/util.py b/pip/_vendor/distlib/util.py +index 0b14a93..8f3f12e 100644 +--- a/pip/_vendor/distlib/util.py ++++ b/pip/_vendor/distlib/util.py +@@ -1238,6 +1238,19 @@ def unarchive(archive_filename, dest_dir, format=None, check=True): + for tarinfo in archive.getmembers(): + if not isinstance(tarinfo.name, text_type): + tarinfo.name = tarinfo.name.decode('utf-8') ++ ++ # Limit extraction of dangerous items, if this Python ++ # allows it easily. If not, just trust the input. ++ # See: https://docs.python.org/3/library/tarfile.html#extraction-filters ++ def extraction_filter(member, path): ++ """Run tarfile.tar_fillter, but raise the expected ValueError""" ++ # This is only called if the current Python has tarfile filters ++ try: ++ return tarfile.tar_filter(member, path) ++ except tarfile.FilterError as exc: ++ raise ValueError(str(exc)) ++ archive.extraction_filter = extraction_filter ++ + archive.extractall(dest_dir) + + finally: diff --git a/python3.6.spec b/python3.6.spec index 77728f6..8ed645b 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 26%{?dist} +Release: 27%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -319,6 +319,9 @@ Source10: idle3.desktop # AppData file for idle3 Source11: idle3.appdata.xml +# Patch for the bundled pip wheel for CVE-2007-4559 +Source12: pip-CVE-2007-4559.patch + # (Patches taken from github.com/fedora-python/cpython) # 00001 # d06a8853cf4bae9e115f45e1d531d2dc152c5cc8 @@ -614,6 +617,20 @@ Patch392: 00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch # the behavior to linear. Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch +# 00397 # e867e27272cd259b76133784ef3f2811e671f3db +# PEP 706, CVE-2007-4559: Filter API for tarfile.extractall +# +# Add API for allowing checks on the content of tar files, allowing callers to mitigate +# directory traversal (CVE-2007-4559) and related issues. +# +# Python 3.12 will warn if this API is not used. +# Python 3.14 will fail if it's not used. +# +# Backport from https://github.com/python/cpython/issues/102950 +# +# Change document: https://peps.python.org/pep-0706/ +Patch397: 00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch + # 00399 # dc0a803eea47d3b4f0657816b112b5a33491500f # CVE-2023-24329 # @@ -1016,6 +1033,12 @@ rm Lib/ensurepip/_bundled/*.whl # Apply the remaining patches %autopatch -m 190 +# Patch the bundled pip wheel for CVE-2007-4559 +unzip -qq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl +patch -p1 < %{SOURCE12} +zip -rq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl pip pip-%{pip_version}.dist-info +rm -rf pip/ pip-%{pip_version}.dist-info/ + # Remove bundled libraries to ensure that we're using the system copy. rm -r Modules/expat rm -r Modules/zlib @@ -1925,6 +1948,10 @@ CheckPython optimized # ====================================================== %changelog +* Thu Feb 29 2024 Charalampos Stratakis - 3.6.15-27 +- Security fix for CVE-2007-4559 +- Fixes: rhbz#2141080 + * Wed Feb 28 2024 Charalampos Stratakis - 3.6.15-26 - Fix tests for XMLPullParser with Expat 2.6.0 From 24f0369012b54652419fca86b35ed9e7e88af2bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 7 Mar 2024 16:20:43 +0100 Subject: [PATCH 32/66] Fix build on riscv64 This backports an upstream commit from Python 3.8+. The commit adds a platform triplet for riscv64, riscv64-linux-gnu. This equals to %{_arch}-linux%{_gnu} (the "legacy" Fedora triplet) so no adjustments are needed to patch 00353 and/or the related parts of the spec. --- ...7-add-triplets-for-mips-r6-and-riscv.patch | 161 ++++++++++++++++++ python3.6.spec | 9 +- 2 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch diff --git a/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch b/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch new file mode 100644 index 0000000..401faef --- /dev/null +++ b/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch @@ -0,0 +1,161 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthias Klose +Date: Mon, 30 Apr 2018 19:22:16 +0200 +Subject: [PATCH] 00423: bpo-33377: Add triplets for mips-r6 and riscv + +--- + .../2018-04-30-16-53-00.bpo-33377.QBh6vP.rst | 2 + + configure | 42 ++++++++++++++++++- + configure.ac | 28 +++++++++++++ + 3 files changed, 71 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Build/2018-04-30-16-53-00.bpo-33377.QBh6vP.rst + +diff --git a/Misc/NEWS.d/next/Build/2018-04-30-16-53-00.bpo-33377.QBh6vP.rst b/Misc/NEWS.d/next/Build/2018-04-30-16-53-00.bpo-33377.QBh6vP.rst +new file mode 100644 +index 0000000000..f5dbd23c7c +--- /dev/null ++++ b/Misc/NEWS.d/next/Build/2018-04-30-16-53-00.bpo-33377.QBh6vP.rst +@@ -0,0 +1,2 @@ ++Add new triplets for mips r6 and riscv variants (used in extension ++suffixes). +diff --git a/configure b/configure +index 68a46deef5..6ea6e7d742 100755 +--- a/configure ++++ b/configure +@@ -785,6 +785,7 @@ infodir + docdir + oldincludedir + includedir ++runstatedir + localstatedir + sharedstatedir + sysconfdir +@@ -898,6 +899,7 @@ datadir='${datarootdir}' + sysconfdir='${prefix}/etc' + sharedstatedir='${prefix}/com' + localstatedir='${prefix}/var' ++runstatedir='${localstatedir}/run' + includedir='${prefix}/include' + oldincludedir='/usr/include' + docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +@@ -1150,6 +1152,15 @@ do + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + ++ -runstatedir | --runstatedir | --runstatedi | --runstated \ ++ | --runstate | --runstat | --runsta | --runst | --runs \ ++ | --run | --ru | --r) ++ ac_prev=runstatedir ;; ++ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ ++ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ ++ | --run=* | --ru=* | --r=*) ++ runstatedir=$ac_optarg ;; ++ + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ +@@ -1287,7 +1298,7 @@ fi + for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ +- libdir localedir mandir ++ libdir localedir mandir runstatedir + do + eval ac_val=\$$ac_var + # Remove trailing slashes. +@@ -1440,6 +1451,7 @@ Fine tuning of the installation directories: + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] ++ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] +@@ -5261,6 +5273,26 @@ cat >> conftest.c <=6) && defined(_MIPSEL) ++# if _MIPS_SIM == _ABIO32 ++ mipsisa32r6el-linux-gnu ++# elif _MIPS_SIM == _ABIN32 ++ mipsisa64r6el-linux-gnuabin32 ++# elif _MIPS_SIM == _ABI64 ++ mipsisa64r6el-linux-gnuabi64 ++# else ++# error unknown platform triplet ++# endif ++# elif defined(__mips_hard_float) && defined(__mips_isa_rev) && (__mips_isa_rev >=6) ++# if _MIPS_SIM == _ABIO32 ++ mipsisa32r6-linux-gnu ++# elif _MIPS_SIM == _ABIN32 ++ mipsisa64r6-linux-gnuabin32 ++# elif _MIPS_SIM == _ABI64 ++ mipsisa64r6-linux-gnuabi64 ++# else ++# error unknown platform triplet ++# endif + # elif defined(__mips_hard_float) && defined(_MIPSEL) + # if _MIPS_SIM == _ABIO32 + mipsel-linux-gnu +@@ -5303,6 +5335,14 @@ cat >> conftest.c <> conftest.c <=6) && defined(_MIPSEL) ++# if _MIPS_SIM == _ABIO32 ++ mipsisa32r6el-linux-gnu ++# elif _MIPS_SIM == _ABIN32 ++ mipsisa64r6el-linux-gnuabin32 ++# elif _MIPS_SIM == _ABI64 ++ mipsisa64r6el-linux-gnuabi64 ++# else ++# error unknown platform triplet ++# endif ++# elif defined(__mips_hard_float) && defined(__mips_isa_rev) && (__mips_isa_rev >=6) ++# if _MIPS_SIM == _ABIO32 ++ mipsisa32r6-linux-gnu ++# elif _MIPS_SIM == _ABIN32 ++ mipsisa64r6-linux-gnuabin32 ++# elif _MIPS_SIM == _ABI64 ++ mipsisa64r6-linux-gnuabi64 ++# else ++# error unknown platform triplet ++# endif + # elif defined(__mips_hard_float) && defined(_MIPSEL) + # if _MIPS_SIM == _ABIO32 + mipsel-linux-gnu +@@ -846,6 +866,14 @@ cat >> conftest.c < - 3.6.15-28 +- Fix build on riscv64 + * Thu Feb 29 2024 Charalampos Stratakis - 3.6.15-27 - Security fix for CVE-2007-4559 - Fixes: rhbz#2141080 From bb16462457196cb5924eb027ea96f950c9991995 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Mon, 11 Mar 2024 20:38:34 +0100 Subject: [PATCH 33/66] Support OpenSSL 3 Fixes: rhbz#2254550 --- 00361-openssl-3-compatibility.patch | 16060 ++++++++++++++++++++++++++ python3.6.spec | 16 +- 2 files changed, 16074 insertions(+), 2 deletions(-) create mode 100644 00361-openssl-3-compatibility.patch diff --git a/00361-openssl-3-compatibility.patch b/00361-openssl-3-compatibility.patch new file mode 100644 index 0000000..006d228 --- /dev/null +++ b/00361-openssl-3-compatibility.patch @@ -0,0 +1,16060 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Sat, 7 Dec 2019 09:20:43 -0800 +Subject: [PATCH] 00361: openssl-3-compatibility + +Backported from Python 3.8 + +Based on https://github.com/stratakis/cpython/tree/fedora-3.6_openssl3_compat +--- + Doc/library/hashlib.rst | 4 +- + Doc/library/ssl.rst | 11 + + Lib/test/test_ssl.py | 149 +- + .../2019-11-16-16-09-07.bpo-38820.ivhUSV.rst | 2 + + .../2021-04-09-12-08-01.bpo-43788.YsvInM.rst | 4 + + .../2021-04-09-14-08-03.bpo-43789.eaHlAm.rst | 2 + + .../2021-04-09-16-14-22.bpo-43794.-1XPDH.rst | 1 + + .../2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst | 2 + + .../2021-04-09-15-10-38.bpo-43791.4KxiXK.rst | 2 + + .../2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst | 1 + + Modules/_hashopenssl.c | 10 +- + Modules/_ssl.c | 93 +- + Modules/_ssl_data_111.h | 6525 +++++++++++++ + Modules/_ssl_data_300.h | 8435 +++++++++++++++++ + Tools/ssl/make_ssl_data.py | 181 +- + Tools/ssl/multissltests.py | 3 +- + setup.py | 34 +- + 17 files changed, 15289 insertions(+), 170 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2019-11-16-16-09-07.bpo-38820.ivhUSV.rst + create mode 100644 Misc/NEWS.d/next/Library/2021-04-09-12-08-01.bpo-43788.YsvInM.rst + create mode 100644 Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst + create mode 100644 Misc/NEWS.d/next/Library/2021-04-09-16-14-22.bpo-43794.-1XPDH.rst + create mode 100644 Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst + create mode 100644 Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst + create mode 100644 Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst + create mode 100644 Modules/_ssl_data_111.h + create mode 100644 Modules/_ssl_data_300.h + +diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst +index b4f5176352..d78f9f48d1 100644 +--- a/Doc/library/hashlib.rst ++++ b/Doc/library/hashlib.rst +@@ -109,10 +109,10 @@ More condensed: + + Using :func:`new` with an algorithm provided by OpenSSL: + +- >>> h = hashlib.new('ripemd160') ++ >>> h = hashlib.new('sha512_256') + >>> h.update(b"Nobody inspects the spammish repetition") + >>> h.hexdigest() +- 'cc4a5ce1b3df48aec5d22d1f16b894a0b894eccc' ++ '19197dc4d03829df858011c6c87600f994a858103bbc19005f20987aa19a97e2' + + Hashlib provides the following constant attributes: + +diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst +index a85be1a744..a534811f93 100644 +--- a/Doc/library/ssl.rst ++++ b/Doc/library/ssl.rst +@@ -844,6 +844,14 @@ Constants + + .. versionadded:: 3.6 + ++.. data:: OP_IGNORE_UNEXPECTED_EOF ++ ++ Ignore unexpected shutdown of TLS connections. ++ ++ This option is only available with OpenSSL 3.0.0 and later. ++ ++ .. versionadded:: 3.6.15-27 ++ + .. data:: HAS_ALPN + + Whether the OpenSSL library has built-in support for the *Application-Layer +@@ -1143,6 +1151,9 @@ SSL sockets also have the following additional methods and attributes: + The returned dictionary includes additional X509v3 extension items + such as ``crlDistributionPoints``, ``caIssuers`` and ``OCSP`` URIs. + ++ .. versionchanged:: 3.6.15-27 ++ IPv6 address strings no longer have a trailing new line. ++ + .. method:: SSLSocket.cipher() + + Returns a three-value tuple containing the name of the cipher being used, the +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +index 510bb09501..ce40b09bb6 100644 +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -38,6 +38,7 @@ PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) + HOST = support.HOST + IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') + IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) ++IS_OPENSSL_3_0_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (3, 0, 0) + PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS') + + def data_file(*name): +@@ -92,6 +93,7 @@ OP_SINGLE_DH_USE = getattr(ssl, "OP_SINGLE_DH_USE", 0) + OP_SINGLE_ECDH_USE = getattr(ssl, "OP_SINGLE_ECDH_USE", 0) + OP_CIPHER_SERVER_PREFERENCE = getattr(ssl, "OP_CIPHER_SERVER_PREFERENCE", 0) + OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0) ++OP_IGNORE_UNEXPECTED_EOF = getattr(ssl, "OP_IGNORE_UNEXPECTED_EOF", 0) + + + def handle_error(prefix): +@@ -147,8 +149,8 @@ def skip_if_broken_ubuntu_ssl(func): + else: + return func + +-def skip_if_openssl_cnf_minprotocol_gt_tls1(func): +- """Skip a test if the OpenSSL config MinProtocol is > TLSv1. ++def skip_if_openssl_cnf_minprotocol_gt_tls11(func): ++ """Skip a test if the OpenSSL config MinProtocol is > TLSv1.1. + + OS distros with an /etc/ssl/openssl.cnf and MinProtocol set often do so to + require TLSv1.2 or higher (Debian Buster). Some of our tests for older +@@ -159,6 +161,8 @@ def skip_if_openssl_cnf_minprotocol_gt_tls1(func): + """ + @functools.wraps(func) + def f(*args, **kwargs): ++ if IS_OPENSSL_3_0_0: ++ raise unittest.SkipTest('OpenSSL 3 effectively disables TLS < 1.2') + openssl_cnf = os.environ.get("OPENSSL_CONF", "/etc/ssl/openssl.cnf") + try: + with open(openssl_cnf, "r") as config: +@@ -166,7 +170,7 @@ def skip_if_openssl_cnf_minprotocol_gt_tls1(func): + match = re.match(r"MinProtocol\s*=\s*(TLSv\d+\S*)", line) + if match: + tls_ver = match.group(1) +- if tls_ver > "TLSv1": ++ if tls_ver > "TLSv1.1": + raise unittest.SkipTest( + "%s has MinProtocol = %s which is > TLSv1." % + (openssl_cnf, tls_ver)) +@@ -367,7 +371,7 @@ class BasicSocketTests(unittest.TestCase): + ('email', 'null@python.org\x00user@example.org'), + ('URI', 'http://null.python.org\x00http://example.org'), + ('IP Address', '192.0.2.1'), +- ('IP Address', '2001:DB8:0:0:0:0:0:1\n')) ++ ('IP Address', '2001:DB8:0:0:0:0:0:1')) + else: + # OpenSSL 0.9.7 doesn't support IPv6 addresses in subjectAltName + san = (('DNS', 'altnull.python.org\x00example.com'), +@@ -394,7 +398,7 @@ class BasicSocketTests(unittest.TestCase): + (('commonName', 'dirname example'),))), + ('URI', 'https://www.python.org/'), + ('IP Address', '127.0.0.1'), +- ('IP Address', '0:0:0:0:0:0:0:1\n'), ++ ('IP Address', '0:0:0:0:0:0:0:1'), + ('Registered ID', '1.2.3.4.5') + ) + ) +@@ -421,11 +425,11 @@ class BasicSocketTests(unittest.TestCase): + # Some sanity checks follow + # >= 0.9 + self.assertGreaterEqual(n, 0x900000) +- # < 3.0 +- self.assertLess(n, 0x30000000) ++ # < 4.0 ++ self.assertLess(n, 0x40000000) + major, minor, fix, patch, status = t +- self.assertGreaterEqual(major, 0) +- self.assertLess(major, 3) ++ self.assertGreaterEqual(major, 1) ++ self.assertLess(major, 4) + self.assertGreaterEqual(minor, 0) + self.assertLess(minor, 256) + self.assertGreaterEqual(fix, 0) +@@ -434,13 +438,17 @@ class BasicSocketTests(unittest.TestCase): + self.assertLessEqual(patch, 63) + self.assertGreaterEqual(status, 0) + self.assertLessEqual(status, 15) +- # Version string as returned by {Open,Libre}SSL, the format might change +- if IS_LIBRESSL: +- self.assertTrue(s.startswith("LibreSSL {:d}".format(major)), +- (s, t, hex(n))) ++ ++ libressl_ver = f"LibreSSL {major:d}" ++ if major >= 3: ++ # 3.x uses 0xMNN00PP0L ++ openssl_ver = f"OpenSSL {major:d}.{minor:d}.{patch:d}" + else: +- self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)), +- (s, t, hex(n))) ++ openssl_ver = f"OpenSSL {major:d}.{minor:d}.{fix:d}" ++ self.assertTrue( ++ s.startswith((openssl_ver, libressl_ver)), ++ (s, t, hex(n)) ++ ) + + @support.cpython_only + def test_refcycle(self): +@@ -982,7 +990,8 @@ class ContextTests(unittest.TestCase): + # SSLContext also enables these by default + default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE | + OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE | +- OP_ENABLE_MIDDLEBOX_COMPAT) ++ OP_ENABLE_MIDDLEBOX_COMPAT | ++ OP_IGNORE_UNEXPECTED_EOF) + self.assertEqual(default, ctx.options) + ctx.options |= ssl.OP_NO_TLSv1 + self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) +@@ -1185,12 +1194,17 @@ class ContextTests(unittest.TestCase): + ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + self.assertRaises(TypeError, ctx.load_verify_locations, cadata=object) + +- with self.assertRaisesRegex(ssl.SSLError, "no start line"): ++ with self.assertRaisesRegex( ++ ssl.SSLError, ++ "no start line: cadata does not contain a certificate" ++ ): + ctx.load_verify_locations(cadata="broken") +- with self.assertRaisesRegex(ssl.SSLError, "not enough data"): ++ with self.assertRaisesRegex( ++ ssl.SSLError, ++ "not enough data: cadata does not contain a certificate" ++ ): + ctx.load_verify_locations(cadata=b"broken") + +- + def test_load_dh_params(self): + ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + ctx.load_dh_params(DHFILE) +@@ -1410,7 +1424,7 @@ class ContextTests(unittest.TestCase): + self._assert_context_options(ctx) + + def test_check_hostname(self): +- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS) + self.assertFalse(ctx.check_hostname) + + # Requires CERT_REQUIRED or CERT_OPTIONAL +@@ -1468,7 +1482,7 @@ class SSLErrorTests(unittest.TestCase): + def test_subclass(self): + # Check that the appropriate SSLError subclass is raised + # (this only tests one of them) +- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS) + with socket.socket() as s: + s.bind(("127.0.0.1", 0)) + s.listen() +@@ -2411,7 +2425,8 @@ if _have_threads: + if support.verbose: + sys.stdout.write("\n") + for protocol in PROTOCOLS: +- if protocol in {ssl.PROTOCOL_TLS_CLIENT, ssl.PROTOCOL_TLS_SERVER}: ++ if protocol in {ssl.PROTOCOL_TLS_CLIENT, ssl.PROTOCOL_TLS_SERVER, ++ ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_1}: + continue + with self.subTest(protocol=ssl._PROTOCOL_NAMES[protocol]): + context = ssl.SSLContext(protocol) +@@ -2502,10 +2517,10 @@ if _have_threads: + if support.verbose: + sys.stdout.write("\n") + +- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ server_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + server_context.load_cert_chain(SIGNED_CERTFILE) + +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.verify_mode = ssl.CERT_REQUIRED + context.load_verify_locations(SIGNING_CA) + tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0) +@@ -2543,10 +2558,10 @@ if _have_threads: + if support.verbose: + sys.stdout.write("\n") + +- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ server_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + server_context.load_cert_chain(SIGNED_CERTFILE) + +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.verify_mode = ssl.CERT_REQUIRED + context.check_hostname = True + context.load_verify_locations(SIGNING_CA) +@@ -2676,7 +2691,7 @@ if _have_threads: + client_options=ssl.OP_NO_TLSv1) + + @skip_if_broken_ubuntu_ssl +- @skip_if_openssl_cnf_minprotocol_gt_tls1 ++ @skip_if_openssl_cnf_minprotocol_gt_tls11 + def test_protocol_sslv23(self): + """Connecting to an SSLv23 server with various client options""" + if support.verbose: +@@ -2737,6 +2752,7 @@ if _have_threads: + False, client_options=ssl.OP_NO_SSLv2) + + @skip_if_broken_ubuntu_ssl ++ @skip_if_openssl_cnf_minprotocol_gt_tls11 + def test_protocol_tlsv1(self): + """Connecting to a TLSv1 server with various client options""" + if support.verbose: +@@ -2754,7 +2770,7 @@ if _have_threads: + @skip_if_broken_ubuntu_ssl + @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_1"), + "TLS version 1.1 not supported.") +- @skip_if_openssl_cnf_minprotocol_gt_tls1 ++ @skip_if_openssl_cnf_minprotocol_gt_tls11 + def test_protocol_tlsv1_1(self): + """Connecting to a TLSv1.1 server with various client options. + Testing against older TLS versions.""" +@@ -2802,7 +2818,7 @@ if _have_threads: + msgs = (b"msg 1", b"MSG 2", b"STARTTLS", b"MSG 3", b"msg 4", b"ENDTLS", b"msg 5", b"msg 6") + + server = ThreadedEchoServer(CERTFILE, +- ssl_version=ssl.PROTOCOL_TLSv1, ++ ssl_version=ssl.PROTOCOL_TLS, + starttls_server=True, + chatty=True, + connectionchatty=True) +@@ -2830,7 +2846,7 @@ if _have_threads: + sys.stdout.write( + " client: read %r from server, starting TLS...\n" + % msg) +- conn = test_wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1) ++ conn = test_wrap_socket(s, ssl_version=ssl.PROTOCOL_TLS) + wrapped = True + elif indata == b"ENDTLS" and msg.startswith(b"ok"): + # ENDTLS ok, switch back to clear text +@@ -2917,7 +2933,7 @@ if _have_threads: + + server = ThreadedEchoServer(CERTFILE, + certreqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1, ++ ssl_version=ssl.PROTOCOL_TLS, + cacerts=CERTFILE, + chatty=True, + connectionchatty=False) +@@ -2927,7 +2943,7 @@ if _have_threads: + certfile=CERTFILE, + ca_certs=CERTFILE, + cert_reqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1) ++ ssl_version=ssl.PROTOCOL_TLS) + s.connect((HOST, server.port)) + # helper methods for standardising recv* method signatures + def _recv_into(): +@@ -3069,7 +3085,7 @@ if _have_threads: + def test_nonblocking_send(self): + server = ThreadedEchoServer(CERTFILE, + certreqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1, ++ ssl_version=ssl.PROTOCOL_TLS, + cacerts=CERTFILE, + chatty=True, + connectionchatty=False) +@@ -3079,7 +3095,7 @@ if _have_threads: + certfile=CERTFILE, + ca_certs=CERTFILE, + cert_reqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1) ++ ssl_version=ssl.PROTOCOL_TLS) + s.connect((HOST, server.port)) + s.setblocking(False) + +@@ -3225,14 +3241,14 @@ if _have_threads: + Basic tests for SSLSocket.version(). + More tests are done in the test_protocol_*() methods. + """ +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + with ThreadedEchoServer(CERTFILE, +- ssl_version=ssl.PROTOCOL_TLSv1, ++ ssl_version=ssl.PROTOCOL_TLS, + chatty=False) as server: + with context.wrap_socket(socket.socket()) as s: + self.assertIs(s.version(), None) + s.connect((HOST, server.port)) +- self.assertEqual(s.version(), 'TLSv1') ++ self.assertEqual(s.version(), 'TLSv1.3') + self.assertIs(s.version(), None) + + @unittest.skipUnless(ssl.HAS_TLSv1_3, +@@ -3282,7 +3298,7 @@ if _have_threads: + + server = ThreadedEchoServer(CERTFILE, + certreqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1, ++ ssl_version=ssl.PROTOCOL_TLS, + cacerts=CERTFILE, + chatty=True, + connectionchatty=False) +@@ -3292,7 +3308,7 @@ if _have_threads: + certfile=CERTFILE, + ca_certs=CERTFILE, + cert_reqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1) ++ ssl_version=ssl.PROTOCOL_TLS) + s.connect((HOST, server.port)) + # get the data + cb_data = s.get_channel_binding("tls-unique") +@@ -3302,7 +3318,10 @@ if _have_threads: + + # check if it is sane + self.assertIsNotNone(cb_data) +- self.assertEqual(len(cb_data), 12) # True for TLSv1 ++ if s.version() == 'TLSv1.3': ++ self.assertEqual(len(cb_data), 48) ++ else: ++ self.assertEqual(len(cb_data), 12) # True for TLSv1 + + # and compare with the peers version + s.write(b"CB tls-unique\n") +@@ -3317,7 +3336,7 @@ if _have_threads: + certfile=CERTFILE, + ca_certs=CERTFILE, + cert_reqs=ssl.CERT_NONE, +- ssl_version=ssl.PROTOCOL_TLSv1) ++ ssl_version=ssl.PROTOCOL_TLS) + s.connect((HOST, server.port)) + new_cb_data = s.get_channel_binding("tls-unique") + if support.verbose: +@@ -3326,7 +3345,10 @@ if _have_threads: + # is it really unique + self.assertNotEqual(cb_data, new_cb_data) + self.assertIsNotNone(cb_data) +- self.assertEqual(len(cb_data), 12) # True for TLSv1 ++ if s.version() == 'TLSv1.3': ++ self.assertEqual(len(cb_data), 48) ++ else: ++ self.assertEqual(len(cb_data), 12) # True for TLSv1 + s.write(b"CB tls-unique\n") + peer_data_repr = s.read().strip() + self.assertEqual(peer_data_repr, +@@ -3334,7 +3356,7 @@ if _have_threads: + s.close() + + def test_compression(self): +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.load_cert_chain(CERTFILE) + stats = server_params_test(context, context, + chatty=True, connectionchatty=True) +@@ -3345,7 +3367,7 @@ if _have_threads: + @unittest.skipUnless(hasattr(ssl, 'OP_NO_COMPRESSION'), + "ssl.OP_NO_COMPRESSION needed for this test") + def test_compression_disabled(self): +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.load_cert_chain(CERTFILE) + context.options |= ssl.OP_NO_COMPRESSION + stats = server_params_test(context, context, +@@ -3354,7 +3376,7 @@ if _have_threads: + + def test_dh_params(self): + # Check we can get a connection with ephemeral Diffie-Hellman +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + context.load_cert_chain(CERTFILE) + context.load_dh_params(DHFILE) + context.set_ciphers("kEDH") +@@ -3367,7 +3389,7 @@ if _have_threads: + + def test_selected_alpn_protocol(self): + # selected_alpn_protocol() is None unless ALPN is used. +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.load_cert_chain(CERTFILE) + stats = server_params_test(context, context, + chatty=True, connectionchatty=True) +@@ -3376,9 +3398,9 @@ if _have_threads: + @unittest.skipUnless(ssl.HAS_ALPN, "ALPN support required") + def test_selected_alpn_protocol_if_server_uses_alpn(self): + # selected_alpn_protocol() is None unless ALPN is used by the client. +- client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ client_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + client_context.load_verify_locations(CERTFILE) +- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ server_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + server_context.load_cert_chain(CERTFILE) + server_context.set_alpn_protocols(['foo', 'bar']) + stats = server_params_test(client_context, server_context, +@@ -3429,7 +3451,7 @@ if _have_threads: + + def test_selected_npn_protocol(self): + # selected_npn_protocol() is None unless NPN is used +- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.load_cert_chain(CERTFILE) + stats = server_params_test(context, context, + chatty=True, connectionchatty=True) +@@ -3465,11 +3487,11 @@ if _have_threads: + self.assertEqual(server_result, expected, msg % (server_result, "server")) + + def sni_contexts(self): +- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ server_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + server_context.load_cert_chain(SIGNED_CERTFILE) +- other_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ other_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + other_context.load_cert_chain(SIGNED_CERTFILE2) +- client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ client_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + client_context.verify_mode = ssl.CERT_REQUIRED + client_context.load_verify_locations(SIGNING_CA) + return server_context, other_context, client_context +@@ -3568,9 +3590,9 @@ if _have_threads: + self.assertIn("TypeError", stderr.getvalue()) + + def test_shared_ciphers(self): +- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ server_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + server_context.load_cert_chain(SIGNED_CERTFILE) +- client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ client_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + client_context.verify_mode = ssl.CERT_REQUIRED + client_context.load_verify_locations(SIGNING_CA) + if ssl.OPENSSL_VERSION_INFO >= (1, 0, 2): +@@ -3630,14 +3652,18 @@ if _have_threads: + self.assertEqual(s.recv(1024), TEST_DATA) + + def test_session(self): +- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + server_context.load_cert_chain(SIGNED_CERTFILE) +- client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + client_context.verify_mode = ssl.CERT_REQUIRED + client_context.load_verify_locations(SIGNING_CA) + ++ # Sessions are not compatible with TLS 1.3 ++ client_context.options |= ssl.OP_NO_TLSv1_3 ++ + # first connection without session +- stats = server_params_test(client_context, server_context) ++ stats = server_params_test(client_context, server_context, ++ sni_name='localhost') + session = stats['session'] + self.assertTrue(session.id) + self.assertGreater(session.time, 0) +@@ -3651,7 +3677,8 @@ if _have_threads: + self.assertEqual(sess_stat['hits'], 0) + + # reuse session +- stats = server_params_test(client_context, server_context, session=session) ++ stats = server_params_test(client_context, server_context, ++ session=session, sni_name='localhost') + sess_stat = server_context.session_stats() + self.assertEqual(sess_stat['accept'], 2) + self.assertEqual(sess_stat['hits'], 1) +@@ -3664,7 +3691,8 @@ if _have_threads: + self.assertGreaterEqual(session2.timeout, session.timeout) + + # another one without session +- stats = server_params_test(client_context, server_context) ++ stats = server_params_test(client_context, server_context, ++ sni_name='localhost') + self.assertFalse(stats['session_reused']) + session3 = stats['session'] + self.assertNotEqual(session3.id, session.id) +@@ -3674,7 +3702,8 @@ if _have_threads: + self.assertEqual(sess_stat['hits'], 1) + + # reuse session again +- stats = server_params_test(client_context, server_context, session=session) ++ stats = server_params_test(client_context, server_context, ++ session=session, sni_name='localhost') + self.assertTrue(stats['session_reused']) + session4 = stats['session'] + self.assertEqual(session4.id, session.id) +diff --git a/Misc/NEWS.d/next/Library/2019-11-16-16-09-07.bpo-38820.ivhUSV.rst b/Misc/NEWS.d/next/Library/2019-11-16-16-09-07.bpo-38820.ivhUSV.rst +new file mode 100644 +index 0000000000..2c6a6e853c +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2019-11-16-16-09-07.bpo-38820.ivhUSV.rst +@@ -0,0 +1,2 @@ ++Make Python compatible with OpenSSL 3.0.0. :func:`ssl.SSLSocket.getpeercert` ++no longer returns IPv6 addresses with a trailing new line. +diff --git a/Misc/NEWS.d/next/Library/2021-04-09-12-08-01.bpo-43788.YsvInM.rst b/Misc/NEWS.d/next/Library/2021-04-09-12-08-01.bpo-43788.YsvInM.rst +new file mode 100644 +index 0000000000..ff76256472 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2021-04-09-12-08-01.bpo-43788.YsvInM.rst +@@ -0,0 +1,4 @@ ++The header files for :mod:`ssl` error codes are now OpenSSL ++version-specific. Exceptions will now show correct reason and library ++codes. The ``make_ssl_data.py`` script has been rewritten to use OpenSSL's ++text file with error codes. +diff --git a/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst +new file mode 100644 +index 0000000000..1c08529462 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst +@@ -0,0 +1,2 @@ ++OpenSSL 3.0.0: Don't call the password callback function a second time when ++first call has signaled an error condition. +diff --git a/Misc/NEWS.d/next/Library/2021-04-09-16-14-22.bpo-43794.-1XPDH.rst b/Misc/NEWS.d/next/Library/2021-04-09-16-14-22.bpo-43794.-1XPDH.rst +new file mode 100644 +index 0000000000..64894bdc01 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2021-04-09-16-14-22.bpo-43794.-1XPDH.rst +@@ -0,0 +1 @@ ++Add :data:`ssl.OP_IGNORE_UNEXPECTED_EOF` constants (OpenSSL 3.0.0) +diff --git a/Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst b/Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst +new file mode 100644 +index 0000000000..28ff0fb3af +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst +@@ -0,0 +1,2 @@ ++OpenSSL 3.0.0: :meth:`~ssl.SSLContext.load_verify_locations` now returns a ++consistent error message when cadata contains no valid certificate. +diff --git a/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst b/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst +new file mode 100644 +index 0000000000..964ae5abb3 +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst +@@ -0,0 +1,2 @@ ++OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests ++are failing with TLSV1_ALERT_INTERNAL_ERROR. +diff --git a/Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst b/Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst +new file mode 100644 +index 0000000000..6878cea032 +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst +@@ -0,0 +1 @@ ++Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses ``0xMNN00PP0L``. +diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c +index 84edd72c85..e8f4badbeb 100644 +--- a/Modules/_hashopenssl.c ++++ b/Modules/_hashopenssl.c +@@ -364,7 +364,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) + return -1; + } + +- digest = EVP_get_digestbyname(nameStr); ++ digest = EVP_MD_fetch(NULL, nameStr, NULL); + if (!digest) { + PyErr_SetString(PyExc_ValueError, "unknown hash function"); + if (data_obj) +@@ -529,7 +529,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) + if (data_obj) + GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); + +- digest = EVP_get_digestbyname(name); ++ digest = EVP_MD_fetch(NULL, name, NULL); + + ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len); + +@@ -654,7 +654,7 @@ pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) + return NULL; + } + +- digest = EVP_get_digestbyname(name); ++ digest = EVP_MD_fetch(NULL, name, NULL); + if (digest == NULL) { + PyErr_SetString(PyExc_ValueError, "unsupported hash type"); + goto end; +@@ -941,8 +941,8 @@ generate_hash_name_list(void) + \ + if (CONST_new_ ## NAME ## _ctx_p == NULL) { \ + EVP_MD_CTX *ctx_p = EVP_MD_CTX_new(); \ +- if (!EVP_get_digestbyname(#NAME) || \ +- !EVP_DigestInit(ctx_p, EVP_get_digestbyname(#NAME))) { \ ++ if (!EVP_MD_fetch(NULL, #NAME, NULL) || \ ++ !EVP_DigestInit(ctx_p, EVP_MD_fetch(NULL, #NAME, NULL))) { \ + _setException(PyExc_ValueError); \ + EVP_MD_CTX_free(ctx_p); \ + return NULL; \ +diff --git a/Modules/_ssl.c b/Modules/_ssl.c +index ec366f019d..3375b2bf3f 100644 +--- a/Modules/_ssl.c ++++ b/Modules/_ssl.c +@@ -103,7 +103,13 @@ struct py_ssl_library_code { + }; + + /* Include generated data (error codes) */ ++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) ++#include "_ssl_data_300.h" ++#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) ++#include "_ssl_data_111.h" ++#else + #include "_ssl_data.h" ++#endif + + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + # define OPENSSL_VERSION_1_1 1 +@@ -1204,6 +1210,54 @@ _get_peer_alt_names (X509 *certificate) { + PyTuple_SET_ITEM(t, 1, v); + break; + ++ case GEN_IPADD: ++ /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed ++ * the trailing newline. Remove it in all versions ++ */ ++ t = PyTuple_New(2); ++ if (t == NULL) ++ goto fail; ++ ++ v = PyUnicode_FromString("IP Address"); ++ if (v == NULL) { ++ Py_DECREF(t); ++ goto fail; ++ } ++ PyTuple_SET_ITEM(t, 0, v); ++ ++ if (name->d.ip->length == 4) { ++ unsigned char *p = name->d.ip->data; ++ v = PyUnicode_FromFormat( ++ "%d.%d.%d.%d", ++ p[0], p[1], p[2], p[3] ++ ); ++ } else if (name->d.ip->length == 16) { ++ /* PyUnicode_FromFormat() does not support %X */ ++ unsigned char *p = name->d.ip->data; ++ len = sprintf( ++ buf, ++ "%X:%X:%X:%X:%X:%X:%X:%X", ++ p[0] << 8 | p[1], ++ p[2] << 8 | p[3], ++ p[4] << 8 | p[5], ++ p[6] << 8 | p[7], ++ p[8] << 8 | p[9], ++ p[10] << 8 | p[11], ++ p[12] << 8 | p[13], ++ p[14] << 8 | p[15] ++ ); ++ v = PyUnicode_FromStringAndSize(buf, len); ++ } else { ++ v = PyUnicode_FromString(""); ++ } ++ ++ if (v == NULL) { ++ Py_DECREF(t); ++ goto fail; ++ } ++ PyTuple_SET_ITEM(t, 1, v); ++ break; ++ + default: + /* for everything else, we use the OpenSSL print form */ + switch (gntype) { +@@ -1211,7 +1265,6 @@ _get_peer_alt_names (X509 *certificate) { + case GEN_OTHERNAME: + case GEN_X400: + case GEN_EDIPARTY: +- case GEN_IPADD: + case GEN_RID: + break; + default: +@@ -2880,6 +2933,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) + #endif + #ifdef SSL_OP_SINGLE_ECDH_USE + options |= SSL_OP_SINGLE_ECDH_USE; ++#endif ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ /* Make OpenSSL 3.0.0 behave like 1.1.1 */ ++ options |= SSL_OP_IGNORE_UNEXPECTED_EOF; + #endif + SSL_CTX_set_options(self->ctx, options); + +@@ -3441,6 +3498,13 @@ _password_callback(char *buf, int size, int rwflag, void *userdata) + + PySSL_END_ALLOW_THREADS_S(pw_info->thread_state); + ++ if (pw_info->error) { ++ /* already failed previously. OpenSSL 3.0.0-alpha14 invokes the ++ * callback multiple times which can lead to fatal Python error in ++ * exception check. */ ++ goto error; ++ } ++ + if (pw_info->callable) { + fn_ret = PyObject_CallFunctionObjArgs(pw_info->callable, NULL); + if (!fn_ret) { +@@ -3584,7 +3648,7 @@ _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len, + { + BIO *biobuf = NULL; + X509_STORE *store; +- int retval = 0, err, loaded = 0; ++ int retval = -1, err, loaded = 0; + + assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM); + +@@ -3638,23 +3702,32 @@ _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len, + } + + err = ERR_peek_last_error(); +- if ((filetype == SSL_FILETYPE_ASN1) && +- (loaded > 0) && +- (ERR_GET_LIB(err) == ERR_LIB_ASN1) && +- (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) { ++ if (loaded == 0) { ++ const char *msg = NULL; ++ if (filetype == SSL_FILETYPE_PEM) { ++ msg = "no start line: cadata does not contain a certificate"; ++ } else { ++ msg = "not enough data: cadata does not contain a certificate"; ++ } ++ _setSSLError(msg, 0, __FILE__, __LINE__); ++ retval = -1; ++ } else if ((filetype == SSL_FILETYPE_ASN1) && ++ (ERR_GET_LIB(err) == ERR_LIB_ASN1) && ++ (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) { + /* EOF ASN1 file, not an error */ + ERR_clear_error(); + retval = 0; + } else if ((filetype == SSL_FILETYPE_PEM) && +- (loaded > 0) && + (ERR_GET_LIB(err) == ERR_LIB_PEM) && + (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) { + /* EOF PEM file, not an error */ + ERR_clear_error(); + retval = 0; +- } else { ++ } else if (err != 0) { + _setSSLError(NULL, 0, __FILE__, __LINE__); + retval = -1; ++ } else { ++ retval = 0; + } + + BIO_free(biobuf); +@@ -5637,6 +5710,10 @@ PyInit__ssl(void) + PyModule_AddIntConstant(m, "OP_ENABLE_MIDDLEBOX_COMPAT", + SSL_OP_ENABLE_MIDDLEBOX_COMPAT); + #endif ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ PyModule_AddIntConstant(m, "OP_IGNORE_UNEXPECTED_EOF", ++ SSL_OP_IGNORE_UNEXPECTED_EOF); ++#endif + + #if HAVE_SNI + r = Py_True; +diff --git a/Modules/_ssl_data_111.h b/Modules/_ssl_data_111.h +new file mode 100644 +index 0000000000..85a2f7ec15 +--- /dev/null ++++ b/Modules/_ssl_data_111.h +@@ -0,0 +1,6525 @@ ++/* File generated by Tools/ssl/make_ssl_data.py *//* Generated on 2021-04-09T09:36:21.493286 */ ++static struct py_ssl_library_code library_codes[] = { ++#ifdef ERR_LIB_ASN1 ++ {"ASN1", ERR_LIB_ASN1}, ++#endif ++#ifdef ERR_LIB_ASYNC ++ {"ASYNC", ERR_LIB_ASYNC}, ++#endif ++#ifdef ERR_LIB_BIO ++ {"BIO", ERR_LIB_BIO}, ++#endif ++#ifdef ERR_LIB_BN ++ {"BN", ERR_LIB_BN}, ++#endif ++#ifdef ERR_LIB_BUF ++ {"BUF", ERR_LIB_BUF}, ++#endif ++#ifdef ERR_LIB_CMS ++ {"CMS", ERR_LIB_CMS}, ++#endif ++#ifdef ERR_LIB_COMP ++ {"COMP", ERR_LIB_COMP}, ++#endif ++#ifdef ERR_LIB_CONF ++ {"CONF", ERR_LIB_CONF}, ++#endif ++#ifdef ERR_LIB_CRYPTO ++ {"CRYPTO", ERR_LIB_CRYPTO}, ++#endif ++#ifdef ERR_LIB_CT ++ {"CT", ERR_LIB_CT}, ++#endif ++#ifdef ERR_LIB_DH ++ {"DH", ERR_LIB_DH}, ++#endif ++#ifdef ERR_LIB_DSA ++ {"DSA", ERR_LIB_DSA}, ++#endif ++#ifdef ERR_LIB_DSO ++ {"DSO", ERR_LIB_DSO}, ++#endif ++#ifdef ERR_LIB_EC ++ {"EC", ERR_LIB_EC}, ++#endif ++#ifdef ERR_LIB_ECDH ++ {"ECDH", ERR_LIB_ECDH}, ++#endif ++#ifdef ERR_LIB_ECDSA ++ {"ECDSA", ERR_LIB_ECDSA}, ++#endif ++#ifdef ERR_LIB_ENGINE ++ {"ENGINE", ERR_LIB_ENGINE}, ++#endif ++#ifdef ERR_LIB_EVP ++ {"EVP", ERR_LIB_EVP}, ++#endif ++#ifdef ERR_LIB_FIPS ++ {"FIPS", ERR_LIB_FIPS}, ++#endif ++#ifdef ERR_LIB_HMAC ++ {"HMAC", ERR_LIB_HMAC}, ++#endif ++#ifdef ERR_LIB_JPAKE ++ {"JPAKE", ERR_LIB_JPAKE}, ++#endif ++#ifdef ERR_LIB_KDF ++ {"KDF", ERR_LIB_KDF}, ++#endif ++#ifdef ERR_LIB_METH ++ {"METH", ERR_LIB_METH}, ++#endif ++#ifdef ERR_LIB_NONE ++ {"NONE", ERR_LIB_NONE}, ++#endif ++#ifdef ERR_LIB_OBJ ++ {"OBJ", ERR_LIB_OBJ}, ++#endif ++#ifdef ERR_LIB_OCSP ++ {"OCSP", ERR_LIB_OCSP}, ++#endif ++#ifdef ERR_LIB_OSSL_STORE ++ {"OSSL_STORE", ERR_LIB_OSSL_STORE}, ++#endif ++#ifdef ERR_LIB_PEM ++ {"PEM", ERR_LIB_PEM}, ++#endif ++#ifdef ERR_LIB_PKCS12 ++ {"PKCS12", ERR_LIB_PKCS12}, ++#endif ++#ifdef ERR_LIB_PKCS7 ++ {"PKCS7", ERR_LIB_PKCS7}, ++#endif ++#ifdef ERR_LIB_PROXY ++ {"PROXY", ERR_LIB_PROXY}, ++#endif ++#ifdef ERR_LIB_RAND ++ {"RAND", ERR_LIB_RAND}, ++#endif ++#ifdef ERR_LIB_RSA ++ {"RSA", ERR_LIB_RSA}, ++#endif ++#ifdef ERR_LIB_RSAREF ++ {"RSAREF", ERR_LIB_RSAREF}, ++#endif ++#ifdef ERR_LIB_SM2 ++ {"SM2", ERR_LIB_SM2}, ++#endif ++#ifdef ERR_LIB_SSL ++ {"SSL", ERR_LIB_SSL}, ++#endif ++#ifdef ERR_LIB_SSL2 ++ {"SSL2", ERR_LIB_SSL2}, ++#endif ++#ifdef ERR_LIB_SSL23 ++ {"SSL23", ERR_LIB_SSL23}, ++#endif ++#ifdef ERR_LIB_SSL3 ++ {"SSL3", ERR_LIB_SSL3}, ++#endif ++#ifdef ERR_LIB_SYS ++ {"SYS", ERR_LIB_SYS}, ++#endif ++#ifdef ERR_LIB_TS ++ {"TS", ERR_LIB_TS}, ++#endif ++#ifdef ERR_LIB_UI ++ {"UI", ERR_LIB_UI}, ++#endif ++#ifdef ERR_LIB_USER ++ {"USER", ERR_LIB_USER}, ++#endif ++#ifdef ERR_LIB_X509 ++ {"X509", ERR_LIB_X509}, ++#endif ++#ifdef ERR_LIB_X509V3 ++ {"X509V3", ERR_LIB_X509V3}, ++#endif ++ { NULL } ++}; ++ ++ ++static struct py_ssl_error_code error_codes[] = { ++ #ifdef ASN1_R_ADDING_OBJECT ++ {"ADDING_OBJECT", ERR_LIB_ASN1, ASN1_R_ADDING_OBJECT}, ++ #else ++ {"ADDING_OBJECT", 13, 171}, ++ #endif ++ #ifdef ASN1_R_ASN1_PARSE_ERROR ++ {"ASN1_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR}, ++ #else ++ {"ASN1_PARSE_ERROR", 13, 203}, ++ #endif ++ #ifdef ASN1_R_ASN1_SIG_PARSE_ERROR ++ {"ASN1_SIG_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR}, ++ #else ++ {"ASN1_SIG_PARSE_ERROR", 13, 204}, ++ #endif ++ #ifdef ASN1_R_AUX_ERROR ++ {"AUX_ERROR", ERR_LIB_ASN1, ASN1_R_AUX_ERROR}, ++ #else ++ {"AUX_ERROR", 13, 100}, ++ #endif ++ #ifdef ASN1_R_BAD_OBJECT_HEADER ++ {"BAD_OBJECT_HEADER", ERR_LIB_ASN1, ASN1_R_BAD_OBJECT_HEADER}, ++ #else ++ {"BAD_OBJECT_HEADER", 13, 102}, ++ #endif ++ #ifdef ASN1_R_BAD_TEMPLATE ++ {"BAD_TEMPLATE", ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE}, ++ #else ++ {"BAD_TEMPLATE", 13, 230}, ++ #endif ++ #ifdef ASN1_R_BMPSTRING_IS_WRONG_LENGTH ++ {"BMPSTRING_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH}, ++ #else ++ {"BMPSTRING_IS_WRONG_LENGTH", 13, 214}, ++ #endif ++ #ifdef ASN1_R_BN_LIB ++ {"BN_LIB", ERR_LIB_ASN1, ASN1_R_BN_LIB}, ++ #else ++ {"BN_LIB", 13, 105}, ++ #endif ++ #ifdef ASN1_R_BOOLEAN_IS_WRONG_LENGTH ++ {"BOOLEAN_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH}, ++ #else ++ {"BOOLEAN_IS_WRONG_LENGTH", 13, 106}, ++ #endif ++ #ifdef ASN1_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_ASN1, ASN1_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 13, 107}, ++ #endif ++ #ifdef ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER}, ++ #else ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", 13, 108}, ++ #endif ++ #ifdef ASN1_R_CONTEXT_NOT_INITIALISED ++ {"CONTEXT_NOT_INITIALISED", ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED}, ++ #else ++ {"CONTEXT_NOT_INITIALISED", 13, 217}, ++ #endif ++ #ifdef ASN1_R_DATA_IS_WRONG ++ {"DATA_IS_WRONG", ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG}, ++ #else ++ {"DATA_IS_WRONG", 13, 109}, ++ #endif ++ #ifdef ASN1_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_ASN1, ASN1_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 13, 110}, ++ #endif ++ #ifdef ASN1_R_DEPTH_EXCEEDED ++ {"DEPTH_EXCEEDED", ERR_LIB_ASN1, ASN1_R_DEPTH_EXCEEDED}, ++ #else ++ {"DEPTH_EXCEEDED", 13, 174}, ++ #endif ++ #ifdef ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED ++ {"DIGEST_AND_KEY_TYPE_NOT_SUPPORTED", ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED}, ++ #else ++ {"DIGEST_AND_KEY_TYPE_NOT_SUPPORTED", 13, 198}, ++ #endif ++ #ifdef ASN1_R_ENCODE_ERROR ++ {"ENCODE_ERROR", ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR}, ++ #else ++ {"ENCODE_ERROR", 13, 112}, ++ #endif ++ #ifdef ASN1_R_ERROR_GETTING_TIME ++ {"ERROR_GETTING_TIME", ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME}, ++ #else ++ {"ERROR_GETTING_TIME", 13, 173}, ++ #endif ++ #ifdef ASN1_R_ERROR_LOADING_SECTION ++ {"ERROR_LOADING_SECTION", ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION}, ++ #else ++ {"ERROR_LOADING_SECTION", 13, 172}, ++ #endif ++ #ifdef ASN1_R_ERROR_SETTING_CIPHER_PARAMS ++ {"ERROR_SETTING_CIPHER_PARAMS", ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS}, ++ #else ++ {"ERROR_SETTING_CIPHER_PARAMS", 13, 114}, ++ #endif ++ #ifdef ASN1_R_EXPECTING_AN_INTEGER ++ {"EXPECTING_AN_INTEGER", ERR_LIB_ASN1, ASN1_R_EXPECTING_AN_INTEGER}, ++ #else ++ {"EXPECTING_AN_INTEGER", 13, 115}, ++ #endif ++ #ifdef ASN1_R_EXPECTING_AN_OBJECT ++ {"EXPECTING_AN_OBJECT", ERR_LIB_ASN1, ASN1_R_EXPECTING_AN_OBJECT}, ++ #else ++ {"EXPECTING_AN_OBJECT", 13, 116}, ++ #endif ++ #ifdef ASN1_R_EXPLICIT_LENGTH_MISMATCH ++ {"EXPLICIT_LENGTH_MISMATCH", ERR_LIB_ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH}, ++ #else ++ {"EXPLICIT_LENGTH_MISMATCH", 13, 119}, ++ #endif ++ #ifdef ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ++ {"EXPLICIT_TAG_NOT_CONSTRUCTED", ERR_LIB_ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED}, ++ #else ++ {"EXPLICIT_TAG_NOT_CONSTRUCTED", 13, 120}, ++ #endif ++ #ifdef ASN1_R_FIELD_MISSING ++ {"FIELD_MISSING", ERR_LIB_ASN1, ASN1_R_FIELD_MISSING}, ++ #else ++ {"FIELD_MISSING", 13, 121}, ++ #endif ++ #ifdef ASN1_R_FIRST_NUM_TOO_LARGE ++ {"FIRST_NUM_TOO_LARGE", ERR_LIB_ASN1, ASN1_R_FIRST_NUM_TOO_LARGE}, ++ #else ++ {"FIRST_NUM_TOO_LARGE", 13, 122}, ++ #endif ++ #ifdef ASN1_R_HEADER_TOO_LONG ++ {"HEADER_TOO_LONG", ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG}, ++ #else ++ {"HEADER_TOO_LONG", 13, 123}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_BITSTRING_FORMAT ++ {"ILLEGAL_BITSTRING_FORMAT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT}, ++ #else ++ {"ILLEGAL_BITSTRING_FORMAT", 13, 175}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_BOOLEAN ++ {"ILLEGAL_BOOLEAN", ERR_LIB_ASN1, ASN1_R_ILLEGAL_BOOLEAN}, ++ #else ++ {"ILLEGAL_BOOLEAN", 13, 176}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_CHARACTERS ++ {"ILLEGAL_CHARACTERS", ERR_LIB_ASN1, ASN1_R_ILLEGAL_CHARACTERS}, ++ #else ++ {"ILLEGAL_CHARACTERS", 13, 124}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_FORMAT ++ {"ILLEGAL_FORMAT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_FORMAT}, ++ #else ++ {"ILLEGAL_FORMAT", 13, 177}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_HEX ++ {"ILLEGAL_HEX", ERR_LIB_ASN1, ASN1_R_ILLEGAL_HEX}, ++ #else ++ {"ILLEGAL_HEX", 13, 178}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_IMPLICIT_TAG ++ {"ILLEGAL_IMPLICIT_TAG", ERR_LIB_ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG}, ++ #else ++ {"ILLEGAL_IMPLICIT_TAG", 13, 179}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_INTEGER ++ {"ILLEGAL_INTEGER", ERR_LIB_ASN1, ASN1_R_ILLEGAL_INTEGER}, ++ #else ++ {"ILLEGAL_INTEGER", 13, 180}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NEGATIVE_VALUE ++ {"ILLEGAL_NEGATIVE_VALUE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE}, ++ #else ++ {"ILLEGAL_NEGATIVE_VALUE", 13, 226}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NESTED_TAGGING ++ {"ILLEGAL_NESTED_TAGGING", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING}, ++ #else ++ {"ILLEGAL_NESTED_TAGGING", 13, 181}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NULL ++ {"ILLEGAL_NULL", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL}, ++ #else ++ {"ILLEGAL_NULL", 13, 125}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NULL_VALUE ++ {"ILLEGAL_NULL_VALUE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL_VALUE}, ++ #else ++ {"ILLEGAL_NULL_VALUE", 13, 182}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_OBJECT ++ {"ILLEGAL_OBJECT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_OBJECT}, ++ #else ++ {"ILLEGAL_OBJECT", 13, 183}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_OPTIONAL_ANY ++ {"ILLEGAL_OPTIONAL_ANY", ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY}, ++ #else ++ {"ILLEGAL_OPTIONAL_ANY", 13, 126}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ++ {"ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE}, ++ #else ++ {"ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE", 13, 170}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_PADDING ++ {"ILLEGAL_PADDING", ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING}, ++ #else ++ {"ILLEGAL_PADDING", 13, 221}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_TAGGED_ANY ++ {"ILLEGAL_TAGGED_ANY", ERR_LIB_ASN1, ASN1_R_ILLEGAL_TAGGED_ANY}, ++ #else ++ {"ILLEGAL_TAGGED_ANY", 13, 127}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_TIME_VALUE ++ {"ILLEGAL_TIME_VALUE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_TIME_VALUE}, ++ #else ++ {"ILLEGAL_TIME_VALUE", 13, 184}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_ZERO_CONTENT ++ {"ILLEGAL_ZERO_CONTENT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT}, ++ #else ++ {"ILLEGAL_ZERO_CONTENT", 13, 222}, ++ #endif ++ #ifdef ASN1_R_INTEGER_NOT_ASCII_FORMAT ++ {"INTEGER_NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT}, ++ #else ++ {"INTEGER_NOT_ASCII_FORMAT", 13, 185}, ++ #endif ++ #ifdef ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ++ {"INTEGER_TOO_LARGE_FOR_LONG", ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG}, ++ #else ++ {"INTEGER_TOO_LARGE_FOR_LONG", 13, 128}, ++ #endif ++ #ifdef ASN1_R_INVALID_BIT_STRING_BITS_LEFT ++ {"INVALID_BIT_STRING_BITS_LEFT", ERR_LIB_ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT}, ++ #else ++ {"INVALID_BIT_STRING_BITS_LEFT", 13, 220}, ++ #endif ++ #ifdef ASN1_R_INVALID_BMPSTRING_LENGTH ++ {"INVALID_BMPSTRING_LENGTH", ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH}, ++ #else ++ {"INVALID_BMPSTRING_LENGTH", 13, 129}, ++ #endif ++ #ifdef ASN1_R_INVALID_DIGIT ++ {"INVALID_DIGIT", ERR_LIB_ASN1, ASN1_R_INVALID_DIGIT}, ++ #else ++ {"INVALID_DIGIT", 13, 130}, ++ #endif ++ #ifdef ASN1_R_INVALID_MIME_TYPE ++ {"INVALID_MIME_TYPE", ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE}, ++ #else ++ {"INVALID_MIME_TYPE", 13, 205}, ++ #endif ++ #ifdef ASN1_R_INVALID_MODIFIER ++ {"INVALID_MODIFIER", ERR_LIB_ASN1, ASN1_R_INVALID_MODIFIER}, ++ #else ++ {"INVALID_MODIFIER", 13, 186}, ++ #endif ++ #ifdef ASN1_R_INVALID_NUMBER ++ {"INVALID_NUMBER", ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER}, ++ #else ++ {"INVALID_NUMBER", 13, 187}, ++ #endif ++ #ifdef ASN1_R_INVALID_OBJECT_ENCODING ++ {"INVALID_OBJECT_ENCODING", ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING}, ++ #else ++ {"INVALID_OBJECT_ENCODING", 13, 216}, ++ #endif ++ #ifdef ASN1_R_INVALID_SCRYPT_PARAMETERS ++ {"INVALID_SCRYPT_PARAMETERS", ERR_LIB_ASN1, ASN1_R_INVALID_SCRYPT_PARAMETERS}, ++ #else ++ {"INVALID_SCRYPT_PARAMETERS", 13, 227}, ++ #endif ++ #ifdef ASN1_R_INVALID_SEPARATOR ++ {"INVALID_SEPARATOR", ERR_LIB_ASN1, ASN1_R_INVALID_SEPARATOR}, ++ #else ++ {"INVALID_SEPARATOR", 13, 131}, ++ #endif ++ #ifdef ASN1_R_INVALID_STRING_TABLE_VALUE ++ {"INVALID_STRING_TABLE_VALUE", ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE}, ++ #else ++ {"INVALID_STRING_TABLE_VALUE", 13, 218}, ++ #endif ++ #ifdef ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ++ {"INVALID_UNIVERSALSTRING_LENGTH", ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH}, ++ #else ++ {"INVALID_UNIVERSALSTRING_LENGTH", 13, 133}, ++ #endif ++ #ifdef ASN1_R_INVALID_UTF8STRING ++ {"INVALID_UTF8STRING", ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING}, ++ #else ++ {"INVALID_UTF8STRING", 13, 134}, ++ #endif ++ #ifdef ASN1_R_INVALID_VALUE ++ {"INVALID_VALUE", ERR_LIB_ASN1, ASN1_R_INVALID_VALUE}, ++ #else ++ {"INVALID_VALUE", 13, 219}, ++ #endif ++ #ifdef ASN1_R_LIST_ERROR ++ {"LIST_ERROR", ERR_LIB_ASN1, ASN1_R_LIST_ERROR}, ++ #else ++ {"LIST_ERROR", 13, 188}, ++ #endif ++ #ifdef ASN1_R_MIME_NO_CONTENT_TYPE ++ {"MIME_NO_CONTENT_TYPE", ERR_LIB_ASN1, ASN1_R_MIME_NO_CONTENT_TYPE}, ++ #else ++ {"MIME_NO_CONTENT_TYPE", 13, 206}, ++ #endif ++ #ifdef ASN1_R_MIME_PARSE_ERROR ++ {"MIME_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_MIME_PARSE_ERROR}, ++ #else ++ {"MIME_PARSE_ERROR", 13, 207}, ++ #endif ++ #ifdef ASN1_R_MIME_SIG_PARSE_ERROR ++ {"MIME_SIG_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR}, ++ #else ++ {"MIME_SIG_PARSE_ERROR", 13, 208}, ++ #endif ++ #ifdef ASN1_R_MISSING_EOC ++ {"MISSING_EOC", ERR_LIB_ASN1, ASN1_R_MISSING_EOC}, ++ #else ++ {"MISSING_EOC", 13, 137}, ++ #endif ++ #ifdef ASN1_R_MISSING_SECOND_NUMBER ++ {"MISSING_SECOND_NUMBER", ERR_LIB_ASN1, ASN1_R_MISSING_SECOND_NUMBER}, ++ #else ++ {"MISSING_SECOND_NUMBER", 13, 138}, ++ #endif ++ #ifdef ASN1_R_MISSING_VALUE ++ {"MISSING_VALUE", ERR_LIB_ASN1, ASN1_R_MISSING_VALUE}, ++ #else ++ {"MISSING_VALUE", 13, 189}, ++ #endif ++ #ifdef ASN1_R_MSTRING_NOT_UNIVERSAL ++ {"MSTRING_NOT_UNIVERSAL", ERR_LIB_ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL}, ++ #else ++ {"MSTRING_NOT_UNIVERSAL", 13, 139}, ++ #endif ++ #ifdef ASN1_R_MSTRING_WRONG_TAG ++ {"MSTRING_WRONG_TAG", ERR_LIB_ASN1, ASN1_R_MSTRING_WRONG_TAG}, ++ #else ++ {"MSTRING_WRONG_TAG", 13, 140}, ++ #endif ++ #ifdef ASN1_R_NESTED_ASN1_STRING ++ {"NESTED_ASN1_STRING", ERR_LIB_ASN1, ASN1_R_NESTED_ASN1_STRING}, ++ #else ++ {"NESTED_ASN1_STRING", 13, 197}, ++ #endif ++ #ifdef ASN1_R_NESTED_TOO_DEEP ++ {"NESTED_TOO_DEEP", ERR_LIB_ASN1, ASN1_R_NESTED_TOO_DEEP}, ++ #else ++ {"NESTED_TOO_DEEP", 13, 201}, ++ #endif ++ #ifdef ASN1_R_NON_HEX_CHARACTERS ++ {"NON_HEX_CHARACTERS", ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS}, ++ #else ++ {"NON_HEX_CHARACTERS", 13, 141}, ++ #endif ++ #ifdef ASN1_R_NOT_ASCII_FORMAT ++ {"NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_NOT_ASCII_FORMAT}, ++ #else ++ {"NOT_ASCII_FORMAT", 13, 190}, ++ #endif ++ #ifdef ASN1_R_NOT_ENOUGH_DATA ++ {"NOT_ENOUGH_DATA", ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA}, ++ #else ++ {"NOT_ENOUGH_DATA", 13, 142}, ++ #endif ++ #ifdef ASN1_R_NO_CONTENT_TYPE ++ {"NO_CONTENT_TYPE", ERR_LIB_ASN1, ASN1_R_NO_CONTENT_TYPE}, ++ #else ++ {"NO_CONTENT_TYPE", 13, 209}, ++ #endif ++ #ifdef ASN1_R_NO_MATCHING_CHOICE_TYPE ++ {"NO_MATCHING_CHOICE_TYPE", ERR_LIB_ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE}, ++ #else ++ {"NO_MATCHING_CHOICE_TYPE", 13, 143}, ++ #endif ++ #ifdef ASN1_R_NO_MULTIPART_BODY_FAILURE ++ {"NO_MULTIPART_BODY_FAILURE", ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE}, ++ #else ++ {"NO_MULTIPART_BODY_FAILURE", 13, 210}, ++ #endif ++ #ifdef ASN1_R_NO_MULTIPART_BOUNDARY ++ {"NO_MULTIPART_BOUNDARY", ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY}, ++ #else ++ {"NO_MULTIPART_BOUNDARY", 13, 211}, ++ #endif ++ #ifdef ASN1_R_NO_SIG_CONTENT_TYPE ++ {"NO_SIG_CONTENT_TYPE", ERR_LIB_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE}, ++ #else ++ {"NO_SIG_CONTENT_TYPE", 13, 212}, ++ #endif ++ #ifdef ASN1_R_NULL_IS_WRONG_LENGTH ++ {"NULL_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_NULL_IS_WRONG_LENGTH}, ++ #else ++ {"NULL_IS_WRONG_LENGTH", 13, 144}, ++ #endif ++ #ifdef ASN1_R_OBJECT_NOT_ASCII_FORMAT ++ {"OBJECT_NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT}, ++ #else ++ {"OBJECT_NOT_ASCII_FORMAT", 13, 191}, ++ #endif ++ #ifdef ASN1_R_ODD_NUMBER_OF_CHARS ++ {"ODD_NUMBER_OF_CHARS", ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS}, ++ #else ++ {"ODD_NUMBER_OF_CHARS", 13, 145}, ++ #endif ++ #ifdef ASN1_R_SECOND_NUMBER_TOO_LARGE ++ {"SECOND_NUMBER_TOO_LARGE", ERR_LIB_ASN1, ASN1_R_SECOND_NUMBER_TOO_LARGE}, ++ #else ++ {"SECOND_NUMBER_TOO_LARGE", 13, 147}, ++ #endif ++ #ifdef ASN1_R_SEQUENCE_LENGTH_MISMATCH ++ {"SEQUENCE_LENGTH_MISMATCH", ERR_LIB_ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH}, ++ #else ++ {"SEQUENCE_LENGTH_MISMATCH", 13, 148}, ++ #endif ++ #ifdef ASN1_R_SEQUENCE_NOT_CONSTRUCTED ++ {"SEQUENCE_NOT_CONSTRUCTED", ERR_LIB_ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED}, ++ #else ++ {"SEQUENCE_NOT_CONSTRUCTED", 13, 149}, ++ #endif ++ #ifdef ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG ++ {"SEQUENCE_OR_SET_NEEDS_CONFIG", ERR_LIB_ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG}, ++ #else ++ {"SEQUENCE_OR_SET_NEEDS_CONFIG", 13, 192}, ++ #endif ++ #ifdef ASN1_R_SHORT_LINE ++ {"SHORT_LINE", ERR_LIB_ASN1, ASN1_R_SHORT_LINE}, ++ #else ++ {"SHORT_LINE", 13, 150}, ++ #endif ++ #ifdef ASN1_R_SIG_INVALID_MIME_TYPE ++ {"SIG_INVALID_MIME_TYPE", ERR_LIB_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE}, ++ #else ++ {"SIG_INVALID_MIME_TYPE", 13, 213}, ++ #endif ++ #ifdef ASN1_R_STREAMING_NOT_SUPPORTED ++ {"STREAMING_NOT_SUPPORTED", ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED}, ++ #else ++ {"STREAMING_NOT_SUPPORTED", 13, 202}, ++ #endif ++ #ifdef ASN1_R_STRING_TOO_LONG ++ {"STRING_TOO_LONG", ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG}, ++ #else ++ {"STRING_TOO_LONG", 13, 151}, ++ #endif ++ #ifdef ASN1_R_STRING_TOO_SHORT ++ {"STRING_TOO_SHORT", ERR_LIB_ASN1, ASN1_R_STRING_TOO_SHORT}, ++ #else ++ {"STRING_TOO_SHORT", 13, 152}, ++ #endif ++ #ifdef ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", ERR_LIB_ASN1, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD}, ++ #else ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", 13, 154}, ++ #endif ++ #ifdef ASN1_R_TIME_NOT_ASCII_FORMAT ++ {"TIME_NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT}, ++ #else ++ {"TIME_NOT_ASCII_FORMAT", 13, 193}, ++ #endif ++ #ifdef ASN1_R_TOO_LARGE ++ {"TOO_LARGE", ERR_LIB_ASN1, ASN1_R_TOO_LARGE}, ++ #else ++ {"TOO_LARGE", 13, 223}, ++ #endif ++ #ifdef ASN1_R_TOO_LONG ++ {"TOO_LONG", ERR_LIB_ASN1, ASN1_R_TOO_LONG}, ++ #else ++ {"TOO_LONG", 13, 155}, ++ #endif ++ #ifdef ASN1_R_TOO_SMALL ++ {"TOO_SMALL", ERR_LIB_ASN1, ASN1_R_TOO_SMALL}, ++ #else ++ {"TOO_SMALL", 13, 224}, ++ #endif ++ #ifdef ASN1_R_TYPE_NOT_CONSTRUCTED ++ {"TYPE_NOT_CONSTRUCTED", ERR_LIB_ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED}, ++ #else ++ {"TYPE_NOT_CONSTRUCTED", 13, 156}, ++ #endif ++ #ifdef ASN1_R_TYPE_NOT_PRIMITIVE ++ {"TYPE_NOT_PRIMITIVE", ERR_LIB_ASN1, ASN1_R_TYPE_NOT_PRIMITIVE}, ++ #else ++ {"TYPE_NOT_PRIMITIVE", 13, 195}, ++ #endif ++ #ifdef ASN1_R_UNEXPECTED_EOC ++ {"UNEXPECTED_EOC", ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC}, ++ #else ++ {"UNEXPECTED_EOC", 13, 159}, ++ #endif ++ #ifdef ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH ++ {"UNIVERSALSTRING_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH}, ++ #else ++ {"UNIVERSALSTRING_IS_WRONG_LENGTH", 13, 215}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_FORMAT ++ {"UNKNOWN_FORMAT", ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT}, ++ #else ++ {"UNKNOWN_FORMAT", 13, 160}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ++ {"UNKNOWN_MESSAGE_DIGEST_ALGORITHM", ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM}, ++ #else ++ {"UNKNOWN_MESSAGE_DIGEST_ALGORITHM", 13, 161}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_OBJECT_TYPE ++ {"UNKNOWN_OBJECT_TYPE", ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE}, ++ #else ++ {"UNKNOWN_OBJECT_TYPE", 13, 162}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ++ {"UNKNOWN_PUBLIC_KEY_TYPE", ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE}, ++ #else ++ {"UNKNOWN_PUBLIC_KEY_TYPE", 13, 163}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM ++ {"UNKNOWN_SIGNATURE_ALGORITHM", ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM}, ++ #else ++ {"UNKNOWN_SIGNATURE_ALGORITHM", 13, 199}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_TAG ++ {"UNKNOWN_TAG", ERR_LIB_ASN1, ASN1_R_UNKNOWN_TAG}, ++ #else ++ {"UNKNOWN_TAG", 13, 194}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ++ {"UNSUPPORTED_ANY_DEFINED_BY_TYPE", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE}, ++ #else ++ {"UNSUPPORTED_ANY_DEFINED_BY_TYPE", 13, 164}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 13, 228}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE}, ++ #else ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", 13, 167}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_TYPE ++ {"UNSUPPORTED_TYPE", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE}, ++ #else ++ {"UNSUPPORTED_TYPE", 13, 196}, ++ #endif ++ #ifdef ASN1_R_WRONG_INTEGER_TYPE ++ {"WRONG_INTEGER_TYPE", ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE}, ++ #else ++ {"WRONG_INTEGER_TYPE", 13, 225}, ++ #endif ++ #ifdef ASN1_R_WRONG_PUBLIC_KEY_TYPE ++ {"WRONG_PUBLIC_KEY_TYPE", ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE}, ++ #else ++ {"WRONG_PUBLIC_KEY_TYPE", 13, 200}, ++ #endif ++ #ifdef ASN1_R_WRONG_TAG ++ {"WRONG_TAG", ERR_LIB_ASN1, ASN1_R_WRONG_TAG}, ++ #else ++ {"WRONG_TAG", 13, 168}, ++ #endif ++ #ifdef ASYNC_R_FAILED_TO_SET_POOL ++ {"FAILED_TO_SET_POOL", ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SET_POOL}, ++ #else ++ {"FAILED_TO_SET_POOL", 51, 101}, ++ #endif ++ #ifdef ASYNC_R_FAILED_TO_SWAP_CONTEXT ++ {"FAILED_TO_SWAP_CONTEXT", ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT}, ++ #else ++ {"FAILED_TO_SWAP_CONTEXT", 51, 102}, ++ #endif ++ #ifdef ASYNC_R_INIT_FAILED ++ {"INIT_FAILED", ERR_LIB_ASYNC, ASYNC_R_INIT_FAILED}, ++ #else ++ {"INIT_FAILED", 51, 105}, ++ #endif ++ #ifdef ASYNC_R_INVALID_POOL_SIZE ++ {"INVALID_POOL_SIZE", ERR_LIB_ASYNC, ASYNC_R_INVALID_POOL_SIZE}, ++ #else ++ {"INVALID_POOL_SIZE", 51, 103}, ++ #endif ++ #ifdef BIO_R_ACCEPT_ERROR ++ {"ACCEPT_ERROR", ERR_LIB_BIO, BIO_R_ACCEPT_ERROR}, ++ #else ++ {"ACCEPT_ERROR", 32, 100}, ++ #endif ++ #ifdef BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET ++ {"ADDRINFO_ADDR_IS_NOT_AF_INET", ERR_LIB_BIO, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET}, ++ #else ++ {"ADDRINFO_ADDR_IS_NOT_AF_INET", 32, 141}, ++ #endif ++ #ifdef BIO_R_AMBIGUOUS_HOST_OR_SERVICE ++ {"AMBIGUOUS_HOST_OR_SERVICE", ERR_LIB_BIO, BIO_R_AMBIGUOUS_HOST_OR_SERVICE}, ++ #else ++ {"AMBIGUOUS_HOST_OR_SERVICE", 32, 129}, ++ #endif ++ #ifdef BIO_R_BAD_FOPEN_MODE ++ {"BAD_FOPEN_MODE", ERR_LIB_BIO, BIO_R_BAD_FOPEN_MODE}, ++ #else ++ {"BAD_FOPEN_MODE", 32, 101}, ++ #endif ++ #ifdef BIO_R_BROKEN_PIPE ++ {"BROKEN_PIPE", ERR_LIB_BIO, BIO_R_BROKEN_PIPE}, ++ #else ++ {"BROKEN_PIPE", 32, 124}, ++ #endif ++ #ifdef BIO_R_CONNECT_ERROR ++ {"CONNECT_ERROR", ERR_LIB_BIO, BIO_R_CONNECT_ERROR}, ++ #else ++ {"CONNECT_ERROR", 32, 103}, ++ #endif ++ #ifdef BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ++ {"GETHOSTBYNAME_ADDR_IS_NOT_AF_INET", ERR_LIB_BIO, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET}, ++ #else ++ {"GETHOSTBYNAME_ADDR_IS_NOT_AF_INET", 32, 107}, ++ #endif ++ #ifdef BIO_R_GETSOCKNAME_ERROR ++ {"GETSOCKNAME_ERROR", ERR_LIB_BIO, BIO_R_GETSOCKNAME_ERROR}, ++ #else ++ {"GETSOCKNAME_ERROR", 32, 132}, ++ #endif ++ #ifdef BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS ++ {"GETSOCKNAME_TRUNCATED_ADDRESS", ERR_LIB_BIO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS}, ++ #else ++ {"GETSOCKNAME_TRUNCATED_ADDRESS", 32, 133}, ++ #endif ++ #ifdef BIO_R_GETTING_SOCKTYPE ++ {"GETTING_SOCKTYPE", ERR_LIB_BIO, BIO_R_GETTING_SOCKTYPE}, ++ #else ++ {"GETTING_SOCKTYPE", 32, 134}, ++ #endif ++ #ifdef BIO_R_INVALID_ARGUMENT ++ {"INVALID_ARGUMENT", ERR_LIB_BIO, BIO_R_INVALID_ARGUMENT}, ++ #else ++ {"INVALID_ARGUMENT", 32, 125}, ++ #endif ++ #ifdef BIO_R_INVALID_SOCKET ++ {"INVALID_SOCKET", ERR_LIB_BIO, BIO_R_INVALID_SOCKET}, ++ #else ++ {"INVALID_SOCKET", 32, 135}, ++ #endif ++ #ifdef BIO_R_IN_USE ++ {"IN_USE", ERR_LIB_BIO, BIO_R_IN_USE}, ++ #else ++ {"IN_USE", 32, 123}, ++ #endif ++ #ifdef BIO_R_LENGTH_TOO_LONG ++ {"LENGTH_TOO_LONG", ERR_LIB_BIO, BIO_R_LENGTH_TOO_LONG}, ++ #else ++ {"LENGTH_TOO_LONG", 32, 102}, ++ #endif ++ #ifdef BIO_R_LISTEN_V6_ONLY ++ {"LISTEN_V6_ONLY", ERR_LIB_BIO, BIO_R_LISTEN_V6_ONLY}, ++ #else ++ {"LISTEN_V6_ONLY", 32, 136}, ++ #endif ++ #ifdef BIO_R_LOOKUP_RETURNED_NOTHING ++ {"LOOKUP_RETURNED_NOTHING", ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING}, ++ #else ++ {"LOOKUP_RETURNED_NOTHING", 32, 142}, ++ #endif ++ #ifdef BIO_R_MALFORMED_HOST_OR_SERVICE ++ {"MALFORMED_HOST_OR_SERVICE", ERR_LIB_BIO, BIO_R_MALFORMED_HOST_OR_SERVICE}, ++ #else ++ {"MALFORMED_HOST_OR_SERVICE", 32, 130}, ++ #endif ++ #ifdef BIO_R_NBIO_CONNECT_ERROR ++ {"NBIO_CONNECT_ERROR", ERR_LIB_BIO, BIO_R_NBIO_CONNECT_ERROR}, ++ #else ++ {"NBIO_CONNECT_ERROR", 32, 110}, ++ #endif ++ #ifdef BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED ++ {"NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED", ERR_LIB_BIO, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED}, ++ #else ++ {"NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED", 32, 143}, ++ #endif ++ #ifdef BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED ++ {"NO_HOSTNAME_OR_SERVICE_SPECIFIED", ERR_LIB_BIO, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED}, ++ #else ++ {"NO_HOSTNAME_OR_SERVICE_SPECIFIED", 32, 144}, ++ #endif ++ #ifdef BIO_R_NO_PORT_DEFINED ++ {"NO_PORT_DEFINED", ERR_LIB_BIO, BIO_R_NO_PORT_DEFINED}, ++ #else ++ {"NO_PORT_DEFINED", 32, 113}, ++ #endif ++ #ifdef BIO_R_NO_SUCH_FILE ++ {"NO_SUCH_FILE", ERR_LIB_BIO, BIO_R_NO_SUCH_FILE}, ++ #else ++ {"NO_SUCH_FILE", 32, 128}, ++ #endif ++ #ifdef BIO_R_NULL_PARAMETER ++ {"NULL_PARAMETER", ERR_LIB_BIO, BIO_R_NULL_PARAMETER}, ++ #else ++ {"NULL_PARAMETER", 32, 115}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_BIND_SOCKET ++ {"UNABLE_TO_BIND_SOCKET", ERR_LIB_BIO, BIO_R_UNABLE_TO_BIND_SOCKET}, ++ #else ++ {"UNABLE_TO_BIND_SOCKET", 32, 117}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_CREATE_SOCKET ++ {"UNABLE_TO_CREATE_SOCKET", ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET}, ++ #else ++ {"UNABLE_TO_CREATE_SOCKET", 32, 118}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_KEEPALIVE ++ {"UNABLE_TO_KEEPALIVE", ERR_LIB_BIO, BIO_R_UNABLE_TO_KEEPALIVE}, ++ #else ++ {"UNABLE_TO_KEEPALIVE", 32, 137}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_LISTEN_SOCKET ++ {"UNABLE_TO_LISTEN_SOCKET", ERR_LIB_BIO, BIO_R_UNABLE_TO_LISTEN_SOCKET}, ++ #else ++ {"UNABLE_TO_LISTEN_SOCKET", 32, 119}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_NODELAY ++ {"UNABLE_TO_NODELAY", ERR_LIB_BIO, BIO_R_UNABLE_TO_NODELAY}, ++ #else ++ {"UNABLE_TO_NODELAY", 32, 138}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_REUSEADDR ++ {"UNABLE_TO_REUSEADDR", ERR_LIB_BIO, BIO_R_UNABLE_TO_REUSEADDR}, ++ #else ++ {"UNABLE_TO_REUSEADDR", 32, 139}, ++ #endif ++ #ifdef BIO_R_UNAVAILABLE_IP_FAMILY ++ {"UNAVAILABLE_IP_FAMILY", ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY}, ++ #else ++ {"UNAVAILABLE_IP_FAMILY", 32, 145}, ++ #endif ++ #ifdef BIO_R_UNINITIALIZED ++ {"UNINITIALIZED", ERR_LIB_BIO, BIO_R_UNINITIALIZED}, ++ #else ++ {"UNINITIALIZED", 32, 120}, ++ #endif ++ #ifdef BIO_R_UNKNOWN_INFO_TYPE ++ {"UNKNOWN_INFO_TYPE", ERR_LIB_BIO, BIO_R_UNKNOWN_INFO_TYPE}, ++ #else ++ {"UNKNOWN_INFO_TYPE", 32, 140}, ++ #endif ++ #ifdef BIO_R_UNSUPPORTED_IP_FAMILY ++ {"UNSUPPORTED_IP_FAMILY", ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY}, ++ #else ++ {"UNSUPPORTED_IP_FAMILY", 32, 146}, ++ #endif ++ #ifdef BIO_R_UNSUPPORTED_METHOD ++ {"UNSUPPORTED_METHOD", ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD}, ++ #else ++ {"UNSUPPORTED_METHOD", 32, 121}, ++ #endif ++ #ifdef BIO_R_UNSUPPORTED_PROTOCOL_FAMILY ++ {"UNSUPPORTED_PROTOCOL_FAMILY", ERR_LIB_BIO, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY}, ++ #else ++ {"UNSUPPORTED_PROTOCOL_FAMILY", 32, 131}, ++ #endif ++ #ifdef BIO_R_WRITE_TO_READ_ONLY_BIO ++ {"WRITE_TO_READ_ONLY_BIO", ERR_LIB_BIO, BIO_R_WRITE_TO_READ_ONLY_BIO}, ++ #else ++ {"WRITE_TO_READ_ONLY_BIO", 32, 126}, ++ #endif ++ #ifdef BIO_R_WSASTARTUP ++ {"WSASTARTUP", ERR_LIB_BIO, BIO_R_WSASTARTUP}, ++ #else ++ {"WSASTARTUP", 32, 122}, ++ #endif ++ #ifdef BN_R_ARG2_LT_ARG3 ++ {"ARG2_LT_ARG3", ERR_LIB_BN, BN_R_ARG2_LT_ARG3}, ++ #else ++ {"ARG2_LT_ARG3", 3, 100}, ++ #endif ++ #ifdef BN_R_BAD_RECIPROCAL ++ {"BAD_RECIPROCAL", ERR_LIB_BN, BN_R_BAD_RECIPROCAL}, ++ #else ++ {"BAD_RECIPROCAL", 3, 101}, ++ #endif ++ #ifdef BN_R_BIGNUM_TOO_LONG ++ {"BIGNUM_TOO_LONG", ERR_LIB_BN, BN_R_BIGNUM_TOO_LONG}, ++ #else ++ {"BIGNUM_TOO_LONG", 3, 114}, ++ #endif ++ #ifdef BN_R_BITS_TOO_SMALL ++ {"BITS_TOO_SMALL", ERR_LIB_BN, BN_R_BITS_TOO_SMALL}, ++ #else ++ {"BITS_TOO_SMALL", 3, 118}, ++ #endif ++ #ifdef BN_R_CALLED_WITH_EVEN_MODULUS ++ {"CALLED_WITH_EVEN_MODULUS", ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS}, ++ #else ++ {"CALLED_WITH_EVEN_MODULUS", 3, 102}, ++ #endif ++ #ifdef BN_R_DIV_BY_ZERO ++ {"DIV_BY_ZERO", ERR_LIB_BN, BN_R_DIV_BY_ZERO}, ++ #else ++ {"DIV_BY_ZERO", 3, 103}, ++ #endif ++ #ifdef BN_R_ENCODING_ERROR ++ {"ENCODING_ERROR", ERR_LIB_BN, BN_R_ENCODING_ERROR}, ++ #else ++ {"ENCODING_ERROR", 3, 104}, ++ #endif ++ #ifdef BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ++ {"EXPAND_ON_STATIC_BIGNUM_DATA", ERR_LIB_BN, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA}, ++ #else ++ {"EXPAND_ON_STATIC_BIGNUM_DATA", 3, 105}, ++ #endif ++ #ifdef BN_R_INPUT_NOT_REDUCED ++ {"INPUT_NOT_REDUCED", ERR_LIB_BN, BN_R_INPUT_NOT_REDUCED}, ++ #else ++ {"INPUT_NOT_REDUCED", 3, 110}, ++ #endif ++ #ifdef BN_R_INVALID_LENGTH ++ {"INVALID_LENGTH", ERR_LIB_BN, BN_R_INVALID_LENGTH}, ++ #else ++ {"INVALID_LENGTH", 3, 106}, ++ #endif ++ #ifdef BN_R_INVALID_RANGE ++ {"INVALID_RANGE", ERR_LIB_BN, BN_R_INVALID_RANGE}, ++ #else ++ {"INVALID_RANGE", 3, 115}, ++ #endif ++ #ifdef BN_R_INVALID_SHIFT ++ {"INVALID_SHIFT", ERR_LIB_BN, BN_R_INVALID_SHIFT}, ++ #else ++ {"INVALID_SHIFT", 3, 119}, ++ #endif ++ #ifdef BN_R_NOT_A_SQUARE ++ {"NOT_A_SQUARE", ERR_LIB_BN, BN_R_NOT_A_SQUARE}, ++ #else ++ {"NOT_A_SQUARE", 3, 111}, ++ #endif ++ #ifdef BN_R_NOT_INITIALIZED ++ {"NOT_INITIALIZED", ERR_LIB_BN, BN_R_NOT_INITIALIZED}, ++ #else ++ {"NOT_INITIALIZED", 3, 107}, ++ #endif ++ #ifdef BN_R_NO_INVERSE ++ {"NO_INVERSE", ERR_LIB_BN, BN_R_NO_INVERSE}, ++ #else ++ {"NO_INVERSE", 3, 108}, ++ #endif ++ #ifdef BN_R_NO_SOLUTION ++ {"NO_SOLUTION", ERR_LIB_BN, BN_R_NO_SOLUTION}, ++ #else ++ {"NO_SOLUTION", 3, 116}, ++ #endif ++ #ifdef BN_R_PRIVATE_KEY_TOO_LARGE ++ {"PRIVATE_KEY_TOO_LARGE", ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE}, ++ #else ++ {"PRIVATE_KEY_TOO_LARGE", 3, 117}, ++ #endif ++ #ifdef BN_R_P_IS_NOT_PRIME ++ {"P_IS_NOT_PRIME", ERR_LIB_BN, BN_R_P_IS_NOT_PRIME}, ++ #else ++ {"P_IS_NOT_PRIME", 3, 112}, ++ #endif ++ #ifdef BN_R_TOO_MANY_ITERATIONS ++ {"TOO_MANY_ITERATIONS", ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS}, ++ #else ++ {"TOO_MANY_ITERATIONS", 3, 113}, ++ #endif ++ #ifdef BN_R_TOO_MANY_TEMPORARY_VARIABLES ++ {"TOO_MANY_TEMPORARY_VARIABLES", ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES}, ++ #else ++ {"TOO_MANY_TEMPORARY_VARIABLES", 3, 109}, ++ #endif ++ #ifdef CMS_R_ADD_SIGNER_ERROR ++ {"ADD_SIGNER_ERROR", ERR_LIB_CMS, CMS_R_ADD_SIGNER_ERROR}, ++ #else ++ {"ADD_SIGNER_ERROR", 46, 99}, ++ #endif ++ #ifdef CMS_R_ATTRIBUTE_ERROR ++ {"ATTRIBUTE_ERROR", ERR_LIB_CMS, CMS_R_ATTRIBUTE_ERROR}, ++ #else ++ {"ATTRIBUTE_ERROR", 46, 161}, ++ #endif ++ #ifdef CMS_R_CERTIFICATE_ALREADY_PRESENT ++ {"CERTIFICATE_ALREADY_PRESENT", ERR_LIB_CMS, CMS_R_CERTIFICATE_ALREADY_PRESENT}, ++ #else ++ {"CERTIFICATE_ALREADY_PRESENT", 46, 175}, ++ #endif ++ #ifdef CMS_R_CERTIFICATE_HAS_NO_KEYID ++ {"CERTIFICATE_HAS_NO_KEYID", ERR_LIB_CMS, CMS_R_CERTIFICATE_HAS_NO_KEYID}, ++ #else ++ {"CERTIFICATE_HAS_NO_KEYID", 46, 160}, ++ #endif ++ #ifdef CMS_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_CMS, CMS_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 46, 100}, ++ #endif ++ #ifdef CMS_R_CIPHER_INITIALISATION_ERROR ++ {"CIPHER_INITIALISATION_ERROR", ERR_LIB_CMS, CMS_R_CIPHER_INITIALISATION_ERROR}, ++ #else ++ {"CIPHER_INITIALISATION_ERROR", 46, 101}, ++ #endif ++ #ifdef CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR ++ {"CIPHER_PARAMETER_INITIALISATION_ERROR", ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR}, ++ #else ++ {"CIPHER_PARAMETER_INITIALISATION_ERROR", 46, 102}, ++ #endif ++ #ifdef CMS_R_CMS_DATAFINAL_ERROR ++ {"CMS_DATAFINAL_ERROR", ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR}, ++ #else ++ {"CMS_DATAFINAL_ERROR", 46, 103}, ++ #endif ++ #ifdef CMS_R_CMS_LIB ++ {"CMS_LIB", ERR_LIB_CMS, CMS_R_CMS_LIB}, ++ #else ++ {"CMS_LIB", 46, 104}, ++ #endif ++ #ifdef CMS_R_CONTENTIDENTIFIER_MISMATCH ++ {"CONTENTIDENTIFIER_MISMATCH", ERR_LIB_CMS, CMS_R_CONTENTIDENTIFIER_MISMATCH}, ++ #else ++ {"CONTENTIDENTIFIER_MISMATCH", 46, 170}, ++ #endif ++ #ifdef CMS_R_CONTENT_NOT_FOUND ++ {"CONTENT_NOT_FOUND", ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND}, ++ #else ++ {"CONTENT_NOT_FOUND", 46, 105}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_MISMATCH ++ {"CONTENT_TYPE_MISMATCH", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_MISMATCH}, ++ #else ++ {"CONTENT_TYPE_MISMATCH", 46, 171}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA ++ {"CONTENT_TYPE_NOT_COMPRESSED_DATA", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_COMPRESSED_DATA", 46, 106}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA ++ {"CONTENT_TYPE_NOT_ENVELOPED_DATA", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_ENVELOPED_DATA", 46, 107}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA ++ {"CONTENT_TYPE_NOT_SIGNED_DATA", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_SIGNED_DATA", 46, 108}, ++ #endif ++ #ifdef CMS_R_CONTENT_VERIFY_ERROR ++ {"CONTENT_VERIFY_ERROR", ERR_LIB_CMS, CMS_R_CONTENT_VERIFY_ERROR}, ++ #else ++ {"CONTENT_VERIFY_ERROR", 46, 109}, ++ #endif ++ #ifdef CMS_R_CTRL_ERROR ++ {"CTRL_ERROR", ERR_LIB_CMS, CMS_R_CTRL_ERROR}, ++ #else ++ {"CTRL_ERROR", 46, 110}, ++ #endif ++ #ifdef CMS_R_CTRL_FAILURE ++ {"CTRL_FAILURE", ERR_LIB_CMS, CMS_R_CTRL_FAILURE}, ++ #else ++ {"CTRL_FAILURE", 46, 111}, ++ #endif ++ #ifdef CMS_R_DECRYPT_ERROR ++ {"DECRYPT_ERROR", ERR_LIB_CMS, CMS_R_DECRYPT_ERROR}, ++ #else ++ {"DECRYPT_ERROR", 46, 112}, ++ #endif ++ #ifdef CMS_R_ERROR_GETTING_PUBLIC_KEY ++ {"ERROR_GETTING_PUBLIC_KEY", ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY}, ++ #else ++ {"ERROR_GETTING_PUBLIC_KEY", 46, 113}, ++ #endif ++ #ifdef CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE ++ {"ERROR_READING_MESSAGEDIGEST_ATTRIBUTE", ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE}, ++ #else ++ {"ERROR_READING_MESSAGEDIGEST_ATTRIBUTE", 46, 114}, ++ #endif ++ #ifdef CMS_R_ERROR_SETTING_KEY ++ {"ERROR_SETTING_KEY", ERR_LIB_CMS, CMS_R_ERROR_SETTING_KEY}, ++ #else ++ {"ERROR_SETTING_KEY", 46, 115}, ++ #endif ++ #ifdef CMS_R_ERROR_SETTING_RECIPIENTINFO ++ {"ERROR_SETTING_RECIPIENTINFO", ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO}, ++ #else ++ {"ERROR_SETTING_RECIPIENTINFO", 46, 116}, ++ #endif ++ #ifdef CMS_R_INVALID_ENCRYPTED_KEY_LENGTH ++ {"INVALID_ENCRYPTED_KEY_LENGTH", ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH}, ++ #else ++ {"INVALID_ENCRYPTED_KEY_LENGTH", 46, 117}, ++ #endif ++ #ifdef CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER ++ {"INVALID_KEY_ENCRYPTION_PARAMETER", ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER}, ++ #else ++ {"INVALID_KEY_ENCRYPTION_PARAMETER", 46, 176}, ++ #endif ++ #ifdef CMS_R_INVALID_KEY_LENGTH ++ {"INVALID_KEY_LENGTH", ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH}, ++ #else ++ {"INVALID_KEY_LENGTH", 46, 118}, ++ #endif ++ #ifdef CMS_R_MD_BIO_INIT_ERROR ++ {"MD_BIO_INIT_ERROR", ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR}, ++ #else ++ {"MD_BIO_INIT_ERROR", 46, 119}, ++ #endif ++ #ifdef CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH ++ {"MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH", ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH}, ++ #else ++ {"MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH", 46, 120}, ++ #endif ++ #ifdef CMS_R_MESSAGEDIGEST_WRONG_LENGTH ++ {"MESSAGEDIGEST_WRONG_LENGTH", ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_WRONG_LENGTH}, ++ #else ++ {"MESSAGEDIGEST_WRONG_LENGTH", 46, 121}, ++ #endif ++ #ifdef CMS_R_MSGSIGDIGEST_ERROR ++ {"MSGSIGDIGEST_ERROR", ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_ERROR}, ++ #else ++ {"MSGSIGDIGEST_ERROR", 46, 172}, ++ #endif ++ #ifdef CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE ++ {"MSGSIGDIGEST_VERIFICATION_FAILURE", ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE}, ++ #else ++ {"MSGSIGDIGEST_VERIFICATION_FAILURE", 46, 162}, ++ #endif ++ #ifdef CMS_R_MSGSIGDIGEST_WRONG_LENGTH ++ {"MSGSIGDIGEST_WRONG_LENGTH", ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_WRONG_LENGTH}, ++ #else ++ {"MSGSIGDIGEST_WRONG_LENGTH", 46, 163}, ++ #endif ++ #ifdef CMS_R_NEED_ONE_SIGNER ++ {"NEED_ONE_SIGNER", ERR_LIB_CMS, CMS_R_NEED_ONE_SIGNER}, ++ #else ++ {"NEED_ONE_SIGNER", 46, 164}, ++ #endif ++ #ifdef CMS_R_NOT_A_SIGNED_RECEIPT ++ {"NOT_A_SIGNED_RECEIPT", ERR_LIB_CMS, CMS_R_NOT_A_SIGNED_RECEIPT}, ++ #else ++ {"NOT_A_SIGNED_RECEIPT", 46, 165}, ++ #endif ++ #ifdef CMS_R_NOT_ENCRYPTED_DATA ++ {"NOT_ENCRYPTED_DATA", ERR_LIB_CMS, CMS_R_NOT_ENCRYPTED_DATA}, ++ #else ++ {"NOT_ENCRYPTED_DATA", 46, 122}, ++ #endif ++ #ifdef CMS_R_NOT_KEK ++ {"NOT_KEK", ERR_LIB_CMS, CMS_R_NOT_KEK}, ++ #else ++ {"NOT_KEK", 46, 123}, ++ #endif ++ #ifdef CMS_R_NOT_KEY_AGREEMENT ++ {"NOT_KEY_AGREEMENT", ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT}, ++ #else ++ {"NOT_KEY_AGREEMENT", 46, 181}, ++ #endif ++ #ifdef CMS_R_NOT_KEY_TRANSPORT ++ {"NOT_KEY_TRANSPORT", ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT}, ++ #else ++ {"NOT_KEY_TRANSPORT", 46, 124}, ++ #endif ++ #ifdef CMS_R_NOT_PWRI ++ {"NOT_PWRI", ERR_LIB_CMS, CMS_R_NOT_PWRI}, ++ #else ++ {"NOT_PWRI", 46, 177}, ++ #endif ++ #ifdef CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE ++ {"NOT_SUPPORTED_FOR_THIS_KEY_TYPE", ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE}, ++ #else ++ {"NOT_SUPPORTED_FOR_THIS_KEY_TYPE", 46, 125}, ++ #endif ++ #ifdef CMS_R_NO_CIPHER ++ {"NO_CIPHER", ERR_LIB_CMS, CMS_R_NO_CIPHER}, ++ #else ++ {"NO_CIPHER", 46, 126}, ++ #endif ++ #ifdef CMS_R_NO_CONTENT ++ {"NO_CONTENT", ERR_LIB_CMS, CMS_R_NO_CONTENT}, ++ #else ++ {"NO_CONTENT", 46, 127}, ++ #endif ++ #ifdef CMS_R_NO_CONTENT_TYPE ++ {"NO_CONTENT_TYPE", ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE}, ++ #else ++ {"NO_CONTENT_TYPE", 46, 173}, ++ #endif ++ #ifdef CMS_R_NO_DEFAULT_DIGEST ++ {"NO_DEFAULT_DIGEST", ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST}, ++ #else ++ {"NO_DEFAULT_DIGEST", 46, 128}, ++ #endif ++ #ifdef CMS_R_NO_DIGEST_SET ++ {"NO_DIGEST_SET", ERR_LIB_CMS, CMS_R_NO_DIGEST_SET}, ++ #else ++ {"NO_DIGEST_SET", 46, 129}, ++ #endif ++ #ifdef CMS_R_NO_KEY ++ {"NO_KEY", ERR_LIB_CMS, CMS_R_NO_KEY}, ++ #else ++ {"NO_KEY", 46, 130}, ++ #endif ++ #ifdef CMS_R_NO_KEY_OR_CERT ++ {"NO_KEY_OR_CERT", ERR_LIB_CMS, CMS_R_NO_KEY_OR_CERT}, ++ #else ++ {"NO_KEY_OR_CERT", 46, 174}, ++ #endif ++ #ifdef CMS_R_NO_MATCHING_DIGEST ++ {"NO_MATCHING_DIGEST", ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST}, ++ #else ++ {"NO_MATCHING_DIGEST", 46, 131}, ++ #endif ++ #ifdef CMS_R_NO_MATCHING_RECIPIENT ++ {"NO_MATCHING_RECIPIENT", ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT}, ++ #else ++ {"NO_MATCHING_RECIPIENT", 46, 132}, ++ #endif ++ #ifdef CMS_R_NO_MATCHING_SIGNATURE ++ {"NO_MATCHING_SIGNATURE", ERR_LIB_CMS, CMS_R_NO_MATCHING_SIGNATURE}, ++ #else ++ {"NO_MATCHING_SIGNATURE", 46, 166}, ++ #endif ++ #ifdef CMS_R_NO_MSGSIGDIGEST ++ {"NO_MSGSIGDIGEST", ERR_LIB_CMS, CMS_R_NO_MSGSIGDIGEST}, ++ #else ++ {"NO_MSGSIGDIGEST", 46, 167}, ++ #endif ++ #ifdef CMS_R_NO_PASSWORD ++ {"NO_PASSWORD", ERR_LIB_CMS, CMS_R_NO_PASSWORD}, ++ #else ++ {"NO_PASSWORD", 46, 178}, ++ #endif ++ #ifdef CMS_R_NO_PRIVATE_KEY ++ {"NO_PRIVATE_KEY", ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY}, ++ #else ++ {"NO_PRIVATE_KEY", 46, 133}, ++ #endif ++ #ifdef CMS_R_NO_PUBLIC_KEY ++ {"NO_PUBLIC_KEY", ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY}, ++ #else ++ {"NO_PUBLIC_KEY", 46, 134}, ++ #endif ++ #ifdef CMS_R_NO_RECEIPT_REQUEST ++ {"NO_RECEIPT_REQUEST", ERR_LIB_CMS, CMS_R_NO_RECEIPT_REQUEST}, ++ #else ++ {"NO_RECEIPT_REQUEST", 46, 168}, ++ #endif ++ #ifdef CMS_R_NO_SIGNERS ++ {"NO_SIGNERS", ERR_LIB_CMS, CMS_R_NO_SIGNERS}, ++ #else ++ {"NO_SIGNERS", 46, 135}, ++ #endif ++ #ifdef CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 46, 136}, ++ #endif ++ #ifdef CMS_R_RECEIPT_DECODE_ERROR ++ {"RECEIPT_DECODE_ERROR", ERR_LIB_CMS, CMS_R_RECEIPT_DECODE_ERROR}, ++ #else ++ {"RECEIPT_DECODE_ERROR", 46, 169}, ++ #endif ++ #ifdef CMS_R_RECIPIENT_ERROR ++ {"RECIPIENT_ERROR", ERR_LIB_CMS, CMS_R_RECIPIENT_ERROR}, ++ #else ++ {"RECIPIENT_ERROR", 46, 137}, ++ #endif ++ #ifdef CMS_R_SIGNER_CERTIFICATE_NOT_FOUND ++ {"SIGNER_CERTIFICATE_NOT_FOUND", ERR_LIB_CMS, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"SIGNER_CERTIFICATE_NOT_FOUND", 46, 138}, ++ #endif ++ #ifdef CMS_R_SIGNFINAL_ERROR ++ {"SIGNFINAL_ERROR", ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR}, ++ #else ++ {"SIGNFINAL_ERROR", 46, 139}, ++ #endif ++ #ifdef CMS_R_SMIME_TEXT_ERROR ++ {"SMIME_TEXT_ERROR", ERR_LIB_CMS, CMS_R_SMIME_TEXT_ERROR}, ++ #else ++ {"SMIME_TEXT_ERROR", 46, 140}, ++ #endif ++ #ifdef CMS_R_STORE_INIT_ERROR ++ {"STORE_INIT_ERROR", ERR_LIB_CMS, CMS_R_STORE_INIT_ERROR}, ++ #else ++ {"STORE_INIT_ERROR", 46, 141}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_COMPRESSED_DATA ++ {"TYPE_NOT_COMPRESSED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_COMPRESSED_DATA}, ++ #else ++ {"TYPE_NOT_COMPRESSED_DATA", 46, 142}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_DATA ++ {"TYPE_NOT_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_DATA}, ++ #else ++ {"TYPE_NOT_DATA", 46, 143}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_DIGESTED_DATA ++ {"TYPE_NOT_DIGESTED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_DIGESTED_DATA}, ++ #else ++ {"TYPE_NOT_DIGESTED_DATA", 46, 144}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_ENCRYPTED_DATA ++ {"TYPE_NOT_ENCRYPTED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_ENCRYPTED_DATA}, ++ #else ++ {"TYPE_NOT_ENCRYPTED_DATA", 46, 145}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_ENVELOPED_DATA ++ {"TYPE_NOT_ENVELOPED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_ENVELOPED_DATA}, ++ #else ++ {"TYPE_NOT_ENVELOPED_DATA", 46, 146}, ++ #endif ++ #ifdef CMS_R_UNABLE_TO_FINALIZE_CONTEXT ++ {"UNABLE_TO_FINALIZE_CONTEXT", ERR_LIB_CMS, CMS_R_UNABLE_TO_FINALIZE_CONTEXT}, ++ #else ++ {"UNABLE_TO_FINALIZE_CONTEXT", 46, 147}, ++ #endif ++ #ifdef CMS_R_UNKNOWN_CIPHER ++ {"UNKNOWN_CIPHER", ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER}, ++ #else ++ {"UNKNOWN_CIPHER", 46, 148}, ++ #endif ++ #ifdef CMS_R_UNKNOWN_DIGEST_ALGORITHM ++ {"UNKNOWN_DIGEST_ALGORITHM", ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM}, ++ #else ++ {"UNKNOWN_DIGEST_ALGORITHM", 46, 149}, ++ #endif ++ #ifdef CMS_R_UNKNOWN_ID ++ {"UNKNOWN_ID", ERR_LIB_CMS, CMS_R_UNKNOWN_ID}, ++ #else ++ {"UNKNOWN_ID", 46, 150}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", 46, 151}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_CONTENT_TYPE ++ {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE}, ++ #else ++ {"UNSUPPORTED_CONTENT_TYPE", 46, 152}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_KEK_ALGORITHM ++ {"UNSUPPORTED_KEK_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_KEK_ALGORITHM", 46, 153}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM ++ {"UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM", 46, 179}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE ++ {"UNSUPPORTED_RECIPIENTINFO_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE}, ++ #else ++ {"UNSUPPORTED_RECIPIENTINFO_TYPE", 46, 155}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_RECIPIENT_TYPE ++ {"UNSUPPORTED_RECIPIENT_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE}, ++ #else ++ {"UNSUPPORTED_RECIPIENT_TYPE", 46, 154}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_TYPE ++ {"UNSUPPORTED_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE}, ++ #else ++ {"UNSUPPORTED_TYPE", 46, 156}, ++ #endif ++ #ifdef CMS_R_UNWRAP_ERROR ++ {"UNWRAP_ERROR", ERR_LIB_CMS, CMS_R_UNWRAP_ERROR}, ++ #else ++ {"UNWRAP_ERROR", 46, 157}, ++ #endif ++ #ifdef CMS_R_UNWRAP_FAILURE ++ {"UNWRAP_FAILURE", ERR_LIB_CMS, CMS_R_UNWRAP_FAILURE}, ++ #else ++ {"UNWRAP_FAILURE", 46, 180}, ++ #endif ++ #ifdef CMS_R_VERIFICATION_FAILURE ++ {"VERIFICATION_FAILURE", ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE}, ++ #else ++ {"VERIFICATION_FAILURE", 46, 158}, ++ #endif ++ #ifdef CMS_R_WRAP_ERROR ++ {"WRAP_ERROR", ERR_LIB_CMS, CMS_R_WRAP_ERROR}, ++ #else ++ {"WRAP_ERROR", 46, 159}, ++ #endif ++ #ifdef COMP_R_ZLIB_DEFLATE_ERROR ++ {"ZLIB_DEFLATE_ERROR", ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR}, ++ #else ++ {"ZLIB_DEFLATE_ERROR", 41, 99}, ++ #endif ++ #ifdef COMP_R_ZLIB_INFLATE_ERROR ++ {"ZLIB_INFLATE_ERROR", ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR}, ++ #else ++ {"ZLIB_INFLATE_ERROR", 41, 100}, ++ #endif ++ #ifdef COMP_R_ZLIB_NOT_SUPPORTED ++ {"ZLIB_NOT_SUPPORTED", ERR_LIB_COMP, COMP_R_ZLIB_NOT_SUPPORTED}, ++ #else ++ {"ZLIB_NOT_SUPPORTED", 41, 101}, ++ #endif ++ #ifdef CONF_R_ERROR_LOADING_DSO ++ {"ERROR_LOADING_DSO", ERR_LIB_CONF, CONF_R_ERROR_LOADING_DSO}, ++ #else ++ {"ERROR_LOADING_DSO", 14, 110}, ++ #endif ++ #ifdef CONF_R_LIST_CANNOT_BE_NULL ++ {"LIST_CANNOT_BE_NULL", ERR_LIB_CONF, CONF_R_LIST_CANNOT_BE_NULL}, ++ #else ++ {"LIST_CANNOT_BE_NULL", 14, 115}, ++ #endif ++ #ifdef CONF_R_MISSING_CLOSE_SQUARE_BRACKET ++ {"MISSING_CLOSE_SQUARE_BRACKET", ERR_LIB_CONF, CONF_R_MISSING_CLOSE_SQUARE_BRACKET}, ++ #else ++ {"MISSING_CLOSE_SQUARE_BRACKET", 14, 100}, ++ #endif ++ #ifdef CONF_R_MISSING_EQUAL_SIGN ++ {"MISSING_EQUAL_SIGN", ERR_LIB_CONF, CONF_R_MISSING_EQUAL_SIGN}, ++ #else ++ {"MISSING_EQUAL_SIGN", 14, 101}, ++ #endif ++ #ifdef CONF_R_MISSING_INIT_FUNCTION ++ {"MISSING_INIT_FUNCTION", ERR_LIB_CONF, CONF_R_MISSING_INIT_FUNCTION}, ++ #else ++ {"MISSING_INIT_FUNCTION", 14, 112}, ++ #endif ++ #ifdef CONF_R_MODULE_INITIALIZATION_ERROR ++ {"MODULE_INITIALIZATION_ERROR", ERR_LIB_CONF, CONF_R_MODULE_INITIALIZATION_ERROR}, ++ #else ++ {"MODULE_INITIALIZATION_ERROR", 14, 109}, ++ #endif ++ #ifdef CONF_R_NO_CLOSE_BRACE ++ {"NO_CLOSE_BRACE", ERR_LIB_CONF, CONF_R_NO_CLOSE_BRACE}, ++ #else ++ {"NO_CLOSE_BRACE", 14, 102}, ++ #endif ++ #ifdef CONF_R_NO_CONF ++ {"NO_CONF", ERR_LIB_CONF, CONF_R_NO_CONF}, ++ #else ++ {"NO_CONF", 14, 105}, ++ #endif ++ #ifdef CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ++ {"NO_CONF_OR_ENVIRONMENT_VARIABLE", ERR_LIB_CONF, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE}, ++ #else ++ {"NO_CONF_OR_ENVIRONMENT_VARIABLE", 14, 106}, ++ #endif ++ #ifdef CONF_R_NO_SECTION ++ {"NO_SECTION", ERR_LIB_CONF, CONF_R_NO_SECTION}, ++ #else ++ {"NO_SECTION", 14, 107}, ++ #endif ++ #ifdef CONF_R_NO_SUCH_FILE ++ {"NO_SUCH_FILE", ERR_LIB_CONF, CONF_R_NO_SUCH_FILE}, ++ #else ++ {"NO_SUCH_FILE", 14, 114}, ++ #endif ++ #ifdef CONF_R_NO_VALUE ++ {"NO_VALUE", ERR_LIB_CONF, CONF_R_NO_VALUE}, ++ #else ++ {"NO_VALUE", 14, 108}, ++ #endif ++ #ifdef CONF_R_NUMBER_TOO_LARGE ++ {"NUMBER_TOO_LARGE", ERR_LIB_CONF, CONF_R_NUMBER_TOO_LARGE}, ++ #else ++ {"NUMBER_TOO_LARGE", 14, 121}, ++ #endif ++ #ifdef CONF_R_RECURSIVE_DIRECTORY_INCLUDE ++ {"RECURSIVE_DIRECTORY_INCLUDE", ERR_LIB_CONF, CONF_R_RECURSIVE_DIRECTORY_INCLUDE}, ++ #else ++ {"RECURSIVE_DIRECTORY_INCLUDE", 14, 111}, ++ #endif ++ #ifdef CONF_R_SSL_COMMAND_SECTION_EMPTY ++ {"SSL_COMMAND_SECTION_EMPTY", ERR_LIB_CONF, CONF_R_SSL_COMMAND_SECTION_EMPTY}, ++ #else ++ {"SSL_COMMAND_SECTION_EMPTY", 14, 117}, ++ #endif ++ #ifdef CONF_R_SSL_COMMAND_SECTION_NOT_FOUND ++ {"SSL_COMMAND_SECTION_NOT_FOUND", ERR_LIB_CONF, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_COMMAND_SECTION_NOT_FOUND", 14, 118}, ++ #endif ++ #ifdef CONF_R_SSL_SECTION_EMPTY ++ {"SSL_SECTION_EMPTY", ERR_LIB_CONF, CONF_R_SSL_SECTION_EMPTY}, ++ #else ++ {"SSL_SECTION_EMPTY", 14, 119}, ++ #endif ++ #ifdef CONF_R_SSL_SECTION_NOT_FOUND ++ {"SSL_SECTION_NOT_FOUND", ERR_LIB_CONF, CONF_R_SSL_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_SECTION_NOT_FOUND", 14, 120}, ++ #endif ++ #ifdef CONF_R_UNABLE_TO_CREATE_NEW_SECTION ++ {"UNABLE_TO_CREATE_NEW_SECTION", ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION}, ++ #else ++ {"UNABLE_TO_CREATE_NEW_SECTION", 14, 103}, ++ #endif ++ #ifdef CONF_R_UNKNOWN_MODULE_NAME ++ {"UNKNOWN_MODULE_NAME", ERR_LIB_CONF, CONF_R_UNKNOWN_MODULE_NAME}, ++ #else ++ {"UNKNOWN_MODULE_NAME", 14, 113}, ++ #endif ++ #ifdef CONF_R_VARIABLE_EXPANSION_TOO_LONG ++ {"VARIABLE_EXPANSION_TOO_LONG", ERR_LIB_CONF, CONF_R_VARIABLE_EXPANSION_TOO_LONG}, ++ #else ++ {"VARIABLE_EXPANSION_TOO_LONG", 14, 116}, ++ #endif ++ #ifdef CONF_R_VARIABLE_HAS_NO_VALUE ++ {"VARIABLE_HAS_NO_VALUE", ERR_LIB_CONF, CONF_R_VARIABLE_HAS_NO_VALUE}, ++ #else ++ {"VARIABLE_HAS_NO_VALUE", 14, 104}, ++ #endif ++ #ifdef CRYPTO_R_FIPS_MODE_NOT_SUPPORTED ++ {"FIPS_MODE_NOT_SUPPORTED", ERR_LIB_CRYPTO, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED}, ++ #else ++ {"FIPS_MODE_NOT_SUPPORTED", 15, 101}, ++ #endif ++ #ifdef CRYPTO_R_ILLEGAL_HEX_DIGIT ++ {"ILLEGAL_HEX_DIGIT", ERR_LIB_CRYPTO, CRYPTO_R_ILLEGAL_HEX_DIGIT}, ++ #else ++ {"ILLEGAL_HEX_DIGIT", 15, 102}, ++ #endif ++ #ifdef CRYPTO_R_ODD_NUMBER_OF_DIGITS ++ {"ODD_NUMBER_OF_DIGITS", ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS}, ++ #else ++ {"ODD_NUMBER_OF_DIGITS", 15, 103}, ++ #endif ++ #ifdef CT_R_BASE64_DECODE_ERROR ++ {"BASE64_DECODE_ERROR", ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR}, ++ #else ++ {"BASE64_DECODE_ERROR", 50, 108}, ++ #endif ++ #ifdef CT_R_INVALID_LOG_ID_LENGTH ++ {"INVALID_LOG_ID_LENGTH", ERR_LIB_CT, CT_R_INVALID_LOG_ID_LENGTH}, ++ #else ++ {"INVALID_LOG_ID_LENGTH", 50, 100}, ++ #endif ++ #ifdef CT_R_LOG_CONF_INVALID ++ {"LOG_CONF_INVALID", ERR_LIB_CT, CT_R_LOG_CONF_INVALID}, ++ #else ++ {"LOG_CONF_INVALID", 50, 109}, ++ #endif ++ #ifdef CT_R_LOG_CONF_INVALID_KEY ++ {"LOG_CONF_INVALID_KEY", ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY}, ++ #else ++ {"LOG_CONF_INVALID_KEY", 50, 110}, ++ #endif ++ #ifdef CT_R_LOG_CONF_MISSING_DESCRIPTION ++ {"LOG_CONF_MISSING_DESCRIPTION", ERR_LIB_CT, CT_R_LOG_CONF_MISSING_DESCRIPTION}, ++ #else ++ {"LOG_CONF_MISSING_DESCRIPTION", 50, 111}, ++ #endif ++ #ifdef CT_R_LOG_CONF_MISSING_KEY ++ {"LOG_CONF_MISSING_KEY", ERR_LIB_CT, CT_R_LOG_CONF_MISSING_KEY}, ++ #else ++ {"LOG_CONF_MISSING_KEY", 50, 112}, ++ #endif ++ #ifdef CT_R_LOG_KEY_INVALID ++ {"LOG_KEY_INVALID", ERR_LIB_CT, CT_R_LOG_KEY_INVALID}, ++ #else ++ {"LOG_KEY_INVALID", 50, 113}, ++ #endif ++ #ifdef CT_R_SCT_FUTURE_TIMESTAMP ++ {"SCT_FUTURE_TIMESTAMP", ERR_LIB_CT, CT_R_SCT_FUTURE_TIMESTAMP}, ++ #else ++ {"SCT_FUTURE_TIMESTAMP", 50, 116}, ++ #endif ++ #ifdef CT_R_SCT_INVALID ++ {"SCT_INVALID", ERR_LIB_CT, CT_R_SCT_INVALID}, ++ #else ++ {"SCT_INVALID", 50, 104}, ++ #endif ++ #ifdef CT_R_SCT_INVALID_SIGNATURE ++ {"SCT_INVALID_SIGNATURE", ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE}, ++ #else ++ {"SCT_INVALID_SIGNATURE", 50, 107}, ++ #endif ++ #ifdef CT_R_SCT_LIST_INVALID ++ {"SCT_LIST_INVALID", ERR_LIB_CT, CT_R_SCT_LIST_INVALID}, ++ #else ++ {"SCT_LIST_INVALID", 50, 105}, ++ #endif ++ #ifdef CT_R_SCT_LOG_ID_MISMATCH ++ {"SCT_LOG_ID_MISMATCH", ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH}, ++ #else ++ {"SCT_LOG_ID_MISMATCH", 50, 114}, ++ #endif ++ #ifdef CT_R_SCT_NOT_SET ++ {"SCT_NOT_SET", ERR_LIB_CT, CT_R_SCT_NOT_SET}, ++ #else ++ {"SCT_NOT_SET", 50, 106}, ++ #endif ++ #ifdef CT_R_SCT_UNSUPPORTED_VERSION ++ {"SCT_UNSUPPORTED_VERSION", ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION}, ++ #else ++ {"SCT_UNSUPPORTED_VERSION", 50, 115}, ++ #endif ++ #ifdef CT_R_UNRECOGNIZED_SIGNATURE_NID ++ {"UNRECOGNIZED_SIGNATURE_NID", ERR_LIB_CT, CT_R_UNRECOGNIZED_SIGNATURE_NID}, ++ #else ++ {"UNRECOGNIZED_SIGNATURE_NID", 50, 101}, ++ #endif ++ #ifdef CT_R_UNSUPPORTED_ENTRY_TYPE ++ {"UNSUPPORTED_ENTRY_TYPE", ERR_LIB_CT, CT_R_UNSUPPORTED_ENTRY_TYPE}, ++ #else ++ {"UNSUPPORTED_ENTRY_TYPE", 50, 102}, ++ #endif ++ #ifdef CT_R_UNSUPPORTED_VERSION ++ {"UNSUPPORTED_VERSION", ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION}, ++ #else ++ {"UNSUPPORTED_VERSION", 50, 103}, ++ #endif ++ #ifdef DH_R_BAD_GENERATOR ++ {"BAD_GENERATOR", ERR_LIB_DH, DH_R_BAD_GENERATOR}, ++ #else ++ {"BAD_GENERATOR", 5, 101}, ++ #endif ++ #ifdef DH_R_BN_DECODE_ERROR ++ {"BN_DECODE_ERROR", ERR_LIB_DH, DH_R_BN_DECODE_ERROR}, ++ #else ++ {"BN_DECODE_ERROR", 5, 109}, ++ #endif ++ #ifdef DH_R_BN_ERROR ++ {"BN_ERROR", ERR_LIB_DH, DH_R_BN_ERROR}, ++ #else ++ {"BN_ERROR", 5, 106}, ++ #endif ++ #ifdef DH_R_CHECK_INVALID_J_VALUE ++ {"CHECK_INVALID_J_VALUE", ERR_LIB_DH, DH_R_CHECK_INVALID_J_VALUE}, ++ #else ++ {"CHECK_INVALID_J_VALUE", 5, 115}, ++ #endif ++ #ifdef DH_R_CHECK_INVALID_Q_VALUE ++ {"CHECK_INVALID_Q_VALUE", ERR_LIB_DH, DH_R_CHECK_INVALID_Q_VALUE}, ++ #else ++ {"CHECK_INVALID_Q_VALUE", 5, 116}, ++ #endif ++ #ifdef DH_R_CHECK_PUBKEY_INVALID ++ {"CHECK_PUBKEY_INVALID", ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID}, ++ #else ++ {"CHECK_PUBKEY_INVALID", 5, 122}, ++ #endif ++ #ifdef DH_R_CHECK_PUBKEY_TOO_LARGE ++ {"CHECK_PUBKEY_TOO_LARGE", ERR_LIB_DH, DH_R_CHECK_PUBKEY_TOO_LARGE}, ++ #else ++ {"CHECK_PUBKEY_TOO_LARGE", 5, 123}, ++ #endif ++ #ifdef DH_R_CHECK_PUBKEY_TOO_SMALL ++ {"CHECK_PUBKEY_TOO_SMALL", ERR_LIB_DH, DH_R_CHECK_PUBKEY_TOO_SMALL}, ++ #else ++ {"CHECK_PUBKEY_TOO_SMALL", 5, 124}, ++ #endif ++ #ifdef DH_R_CHECK_P_NOT_PRIME ++ {"CHECK_P_NOT_PRIME", ERR_LIB_DH, DH_R_CHECK_P_NOT_PRIME}, ++ #else ++ {"CHECK_P_NOT_PRIME", 5, 117}, ++ #endif ++ #ifdef DH_R_CHECK_P_NOT_SAFE_PRIME ++ {"CHECK_P_NOT_SAFE_PRIME", ERR_LIB_DH, DH_R_CHECK_P_NOT_SAFE_PRIME}, ++ #else ++ {"CHECK_P_NOT_SAFE_PRIME", 5, 118}, ++ #endif ++ #ifdef DH_R_CHECK_Q_NOT_PRIME ++ {"CHECK_Q_NOT_PRIME", ERR_LIB_DH, DH_R_CHECK_Q_NOT_PRIME}, ++ #else ++ {"CHECK_Q_NOT_PRIME", 5, 119}, ++ #endif ++ #ifdef DH_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_DH, DH_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 5, 104}, ++ #endif ++ #ifdef DH_R_INVALID_PARAMETER_NAME ++ {"INVALID_PARAMETER_NAME", ERR_LIB_DH, DH_R_INVALID_PARAMETER_NAME}, ++ #else ++ {"INVALID_PARAMETER_NAME", 5, 110}, ++ #endif ++ #ifdef DH_R_INVALID_PARAMETER_NID ++ {"INVALID_PARAMETER_NID", ERR_LIB_DH, DH_R_INVALID_PARAMETER_NID}, ++ #else ++ {"INVALID_PARAMETER_NID", 5, 114}, ++ #endif ++ #ifdef DH_R_INVALID_PUBKEY ++ {"INVALID_PUBKEY", ERR_LIB_DH, DH_R_INVALID_PUBKEY}, ++ #else ++ {"INVALID_PUBKEY", 5, 102}, ++ #endif ++ #ifdef DH_R_KDF_PARAMETER_ERROR ++ {"KDF_PARAMETER_ERROR", ERR_LIB_DH, DH_R_KDF_PARAMETER_ERROR}, ++ #else ++ {"KDF_PARAMETER_ERROR", 5, 112}, ++ #endif ++ #ifdef DH_R_KEYS_NOT_SET ++ {"KEYS_NOT_SET", ERR_LIB_DH, DH_R_KEYS_NOT_SET}, ++ #else ++ {"KEYS_NOT_SET", 5, 108}, ++ #endif ++ #ifdef DH_R_MISSING_PUBKEY ++ {"MISSING_PUBKEY", ERR_LIB_DH, DH_R_MISSING_PUBKEY}, ++ #else ++ {"MISSING_PUBKEY", 5, 125}, ++ #endif ++ #ifdef DH_R_MODULUS_TOO_LARGE ++ {"MODULUS_TOO_LARGE", ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE}, ++ #else ++ {"MODULUS_TOO_LARGE", 5, 103}, ++ #endif ++ #ifdef DH_R_NOT_SUITABLE_GENERATOR ++ {"NOT_SUITABLE_GENERATOR", ERR_LIB_DH, DH_R_NOT_SUITABLE_GENERATOR}, ++ #else ++ {"NOT_SUITABLE_GENERATOR", 5, 120}, ++ #endif ++ #ifdef DH_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_DH, DH_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 5, 107}, ++ #endif ++ #ifdef DH_R_NO_PRIVATE_VALUE ++ {"NO_PRIVATE_VALUE", ERR_LIB_DH, DH_R_NO_PRIVATE_VALUE}, ++ #else ++ {"NO_PRIVATE_VALUE", 5, 100}, ++ #endif ++ #ifdef DH_R_PARAMETER_ENCODING_ERROR ++ {"PARAMETER_ENCODING_ERROR", ERR_LIB_DH, DH_R_PARAMETER_ENCODING_ERROR}, ++ #else ++ {"PARAMETER_ENCODING_ERROR", 5, 105}, ++ #endif ++ #ifdef DH_R_PEER_KEY_ERROR ++ {"PEER_KEY_ERROR", ERR_LIB_DH, DH_R_PEER_KEY_ERROR}, ++ #else ++ {"PEER_KEY_ERROR", 5, 111}, ++ #endif ++ #ifdef DH_R_SHARED_INFO_ERROR ++ {"SHARED_INFO_ERROR", ERR_LIB_DH, DH_R_SHARED_INFO_ERROR}, ++ #else ++ {"SHARED_INFO_ERROR", 5, 113}, ++ #endif ++ #ifdef DH_R_UNABLE_TO_CHECK_GENERATOR ++ {"UNABLE_TO_CHECK_GENERATOR", ERR_LIB_DH, DH_R_UNABLE_TO_CHECK_GENERATOR}, ++ #else ++ {"UNABLE_TO_CHECK_GENERATOR", 5, 121}, ++ #endif ++ #ifdef DSA_R_BAD_Q_VALUE ++ {"BAD_Q_VALUE", ERR_LIB_DSA, DSA_R_BAD_Q_VALUE}, ++ #else ++ {"BAD_Q_VALUE", 10, 102}, ++ #endif ++ #ifdef DSA_R_BN_DECODE_ERROR ++ {"BN_DECODE_ERROR", ERR_LIB_DSA, DSA_R_BN_DECODE_ERROR}, ++ #else ++ {"BN_DECODE_ERROR", 10, 108}, ++ #endif ++ #ifdef DSA_R_BN_ERROR ++ {"BN_ERROR", ERR_LIB_DSA, DSA_R_BN_ERROR}, ++ #else ++ {"BN_ERROR", 10, 109}, ++ #endif ++ #ifdef DSA_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_DSA, DSA_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 10, 104}, ++ #endif ++ #ifdef DSA_R_INVALID_DIGEST_TYPE ++ {"INVALID_DIGEST_TYPE", ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE}, ++ #else ++ {"INVALID_DIGEST_TYPE", 10, 106}, ++ #endif ++ #ifdef DSA_R_INVALID_PARAMETERS ++ {"INVALID_PARAMETERS", ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS}, ++ #else ++ {"INVALID_PARAMETERS", 10, 112}, ++ #endif ++ #ifdef DSA_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 10, 101}, ++ #endif ++ #ifdef DSA_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_DSA, DSA_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 10, 111}, ++ #endif ++ #ifdef DSA_R_MODULUS_TOO_LARGE ++ {"MODULUS_TOO_LARGE", ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE}, ++ #else ++ {"MODULUS_TOO_LARGE", 10, 103}, ++ #endif ++ #ifdef DSA_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_DSA, DSA_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 10, 107}, ++ #endif ++ #ifdef DSA_R_PARAMETER_ENCODING_ERROR ++ {"PARAMETER_ENCODING_ERROR", ERR_LIB_DSA, DSA_R_PARAMETER_ENCODING_ERROR}, ++ #else ++ {"PARAMETER_ENCODING_ERROR", 10, 105}, ++ #endif ++ #ifdef DSA_R_Q_NOT_PRIME ++ {"Q_NOT_PRIME", ERR_LIB_DSA, DSA_R_Q_NOT_PRIME}, ++ #else ++ {"Q_NOT_PRIME", 10, 113}, ++ #endif ++ #ifdef DSA_R_SEED_LEN_SMALL ++ {"SEED_LEN_SMALL", ERR_LIB_DSA, DSA_R_SEED_LEN_SMALL}, ++ #else ++ {"SEED_LEN_SMALL", 10, 110}, ++ #endif ++ #ifdef DSO_R_CTRL_FAILED ++ {"CTRL_FAILED", ERR_LIB_DSO, DSO_R_CTRL_FAILED}, ++ #else ++ {"CTRL_FAILED", 37, 100}, ++ #endif ++ #ifdef DSO_R_DSO_ALREADY_LOADED ++ {"DSO_ALREADY_LOADED", ERR_LIB_DSO, DSO_R_DSO_ALREADY_LOADED}, ++ #else ++ {"DSO_ALREADY_LOADED", 37, 110}, ++ #endif ++ #ifdef DSO_R_EMPTY_FILE_STRUCTURE ++ {"EMPTY_FILE_STRUCTURE", ERR_LIB_DSO, DSO_R_EMPTY_FILE_STRUCTURE}, ++ #else ++ {"EMPTY_FILE_STRUCTURE", 37, 113}, ++ #endif ++ #ifdef DSO_R_FAILURE ++ {"FAILURE", ERR_LIB_DSO, DSO_R_FAILURE}, ++ #else ++ {"FAILURE", 37, 114}, ++ #endif ++ #ifdef DSO_R_FILENAME_TOO_BIG ++ {"FILENAME_TOO_BIG", ERR_LIB_DSO, DSO_R_FILENAME_TOO_BIG}, ++ #else ++ {"FILENAME_TOO_BIG", 37, 101}, ++ #endif ++ #ifdef DSO_R_FINISH_FAILED ++ {"FINISH_FAILED", ERR_LIB_DSO, DSO_R_FINISH_FAILED}, ++ #else ++ {"FINISH_FAILED", 37, 102}, ++ #endif ++ #ifdef DSO_R_INCORRECT_FILE_SYNTAX ++ {"INCORRECT_FILE_SYNTAX", ERR_LIB_DSO, DSO_R_INCORRECT_FILE_SYNTAX}, ++ #else ++ {"INCORRECT_FILE_SYNTAX", 37, 115}, ++ #endif ++ #ifdef DSO_R_LOAD_FAILED ++ {"LOAD_FAILED", ERR_LIB_DSO, DSO_R_LOAD_FAILED}, ++ #else ++ {"LOAD_FAILED", 37, 103}, ++ #endif ++ #ifdef DSO_R_NAME_TRANSLATION_FAILED ++ {"NAME_TRANSLATION_FAILED", ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED}, ++ #else ++ {"NAME_TRANSLATION_FAILED", 37, 109}, ++ #endif ++ #ifdef DSO_R_NO_FILENAME ++ {"NO_FILENAME", ERR_LIB_DSO, DSO_R_NO_FILENAME}, ++ #else ++ {"NO_FILENAME", 37, 111}, ++ #endif ++ #ifdef DSO_R_NULL_HANDLE ++ {"NULL_HANDLE", ERR_LIB_DSO, DSO_R_NULL_HANDLE}, ++ #else ++ {"NULL_HANDLE", 37, 104}, ++ #endif ++ #ifdef DSO_R_SET_FILENAME_FAILED ++ {"SET_FILENAME_FAILED", ERR_LIB_DSO, DSO_R_SET_FILENAME_FAILED}, ++ #else ++ {"SET_FILENAME_FAILED", 37, 112}, ++ #endif ++ #ifdef DSO_R_STACK_ERROR ++ {"STACK_ERROR", ERR_LIB_DSO, DSO_R_STACK_ERROR}, ++ #else ++ {"STACK_ERROR", 37, 105}, ++ #endif ++ #ifdef DSO_R_SYM_FAILURE ++ {"SYM_FAILURE", ERR_LIB_DSO, DSO_R_SYM_FAILURE}, ++ #else ++ {"SYM_FAILURE", 37, 106}, ++ #endif ++ #ifdef DSO_R_UNLOAD_FAILED ++ {"UNLOAD_FAILED", ERR_LIB_DSO, DSO_R_UNLOAD_FAILED}, ++ #else ++ {"UNLOAD_FAILED", 37, 107}, ++ #endif ++ #ifdef DSO_R_UNSUPPORTED ++ {"UNSUPPORTED", ERR_LIB_DSO, DSO_R_UNSUPPORTED}, ++ #else ++ {"UNSUPPORTED", 37, 108}, ++ #endif ++ #ifdef EC_R_ASN1_ERROR ++ {"ASN1_ERROR", ERR_LIB_EC, EC_R_ASN1_ERROR}, ++ #else ++ {"ASN1_ERROR", 16, 115}, ++ #endif ++ #ifdef EC_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_EC, EC_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 16, 156}, ++ #endif ++ #ifdef EC_R_BIGNUM_OUT_OF_RANGE ++ {"BIGNUM_OUT_OF_RANGE", ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE}, ++ #else ++ {"BIGNUM_OUT_OF_RANGE", 16, 144}, ++ #endif ++ #ifdef EC_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 16, 100}, ++ #endif ++ #ifdef EC_R_CANNOT_INVERT ++ {"CANNOT_INVERT", ERR_LIB_EC, EC_R_CANNOT_INVERT}, ++ #else ++ {"CANNOT_INVERT", 16, 165}, ++ #endif ++ #ifdef EC_R_COORDINATES_OUT_OF_RANGE ++ {"COORDINATES_OUT_OF_RANGE", ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE}, ++ #else ++ {"COORDINATES_OUT_OF_RANGE", 16, 146}, ++ #endif ++ #ifdef EC_R_CURVE_DOES_NOT_SUPPORT_ECDH ++ {"CURVE_DOES_NOT_SUPPORT_ECDH", ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH}, ++ #else ++ {"CURVE_DOES_NOT_SUPPORT_ECDH", 16, 160}, ++ #endif ++ #ifdef EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING ++ {"CURVE_DOES_NOT_SUPPORT_SIGNING", ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING}, ++ #else ++ {"CURVE_DOES_NOT_SUPPORT_SIGNING", 16, 159}, ++ #endif ++ #ifdef EC_R_D2I_ECPKPARAMETERS_FAILURE ++ {"D2I_ECPKPARAMETERS_FAILURE", ERR_LIB_EC, EC_R_D2I_ECPKPARAMETERS_FAILURE}, ++ #else ++ {"D2I_ECPKPARAMETERS_FAILURE", 16, 117}, ++ #endif ++ #ifdef EC_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_EC, EC_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 16, 142}, ++ #endif ++ #ifdef EC_R_DISCRIMINANT_IS_ZERO ++ {"DISCRIMINANT_IS_ZERO", ERR_LIB_EC, EC_R_DISCRIMINANT_IS_ZERO}, ++ #else ++ {"DISCRIMINANT_IS_ZERO", 16, 118}, ++ #endif ++ #ifdef EC_R_EC_GROUP_NEW_BY_NAME_FAILURE ++ {"EC_GROUP_NEW_BY_NAME_FAILURE", ERR_LIB_EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE}, ++ #else ++ {"EC_GROUP_NEW_BY_NAME_FAILURE", 16, 119}, ++ #endif ++ #ifdef EC_R_FIELD_TOO_LARGE ++ {"FIELD_TOO_LARGE", ERR_LIB_EC, EC_R_FIELD_TOO_LARGE}, ++ #else ++ {"FIELD_TOO_LARGE", 16, 143}, ++ #endif ++ #ifdef EC_R_GF2M_NOT_SUPPORTED ++ {"GF2M_NOT_SUPPORTED", ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED}, ++ #else ++ {"GF2M_NOT_SUPPORTED", 16, 147}, ++ #endif ++ #ifdef EC_R_GROUP2PKPARAMETERS_FAILURE ++ {"GROUP2PKPARAMETERS_FAILURE", ERR_LIB_EC, EC_R_GROUP2PKPARAMETERS_FAILURE}, ++ #else ++ {"GROUP2PKPARAMETERS_FAILURE", 16, 120}, ++ #endif ++ #ifdef EC_R_I2D_ECPKPARAMETERS_FAILURE ++ {"I2D_ECPKPARAMETERS_FAILURE", ERR_LIB_EC, EC_R_I2D_ECPKPARAMETERS_FAILURE}, ++ #else ++ {"I2D_ECPKPARAMETERS_FAILURE", 16, 121}, ++ #endif ++ #ifdef EC_R_INCOMPATIBLE_OBJECTS ++ {"INCOMPATIBLE_OBJECTS", ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS}, ++ #else ++ {"INCOMPATIBLE_OBJECTS", 16, 101}, ++ #endif ++ #ifdef EC_R_INVALID_ARGUMENT ++ {"INVALID_ARGUMENT", ERR_LIB_EC, EC_R_INVALID_ARGUMENT}, ++ #else ++ {"INVALID_ARGUMENT", 16, 112}, ++ #endif ++ #ifdef EC_R_INVALID_COMPRESSED_POINT ++ {"INVALID_COMPRESSED_POINT", ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT}, ++ #else ++ {"INVALID_COMPRESSED_POINT", 16, 110}, ++ #endif ++ #ifdef EC_R_INVALID_COMPRESSION_BIT ++ {"INVALID_COMPRESSION_BIT", ERR_LIB_EC, EC_R_INVALID_COMPRESSION_BIT}, ++ #else ++ {"INVALID_COMPRESSION_BIT", 16, 109}, ++ #endif ++ #ifdef EC_R_INVALID_CURVE ++ {"INVALID_CURVE", ERR_LIB_EC, EC_R_INVALID_CURVE}, ++ #else ++ {"INVALID_CURVE", 16, 141}, ++ #endif ++ #ifdef EC_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_EC, EC_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 16, 151}, ++ #endif ++ #ifdef EC_R_INVALID_DIGEST_TYPE ++ {"INVALID_DIGEST_TYPE", ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE}, ++ #else ++ {"INVALID_DIGEST_TYPE", 16, 138}, ++ #endif ++ #ifdef EC_R_INVALID_ENCODING ++ {"INVALID_ENCODING", ERR_LIB_EC, EC_R_INVALID_ENCODING}, ++ #else ++ {"INVALID_ENCODING", 16, 102}, ++ #endif ++ #ifdef EC_R_INVALID_FIELD ++ {"INVALID_FIELD", ERR_LIB_EC, EC_R_INVALID_FIELD}, ++ #else ++ {"INVALID_FIELD", 16, 103}, ++ #endif ++ #ifdef EC_R_INVALID_FORM ++ {"INVALID_FORM", ERR_LIB_EC, EC_R_INVALID_FORM}, ++ #else ++ {"INVALID_FORM", 16, 104}, ++ #endif ++ #ifdef EC_R_INVALID_GROUP_ORDER ++ {"INVALID_GROUP_ORDER", ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER}, ++ #else ++ {"INVALID_GROUP_ORDER", 16, 122}, ++ #endif ++ #ifdef EC_R_INVALID_KEY ++ {"INVALID_KEY", ERR_LIB_EC, EC_R_INVALID_KEY}, ++ #else ++ {"INVALID_KEY", 16, 116}, ++ #endif ++ #ifdef EC_R_INVALID_OUTPUT_LENGTH ++ {"INVALID_OUTPUT_LENGTH", ERR_LIB_EC, EC_R_INVALID_OUTPUT_LENGTH}, ++ #else ++ {"INVALID_OUTPUT_LENGTH", 16, 161}, ++ #endif ++ #ifdef EC_R_INVALID_PEER_KEY ++ {"INVALID_PEER_KEY", ERR_LIB_EC, EC_R_INVALID_PEER_KEY}, ++ #else ++ {"INVALID_PEER_KEY", 16, 133}, ++ #endif ++ #ifdef EC_R_INVALID_PENTANOMIAL_BASIS ++ {"INVALID_PENTANOMIAL_BASIS", ERR_LIB_EC, EC_R_INVALID_PENTANOMIAL_BASIS}, ++ #else ++ {"INVALID_PENTANOMIAL_BASIS", 16, 132}, ++ #endif ++ #ifdef EC_R_INVALID_PRIVATE_KEY ++ {"INVALID_PRIVATE_KEY", ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY}, ++ #else ++ {"INVALID_PRIVATE_KEY", 16, 123}, ++ #endif ++ #ifdef EC_R_INVALID_TRINOMIAL_BASIS ++ {"INVALID_TRINOMIAL_BASIS", ERR_LIB_EC, EC_R_INVALID_TRINOMIAL_BASIS}, ++ #else ++ {"INVALID_TRINOMIAL_BASIS", 16, 137}, ++ #endif ++ #ifdef EC_R_KDF_PARAMETER_ERROR ++ {"KDF_PARAMETER_ERROR", ERR_LIB_EC, EC_R_KDF_PARAMETER_ERROR}, ++ #else ++ {"KDF_PARAMETER_ERROR", 16, 148}, ++ #endif ++ #ifdef EC_R_KEYS_NOT_SET ++ {"KEYS_NOT_SET", ERR_LIB_EC, EC_R_KEYS_NOT_SET}, ++ #else ++ {"KEYS_NOT_SET", 16, 140}, ++ #endif ++ #ifdef EC_R_LADDER_POST_FAILURE ++ {"LADDER_POST_FAILURE", ERR_LIB_EC, EC_R_LADDER_POST_FAILURE}, ++ #else ++ {"LADDER_POST_FAILURE", 16, 136}, ++ #endif ++ #ifdef EC_R_LADDER_PRE_FAILURE ++ {"LADDER_PRE_FAILURE", ERR_LIB_EC, EC_R_LADDER_PRE_FAILURE}, ++ #else ++ {"LADDER_PRE_FAILURE", 16, 153}, ++ #endif ++ #ifdef EC_R_LADDER_STEP_FAILURE ++ {"LADDER_STEP_FAILURE", ERR_LIB_EC, EC_R_LADDER_STEP_FAILURE}, ++ #else ++ {"LADDER_STEP_FAILURE", 16, 162}, ++ #endif ++ #ifdef EC_R_MISSING_OID ++ {"MISSING_OID", ERR_LIB_EC, EC_R_MISSING_OID}, ++ #else ++ {"MISSING_OID", 16, 167}, ++ #endif ++ #ifdef EC_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_EC, EC_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 16, 124}, ++ #endif ++ #ifdef EC_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 16, 125}, ++ #endif ++ #ifdef EC_R_NEED_NEW_SETUP_VALUES ++ {"NEED_NEW_SETUP_VALUES", ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES}, ++ #else ++ {"NEED_NEW_SETUP_VALUES", 16, 157}, ++ #endif ++ #ifdef EC_R_NOT_A_NIST_PRIME ++ {"NOT_A_NIST_PRIME", ERR_LIB_EC, EC_R_NOT_A_NIST_PRIME}, ++ #else ++ {"NOT_A_NIST_PRIME", 16, 135}, ++ #endif ++ #ifdef EC_R_NOT_IMPLEMENTED ++ {"NOT_IMPLEMENTED", ERR_LIB_EC, EC_R_NOT_IMPLEMENTED}, ++ #else ++ {"NOT_IMPLEMENTED", 16, 126}, ++ #endif ++ #ifdef EC_R_NOT_INITIALIZED ++ {"NOT_INITIALIZED", ERR_LIB_EC, EC_R_NOT_INITIALIZED}, ++ #else ++ {"NOT_INITIALIZED", 16, 111}, ++ #endif ++ #ifdef EC_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_EC, EC_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 16, 139}, ++ #endif ++ #ifdef EC_R_NO_PRIVATE_VALUE ++ {"NO_PRIVATE_VALUE", ERR_LIB_EC, EC_R_NO_PRIVATE_VALUE}, ++ #else ++ {"NO_PRIVATE_VALUE", 16, 154}, ++ #endif ++ #ifdef EC_R_OPERATION_NOT_SUPPORTED ++ {"OPERATION_NOT_SUPPORTED", ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED}, ++ #else ++ {"OPERATION_NOT_SUPPORTED", 16, 152}, ++ #endif ++ #ifdef EC_R_PASSED_NULL_PARAMETER ++ {"PASSED_NULL_PARAMETER", ERR_LIB_EC, EC_R_PASSED_NULL_PARAMETER}, ++ #else ++ {"PASSED_NULL_PARAMETER", 16, 134}, ++ #endif ++ #ifdef EC_R_PEER_KEY_ERROR ++ {"PEER_KEY_ERROR", ERR_LIB_EC, EC_R_PEER_KEY_ERROR}, ++ #else ++ {"PEER_KEY_ERROR", 16, 149}, ++ #endif ++ #ifdef EC_R_PKPARAMETERS2GROUP_FAILURE ++ {"PKPARAMETERS2GROUP_FAILURE", ERR_LIB_EC, EC_R_PKPARAMETERS2GROUP_FAILURE}, ++ #else ++ {"PKPARAMETERS2GROUP_FAILURE", 16, 127}, ++ #endif ++ #ifdef EC_R_POINT_ARITHMETIC_FAILURE ++ {"POINT_ARITHMETIC_FAILURE", ERR_LIB_EC, EC_R_POINT_ARITHMETIC_FAILURE}, ++ #else ++ {"POINT_ARITHMETIC_FAILURE", 16, 155}, ++ #endif ++ #ifdef EC_R_POINT_AT_INFINITY ++ {"POINT_AT_INFINITY", ERR_LIB_EC, EC_R_POINT_AT_INFINITY}, ++ #else ++ {"POINT_AT_INFINITY", 16, 106}, ++ #endif ++ #ifdef EC_R_POINT_COORDINATES_BLIND_FAILURE ++ {"POINT_COORDINATES_BLIND_FAILURE", ERR_LIB_EC, EC_R_POINT_COORDINATES_BLIND_FAILURE}, ++ #else ++ {"POINT_COORDINATES_BLIND_FAILURE", 16, 163}, ++ #endif ++ #ifdef EC_R_POINT_IS_NOT_ON_CURVE ++ {"POINT_IS_NOT_ON_CURVE", ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE}, ++ #else ++ {"POINT_IS_NOT_ON_CURVE", 16, 107}, ++ #endif ++ #ifdef EC_R_RANDOM_NUMBER_GENERATION_FAILED ++ {"RANDOM_NUMBER_GENERATION_FAILED", ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED}, ++ #else ++ {"RANDOM_NUMBER_GENERATION_FAILED", 16, 158}, ++ #endif ++ #ifdef EC_R_SHARED_INFO_ERROR ++ {"SHARED_INFO_ERROR", ERR_LIB_EC, EC_R_SHARED_INFO_ERROR}, ++ #else ++ {"SHARED_INFO_ERROR", 16, 150}, ++ #endif ++ #ifdef EC_R_SLOT_FULL ++ {"SLOT_FULL", ERR_LIB_EC, EC_R_SLOT_FULL}, ++ #else ++ {"SLOT_FULL", 16, 108}, ++ #endif ++ #ifdef EC_R_UNDEFINED_GENERATOR ++ {"UNDEFINED_GENERATOR", ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR}, ++ #else ++ {"UNDEFINED_GENERATOR", 16, 113}, ++ #endif ++ #ifdef EC_R_UNDEFINED_ORDER ++ {"UNDEFINED_ORDER", ERR_LIB_EC, EC_R_UNDEFINED_ORDER}, ++ #else ++ {"UNDEFINED_ORDER", 16, 128}, ++ #endif ++ #ifdef EC_R_UNKNOWN_COFACTOR ++ {"UNKNOWN_COFACTOR", ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR}, ++ #else ++ {"UNKNOWN_COFACTOR", 16, 164}, ++ #endif ++ #ifdef EC_R_UNKNOWN_GROUP ++ {"UNKNOWN_GROUP", ERR_LIB_EC, EC_R_UNKNOWN_GROUP}, ++ #else ++ {"UNKNOWN_GROUP", 16, 129}, ++ #endif ++ #ifdef EC_R_UNKNOWN_ORDER ++ {"UNKNOWN_ORDER", ERR_LIB_EC, EC_R_UNKNOWN_ORDER}, ++ #else ++ {"UNKNOWN_ORDER", 16, 114}, ++ #endif ++ #ifdef EC_R_UNSUPPORTED_FIELD ++ {"UNSUPPORTED_FIELD", ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD}, ++ #else ++ {"UNSUPPORTED_FIELD", 16, 131}, ++ #endif ++ #ifdef EC_R_WRONG_CURVE_PARAMETERS ++ {"WRONG_CURVE_PARAMETERS", ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS}, ++ #else ++ {"WRONG_CURVE_PARAMETERS", 16, 145}, ++ #endif ++ #ifdef EC_R_WRONG_ORDER ++ {"WRONG_ORDER", ERR_LIB_EC, EC_R_WRONG_ORDER}, ++ #else ++ {"WRONG_ORDER", 16, 130}, ++ #endif ++ #ifdef ENGINE_R_ALREADY_LOADED ++ {"ALREADY_LOADED", ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED}, ++ #else ++ {"ALREADY_LOADED", 38, 100}, ++ #endif ++ #ifdef ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ++ {"ARGUMENT_IS_NOT_A_NUMBER", ERR_LIB_ENGINE, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER}, ++ #else ++ {"ARGUMENT_IS_NOT_A_NUMBER", 38, 133}, ++ #endif ++ #ifdef ENGINE_R_CMD_NOT_EXECUTABLE ++ {"CMD_NOT_EXECUTABLE", ERR_LIB_ENGINE, ENGINE_R_CMD_NOT_EXECUTABLE}, ++ #else ++ {"CMD_NOT_EXECUTABLE", 38, 134}, ++ #endif ++ #ifdef ENGINE_R_COMMAND_TAKES_INPUT ++ {"COMMAND_TAKES_INPUT", ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_INPUT}, ++ #else ++ {"COMMAND_TAKES_INPUT", 38, 135}, ++ #endif ++ #ifdef ENGINE_R_COMMAND_TAKES_NO_INPUT ++ {"COMMAND_TAKES_NO_INPUT", ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_NO_INPUT}, ++ #else ++ {"COMMAND_TAKES_NO_INPUT", 38, 136}, ++ #endif ++ #ifdef ENGINE_R_CONFLICTING_ENGINE_ID ++ {"CONFLICTING_ENGINE_ID", ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID}, ++ #else ++ {"CONFLICTING_ENGINE_ID", 38, 103}, ++ #endif ++ #ifdef ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ++ {"CTRL_COMMAND_NOT_IMPLEMENTED", ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED}, ++ #else ++ {"CTRL_COMMAND_NOT_IMPLEMENTED", 38, 119}, ++ #endif ++ #ifdef ENGINE_R_DSO_FAILURE ++ {"DSO_FAILURE", ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE}, ++ #else ++ {"DSO_FAILURE", 38, 104}, ++ #endif ++ #ifdef ENGINE_R_DSO_NOT_FOUND ++ {"DSO_NOT_FOUND", ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND}, ++ #else ++ {"DSO_NOT_FOUND", 38, 132}, ++ #endif ++ #ifdef ENGINE_R_ENGINES_SECTION_ERROR ++ {"ENGINES_SECTION_ERROR", ERR_LIB_ENGINE, ENGINE_R_ENGINES_SECTION_ERROR}, ++ #else ++ {"ENGINES_SECTION_ERROR", 38, 148}, ++ #endif ++ #ifdef ENGINE_R_ENGINE_CONFIGURATION_ERROR ++ {"ENGINE_CONFIGURATION_ERROR", ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR}, ++ #else ++ {"ENGINE_CONFIGURATION_ERROR", 38, 102}, ++ #endif ++ #ifdef ENGINE_R_ENGINE_IS_NOT_IN_LIST ++ {"ENGINE_IS_NOT_IN_LIST", ERR_LIB_ENGINE, ENGINE_R_ENGINE_IS_NOT_IN_LIST}, ++ #else ++ {"ENGINE_IS_NOT_IN_LIST", 38, 105}, ++ #endif ++ #ifdef ENGINE_R_ENGINE_SECTION_ERROR ++ {"ENGINE_SECTION_ERROR", ERR_LIB_ENGINE, ENGINE_R_ENGINE_SECTION_ERROR}, ++ #else ++ {"ENGINE_SECTION_ERROR", 38, 149}, ++ #endif ++ #ifdef ENGINE_R_FAILED_LOADING_PRIVATE_KEY ++ {"FAILED_LOADING_PRIVATE_KEY", ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY}, ++ #else ++ {"FAILED_LOADING_PRIVATE_KEY", 38, 128}, ++ #endif ++ #ifdef ENGINE_R_FAILED_LOADING_PUBLIC_KEY ++ {"FAILED_LOADING_PUBLIC_KEY", ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PUBLIC_KEY}, ++ #else ++ {"FAILED_LOADING_PUBLIC_KEY", 38, 129}, ++ #endif ++ #ifdef ENGINE_R_FINISH_FAILED ++ {"FINISH_FAILED", ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED}, ++ #else ++ {"FINISH_FAILED", 38, 106}, ++ #endif ++ #ifdef ENGINE_R_ID_OR_NAME_MISSING ++ {"ID_OR_NAME_MISSING", ERR_LIB_ENGINE, ENGINE_R_ID_OR_NAME_MISSING}, ++ #else ++ {"ID_OR_NAME_MISSING", 38, 108}, ++ #endif ++ #ifdef ENGINE_R_INIT_FAILED ++ {"INIT_FAILED", ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED}, ++ #else ++ {"INIT_FAILED", 38, 109}, ++ #endif ++ #ifdef ENGINE_R_INTERNAL_LIST_ERROR ++ {"INTERNAL_LIST_ERROR", ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR}, ++ #else ++ {"INTERNAL_LIST_ERROR", 38, 110}, ++ #endif ++ #ifdef ENGINE_R_INVALID_ARGUMENT ++ {"INVALID_ARGUMENT", ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT}, ++ #else ++ {"INVALID_ARGUMENT", 38, 143}, ++ #endif ++ #ifdef ENGINE_R_INVALID_CMD_NAME ++ {"INVALID_CMD_NAME", ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME}, ++ #else ++ {"INVALID_CMD_NAME", 38, 137}, ++ #endif ++ #ifdef ENGINE_R_INVALID_CMD_NUMBER ++ {"INVALID_CMD_NUMBER", ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER}, ++ #else ++ {"INVALID_CMD_NUMBER", 38, 138}, ++ #endif ++ #ifdef ENGINE_R_INVALID_INIT_VALUE ++ {"INVALID_INIT_VALUE", ERR_LIB_ENGINE, ENGINE_R_INVALID_INIT_VALUE}, ++ #else ++ {"INVALID_INIT_VALUE", 38, 151}, ++ #endif ++ #ifdef ENGINE_R_INVALID_STRING ++ {"INVALID_STRING", ERR_LIB_ENGINE, ENGINE_R_INVALID_STRING}, ++ #else ++ {"INVALID_STRING", 38, 150}, ++ #endif ++ #ifdef ENGINE_R_NOT_INITIALISED ++ {"NOT_INITIALISED", ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED}, ++ #else ++ {"NOT_INITIALISED", 38, 117}, ++ #endif ++ #ifdef ENGINE_R_NOT_LOADED ++ {"NOT_LOADED", ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED}, ++ #else ++ {"NOT_LOADED", 38, 112}, ++ #endif ++ #ifdef ENGINE_R_NO_CONTROL_FUNCTION ++ {"NO_CONTROL_FUNCTION", ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION}, ++ #else ++ {"NO_CONTROL_FUNCTION", 38, 120}, ++ #endif ++ #ifdef ENGINE_R_NO_INDEX ++ {"NO_INDEX", ERR_LIB_ENGINE, ENGINE_R_NO_INDEX}, ++ #else ++ {"NO_INDEX", 38, 144}, ++ #endif ++ #ifdef ENGINE_R_NO_LOAD_FUNCTION ++ {"NO_LOAD_FUNCTION", ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION}, ++ #else ++ {"NO_LOAD_FUNCTION", 38, 125}, ++ #endif ++ #ifdef ENGINE_R_NO_REFERENCE ++ {"NO_REFERENCE", ERR_LIB_ENGINE, ENGINE_R_NO_REFERENCE}, ++ #else ++ {"NO_REFERENCE", 38, 130}, ++ #endif ++ #ifdef ENGINE_R_NO_SUCH_ENGINE ++ {"NO_SUCH_ENGINE", ERR_LIB_ENGINE, ENGINE_R_NO_SUCH_ENGINE}, ++ #else ++ {"NO_SUCH_ENGINE", 38, 116}, ++ #endif ++ #ifdef ENGINE_R_UNIMPLEMENTED_CIPHER ++ {"UNIMPLEMENTED_CIPHER", ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_CIPHER}, ++ #else ++ {"UNIMPLEMENTED_CIPHER", 38, 146}, ++ #endif ++ #ifdef ENGINE_R_UNIMPLEMENTED_DIGEST ++ {"UNIMPLEMENTED_DIGEST", ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_DIGEST}, ++ #else ++ {"UNIMPLEMENTED_DIGEST", 38, 147}, ++ #endif ++ #ifdef ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD ++ {"UNIMPLEMENTED_PUBLIC_KEY_METHOD", ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD}, ++ #else ++ {"UNIMPLEMENTED_PUBLIC_KEY_METHOD", 38, 101}, ++ #endif ++ #ifdef ENGINE_R_VERSION_INCOMPATIBILITY ++ {"VERSION_INCOMPATIBILITY", ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY}, ++ #else ++ {"VERSION_INCOMPATIBILITY", 38, 145}, ++ #endif ++ #ifdef EVP_R_AES_KEY_SETUP_FAILED ++ {"AES_KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_AES_KEY_SETUP_FAILED}, ++ #else ++ {"AES_KEY_SETUP_FAILED", 6, 143}, ++ #endif ++ #ifdef EVP_R_ARIA_KEY_SETUP_FAILED ++ {"ARIA_KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED}, ++ #else ++ {"ARIA_KEY_SETUP_FAILED", 6, 176}, ++ #endif ++ #ifdef EVP_R_BAD_DECRYPT ++ {"BAD_DECRYPT", ERR_LIB_EVP, EVP_R_BAD_DECRYPT}, ++ #else ++ {"BAD_DECRYPT", 6, 100}, ++ #endif ++ #ifdef EVP_R_BAD_KEY_LENGTH ++ {"BAD_KEY_LENGTH", ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH}, ++ #else ++ {"BAD_KEY_LENGTH", 6, 195}, ++ #endif ++ #ifdef EVP_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 6, 155}, ++ #endif ++ #ifdef EVP_R_CAMELLIA_KEY_SETUP_FAILED ++ {"CAMELLIA_KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED}, ++ #else ++ {"CAMELLIA_KEY_SETUP_FAILED", 6, 157}, ++ #endif ++ #ifdef EVP_R_CIPHER_PARAMETER_ERROR ++ {"CIPHER_PARAMETER_ERROR", ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR}, ++ #else ++ {"CIPHER_PARAMETER_ERROR", 6, 122}, ++ #endif ++ #ifdef EVP_R_COMMAND_NOT_SUPPORTED ++ {"COMMAND_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED}, ++ #else ++ {"COMMAND_NOT_SUPPORTED", 6, 147}, ++ #endif ++ #ifdef EVP_R_COPY_ERROR ++ {"COPY_ERROR", ERR_LIB_EVP, EVP_R_COPY_ERROR}, ++ #else ++ {"COPY_ERROR", 6, 173}, ++ #endif ++ #ifdef EVP_R_CTRL_NOT_IMPLEMENTED ++ {"CTRL_NOT_IMPLEMENTED", ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED}, ++ #else ++ {"CTRL_NOT_IMPLEMENTED", 6, 132}, ++ #endif ++ #ifdef EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ++ {"CTRL_OPERATION_NOT_IMPLEMENTED", ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED}, ++ #else ++ {"CTRL_OPERATION_NOT_IMPLEMENTED", 6, 133}, ++ #endif ++ #ifdef EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ++ {"DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH", ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH}, ++ #else ++ {"DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH", 6, 138}, ++ #endif ++ #ifdef EVP_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_EVP, EVP_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 6, 114}, ++ #endif ++ #ifdef EVP_R_DIFFERENT_KEY_TYPES ++ {"DIFFERENT_KEY_TYPES", ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES}, ++ #else ++ {"DIFFERENT_KEY_TYPES", 6, 101}, ++ #endif ++ #ifdef EVP_R_DIFFERENT_PARAMETERS ++ {"DIFFERENT_PARAMETERS", ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS}, ++ #else ++ {"DIFFERENT_PARAMETERS", 6, 153}, ++ #endif ++ #ifdef EVP_R_ERROR_LOADING_SECTION ++ {"ERROR_LOADING_SECTION", ERR_LIB_EVP, EVP_R_ERROR_LOADING_SECTION}, ++ #else ++ {"ERROR_LOADING_SECTION", 6, 165}, ++ #endif ++ #ifdef EVP_R_ERROR_SETTING_FIPS_MODE ++ {"ERROR_SETTING_FIPS_MODE", ERR_LIB_EVP, EVP_R_ERROR_SETTING_FIPS_MODE}, ++ #else ++ {"ERROR_SETTING_FIPS_MODE", 6, 166}, ++ #endif ++ #ifdef EVP_R_EXPECTING_AN_HMAC_KEY ++ {"EXPECTING_AN_HMAC_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY}, ++ #else ++ {"EXPECTING_AN_HMAC_KEY", 6, 174}, ++ #endif ++ #ifdef EVP_R_EXPECTING_AN_RSA_KEY ++ {"EXPECTING_AN_RSA_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY}, ++ #else ++ {"EXPECTING_AN_RSA_KEY", 6, 127}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_DH_KEY ++ {"EXPECTING_A_DH_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_DH_KEY}, ++ #else ++ {"EXPECTING_A_DH_KEY", 6, 128}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_DSA_KEY ++ {"EXPECTING_A_DSA_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_DSA_KEY}, ++ #else ++ {"EXPECTING_A_DSA_KEY", 6, 129}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_EC_KEY ++ {"EXPECTING_A_EC_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY}, ++ #else ++ {"EXPECTING_A_EC_KEY", 6, 142}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_POLY1305_KEY ++ {"EXPECTING_A_POLY1305_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY}, ++ #else ++ {"EXPECTING_A_POLY1305_KEY", 6, 164}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_SIPHASH_KEY ++ {"EXPECTING_A_SIPHASH_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY}, ++ #else ++ {"EXPECTING_A_SIPHASH_KEY", 6, 175}, ++ #endif ++ #ifdef EVP_R_FIPS_MODE_NOT_SUPPORTED ++ {"FIPS_MODE_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_FIPS_MODE_NOT_SUPPORTED}, ++ #else ++ {"FIPS_MODE_NOT_SUPPORTED", 6, 167}, ++ #endif ++ #ifdef EVP_R_GET_RAW_KEY_FAILED ++ {"GET_RAW_KEY_FAILED", ERR_LIB_EVP, EVP_R_GET_RAW_KEY_FAILED}, ++ #else ++ {"GET_RAW_KEY_FAILED", 6, 182}, ++ #endif ++ #ifdef EVP_R_ILLEGAL_SCRYPT_PARAMETERS ++ {"ILLEGAL_SCRYPT_PARAMETERS", ERR_LIB_EVP, EVP_R_ILLEGAL_SCRYPT_PARAMETERS}, ++ #else ++ {"ILLEGAL_SCRYPT_PARAMETERS", 6, 171}, ++ #endif ++ #ifdef EVP_R_INITIALIZATION_ERROR ++ {"INITIALIZATION_ERROR", ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR}, ++ #else ++ {"INITIALIZATION_ERROR", 6, 134}, ++ #endif ++ #ifdef EVP_R_INPUT_NOT_INITIALIZED ++ {"INPUT_NOT_INITIALIZED", ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED}, ++ #else ++ {"INPUT_NOT_INITIALIZED", 6, 111}, ++ #endif ++ #ifdef EVP_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_EVP, EVP_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 6, 152}, ++ #endif ++ #ifdef EVP_R_INVALID_FIPS_MODE ++ {"INVALID_FIPS_MODE", ERR_LIB_EVP, EVP_R_INVALID_FIPS_MODE}, ++ #else ++ {"INVALID_FIPS_MODE", 6, 168}, ++ #endif ++ #ifdef EVP_R_INVALID_IV_LENGTH ++ {"INVALID_IV_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH}, ++ #else ++ {"INVALID_IV_LENGTH", 6, 194}, ++ #endif ++ #ifdef EVP_R_INVALID_KEY ++ {"INVALID_KEY", ERR_LIB_EVP, EVP_R_INVALID_KEY}, ++ #else ++ {"INVALID_KEY", 6, 163}, ++ #endif ++ #ifdef EVP_R_INVALID_KEY_LENGTH ++ {"INVALID_KEY_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH}, ++ #else ++ {"INVALID_KEY_LENGTH", 6, 130}, ++ #endif ++ #ifdef EVP_R_INVALID_OPERATION ++ {"INVALID_OPERATION", ERR_LIB_EVP, EVP_R_INVALID_OPERATION}, ++ #else ++ {"INVALID_OPERATION", 6, 148}, ++ #endif ++ #ifdef EVP_R_KEYGEN_FAILURE ++ {"KEYGEN_FAILURE", ERR_LIB_EVP, EVP_R_KEYGEN_FAILURE}, ++ #else ++ {"KEYGEN_FAILURE", 6, 120}, ++ #endif ++ #ifdef EVP_R_KEY_SETUP_FAILED ++ {"KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED}, ++ #else ++ {"KEY_SETUP_FAILED", 6, 180}, ++ #endif ++ #ifdef EVP_R_MEMORY_LIMIT_EXCEEDED ++ {"MEMORY_LIMIT_EXCEEDED", ERR_LIB_EVP, EVP_R_MEMORY_LIMIT_EXCEEDED}, ++ #else ++ {"MEMORY_LIMIT_EXCEEDED", 6, 172}, ++ #endif ++ #ifdef EVP_R_MESSAGE_DIGEST_IS_NULL ++ {"MESSAGE_DIGEST_IS_NULL", ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL}, ++ #else ++ {"MESSAGE_DIGEST_IS_NULL", 6, 159}, ++ #endif ++ #ifdef EVP_R_METHOD_NOT_SUPPORTED ++ {"METHOD_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED}, ++ #else ++ {"METHOD_NOT_SUPPORTED", 6, 144}, ++ #endif ++ #ifdef EVP_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_EVP, EVP_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 6, 103}, ++ #endif ++ #ifdef EVP_R_NOT_XOF_OR_INVALID_LENGTH ++ {"NOT_XOF_OR_INVALID_LENGTH", ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH}, ++ #else ++ {"NOT_XOF_OR_INVALID_LENGTH", 6, 178}, ++ #endif ++ #ifdef EVP_R_NO_CIPHER_SET ++ {"NO_CIPHER_SET", ERR_LIB_EVP, EVP_R_NO_CIPHER_SET}, ++ #else ++ {"NO_CIPHER_SET", 6, 131}, ++ #endif ++ #ifdef EVP_R_NO_DEFAULT_DIGEST ++ {"NO_DEFAULT_DIGEST", ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST}, ++ #else ++ {"NO_DEFAULT_DIGEST", 6, 158}, ++ #endif ++ #ifdef EVP_R_NO_DIGEST_SET ++ {"NO_DIGEST_SET", ERR_LIB_EVP, EVP_R_NO_DIGEST_SET}, ++ #else ++ {"NO_DIGEST_SET", 6, 139}, ++ #endif ++ #ifdef EVP_R_NO_KEY_SET ++ {"NO_KEY_SET", ERR_LIB_EVP, EVP_R_NO_KEY_SET}, ++ #else ++ {"NO_KEY_SET", 6, 154}, ++ #endif ++ #ifdef EVP_R_NO_OPERATION_SET ++ {"NO_OPERATION_SET", ERR_LIB_EVP, EVP_R_NO_OPERATION_SET}, ++ #else ++ {"NO_OPERATION_SET", 6, 149}, ++ #endif ++ #ifdef EVP_R_ONLY_ONESHOT_SUPPORTED ++ {"ONLY_ONESHOT_SUPPORTED", ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED}, ++ #else ++ {"ONLY_ONESHOT_SUPPORTED", 6, 177}, ++ #endif ++ #ifdef EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", 6, 150}, ++ #endif ++ #ifdef EVP_R_OPERATON_NOT_INITIALIZED ++ {"OPERATON_NOT_INITIALIZED", ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED}, ++ #else ++ {"OPERATON_NOT_INITIALIZED", 6, 151}, ++ #endif ++ #ifdef EVP_R_OUTPUT_WOULD_OVERFLOW ++ {"OUTPUT_WOULD_OVERFLOW", ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW}, ++ #else ++ {"OUTPUT_WOULD_OVERFLOW", 6, 184}, ++ #endif ++ #ifdef EVP_R_PARTIALLY_OVERLAPPING ++ {"PARTIALLY_OVERLAPPING", ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING}, ++ #else ++ {"PARTIALLY_OVERLAPPING", 6, 162}, ++ #endif ++ #ifdef EVP_R_PBKDF2_ERROR ++ {"PBKDF2_ERROR", ERR_LIB_EVP, EVP_R_PBKDF2_ERROR}, ++ #else ++ {"PBKDF2_ERROR", 6, 181}, ++ #endif ++ #ifdef EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED ++ {"PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED", ERR_LIB_EVP, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED}, ++ #else ++ {"PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED", 6, 179}, ++ #endif ++ #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR ++ {"PRIVATE_KEY_DECODE_ERROR", ERR_LIB_EVP, EVP_R_PRIVATE_KEY_DECODE_ERROR}, ++ #else ++ {"PRIVATE_KEY_DECODE_ERROR", 6, 145}, ++ #endif ++ #ifdef EVP_R_PRIVATE_KEY_ENCODE_ERROR ++ {"PRIVATE_KEY_ENCODE_ERROR", ERR_LIB_EVP, EVP_R_PRIVATE_KEY_ENCODE_ERROR}, ++ #else ++ {"PRIVATE_KEY_ENCODE_ERROR", 6, 146}, ++ #endif ++ #ifdef EVP_R_PUBLIC_KEY_NOT_RSA ++ {"PUBLIC_KEY_NOT_RSA", ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA}, ++ #else ++ {"PUBLIC_KEY_NOT_RSA", 6, 106}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_CIPHER ++ {"UNKNOWN_CIPHER", ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER}, ++ #else ++ {"UNKNOWN_CIPHER", 6, 160}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 6, 161}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_OPTION ++ {"UNKNOWN_OPTION", ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION}, ++ #else ++ {"UNKNOWN_OPTION", 6, 169}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_PBE_ALGORITHM ++ {"UNKNOWN_PBE_ALGORITHM", ERR_LIB_EVP, EVP_R_UNKNOWN_PBE_ALGORITHM}, ++ #else ++ {"UNKNOWN_PBE_ALGORITHM", 6, 121}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_ALGORITHM ++ {"UNSUPPORTED_ALGORITHM", ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_ALGORITHM", 6, 156}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 6, 107}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEYLENGTH ++ {"UNSUPPORTED_KEYLENGTH", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEYLENGTH}, ++ #else ++ {"UNSUPPORTED_KEYLENGTH", 6, 123}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION ++ {"UNSUPPORTED_KEY_DERIVATION_FUNCTION", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION}, ++ #else ++ {"UNSUPPORTED_KEY_DERIVATION_FUNCTION", 6, 124}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEY_SIZE ++ {"UNSUPPORTED_KEY_SIZE", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_SIZE}, ++ #else ++ {"UNSUPPORTED_KEY_SIZE", 6, 108}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS ++ {"UNSUPPORTED_NUMBER_OF_ROUNDS", ERR_LIB_EVP, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS}, ++ #else ++ {"UNSUPPORTED_NUMBER_OF_ROUNDS", 6, 135}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_PRF ++ {"UNSUPPORTED_PRF", ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF}, ++ #else ++ {"UNSUPPORTED_PRF", 6, 125}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ++ {"UNSUPPORTED_PRIVATE_KEY_ALGORITHM", ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_PRIVATE_KEY_ALGORITHM", 6, 118}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_SALT_TYPE ++ {"UNSUPPORTED_SALT_TYPE", ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE}, ++ #else ++ {"UNSUPPORTED_SALT_TYPE", 6, 126}, ++ #endif ++ #ifdef EVP_R_WRAP_MODE_NOT_ALLOWED ++ {"WRAP_MODE_NOT_ALLOWED", ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED}, ++ #else ++ {"WRAP_MODE_NOT_ALLOWED", 6, 170}, ++ #endif ++ #ifdef EVP_R_WRONG_FINAL_BLOCK_LENGTH ++ {"WRONG_FINAL_BLOCK_LENGTH", ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH}, ++ #else ++ {"WRONG_FINAL_BLOCK_LENGTH", 6, 109}, ++ #endif ++ #ifdef EVP_R_XTS_DUPLICATED_KEYS ++ {"XTS_DUPLICATED_KEYS", ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS}, ++ #else ++ {"XTS_DUPLICATED_KEYS", 6, 183}, ++ #endif ++ #ifdef KDF_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_KDF, KDF_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 52, 100}, ++ #endif ++ #ifdef KDF_R_MISSING_ITERATION_COUNT ++ {"MISSING_ITERATION_COUNT", ERR_LIB_KDF, KDF_R_MISSING_ITERATION_COUNT}, ++ #else ++ {"MISSING_ITERATION_COUNT", 52, 109}, ++ #endif ++ #ifdef KDF_R_MISSING_KEY ++ {"MISSING_KEY", ERR_LIB_KDF, KDF_R_MISSING_KEY}, ++ #else ++ {"MISSING_KEY", 52, 104}, ++ #endif ++ #ifdef KDF_R_MISSING_MESSAGE_DIGEST ++ {"MISSING_MESSAGE_DIGEST", ERR_LIB_KDF, KDF_R_MISSING_MESSAGE_DIGEST}, ++ #else ++ {"MISSING_MESSAGE_DIGEST", 52, 105}, ++ #endif ++ #ifdef KDF_R_MISSING_PARAMETER ++ {"MISSING_PARAMETER", ERR_LIB_KDF, KDF_R_MISSING_PARAMETER}, ++ #else ++ {"MISSING_PARAMETER", 52, 101}, ++ #endif ++ #ifdef KDF_R_MISSING_PASS ++ {"MISSING_PASS", ERR_LIB_KDF, KDF_R_MISSING_PASS}, ++ #else ++ {"MISSING_PASS", 52, 110}, ++ #endif ++ #ifdef KDF_R_MISSING_SALT ++ {"MISSING_SALT", ERR_LIB_KDF, KDF_R_MISSING_SALT}, ++ #else ++ {"MISSING_SALT", 52, 111}, ++ #endif ++ #ifdef KDF_R_MISSING_SECRET ++ {"MISSING_SECRET", ERR_LIB_KDF, KDF_R_MISSING_SECRET}, ++ #else ++ {"MISSING_SECRET", 52, 107}, ++ #endif ++ #ifdef KDF_R_MISSING_SEED ++ {"MISSING_SEED", ERR_LIB_KDF, KDF_R_MISSING_SEED}, ++ #else ++ {"MISSING_SEED", 52, 106}, ++ #endif ++ #ifdef KDF_R_UNKNOWN_PARAMETER_TYPE ++ {"UNKNOWN_PARAMETER_TYPE", ERR_LIB_KDF, KDF_R_UNKNOWN_PARAMETER_TYPE}, ++ #else ++ {"UNKNOWN_PARAMETER_TYPE", 52, 103}, ++ #endif ++ #ifdef KDF_R_VALUE_ERROR ++ {"VALUE_ERROR", ERR_LIB_KDF, KDF_R_VALUE_ERROR}, ++ #else ++ {"VALUE_ERROR", 52, 108}, ++ #endif ++ #ifdef KDF_R_VALUE_MISSING ++ {"VALUE_MISSING", ERR_LIB_KDF, KDF_R_VALUE_MISSING}, ++ #else ++ {"VALUE_MISSING", 52, 102}, ++ #endif ++ #ifdef OBJ_R_OID_EXISTS ++ {"OID_EXISTS", ERR_LIB_OBJ, OBJ_R_OID_EXISTS}, ++ #else ++ {"OID_EXISTS", 8, 102}, ++ #endif ++ #ifdef OBJ_R_UNKNOWN_NID ++ {"UNKNOWN_NID", ERR_LIB_OBJ, OBJ_R_UNKNOWN_NID}, ++ #else ++ {"UNKNOWN_NID", 8, 101}, ++ #endif ++ #ifdef OCSP_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 39, 101}, ++ #endif ++ #ifdef OCSP_R_DIGEST_ERR ++ {"DIGEST_ERR", ERR_LIB_OCSP, OCSP_R_DIGEST_ERR}, ++ #else ++ {"DIGEST_ERR", 39, 102}, ++ #endif ++ #ifdef OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ++ {"ERROR_IN_NEXTUPDATE_FIELD", ERR_LIB_OCSP, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD}, ++ #else ++ {"ERROR_IN_NEXTUPDATE_FIELD", 39, 122}, ++ #endif ++ #ifdef OCSP_R_ERROR_IN_THISUPDATE_FIELD ++ {"ERROR_IN_THISUPDATE_FIELD", ERR_LIB_OCSP, OCSP_R_ERROR_IN_THISUPDATE_FIELD}, ++ #else ++ {"ERROR_IN_THISUPDATE_FIELD", 39, 123}, ++ #endif ++ #ifdef OCSP_R_ERROR_PARSING_URL ++ {"ERROR_PARSING_URL", ERR_LIB_OCSP, OCSP_R_ERROR_PARSING_URL}, ++ #else ++ {"ERROR_PARSING_URL", 39, 121}, ++ #endif ++ #ifdef OCSP_R_MISSING_OCSPSIGNING_USAGE ++ {"MISSING_OCSPSIGNING_USAGE", ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE}, ++ #else ++ {"MISSING_OCSPSIGNING_USAGE", 39, 103}, ++ #endif ++ #ifdef OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ++ {"NEXTUPDATE_BEFORE_THISUPDATE", ERR_LIB_OCSP, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE}, ++ #else ++ {"NEXTUPDATE_BEFORE_THISUPDATE", 39, 124}, ++ #endif ++ #ifdef OCSP_R_NOT_BASIC_RESPONSE ++ {"NOT_BASIC_RESPONSE", ERR_LIB_OCSP, OCSP_R_NOT_BASIC_RESPONSE}, ++ #else ++ {"NOT_BASIC_RESPONSE", 39, 104}, ++ #endif ++ #ifdef OCSP_R_NO_CERTIFICATES_IN_CHAIN ++ {"NO_CERTIFICATES_IN_CHAIN", ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN}, ++ #else ++ {"NO_CERTIFICATES_IN_CHAIN", 39, 105}, ++ #endif ++ #ifdef OCSP_R_NO_RESPONSE_DATA ++ {"NO_RESPONSE_DATA", ERR_LIB_OCSP, OCSP_R_NO_RESPONSE_DATA}, ++ #else ++ {"NO_RESPONSE_DATA", 39, 108}, ++ #endif ++ #ifdef OCSP_R_NO_REVOKED_TIME ++ {"NO_REVOKED_TIME", ERR_LIB_OCSP, OCSP_R_NO_REVOKED_TIME}, ++ #else ++ {"NO_REVOKED_TIME", 39, 109}, ++ #endif ++ #ifdef OCSP_R_NO_SIGNER_KEY ++ {"NO_SIGNER_KEY", ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY}, ++ #else ++ {"NO_SIGNER_KEY", 39, 130}, ++ #endif ++ #ifdef OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 39, 110}, ++ #endif ++ #ifdef OCSP_R_REQUEST_NOT_SIGNED ++ {"REQUEST_NOT_SIGNED", ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED}, ++ #else ++ {"REQUEST_NOT_SIGNED", 39, 128}, ++ #endif ++ #ifdef OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA ++ {"RESPONSE_CONTAINS_NO_REVOCATION_DATA", ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA}, ++ #else ++ {"RESPONSE_CONTAINS_NO_REVOCATION_DATA", 39, 111}, ++ #endif ++ #ifdef OCSP_R_ROOT_CA_NOT_TRUSTED ++ {"ROOT_CA_NOT_TRUSTED", ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED}, ++ #else ++ {"ROOT_CA_NOT_TRUSTED", 39, 112}, ++ #endif ++ #ifdef OCSP_R_SERVER_RESPONSE_ERROR ++ {"SERVER_RESPONSE_ERROR", ERR_LIB_OCSP, OCSP_R_SERVER_RESPONSE_ERROR}, ++ #else ++ {"SERVER_RESPONSE_ERROR", 39, 114}, ++ #endif ++ #ifdef OCSP_R_SERVER_RESPONSE_PARSE_ERROR ++ {"SERVER_RESPONSE_PARSE_ERROR", ERR_LIB_OCSP, OCSP_R_SERVER_RESPONSE_PARSE_ERROR}, ++ #else ++ {"SERVER_RESPONSE_PARSE_ERROR", 39, 115}, ++ #endif ++ #ifdef OCSP_R_SIGNATURE_FAILURE ++ {"SIGNATURE_FAILURE", ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE}, ++ #else ++ {"SIGNATURE_FAILURE", 39, 117}, ++ #endif ++ #ifdef OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ++ {"SIGNER_CERTIFICATE_NOT_FOUND", ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"SIGNER_CERTIFICATE_NOT_FOUND", 39, 118}, ++ #endif ++ #ifdef OCSP_R_STATUS_EXPIRED ++ {"STATUS_EXPIRED", ERR_LIB_OCSP, OCSP_R_STATUS_EXPIRED}, ++ #else ++ {"STATUS_EXPIRED", 39, 125}, ++ #endif ++ #ifdef OCSP_R_STATUS_NOT_YET_VALID ++ {"STATUS_NOT_YET_VALID", ERR_LIB_OCSP, OCSP_R_STATUS_NOT_YET_VALID}, ++ #else ++ {"STATUS_NOT_YET_VALID", 39, 126}, ++ #endif ++ #ifdef OCSP_R_STATUS_TOO_OLD ++ {"STATUS_TOO_OLD", ERR_LIB_OCSP, OCSP_R_STATUS_TOO_OLD}, ++ #else ++ {"STATUS_TOO_OLD", 39, 127}, ++ #endif ++ #ifdef OCSP_R_UNKNOWN_MESSAGE_DIGEST ++ {"UNKNOWN_MESSAGE_DIGEST", ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST}, ++ #else ++ {"UNKNOWN_MESSAGE_DIGEST", 39, 119}, ++ #endif ++ #ifdef OCSP_R_UNKNOWN_NID ++ {"UNKNOWN_NID", ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID}, ++ #else ++ {"UNKNOWN_NID", 39, 120}, ++ #endif ++ #ifdef OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ++ {"UNSUPPORTED_REQUESTORNAME_TYPE", ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE}, ++ #else ++ {"UNSUPPORTED_REQUESTORNAME_TYPE", 39, 129}, ++ #endif ++ #ifdef OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE ++ {"AMBIGUOUS_CONTENT_TYPE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE}, ++ #else ++ {"AMBIGUOUS_CONTENT_TYPE", 44, 107}, ++ #endif ++ #ifdef OSSL_STORE_R_BAD_PASSWORD_READ ++ {"BAD_PASSWORD_READ", ERR_LIB_OSSL_STORE, OSSL_STORE_R_BAD_PASSWORD_READ}, ++ #else ++ {"BAD_PASSWORD_READ", 44, 115}, ++ #endif ++ #ifdef OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC ++ {"ERROR_VERIFYING_PKCS12_MAC", ERR_LIB_OSSL_STORE, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC}, ++ #else ++ {"ERROR_VERIFYING_PKCS12_MAC", 44, 113}, ++ #endif ++ #ifdef OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST ++ {"FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST", ERR_LIB_OSSL_STORE, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST}, ++ #else ++ {"FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST", 44, 121}, ++ #endif ++ #ifdef OSSL_STORE_R_INVALID_SCHEME ++ {"INVALID_SCHEME", ERR_LIB_OSSL_STORE, OSSL_STORE_R_INVALID_SCHEME}, ++ #else ++ {"INVALID_SCHEME", 44, 106}, ++ #endif ++ #ifdef OSSL_STORE_R_IS_NOT_A ++ {"IS_NOT_A", ERR_LIB_OSSL_STORE, OSSL_STORE_R_IS_NOT_A}, ++ #else ++ {"IS_NOT_A", 44, 112}, ++ #endif ++ #ifdef OSSL_STORE_R_LOADER_INCOMPLETE ++ {"LOADER_INCOMPLETE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADER_INCOMPLETE}, ++ #else ++ {"LOADER_INCOMPLETE", 44, 116}, ++ #endif ++ #ifdef OSSL_STORE_R_LOADING_STARTED ++ {"LOADING_STARTED", ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED}, ++ #else ++ {"LOADING_STARTED", 44, 117}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_CERTIFICATE ++ {"NOT_A_CERTIFICATE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE}, ++ #else ++ {"NOT_A_CERTIFICATE", 44, 100}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_CRL ++ {"NOT_A_CRL", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL}, ++ #else ++ {"NOT_A_CRL", 44, 101}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_KEY ++ {"NOT_A_KEY", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_KEY}, ++ #else ++ {"NOT_A_KEY", 44, 102}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_NAME ++ {"NOT_A_NAME", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME}, ++ #else ++ {"NOT_A_NAME", 44, 103}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_PARAMETERS ++ {"NOT_PARAMETERS", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS}, ++ #else ++ {"NOT_PARAMETERS", 44, 104}, ++ #endif ++ #ifdef OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR ++ {"PASSPHRASE_CALLBACK_ERROR", ERR_LIB_OSSL_STORE, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR}, ++ #else ++ {"PASSPHRASE_CALLBACK_ERROR", 44, 114}, ++ #endif ++ #ifdef OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE ++ {"PATH_MUST_BE_ABSOLUTE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE}, ++ #else ++ {"PATH_MUST_BE_ABSOLUTE", 44, 108}, ++ #endif ++ #ifdef OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES ++ {"SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES", ERR_LIB_OSSL_STORE, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES}, ++ #else ++ {"SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES", 44, 119}, ++ #endif ++ #ifdef OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED ++ {"UI_PROCESS_INTERRUPTED_OR_CANCELLED", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED}, ++ #else ++ {"UI_PROCESS_INTERRUPTED_OR_CANCELLED", 44, 109}, ++ #endif ++ #ifdef OSSL_STORE_R_UNREGISTERED_SCHEME ++ {"UNREGISTERED_SCHEME", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNREGISTERED_SCHEME}, ++ #else ++ {"UNREGISTERED_SCHEME", 44, 105}, ++ #endif ++ #ifdef OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE ++ {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE}, ++ #else ++ {"UNSUPPORTED_CONTENT_TYPE", 44, 110}, ++ #endif ++ #ifdef OSSL_STORE_R_UNSUPPORTED_OPERATION ++ {"UNSUPPORTED_OPERATION", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION}, ++ #else ++ {"UNSUPPORTED_OPERATION", 44, 118}, ++ #endif ++ #ifdef OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE ++ {"UNSUPPORTED_SEARCH_TYPE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE}, ++ #else ++ {"UNSUPPORTED_SEARCH_TYPE", 44, 120}, ++ #endif ++ #ifdef OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED ++ {"URI_AUTHORITY_UNSUPPORTED", ERR_LIB_OSSL_STORE, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED}, ++ #else ++ {"URI_AUTHORITY_UNSUPPORTED", 44, 111}, ++ #endif ++ #ifdef PEM_R_BAD_BASE64_DECODE ++ {"BAD_BASE64_DECODE", ERR_LIB_PEM, PEM_R_BAD_BASE64_DECODE}, ++ #else ++ {"BAD_BASE64_DECODE", 9, 100}, ++ #endif ++ #ifdef PEM_R_BAD_DECRYPT ++ {"BAD_DECRYPT", ERR_LIB_PEM, PEM_R_BAD_DECRYPT}, ++ #else ++ {"BAD_DECRYPT", 9, 101}, ++ #endif ++ #ifdef PEM_R_BAD_END_LINE ++ {"BAD_END_LINE", ERR_LIB_PEM, PEM_R_BAD_END_LINE}, ++ #else ++ {"BAD_END_LINE", 9, 102}, ++ #endif ++ #ifdef PEM_R_BAD_IV_CHARS ++ {"BAD_IV_CHARS", ERR_LIB_PEM, PEM_R_BAD_IV_CHARS}, ++ #else ++ {"BAD_IV_CHARS", 9, 103}, ++ #endif ++ #ifdef PEM_R_BAD_MAGIC_NUMBER ++ {"BAD_MAGIC_NUMBER", ERR_LIB_PEM, PEM_R_BAD_MAGIC_NUMBER}, ++ #else ++ {"BAD_MAGIC_NUMBER", 9, 116}, ++ #endif ++ #ifdef PEM_R_BAD_PASSWORD_READ ++ {"BAD_PASSWORD_READ", ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ}, ++ #else ++ {"BAD_PASSWORD_READ", 9, 104}, ++ #endif ++ #ifdef PEM_R_BAD_VERSION_NUMBER ++ {"BAD_VERSION_NUMBER", ERR_LIB_PEM, PEM_R_BAD_VERSION_NUMBER}, ++ #else ++ {"BAD_VERSION_NUMBER", 9, 117}, ++ #endif ++ #ifdef PEM_R_BIO_WRITE_FAILURE ++ {"BIO_WRITE_FAILURE", ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE}, ++ #else ++ {"BIO_WRITE_FAILURE", 9, 118}, ++ #endif ++ #ifdef PEM_R_CIPHER_IS_NULL ++ {"CIPHER_IS_NULL", ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL}, ++ #else ++ {"CIPHER_IS_NULL", 9, 127}, ++ #endif ++ #ifdef PEM_R_ERROR_CONVERTING_PRIVATE_KEY ++ {"ERROR_CONVERTING_PRIVATE_KEY", ERR_LIB_PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY}, ++ #else ++ {"ERROR_CONVERTING_PRIVATE_KEY", 9, 115}, ++ #endif ++ #ifdef PEM_R_EXPECTING_PRIVATE_KEY_BLOB ++ {"EXPECTING_PRIVATE_KEY_BLOB", ERR_LIB_PEM, PEM_R_EXPECTING_PRIVATE_KEY_BLOB}, ++ #else ++ {"EXPECTING_PRIVATE_KEY_BLOB", 9, 119}, ++ #endif ++ #ifdef PEM_R_EXPECTING_PUBLIC_KEY_BLOB ++ {"EXPECTING_PUBLIC_KEY_BLOB", ERR_LIB_PEM, PEM_R_EXPECTING_PUBLIC_KEY_BLOB}, ++ #else ++ {"EXPECTING_PUBLIC_KEY_BLOB", 9, 120}, ++ #endif ++ #ifdef PEM_R_HEADER_TOO_LONG ++ {"HEADER_TOO_LONG", ERR_LIB_PEM, PEM_R_HEADER_TOO_LONG}, ++ #else ++ {"HEADER_TOO_LONG", 9, 128}, ++ #endif ++ #ifdef PEM_R_INCONSISTENT_HEADER ++ {"INCONSISTENT_HEADER", ERR_LIB_PEM, PEM_R_INCONSISTENT_HEADER}, ++ #else ++ {"INCONSISTENT_HEADER", 9, 121}, ++ #endif ++ #ifdef PEM_R_KEYBLOB_HEADER_PARSE_ERROR ++ {"KEYBLOB_HEADER_PARSE_ERROR", ERR_LIB_PEM, PEM_R_KEYBLOB_HEADER_PARSE_ERROR}, ++ #else ++ {"KEYBLOB_HEADER_PARSE_ERROR", 9, 122}, ++ #endif ++ #ifdef PEM_R_KEYBLOB_TOO_SHORT ++ {"KEYBLOB_TOO_SHORT", ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT}, ++ #else ++ {"KEYBLOB_TOO_SHORT", 9, 123}, ++ #endif ++ #ifdef PEM_R_MISSING_DEK_IV ++ {"MISSING_DEK_IV", ERR_LIB_PEM, PEM_R_MISSING_DEK_IV}, ++ #else ++ {"MISSING_DEK_IV", 9, 129}, ++ #endif ++ #ifdef PEM_R_NOT_DEK_INFO ++ {"NOT_DEK_INFO", ERR_LIB_PEM, PEM_R_NOT_DEK_INFO}, ++ #else ++ {"NOT_DEK_INFO", 9, 105}, ++ #endif ++ #ifdef PEM_R_NOT_ENCRYPTED ++ {"NOT_ENCRYPTED", ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED}, ++ #else ++ {"NOT_ENCRYPTED", 9, 106}, ++ #endif ++ #ifdef PEM_R_NOT_PROC_TYPE ++ {"NOT_PROC_TYPE", ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE}, ++ #else ++ {"NOT_PROC_TYPE", 9, 107}, ++ #endif ++ #ifdef PEM_R_NO_START_LINE ++ {"NO_START_LINE", ERR_LIB_PEM, PEM_R_NO_START_LINE}, ++ #else ++ {"NO_START_LINE", 9, 108}, ++ #endif ++ #ifdef PEM_R_PROBLEMS_GETTING_PASSWORD ++ {"PROBLEMS_GETTING_PASSWORD", ERR_LIB_PEM, PEM_R_PROBLEMS_GETTING_PASSWORD}, ++ #else ++ {"PROBLEMS_GETTING_PASSWORD", 9, 109}, ++ #endif ++ #ifdef PEM_R_PVK_DATA_TOO_SHORT ++ {"PVK_DATA_TOO_SHORT", ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT}, ++ #else ++ {"PVK_DATA_TOO_SHORT", 9, 124}, ++ #endif ++ #ifdef PEM_R_PVK_TOO_SHORT ++ {"PVK_TOO_SHORT", ERR_LIB_PEM, PEM_R_PVK_TOO_SHORT}, ++ #else ++ {"PVK_TOO_SHORT", 9, 125}, ++ #endif ++ #ifdef PEM_R_READ_KEY ++ {"READ_KEY", ERR_LIB_PEM, PEM_R_READ_KEY}, ++ #else ++ {"READ_KEY", 9, 111}, ++ #endif ++ #ifdef PEM_R_SHORT_HEADER ++ {"SHORT_HEADER", ERR_LIB_PEM, PEM_R_SHORT_HEADER}, ++ #else ++ {"SHORT_HEADER", 9, 112}, ++ #endif ++ #ifdef PEM_R_UNEXPECTED_DEK_IV ++ {"UNEXPECTED_DEK_IV", ERR_LIB_PEM, PEM_R_UNEXPECTED_DEK_IV}, ++ #else ++ {"UNEXPECTED_DEK_IV", 9, 130}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 9, 113}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_ENCRYPTION ++ {"UNSUPPORTED_ENCRYPTION", ERR_LIB_PEM, PEM_R_UNSUPPORTED_ENCRYPTION}, ++ #else ++ {"UNSUPPORTED_ENCRYPTION", 9, 114}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_KEY_COMPONENTS ++ {"UNSUPPORTED_KEY_COMPONENTS", ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS}, ++ #else ++ {"UNSUPPORTED_KEY_COMPONENTS", 9, 126}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE}, ++ #else ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", 9, 110}, ++ #endif ++ #ifdef PKCS12_R_CANT_PACK_STRUCTURE ++ {"CANT_PACK_STRUCTURE", ERR_LIB_PKCS12, PKCS12_R_CANT_PACK_STRUCTURE}, ++ #else ++ {"CANT_PACK_STRUCTURE", 35, 100}, ++ #endif ++ #ifdef PKCS12_R_CONTENT_TYPE_NOT_DATA ++ {"CONTENT_TYPE_NOT_DATA", ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_DATA", 35, 121}, ++ #endif ++ #ifdef PKCS12_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 35, 101}, ++ #endif ++ #ifdef PKCS12_R_ENCODE_ERROR ++ {"ENCODE_ERROR", ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR}, ++ #else ++ {"ENCODE_ERROR", 35, 102}, ++ #endif ++ #ifdef PKCS12_R_ENCRYPT_ERROR ++ {"ENCRYPT_ERROR", ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR}, ++ #else ++ {"ENCRYPT_ERROR", 35, 103}, ++ #endif ++ #ifdef PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE ++ {"ERROR_SETTING_ENCRYPTED_DATA_TYPE", ERR_LIB_PKCS12, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE}, ++ #else ++ {"ERROR_SETTING_ENCRYPTED_DATA_TYPE", 35, 120}, ++ #endif ++ #ifdef PKCS12_R_INVALID_NULL_ARGUMENT ++ {"INVALID_NULL_ARGUMENT", ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_ARGUMENT}, ++ #else ++ {"INVALID_NULL_ARGUMENT", 35, 104}, ++ #endif ++ #ifdef PKCS12_R_INVALID_NULL_PKCS12_POINTER ++ {"INVALID_NULL_PKCS12_POINTER", ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_PKCS12_POINTER}, ++ #else ++ {"INVALID_NULL_PKCS12_POINTER", 35, 105}, ++ #endif ++ #ifdef PKCS12_R_IV_GEN_ERROR ++ {"IV_GEN_ERROR", ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR}, ++ #else ++ {"IV_GEN_ERROR", 35, 106}, ++ #endif ++ #ifdef PKCS12_R_KEY_GEN_ERROR ++ {"KEY_GEN_ERROR", ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR}, ++ #else ++ {"KEY_GEN_ERROR", 35, 107}, ++ #endif ++ #ifdef PKCS12_R_MAC_ABSENT ++ {"MAC_ABSENT", ERR_LIB_PKCS12, PKCS12_R_MAC_ABSENT}, ++ #else ++ {"MAC_ABSENT", 35, 108}, ++ #endif ++ #ifdef PKCS12_R_MAC_GENERATION_ERROR ++ {"MAC_GENERATION_ERROR", ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR}, ++ #else ++ {"MAC_GENERATION_ERROR", 35, 109}, ++ #endif ++ #ifdef PKCS12_R_MAC_SETUP_ERROR ++ {"MAC_SETUP_ERROR", ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR}, ++ #else ++ {"MAC_SETUP_ERROR", 35, 110}, ++ #endif ++ #ifdef PKCS12_R_MAC_STRING_SET_ERROR ++ {"MAC_STRING_SET_ERROR", ERR_LIB_PKCS12, PKCS12_R_MAC_STRING_SET_ERROR}, ++ #else ++ {"MAC_STRING_SET_ERROR", 35, 111}, ++ #endif ++ #ifdef PKCS12_R_MAC_VERIFY_FAILURE ++ {"MAC_VERIFY_FAILURE", ERR_LIB_PKCS12, PKCS12_R_MAC_VERIFY_FAILURE}, ++ #else ++ {"MAC_VERIFY_FAILURE", 35, 113}, ++ #endif ++ #ifdef PKCS12_R_PARSE_ERROR ++ {"PARSE_ERROR", ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR}, ++ #else ++ {"PARSE_ERROR", 35, 114}, ++ #endif ++ #ifdef PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ++ {"PKCS12_ALGOR_CIPHERINIT_ERROR", ERR_LIB_PKCS12, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR}, ++ #else ++ {"PKCS12_ALGOR_CIPHERINIT_ERROR", 35, 115}, ++ #endif ++ #ifdef PKCS12_R_PKCS12_CIPHERFINAL_ERROR ++ {"PKCS12_CIPHERFINAL_ERROR", ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR}, ++ #else ++ {"PKCS12_CIPHERFINAL_ERROR", 35, 116}, ++ #endif ++ #ifdef PKCS12_R_PKCS12_PBE_CRYPT_ERROR ++ {"PKCS12_PBE_CRYPT_ERROR", ERR_LIB_PKCS12, PKCS12_R_PKCS12_PBE_CRYPT_ERROR}, ++ #else ++ {"PKCS12_PBE_CRYPT_ERROR", 35, 117}, ++ #endif ++ #ifdef PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ++ {"UNKNOWN_DIGEST_ALGORITHM", ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM}, ++ #else ++ {"UNKNOWN_DIGEST_ALGORITHM", 35, 118}, ++ #endif ++ #ifdef PKCS12_R_UNSUPPORTED_PKCS12_MODE ++ {"UNSUPPORTED_PKCS12_MODE", ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE}, ++ #else ++ {"UNSUPPORTED_PKCS12_MODE", 35, 119}, ++ #endif ++ #ifdef PKCS7_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 33, 117}, ++ #endif ++ #ifdef PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", ERR_LIB_PKCS7, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER}, ++ #else ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", 33, 144}, ++ #endif ++ #ifdef PKCS7_R_CIPHER_NOT_INITIALIZED ++ {"CIPHER_NOT_INITIALIZED", ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED}, ++ #else ++ {"CIPHER_NOT_INITIALIZED", 33, 116}, ++ #endif ++ #ifdef PKCS7_R_CONTENT_AND_DATA_PRESENT ++ {"CONTENT_AND_DATA_PRESENT", ERR_LIB_PKCS7, PKCS7_R_CONTENT_AND_DATA_PRESENT}, ++ #else ++ {"CONTENT_AND_DATA_PRESENT", 33, 118}, ++ #endif ++ #ifdef PKCS7_R_CTRL_ERROR ++ {"CTRL_ERROR", ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR}, ++ #else ++ {"CTRL_ERROR", 33, 152}, ++ #endif ++ #ifdef PKCS7_R_DECRYPT_ERROR ++ {"DECRYPT_ERROR", ERR_LIB_PKCS7, PKCS7_R_DECRYPT_ERROR}, ++ #else ++ {"DECRYPT_ERROR", 33, 119}, ++ #endif ++ #ifdef PKCS7_R_DIGEST_FAILURE ++ {"DIGEST_FAILURE", ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE}, ++ #else ++ {"DIGEST_FAILURE", 33, 101}, ++ #endif ++ #ifdef PKCS7_R_ENCRYPTION_CTRL_FAILURE ++ {"ENCRYPTION_CTRL_FAILURE", ERR_LIB_PKCS7, PKCS7_R_ENCRYPTION_CTRL_FAILURE}, ++ #else ++ {"ENCRYPTION_CTRL_FAILURE", 33, 149}, ++ #endif ++ #ifdef PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE ++ {"ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", ERR_LIB_PKCS7, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE}, ++ #else ++ {"ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", 33, 150}, ++ #endif ++ #ifdef PKCS7_R_ERROR_ADDING_RECIPIENT ++ {"ERROR_ADDING_RECIPIENT", ERR_LIB_PKCS7, PKCS7_R_ERROR_ADDING_RECIPIENT}, ++ #else ++ {"ERROR_ADDING_RECIPIENT", 33, 120}, ++ #endif ++ #ifdef PKCS7_R_ERROR_SETTING_CIPHER ++ {"ERROR_SETTING_CIPHER", ERR_LIB_PKCS7, PKCS7_R_ERROR_SETTING_CIPHER}, ++ #else ++ {"ERROR_SETTING_CIPHER", 33, 121}, ++ #endif ++ #ifdef PKCS7_R_INVALID_NULL_POINTER ++ {"INVALID_NULL_POINTER", ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER}, ++ #else ++ {"INVALID_NULL_POINTER", 33, 143}, ++ #endif ++ #ifdef PKCS7_R_INVALID_SIGNED_DATA_TYPE ++ {"INVALID_SIGNED_DATA_TYPE", ERR_LIB_PKCS7, PKCS7_R_INVALID_SIGNED_DATA_TYPE}, ++ #else ++ {"INVALID_SIGNED_DATA_TYPE", 33, 155}, ++ #endif ++ #ifdef PKCS7_R_NO_CONTENT ++ {"NO_CONTENT", ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT}, ++ #else ++ {"NO_CONTENT", 33, 122}, ++ #endif ++ #ifdef PKCS7_R_NO_DEFAULT_DIGEST ++ {"NO_DEFAULT_DIGEST", ERR_LIB_PKCS7, PKCS7_R_NO_DEFAULT_DIGEST}, ++ #else ++ {"NO_DEFAULT_DIGEST", 33, 151}, ++ #endif ++ #ifdef PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND ++ {"NO_MATCHING_DIGEST_TYPE_FOUND", ERR_LIB_PKCS7, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND}, ++ #else ++ {"NO_MATCHING_DIGEST_TYPE_FOUND", 33, 154}, ++ #endif ++ #ifdef PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE ++ {"NO_RECIPIENT_MATCHES_CERTIFICATE", ERR_LIB_PKCS7, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE}, ++ #else ++ {"NO_RECIPIENT_MATCHES_CERTIFICATE", 33, 115}, ++ #endif ++ #ifdef PKCS7_R_NO_SIGNATURES_ON_DATA ++ {"NO_SIGNATURES_ON_DATA", ERR_LIB_PKCS7, PKCS7_R_NO_SIGNATURES_ON_DATA}, ++ #else ++ {"NO_SIGNATURES_ON_DATA", 33, 123}, ++ #endif ++ #ifdef PKCS7_R_NO_SIGNERS ++ {"NO_SIGNERS", ERR_LIB_PKCS7, PKCS7_R_NO_SIGNERS}, ++ #else ++ {"NO_SIGNERS", 33, 142}, ++ #endif ++ #ifdef PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE ++ {"OPERATION_NOT_SUPPORTED_ON_THIS_TYPE", ERR_LIB_PKCS7, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_ON_THIS_TYPE", 33, 104}, ++ #endif ++ #ifdef PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ++ {"PKCS7_ADD_SIGNATURE_ERROR", ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNATURE_ERROR", 33, 124}, ++ #endif ++ #ifdef PKCS7_R_PKCS7_ADD_SIGNER_ERROR ++ {"PKCS7_ADD_SIGNER_ERROR", ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNER_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNER_ERROR", 33, 153}, ++ #endif ++ #ifdef PKCS7_R_PKCS7_DATASIGN ++ {"PKCS7_DATASIGN", ERR_LIB_PKCS7, PKCS7_R_PKCS7_DATASIGN}, ++ #else ++ {"PKCS7_DATASIGN", 33, 145}, ++ #endif ++ #ifdef PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_PKCS7, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 33, 127}, ++ #endif ++ #ifdef PKCS7_R_SIGNATURE_FAILURE ++ {"SIGNATURE_FAILURE", ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE}, ++ #else ++ {"SIGNATURE_FAILURE", 33, 105}, ++ #endif ++ #ifdef PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ++ {"SIGNER_CERTIFICATE_NOT_FOUND", ERR_LIB_PKCS7, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"SIGNER_CERTIFICATE_NOT_FOUND", 33, 128}, ++ #endif ++ #ifdef PKCS7_R_SIGNING_CTRL_FAILURE ++ {"SIGNING_CTRL_FAILURE", ERR_LIB_PKCS7, PKCS7_R_SIGNING_CTRL_FAILURE}, ++ #else ++ {"SIGNING_CTRL_FAILURE", 33, 147}, ++ #endif ++ #ifdef PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE ++ {"SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", ERR_LIB_PKCS7, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE}, ++ #else ++ {"SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", 33, 148}, ++ #endif ++ #ifdef PKCS7_R_SMIME_TEXT_ERROR ++ {"SMIME_TEXT_ERROR", ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR}, ++ #else ++ {"SMIME_TEXT_ERROR", 33, 129}, ++ #endif ++ #ifdef PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ++ {"UNABLE_TO_FIND_CERTIFICATE", ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE}, ++ #else ++ {"UNABLE_TO_FIND_CERTIFICATE", 33, 106}, ++ #endif ++ #ifdef PKCS7_R_UNABLE_TO_FIND_MEM_BIO ++ {"UNABLE_TO_FIND_MEM_BIO", ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MEM_BIO}, ++ #else ++ {"UNABLE_TO_FIND_MEM_BIO", 33, 107}, ++ #endif ++ #ifdef PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ++ {"UNABLE_TO_FIND_MESSAGE_DIGEST", ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST}, ++ #else ++ {"UNABLE_TO_FIND_MESSAGE_DIGEST", 33, 108}, ++ #endif ++ #ifdef PKCS7_R_UNKNOWN_DIGEST_TYPE ++ {"UNKNOWN_DIGEST_TYPE", ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE}, ++ #else ++ {"UNKNOWN_DIGEST_TYPE", 33, 109}, ++ #endif ++ #ifdef PKCS7_R_UNKNOWN_OPERATION ++ {"UNKNOWN_OPERATION", ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_OPERATION}, ++ #else ++ {"UNKNOWN_OPERATION", 33, 110}, ++ #endif ++ #ifdef PKCS7_R_UNSUPPORTED_CIPHER_TYPE ++ {"UNSUPPORTED_CIPHER_TYPE", ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE}, ++ #else ++ {"UNSUPPORTED_CIPHER_TYPE", 33, 111}, ++ #endif ++ #ifdef PKCS7_R_UNSUPPORTED_CONTENT_TYPE ++ {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE}, ++ #else ++ {"UNSUPPORTED_CONTENT_TYPE", 33, 112}, ++ #endif ++ #ifdef PKCS7_R_WRONG_CONTENT_TYPE ++ {"WRONG_CONTENT_TYPE", ERR_LIB_PKCS7, PKCS7_R_WRONG_CONTENT_TYPE}, ++ #else ++ {"WRONG_CONTENT_TYPE", 33, 113}, ++ #endif ++ #ifdef PKCS7_R_WRONG_PKCS7_TYPE ++ {"WRONG_PKCS7_TYPE", ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE}, ++ #else ++ {"WRONG_PKCS7_TYPE", 33, 114}, ++ #endif ++ #ifdef RAND_R_ADDITIONAL_INPUT_TOO_LONG ++ {"ADDITIONAL_INPUT_TOO_LONG", ERR_LIB_RAND, RAND_R_ADDITIONAL_INPUT_TOO_LONG}, ++ #else ++ {"ADDITIONAL_INPUT_TOO_LONG", 36, 102}, ++ #endif ++ #ifdef RAND_R_ALREADY_INSTANTIATED ++ {"ALREADY_INSTANTIATED", ERR_LIB_RAND, RAND_R_ALREADY_INSTANTIATED}, ++ #else ++ {"ALREADY_INSTANTIATED", 36, 103}, ++ #endif ++ #ifdef RAND_R_ARGUMENT_OUT_OF_RANGE ++ {"ARGUMENT_OUT_OF_RANGE", ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE}, ++ #else ++ {"ARGUMENT_OUT_OF_RANGE", 36, 105}, ++ #endif ++ #ifdef RAND_R_CANNOT_OPEN_FILE ++ {"CANNOT_OPEN_FILE", ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE}, ++ #else ++ {"CANNOT_OPEN_FILE", 36, 121}, ++ #endif ++ #ifdef RAND_R_DRBG_ALREADY_INITIALIZED ++ {"DRBG_ALREADY_INITIALIZED", ERR_LIB_RAND, RAND_R_DRBG_ALREADY_INITIALIZED}, ++ #else ++ {"DRBG_ALREADY_INITIALIZED", 36, 129}, ++ #endif ++ #ifdef RAND_R_DRBG_NOT_INITIALISED ++ {"DRBG_NOT_INITIALISED", ERR_LIB_RAND, RAND_R_DRBG_NOT_INITIALISED}, ++ #else ++ {"DRBG_NOT_INITIALISED", 36, 104}, ++ #endif ++ #ifdef RAND_R_ENTROPY_INPUT_TOO_LONG ++ {"ENTROPY_INPUT_TOO_LONG", ERR_LIB_RAND, RAND_R_ENTROPY_INPUT_TOO_LONG}, ++ #else ++ {"ENTROPY_INPUT_TOO_LONG", 36, 106}, ++ #endif ++ #ifdef RAND_R_ENTROPY_OUT_OF_RANGE ++ {"ENTROPY_OUT_OF_RANGE", ERR_LIB_RAND, RAND_R_ENTROPY_OUT_OF_RANGE}, ++ #else ++ {"ENTROPY_OUT_OF_RANGE", 36, 124}, ++ #endif ++ #ifdef RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED ++ {"ERROR_ENTROPY_POOL_WAS_IGNORED", ERR_LIB_RAND, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED}, ++ #else ++ {"ERROR_ENTROPY_POOL_WAS_IGNORED", 36, 127}, ++ #endif ++ #ifdef RAND_R_ERROR_INITIALISING_DRBG ++ {"ERROR_INITIALISING_DRBG", ERR_LIB_RAND, RAND_R_ERROR_INITIALISING_DRBG}, ++ #else ++ {"ERROR_INITIALISING_DRBG", 36, 107}, ++ #endif ++ #ifdef RAND_R_ERROR_INSTANTIATING_DRBG ++ {"ERROR_INSTANTIATING_DRBG", ERR_LIB_RAND, RAND_R_ERROR_INSTANTIATING_DRBG}, ++ #else ++ {"ERROR_INSTANTIATING_DRBG", 36, 108}, ++ #endif ++ #ifdef RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT ++ {"ERROR_RETRIEVING_ADDITIONAL_INPUT", ERR_LIB_RAND, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT}, ++ #else ++ {"ERROR_RETRIEVING_ADDITIONAL_INPUT", 36, 109}, ++ #endif ++ #ifdef RAND_R_ERROR_RETRIEVING_ENTROPY ++ {"ERROR_RETRIEVING_ENTROPY", ERR_LIB_RAND, RAND_R_ERROR_RETRIEVING_ENTROPY}, ++ #else ++ {"ERROR_RETRIEVING_ENTROPY", 36, 110}, ++ #endif ++ #ifdef RAND_R_ERROR_RETRIEVING_NONCE ++ {"ERROR_RETRIEVING_NONCE", ERR_LIB_RAND, RAND_R_ERROR_RETRIEVING_NONCE}, ++ #else ++ {"ERROR_RETRIEVING_NONCE", 36, 111}, ++ #endif ++ #ifdef RAND_R_FAILED_TO_CREATE_LOCK ++ {"FAILED_TO_CREATE_LOCK", ERR_LIB_RAND, RAND_R_FAILED_TO_CREATE_LOCK}, ++ #else ++ {"FAILED_TO_CREATE_LOCK", 36, 126}, ++ #endif ++ #ifdef RAND_R_FUNC_NOT_IMPLEMENTED ++ {"FUNC_NOT_IMPLEMENTED", ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED}, ++ #else ++ {"FUNC_NOT_IMPLEMENTED", 36, 101}, ++ #endif ++ #ifdef RAND_R_FWRITE_ERROR ++ {"FWRITE_ERROR", ERR_LIB_RAND, RAND_R_FWRITE_ERROR}, ++ #else ++ {"FWRITE_ERROR", 36, 123}, ++ #endif ++ #ifdef RAND_R_GENERATE_ERROR ++ {"GENERATE_ERROR", ERR_LIB_RAND, RAND_R_GENERATE_ERROR}, ++ #else ++ {"GENERATE_ERROR", 36, 112}, ++ #endif ++ #ifdef RAND_R_INTERNAL_ERROR ++ {"INTERNAL_ERROR", ERR_LIB_RAND, RAND_R_INTERNAL_ERROR}, ++ #else ++ {"INTERNAL_ERROR", 36, 113}, ++ #endif ++ #ifdef RAND_R_IN_ERROR_STATE ++ {"IN_ERROR_STATE", ERR_LIB_RAND, RAND_R_IN_ERROR_STATE}, ++ #else ++ {"IN_ERROR_STATE", 36, 114}, ++ #endif ++ #ifdef RAND_R_NOT_A_REGULAR_FILE ++ {"NOT_A_REGULAR_FILE", ERR_LIB_RAND, RAND_R_NOT_A_REGULAR_FILE}, ++ #else ++ {"NOT_A_REGULAR_FILE", 36, 122}, ++ #endif ++ #ifdef RAND_R_NOT_INSTANTIATED ++ {"NOT_INSTANTIATED", ERR_LIB_RAND, RAND_R_NOT_INSTANTIATED}, ++ #else ++ {"NOT_INSTANTIATED", 36, 115}, ++ #endif ++ #ifdef RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED ++ {"NO_DRBG_IMPLEMENTATION_SELECTED", ERR_LIB_RAND, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED}, ++ #else ++ {"NO_DRBG_IMPLEMENTATION_SELECTED", 36, 128}, ++ #endif ++ #ifdef RAND_R_PARENT_LOCKING_NOT_ENABLED ++ {"PARENT_LOCKING_NOT_ENABLED", ERR_LIB_RAND, RAND_R_PARENT_LOCKING_NOT_ENABLED}, ++ #else ++ {"PARENT_LOCKING_NOT_ENABLED", 36, 130}, ++ #endif ++ #ifdef RAND_R_PARENT_STRENGTH_TOO_WEAK ++ {"PARENT_STRENGTH_TOO_WEAK", ERR_LIB_RAND, RAND_R_PARENT_STRENGTH_TOO_WEAK}, ++ #else ++ {"PARENT_STRENGTH_TOO_WEAK", 36, 131}, ++ #endif ++ #ifdef RAND_R_PERSONALISATION_STRING_TOO_LONG ++ {"PERSONALISATION_STRING_TOO_LONG", ERR_LIB_RAND, RAND_R_PERSONALISATION_STRING_TOO_LONG}, ++ #else ++ {"PERSONALISATION_STRING_TOO_LONG", 36, 116}, ++ #endif ++ #ifdef RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED ++ {"PREDICTION_RESISTANCE_NOT_SUPPORTED", ERR_LIB_RAND, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED}, ++ #else ++ {"PREDICTION_RESISTANCE_NOT_SUPPORTED", 36, 133}, ++ #endif ++ #ifdef RAND_R_PRNG_NOT_SEEDED ++ {"PRNG_NOT_SEEDED", ERR_LIB_RAND, RAND_R_PRNG_NOT_SEEDED}, ++ #else ++ {"PRNG_NOT_SEEDED", 36, 100}, ++ #endif ++ #ifdef RAND_R_RANDOM_POOL_OVERFLOW ++ {"RANDOM_POOL_OVERFLOW", ERR_LIB_RAND, RAND_R_RANDOM_POOL_OVERFLOW}, ++ #else ++ {"RANDOM_POOL_OVERFLOW", 36, 125}, ++ #endif ++ #ifdef RAND_R_RANDOM_POOL_UNDERFLOW ++ {"RANDOM_POOL_UNDERFLOW", ERR_LIB_RAND, RAND_R_RANDOM_POOL_UNDERFLOW}, ++ #else ++ {"RANDOM_POOL_UNDERFLOW", 36, 134}, ++ #endif ++ #ifdef RAND_R_REQUEST_TOO_LARGE_FOR_DRBG ++ {"REQUEST_TOO_LARGE_FOR_DRBG", ERR_LIB_RAND, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG}, ++ #else ++ {"REQUEST_TOO_LARGE_FOR_DRBG", 36, 117}, ++ #endif ++ #ifdef RAND_R_RESEED_ERROR ++ {"RESEED_ERROR", ERR_LIB_RAND, RAND_R_RESEED_ERROR}, ++ #else ++ {"RESEED_ERROR", 36, 118}, ++ #endif ++ #ifdef RAND_R_SELFTEST_FAILURE ++ {"SELFTEST_FAILURE", ERR_LIB_RAND, RAND_R_SELFTEST_FAILURE}, ++ #else ++ {"SELFTEST_FAILURE", 36, 119}, ++ #endif ++ #ifdef RAND_R_TOO_LITTLE_NONCE_REQUESTED ++ {"TOO_LITTLE_NONCE_REQUESTED", ERR_LIB_RAND, RAND_R_TOO_LITTLE_NONCE_REQUESTED}, ++ #else ++ {"TOO_LITTLE_NONCE_REQUESTED", 36, 135}, ++ #endif ++ #ifdef RAND_R_TOO_MUCH_NONCE_REQUESTED ++ {"TOO_MUCH_NONCE_REQUESTED", ERR_LIB_RAND, RAND_R_TOO_MUCH_NONCE_REQUESTED}, ++ #else ++ {"TOO_MUCH_NONCE_REQUESTED", 36, 136}, ++ #endif ++ #ifdef RAND_R_UNSUPPORTED_DRBG_FLAGS ++ {"UNSUPPORTED_DRBG_FLAGS", ERR_LIB_RAND, RAND_R_UNSUPPORTED_DRBG_FLAGS}, ++ #else ++ {"UNSUPPORTED_DRBG_FLAGS", 36, 132}, ++ #endif ++ #ifdef RAND_R_UNSUPPORTED_DRBG_TYPE ++ {"UNSUPPORTED_DRBG_TYPE", ERR_LIB_RAND, RAND_R_UNSUPPORTED_DRBG_TYPE}, ++ #else ++ {"UNSUPPORTED_DRBG_TYPE", 36, 120}, ++ #endif ++ #ifdef RSA_R_ALGORITHM_MISMATCH ++ {"ALGORITHM_MISMATCH", ERR_LIB_RSA, RSA_R_ALGORITHM_MISMATCH}, ++ #else ++ {"ALGORITHM_MISMATCH", 4, 100}, ++ #endif ++ #ifdef RSA_R_BAD_E_VALUE ++ {"BAD_E_VALUE", ERR_LIB_RSA, RSA_R_BAD_E_VALUE}, ++ #else ++ {"BAD_E_VALUE", 4, 101}, ++ #endif ++ #ifdef RSA_R_BAD_FIXED_HEADER_DECRYPT ++ {"BAD_FIXED_HEADER_DECRYPT", ERR_LIB_RSA, RSA_R_BAD_FIXED_HEADER_DECRYPT}, ++ #else ++ {"BAD_FIXED_HEADER_DECRYPT", 4, 102}, ++ #endif ++ #ifdef RSA_R_BAD_PAD_BYTE_COUNT ++ {"BAD_PAD_BYTE_COUNT", ERR_LIB_RSA, RSA_R_BAD_PAD_BYTE_COUNT}, ++ #else ++ {"BAD_PAD_BYTE_COUNT", 4, 103}, ++ #endif ++ #ifdef RSA_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_RSA, RSA_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 4, 104}, ++ #endif ++ #ifdef RSA_R_BLOCK_TYPE_IS_NOT_01 ++ {"BLOCK_TYPE_IS_NOT_01", ERR_LIB_RSA, RSA_R_BLOCK_TYPE_IS_NOT_01}, ++ #else ++ {"BLOCK_TYPE_IS_NOT_01", 4, 106}, ++ #endif ++ #ifdef RSA_R_BLOCK_TYPE_IS_NOT_02 ++ {"BLOCK_TYPE_IS_NOT_02", ERR_LIB_RSA, RSA_R_BLOCK_TYPE_IS_NOT_02}, ++ #else ++ {"BLOCK_TYPE_IS_NOT_02", 4, 107}, ++ #endif ++ #ifdef RSA_R_DATA_GREATER_THAN_MOD_LEN ++ {"DATA_GREATER_THAN_MOD_LEN", ERR_LIB_RSA, RSA_R_DATA_GREATER_THAN_MOD_LEN}, ++ #else ++ {"DATA_GREATER_THAN_MOD_LEN", 4, 108}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_LARGE ++ {"DATA_TOO_LARGE", ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE}, ++ #else ++ {"DATA_TOO_LARGE", 4, 109}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ++ {"DATA_TOO_LARGE_FOR_KEY_SIZE", ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE}, ++ #else ++ {"DATA_TOO_LARGE_FOR_KEY_SIZE", 4, 110}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_LARGE_FOR_MODULUS ++ {"DATA_TOO_LARGE_FOR_MODULUS", ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS}, ++ #else ++ {"DATA_TOO_LARGE_FOR_MODULUS", 4, 132}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_SMALL ++ {"DATA_TOO_SMALL", ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL}, ++ #else ++ {"DATA_TOO_SMALL", 4, 111}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ++ {"DATA_TOO_SMALL_FOR_KEY_SIZE", ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE}, ++ #else ++ {"DATA_TOO_SMALL_FOR_KEY_SIZE", 4, 122}, ++ #endif ++ #ifdef RSA_R_DIGEST_DOES_NOT_MATCH ++ {"DIGEST_DOES_NOT_MATCH", ERR_LIB_RSA, RSA_R_DIGEST_DOES_NOT_MATCH}, ++ #else ++ {"DIGEST_DOES_NOT_MATCH", 4, 158}, ++ #endif ++ #ifdef RSA_R_DIGEST_NOT_ALLOWED ++ {"DIGEST_NOT_ALLOWED", ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED}, ++ #else ++ {"DIGEST_NOT_ALLOWED", 4, 145}, ++ #endif ++ #ifdef RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ++ {"DIGEST_TOO_BIG_FOR_RSA_KEY", ERR_LIB_RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY}, ++ #else ++ {"DIGEST_TOO_BIG_FOR_RSA_KEY", 4, 112}, ++ #endif ++ #ifdef RSA_R_DMP1_NOT_CONGRUENT_TO_D ++ {"DMP1_NOT_CONGRUENT_TO_D", ERR_LIB_RSA, RSA_R_DMP1_NOT_CONGRUENT_TO_D}, ++ #else ++ {"DMP1_NOT_CONGRUENT_TO_D", 4, 124}, ++ #endif ++ #ifdef RSA_R_DMQ1_NOT_CONGRUENT_TO_D ++ {"DMQ1_NOT_CONGRUENT_TO_D", ERR_LIB_RSA, RSA_R_DMQ1_NOT_CONGRUENT_TO_D}, ++ #else ++ {"DMQ1_NOT_CONGRUENT_TO_D", 4, 125}, ++ #endif ++ #ifdef RSA_R_D_E_NOT_CONGRUENT_TO_1 ++ {"D_E_NOT_CONGRUENT_TO_1", ERR_LIB_RSA, RSA_R_D_E_NOT_CONGRUENT_TO_1}, ++ #else ++ {"D_E_NOT_CONGRUENT_TO_1", 4, 123}, ++ #endif ++ #ifdef RSA_R_FIRST_OCTET_INVALID ++ {"FIRST_OCTET_INVALID", ERR_LIB_RSA, RSA_R_FIRST_OCTET_INVALID}, ++ #else ++ {"FIRST_OCTET_INVALID", 4, 133}, ++ #endif ++ #ifdef RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE ++ {"ILLEGAL_OR_UNSUPPORTED_PADDING_MODE", ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE}, ++ #else ++ {"ILLEGAL_OR_UNSUPPORTED_PADDING_MODE", 4, 144}, ++ #endif ++ #ifdef RSA_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_RSA, RSA_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 4, 157}, ++ #endif ++ #ifdef RSA_R_INVALID_DIGEST_LENGTH ++ {"INVALID_DIGEST_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH}, ++ #else ++ {"INVALID_DIGEST_LENGTH", 4, 143}, ++ #endif ++ #ifdef RSA_R_INVALID_HEADER ++ {"INVALID_HEADER", ERR_LIB_RSA, RSA_R_INVALID_HEADER}, ++ #else ++ {"INVALID_HEADER", 4, 137}, ++ #endif ++ #ifdef RSA_R_INVALID_LABEL ++ {"INVALID_LABEL", ERR_LIB_RSA, RSA_R_INVALID_LABEL}, ++ #else ++ {"INVALID_LABEL", 4, 160}, ++ #endif ++ #ifdef RSA_R_INVALID_MESSAGE_LENGTH ++ {"INVALID_MESSAGE_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH}, ++ #else ++ {"INVALID_MESSAGE_LENGTH", 4, 131}, ++ #endif ++ #ifdef RSA_R_INVALID_MGF1_MD ++ {"INVALID_MGF1_MD", ERR_LIB_RSA, RSA_R_INVALID_MGF1_MD}, ++ #else ++ {"INVALID_MGF1_MD", 4, 156}, ++ #endif ++ #ifdef RSA_R_INVALID_MULTI_PRIME_KEY ++ {"INVALID_MULTI_PRIME_KEY", ERR_LIB_RSA, RSA_R_INVALID_MULTI_PRIME_KEY}, ++ #else ++ {"INVALID_MULTI_PRIME_KEY", 4, 167}, ++ #endif ++ #ifdef RSA_R_INVALID_OAEP_PARAMETERS ++ {"INVALID_OAEP_PARAMETERS", ERR_LIB_RSA, RSA_R_INVALID_OAEP_PARAMETERS}, ++ #else ++ {"INVALID_OAEP_PARAMETERS", 4, 161}, ++ #endif ++ #ifdef RSA_R_INVALID_PADDING ++ {"INVALID_PADDING", ERR_LIB_RSA, RSA_R_INVALID_PADDING}, ++ #else ++ {"INVALID_PADDING", 4, 138}, ++ #endif ++ #ifdef RSA_R_INVALID_PADDING_MODE ++ {"INVALID_PADDING_MODE", ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE}, ++ #else ++ {"INVALID_PADDING_MODE", 4, 141}, ++ #endif ++ #ifdef RSA_R_INVALID_PSS_PARAMETERS ++ {"INVALID_PSS_PARAMETERS", ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS}, ++ #else ++ {"INVALID_PSS_PARAMETERS", 4, 149}, ++ #endif ++ #ifdef RSA_R_INVALID_PSS_SALTLEN ++ {"INVALID_PSS_SALTLEN", ERR_LIB_RSA, RSA_R_INVALID_PSS_SALTLEN}, ++ #else ++ {"INVALID_PSS_SALTLEN", 4, 146}, ++ #endif ++ #ifdef RSA_R_INVALID_SALT_LENGTH ++ {"INVALID_SALT_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH}, ++ #else ++ {"INVALID_SALT_LENGTH", 4, 150}, ++ #endif ++ #ifdef RSA_R_INVALID_TRAILER ++ {"INVALID_TRAILER", ERR_LIB_RSA, RSA_R_INVALID_TRAILER}, ++ #else ++ {"INVALID_TRAILER", 4, 139}, ++ #endif ++ #ifdef RSA_R_INVALID_X931_DIGEST ++ {"INVALID_X931_DIGEST", ERR_LIB_RSA, RSA_R_INVALID_X931_DIGEST}, ++ #else ++ {"INVALID_X931_DIGEST", 4, 142}, ++ #endif ++ #ifdef RSA_R_IQMP_NOT_INVERSE_OF_Q ++ {"IQMP_NOT_INVERSE_OF_Q", ERR_LIB_RSA, RSA_R_IQMP_NOT_INVERSE_OF_Q}, ++ #else ++ {"IQMP_NOT_INVERSE_OF_Q", 4, 126}, ++ #endif ++ #ifdef RSA_R_KEY_PRIME_NUM_INVALID ++ {"KEY_PRIME_NUM_INVALID", ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID}, ++ #else ++ {"KEY_PRIME_NUM_INVALID", 4, 165}, ++ #endif ++ #ifdef RSA_R_KEY_SIZE_TOO_SMALL ++ {"KEY_SIZE_TOO_SMALL", ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL}, ++ #else ++ {"KEY_SIZE_TOO_SMALL", 4, 120}, ++ #endif ++ #ifdef RSA_R_LAST_OCTET_INVALID ++ {"LAST_OCTET_INVALID", ERR_LIB_RSA, RSA_R_LAST_OCTET_INVALID}, ++ #else ++ {"LAST_OCTET_INVALID", 4, 134}, ++ #endif ++ #ifdef RSA_R_MGF1_DIGEST_NOT_ALLOWED ++ {"MGF1_DIGEST_NOT_ALLOWED", ERR_LIB_RSA, RSA_R_MGF1_DIGEST_NOT_ALLOWED}, ++ #else ++ {"MGF1_DIGEST_NOT_ALLOWED", 4, 152}, ++ #endif ++ #ifdef RSA_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_RSA, RSA_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 4, 179}, ++ #endif ++ #ifdef RSA_R_MODULUS_TOO_LARGE ++ {"MODULUS_TOO_LARGE", ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE}, ++ #else ++ {"MODULUS_TOO_LARGE", 4, 105}, ++ #endif ++ #ifdef RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R ++ {"MP_COEFFICIENT_NOT_INVERSE_OF_R", ERR_LIB_RSA, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R}, ++ #else ++ {"MP_COEFFICIENT_NOT_INVERSE_OF_R", 4, 168}, ++ #endif ++ #ifdef RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D ++ {"MP_EXPONENT_NOT_CONGRUENT_TO_D", ERR_LIB_RSA, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D}, ++ #else ++ {"MP_EXPONENT_NOT_CONGRUENT_TO_D", 4, 169}, ++ #endif ++ #ifdef RSA_R_MP_R_NOT_PRIME ++ {"MP_R_NOT_PRIME", ERR_LIB_RSA, RSA_R_MP_R_NOT_PRIME}, ++ #else ++ {"MP_R_NOT_PRIME", 4, 170}, ++ #endif ++ #ifdef RSA_R_NO_PUBLIC_EXPONENT ++ {"NO_PUBLIC_EXPONENT", ERR_LIB_RSA, RSA_R_NO_PUBLIC_EXPONENT}, ++ #else ++ {"NO_PUBLIC_EXPONENT", 4, 140}, ++ #endif ++ #ifdef RSA_R_NULL_BEFORE_BLOCK_MISSING ++ {"NULL_BEFORE_BLOCK_MISSING", ERR_LIB_RSA, RSA_R_NULL_BEFORE_BLOCK_MISSING}, ++ #else ++ {"NULL_BEFORE_BLOCK_MISSING", 4, 113}, ++ #endif ++ #ifdef RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES ++ {"N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES", ERR_LIB_RSA, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES}, ++ #else ++ {"N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES", 4, 172}, ++ #endif ++ #ifdef RSA_R_N_DOES_NOT_EQUAL_P_Q ++ {"N_DOES_NOT_EQUAL_P_Q", ERR_LIB_RSA, RSA_R_N_DOES_NOT_EQUAL_P_Q}, ++ #else ++ {"N_DOES_NOT_EQUAL_P_Q", 4, 127}, ++ #endif ++ #ifdef RSA_R_OAEP_DECODING_ERROR ++ {"OAEP_DECODING_ERROR", ERR_LIB_RSA, RSA_R_OAEP_DECODING_ERROR}, ++ #else ++ {"OAEP_DECODING_ERROR", 4, 121}, ++ #endif ++ #ifdef RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", ERR_LIB_RSA, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", 4, 148}, ++ #endif ++ #ifdef RSA_R_PADDING_CHECK_FAILED ++ {"PADDING_CHECK_FAILED", ERR_LIB_RSA, RSA_R_PADDING_CHECK_FAILED}, ++ #else ++ {"PADDING_CHECK_FAILED", 4, 114}, ++ #endif ++ #ifdef RSA_R_PKCS_DECODING_ERROR ++ {"PKCS_DECODING_ERROR", ERR_LIB_RSA, RSA_R_PKCS_DECODING_ERROR}, ++ #else ++ {"PKCS_DECODING_ERROR", 4, 159}, ++ #endif ++ #ifdef RSA_R_PSS_SALTLEN_TOO_SMALL ++ {"PSS_SALTLEN_TOO_SMALL", ERR_LIB_RSA, RSA_R_PSS_SALTLEN_TOO_SMALL}, ++ #else ++ {"PSS_SALTLEN_TOO_SMALL", 4, 164}, ++ #endif ++ #ifdef RSA_R_P_NOT_PRIME ++ {"P_NOT_PRIME", ERR_LIB_RSA, RSA_R_P_NOT_PRIME}, ++ #else ++ {"P_NOT_PRIME", 4, 128}, ++ #endif ++ #ifdef RSA_R_Q_NOT_PRIME ++ {"Q_NOT_PRIME", ERR_LIB_RSA, RSA_R_Q_NOT_PRIME}, ++ #else ++ {"Q_NOT_PRIME", 4, 129}, ++ #endif ++ #ifdef RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ++ {"RSA_OPERATIONS_NOT_SUPPORTED", ERR_LIB_RSA, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED}, ++ #else ++ {"RSA_OPERATIONS_NOT_SUPPORTED", 4, 130}, ++ #endif ++ #ifdef RSA_R_SLEN_CHECK_FAILED ++ {"SLEN_CHECK_FAILED", ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED}, ++ #else ++ {"SLEN_CHECK_FAILED", 4, 136}, ++ #endif ++ #ifdef RSA_R_SLEN_RECOVERY_FAILED ++ {"SLEN_RECOVERY_FAILED", ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED}, ++ #else ++ {"SLEN_RECOVERY_FAILED", 4, 135}, ++ #endif ++ #ifdef RSA_R_SSLV3_ROLLBACK_ATTACK ++ {"SSLV3_ROLLBACK_ATTACK", ERR_LIB_RSA, RSA_R_SSLV3_ROLLBACK_ATTACK}, ++ #else ++ {"SSLV3_ROLLBACK_ATTACK", 4, 115}, ++ #endif ++ #ifdef RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", ERR_LIB_RSA, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD}, ++ #else ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", 4, 116}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_ALGORITHM_TYPE ++ {"UNKNOWN_ALGORITHM_TYPE", ERR_LIB_RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE}, ++ #else ++ {"UNKNOWN_ALGORITHM_TYPE", 4, 117}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_RSA, RSA_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 4, 166}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_MASK_DIGEST ++ {"UNKNOWN_MASK_DIGEST", ERR_LIB_RSA, RSA_R_UNKNOWN_MASK_DIGEST}, ++ #else ++ {"UNKNOWN_MASK_DIGEST", 4, 151}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_PADDING_TYPE ++ {"UNKNOWN_PADDING_TYPE", ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE}, ++ #else ++ {"UNKNOWN_PADDING_TYPE", 4, 118}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_ENCRYPTION_TYPE ++ {"UNSUPPORTED_ENCRYPTION_TYPE", ERR_LIB_RSA, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE}, ++ #else ++ {"UNSUPPORTED_ENCRYPTION_TYPE", 4, 162}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_LABEL_SOURCE ++ {"UNSUPPORTED_LABEL_SOURCE", ERR_LIB_RSA, RSA_R_UNSUPPORTED_LABEL_SOURCE}, ++ #else ++ {"UNSUPPORTED_LABEL_SOURCE", 4, 163}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_MASK_ALGORITHM ++ {"UNSUPPORTED_MASK_ALGORITHM", ERR_LIB_RSA, RSA_R_UNSUPPORTED_MASK_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_MASK_ALGORITHM", 4, 153}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_MASK_PARAMETER ++ {"UNSUPPORTED_MASK_PARAMETER", ERR_LIB_RSA, RSA_R_UNSUPPORTED_MASK_PARAMETER}, ++ #else ++ {"UNSUPPORTED_MASK_PARAMETER", 4, 154}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_SIGNATURE_TYPE ++ {"UNSUPPORTED_SIGNATURE_TYPE", ERR_LIB_RSA, RSA_R_UNSUPPORTED_SIGNATURE_TYPE}, ++ #else ++ {"UNSUPPORTED_SIGNATURE_TYPE", 4, 155}, ++ #endif ++ #ifdef RSA_R_VALUE_MISSING ++ {"VALUE_MISSING", ERR_LIB_RSA, RSA_R_VALUE_MISSING}, ++ #else ++ {"VALUE_MISSING", 4, 147}, ++ #endif ++ #ifdef RSA_R_WRONG_SIGNATURE_LENGTH ++ {"WRONG_SIGNATURE_LENGTH", ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH}, ++ #else ++ {"WRONG_SIGNATURE_LENGTH", 4, 119}, ++ #endif ++ #ifdef SM2_R_ASN1_ERROR ++ {"ASN1_ERROR", ERR_LIB_SM2, SM2_R_ASN1_ERROR}, ++ #else ++ {"ASN1_ERROR", 53, 100}, ++ #endif ++ #ifdef SM2_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_SM2, SM2_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 53, 101}, ++ #endif ++ #ifdef SM2_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 53, 107}, ++ #endif ++ #ifdef SM2_R_DIST_ID_TOO_LARGE ++ {"DIST_ID_TOO_LARGE", ERR_LIB_SM2, SM2_R_DIST_ID_TOO_LARGE}, ++ #else ++ {"DIST_ID_TOO_LARGE", 53, 110}, ++ #endif ++ #ifdef SM2_R_ID_NOT_SET ++ {"ID_NOT_SET", ERR_LIB_SM2, SM2_R_ID_NOT_SET}, ++ #else ++ {"ID_NOT_SET", 53, 112}, ++ #endif ++ #ifdef SM2_R_ID_TOO_LARGE ++ {"ID_TOO_LARGE", ERR_LIB_SM2, SM2_R_ID_TOO_LARGE}, ++ #else ++ {"ID_TOO_LARGE", 53, 111}, ++ #endif ++ #ifdef SM2_R_INVALID_CURVE ++ {"INVALID_CURVE", ERR_LIB_SM2, SM2_R_INVALID_CURVE}, ++ #else ++ {"INVALID_CURVE", 53, 108}, ++ #endif ++ #ifdef SM2_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_SM2, SM2_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 53, 102}, ++ #endif ++ #ifdef SM2_R_INVALID_DIGEST_TYPE ++ {"INVALID_DIGEST_TYPE", ERR_LIB_SM2, SM2_R_INVALID_DIGEST_TYPE}, ++ #else ++ {"INVALID_DIGEST_TYPE", 53, 103}, ++ #endif ++ #ifdef SM2_R_INVALID_ENCODING ++ {"INVALID_ENCODING", ERR_LIB_SM2, SM2_R_INVALID_ENCODING}, ++ #else ++ {"INVALID_ENCODING", 53, 104}, ++ #endif ++ #ifdef SM2_R_INVALID_FIELD ++ {"INVALID_FIELD", ERR_LIB_SM2, SM2_R_INVALID_FIELD}, ++ #else ++ {"INVALID_FIELD", 53, 105}, ++ #endif ++ #ifdef SM2_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_SM2, SM2_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 53, 109}, ++ #endif ++ #ifdef SM2_R_USER_ID_TOO_LARGE ++ {"USER_ID_TOO_LARGE", ERR_LIB_SM2, SM2_R_USER_ID_TOO_LARGE}, ++ #else ++ {"USER_ID_TOO_LARGE", 53, 106}, ++ #endif ++ #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY ++ {"APPLICATION_DATA_AFTER_CLOSE_NOTIFY", ERR_LIB_SSL, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY}, ++ #else ++ {"APPLICATION_DATA_AFTER_CLOSE_NOTIFY", 20, 291}, ++ #endif ++ #ifdef SSL_R_APP_DATA_IN_HANDSHAKE ++ {"APP_DATA_IN_HANDSHAKE", ERR_LIB_SSL, SSL_R_APP_DATA_IN_HANDSHAKE}, ++ #else ++ {"APP_DATA_IN_HANDSHAKE", 20, 100}, ++ #endif ++ #ifdef SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT ++ {"ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT", ERR_LIB_SSL, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT}, ++ #else ++ {"ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT", 20, 272}, ++ #endif ++ #ifdef SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE ++ {"AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE", ERR_LIB_SSL, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE}, ++ #else ++ {"AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE", 20, 143}, ++ #endif ++ #ifdef SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE ++ {"AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE", ERR_LIB_SSL, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE}, ++ #else ++ {"AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE", 20, 158}, ++ #endif ++ #ifdef SSL_R_BAD_CHANGE_CIPHER_SPEC ++ {"BAD_CHANGE_CIPHER_SPEC", ERR_LIB_SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC}, ++ #else ++ {"BAD_CHANGE_CIPHER_SPEC", 20, 103}, ++ #endif ++ #ifdef SSL_R_BAD_CIPHER ++ {"BAD_CIPHER", ERR_LIB_SSL, SSL_R_BAD_CIPHER}, ++ #else ++ {"BAD_CIPHER", 20, 186}, ++ #endif ++ #ifdef SSL_R_BAD_DATA ++ {"BAD_DATA", ERR_LIB_SSL, SSL_R_BAD_DATA}, ++ #else ++ {"BAD_DATA", 20, 390}, ++ #endif ++ #ifdef SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ++ {"BAD_DATA_RETURNED_BY_CALLBACK", ERR_LIB_SSL, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK}, ++ #else ++ {"BAD_DATA_RETURNED_BY_CALLBACK", 20, 106}, ++ #endif ++ #ifdef SSL_R_BAD_DECOMPRESSION ++ {"BAD_DECOMPRESSION", ERR_LIB_SSL, SSL_R_BAD_DECOMPRESSION}, ++ #else ++ {"BAD_DECOMPRESSION", 20, 107}, ++ #endif ++ #ifdef SSL_R_BAD_DH_VALUE ++ {"BAD_DH_VALUE", ERR_LIB_SSL, SSL_R_BAD_DH_VALUE}, ++ #else ++ {"BAD_DH_VALUE", 20, 102}, ++ #endif ++ #ifdef SSL_R_BAD_DIGEST_LENGTH ++ {"BAD_DIGEST_LENGTH", ERR_LIB_SSL, SSL_R_BAD_DIGEST_LENGTH}, ++ #else ++ {"BAD_DIGEST_LENGTH", 20, 111}, ++ #endif ++ #ifdef SSL_R_BAD_EARLY_DATA ++ {"BAD_EARLY_DATA", ERR_LIB_SSL, SSL_R_BAD_EARLY_DATA}, ++ #else ++ {"BAD_EARLY_DATA", 20, 233}, ++ #endif ++ #ifdef SSL_R_BAD_ECC_CERT ++ {"BAD_ECC_CERT", ERR_LIB_SSL, SSL_R_BAD_ECC_CERT}, ++ #else ++ {"BAD_ECC_CERT", 20, 304}, ++ #endif ++ #ifdef SSL_R_BAD_ECPOINT ++ {"BAD_ECPOINT", ERR_LIB_SSL, SSL_R_BAD_ECPOINT}, ++ #else ++ {"BAD_ECPOINT", 20, 306}, ++ #endif ++ #ifdef SSL_R_BAD_EXTENSION ++ {"BAD_EXTENSION", ERR_LIB_SSL, SSL_R_BAD_EXTENSION}, ++ #else ++ {"BAD_EXTENSION", 20, 110}, ++ #endif ++ #ifdef SSL_R_BAD_HANDSHAKE_LENGTH ++ {"BAD_HANDSHAKE_LENGTH", ERR_LIB_SSL, SSL_R_BAD_HANDSHAKE_LENGTH}, ++ #else ++ {"BAD_HANDSHAKE_LENGTH", 20, 332}, ++ #endif ++ #ifdef SSL_R_BAD_HANDSHAKE_STATE ++ {"BAD_HANDSHAKE_STATE", ERR_LIB_SSL, SSL_R_BAD_HANDSHAKE_STATE}, ++ #else ++ {"BAD_HANDSHAKE_STATE", 20, 236}, ++ #endif ++ #ifdef SSL_R_BAD_HELLO_REQUEST ++ {"BAD_HELLO_REQUEST", ERR_LIB_SSL, SSL_R_BAD_HELLO_REQUEST}, ++ #else ++ {"BAD_HELLO_REQUEST", 20, 105}, ++ #endif ++ #ifdef SSL_R_BAD_HRR_VERSION ++ {"BAD_HRR_VERSION", ERR_LIB_SSL, SSL_R_BAD_HRR_VERSION}, ++ #else ++ {"BAD_HRR_VERSION", 20, 263}, ++ #endif ++ #ifdef SSL_R_BAD_KEY_SHARE ++ {"BAD_KEY_SHARE", ERR_LIB_SSL, SSL_R_BAD_KEY_SHARE}, ++ #else ++ {"BAD_KEY_SHARE", 20, 108}, ++ #endif ++ #ifdef SSL_R_BAD_KEY_UPDATE ++ {"BAD_KEY_UPDATE", ERR_LIB_SSL, SSL_R_BAD_KEY_UPDATE}, ++ #else ++ {"BAD_KEY_UPDATE", 20, 122}, ++ #endif ++ #ifdef SSL_R_BAD_LEGACY_VERSION ++ {"BAD_LEGACY_VERSION", ERR_LIB_SSL, SSL_R_BAD_LEGACY_VERSION}, ++ #else ++ {"BAD_LEGACY_VERSION", 20, 292}, ++ #endif ++ #ifdef SSL_R_BAD_LENGTH ++ {"BAD_LENGTH", ERR_LIB_SSL, SSL_R_BAD_LENGTH}, ++ #else ++ {"BAD_LENGTH", 20, 271}, ++ #endif ++ #ifdef SSL_R_BAD_PACKET ++ {"BAD_PACKET", ERR_LIB_SSL, SSL_R_BAD_PACKET}, ++ #else ++ {"BAD_PACKET", 20, 240}, ++ #endif ++ #ifdef SSL_R_BAD_PACKET_LENGTH ++ {"BAD_PACKET_LENGTH", ERR_LIB_SSL, SSL_R_BAD_PACKET_LENGTH}, ++ #else ++ {"BAD_PACKET_LENGTH", 20, 115}, ++ #endif ++ #ifdef SSL_R_BAD_PROTOCOL_VERSION_NUMBER ++ {"BAD_PROTOCOL_VERSION_NUMBER", ERR_LIB_SSL, SSL_R_BAD_PROTOCOL_VERSION_NUMBER}, ++ #else ++ {"BAD_PROTOCOL_VERSION_NUMBER", 20, 116}, ++ #endif ++ #ifdef SSL_R_BAD_PSK ++ {"BAD_PSK", ERR_LIB_SSL, SSL_R_BAD_PSK}, ++ #else ++ {"BAD_PSK", 20, 219}, ++ #endif ++ #ifdef SSL_R_BAD_PSK_IDENTITY ++ {"BAD_PSK_IDENTITY", ERR_LIB_SSL, SSL_R_BAD_PSK_IDENTITY}, ++ #else ++ {"BAD_PSK_IDENTITY", 20, 114}, ++ #endif ++ #ifdef SSL_R_BAD_RECORD_TYPE ++ {"BAD_RECORD_TYPE", ERR_LIB_SSL, SSL_R_BAD_RECORD_TYPE}, ++ #else ++ {"BAD_RECORD_TYPE", 20, 443}, ++ #endif ++ #ifdef SSL_R_BAD_RSA_ENCRYPT ++ {"BAD_RSA_ENCRYPT", ERR_LIB_SSL, SSL_R_BAD_RSA_ENCRYPT}, ++ #else ++ {"BAD_RSA_ENCRYPT", 20, 119}, ++ #endif ++ #ifdef SSL_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_SSL, SSL_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 20, 123}, ++ #endif ++ #ifdef SSL_R_BAD_SRP_A_LENGTH ++ {"BAD_SRP_A_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_A_LENGTH}, ++ #else ++ {"BAD_SRP_A_LENGTH", 20, 347}, ++ #endif ++ #ifdef SSL_R_BAD_SRP_PARAMETERS ++ {"BAD_SRP_PARAMETERS", ERR_LIB_SSL, SSL_R_BAD_SRP_PARAMETERS}, ++ #else ++ {"BAD_SRP_PARAMETERS", 20, 371}, ++ #endif ++ #ifdef SSL_R_BAD_SRTP_MKI_VALUE ++ {"BAD_SRTP_MKI_VALUE", ERR_LIB_SSL, SSL_R_BAD_SRTP_MKI_VALUE}, ++ #else ++ {"BAD_SRTP_MKI_VALUE", 20, 352}, ++ #endif ++ #ifdef SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST ++ {"BAD_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST}, ++ #else ++ {"BAD_SRTP_PROTECTION_PROFILE_LIST", 20, 353}, ++ #endif ++ #ifdef SSL_R_BAD_SSL_FILETYPE ++ {"BAD_SSL_FILETYPE", ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE}, ++ #else ++ {"BAD_SSL_FILETYPE", 20, 124}, ++ #endif ++ #ifdef SSL_R_BAD_VALUE ++ {"BAD_VALUE", ERR_LIB_SSL, SSL_R_BAD_VALUE}, ++ #else ++ {"BAD_VALUE", 20, 384}, ++ #endif ++ #ifdef SSL_R_BAD_WRITE_RETRY ++ {"BAD_WRITE_RETRY", ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY}, ++ #else ++ {"BAD_WRITE_RETRY", 20, 127}, ++ #endif ++ #ifdef SSL_R_BINDER_DOES_NOT_VERIFY ++ {"BINDER_DOES_NOT_VERIFY", ERR_LIB_SSL, SSL_R_BINDER_DOES_NOT_VERIFY}, ++ #else ++ {"BINDER_DOES_NOT_VERIFY", 20, 253}, ++ #endif ++ #ifdef SSL_R_BIO_NOT_SET ++ {"BIO_NOT_SET", ERR_LIB_SSL, SSL_R_BIO_NOT_SET}, ++ #else ++ {"BIO_NOT_SET", 20, 128}, ++ #endif ++ #ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ++ {"BLOCK_CIPHER_PAD_IS_WRONG", ERR_LIB_SSL, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG}, ++ #else ++ {"BLOCK_CIPHER_PAD_IS_WRONG", 20, 129}, ++ #endif ++ #ifdef SSL_R_BN_LIB ++ {"BN_LIB", ERR_LIB_SSL, SSL_R_BN_LIB}, ++ #else ++ {"BN_LIB", 20, 130}, ++ #endif ++ #ifdef SSL_R_CALLBACK_FAILED ++ {"CALLBACK_FAILED", ERR_LIB_SSL, SSL_R_CALLBACK_FAILED}, ++ #else ++ {"CALLBACK_FAILED", 20, 234}, ++ #endif ++ #ifdef SSL_R_CANNOT_CHANGE_CIPHER ++ {"CANNOT_CHANGE_CIPHER", ERR_LIB_SSL, SSL_R_CANNOT_CHANGE_CIPHER}, ++ #else ++ {"CANNOT_CHANGE_CIPHER", 20, 109}, ++ #endif ++ #ifdef SSL_R_CA_DN_LENGTH_MISMATCH ++ {"CA_DN_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_CA_DN_LENGTH_MISMATCH}, ++ #else ++ {"CA_DN_LENGTH_MISMATCH", 20, 131}, ++ #endif ++ #ifdef SSL_R_CA_KEY_TOO_SMALL ++ {"CA_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_CA_KEY_TOO_SMALL}, ++ #else ++ {"CA_KEY_TOO_SMALL", 20, 397}, ++ #endif ++ #ifdef SSL_R_CA_MD_TOO_WEAK ++ {"CA_MD_TOO_WEAK", ERR_LIB_SSL, SSL_R_CA_MD_TOO_WEAK}, ++ #else ++ {"CA_MD_TOO_WEAK", 20, 398}, ++ #endif ++ #ifdef SSL_R_CCS_RECEIVED_EARLY ++ {"CCS_RECEIVED_EARLY", ERR_LIB_SSL, SSL_R_CCS_RECEIVED_EARLY}, ++ #else ++ {"CCS_RECEIVED_EARLY", 20, 133}, ++ #endif ++ #ifdef SSL_R_CERTIFICATE_VERIFY_FAILED ++ {"CERTIFICATE_VERIFY_FAILED", ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED}, ++ #else ++ {"CERTIFICATE_VERIFY_FAILED", 20, 134}, ++ #endif ++ #ifdef SSL_R_CERT_CB_ERROR ++ {"CERT_CB_ERROR", ERR_LIB_SSL, SSL_R_CERT_CB_ERROR}, ++ #else ++ {"CERT_CB_ERROR", 20, 377}, ++ #endif ++ #ifdef SSL_R_CERT_LENGTH_MISMATCH ++ {"CERT_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_CERT_LENGTH_MISMATCH}, ++ #else ++ {"CERT_LENGTH_MISMATCH", 20, 135}, ++ #endif ++ #ifdef SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED ++ {"CIPHERSUITE_DIGEST_HAS_CHANGED", ERR_LIB_SSL, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED}, ++ #else ++ {"CIPHERSUITE_DIGEST_HAS_CHANGED", 20, 218}, ++ #endif ++ #ifdef SSL_R_CIPHER_CODE_WRONG_LENGTH ++ {"CIPHER_CODE_WRONG_LENGTH", ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH}, ++ #else ++ {"CIPHER_CODE_WRONG_LENGTH", 20, 137}, ++ #endif ++ #ifdef SSL_R_CIPHER_OR_HASH_UNAVAILABLE ++ {"CIPHER_OR_HASH_UNAVAILABLE", ERR_LIB_SSL, SSL_R_CIPHER_OR_HASH_UNAVAILABLE}, ++ #else ++ {"CIPHER_OR_HASH_UNAVAILABLE", 20, 138}, ++ #endif ++ #ifdef SSL_R_CLIENTHELLO_TLSEXT ++ {"CLIENTHELLO_TLSEXT", ERR_LIB_SSL, SSL_R_CLIENTHELLO_TLSEXT}, ++ #else ++ {"CLIENTHELLO_TLSEXT", 20, 226}, ++ #endif ++ #ifdef SSL_R_COMPRESSED_LENGTH_TOO_LONG ++ {"COMPRESSED_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_COMPRESSED_LENGTH_TOO_LONG}, ++ #else ++ {"COMPRESSED_LENGTH_TOO_LONG", 20, 140}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_DISABLED ++ {"COMPRESSION_DISABLED", ERR_LIB_SSL, SSL_R_COMPRESSION_DISABLED}, ++ #else ++ {"COMPRESSION_DISABLED", 20, 343}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_FAILURE ++ {"COMPRESSION_FAILURE", ERR_LIB_SSL, SSL_R_COMPRESSION_FAILURE}, ++ #else ++ {"COMPRESSION_FAILURE", 20, 141}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE ++ {"COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE", ERR_LIB_SSL, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE}, ++ #else ++ {"COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE", 20, 307}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_LIBRARY_ERROR ++ {"COMPRESSION_LIBRARY_ERROR", ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR}, ++ #else ++ {"COMPRESSION_LIBRARY_ERROR", 20, 142}, ++ #endif ++ #ifdef SSL_R_CONNECTION_TYPE_NOT_SET ++ {"CONNECTION_TYPE_NOT_SET", ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET}, ++ #else ++ {"CONNECTION_TYPE_NOT_SET", 20, 144}, ++ #endif ++ #ifdef SSL_R_CONTEXT_NOT_DANE_ENABLED ++ {"CONTEXT_NOT_DANE_ENABLED", ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED}, ++ #else ++ {"CONTEXT_NOT_DANE_ENABLED", 20, 167}, ++ #endif ++ #ifdef SSL_R_COOKIE_GEN_CALLBACK_FAILURE ++ {"COOKIE_GEN_CALLBACK_FAILURE", ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE}, ++ #else ++ {"COOKIE_GEN_CALLBACK_FAILURE", 20, 400}, ++ #endif ++ #ifdef SSL_R_COOKIE_MISMATCH ++ {"COOKIE_MISMATCH", ERR_LIB_SSL, SSL_R_COOKIE_MISMATCH}, ++ #else ++ {"COOKIE_MISMATCH", 20, 308}, ++ #endif ++ #ifdef SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED ++ {"CUSTOM_EXT_HANDLER_ALREADY_INSTALLED", ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED}, ++ #else ++ {"CUSTOM_EXT_HANDLER_ALREADY_INSTALLED", 20, 206}, ++ #endif ++ #ifdef SSL_R_DANE_ALREADY_ENABLED ++ {"DANE_ALREADY_ENABLED", ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED}, ++ #else ++ {"DANE_ALREADY_ENABLED", 20, 172}, ++ #endif ++ #ifdef SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL ++ {"DANE_CANNOT_OVERRIDE_MTYPE_FULL", ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL}, ++ #else ++ {"DANE_CANNOT_OVERRIDE_MTYPE_FULL", 20, 173}, ++ #endif ++ #ifdef SSL_R_DANE_NOT_ENABLED ++ {"DANE_NOT_ENABLED", ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED}, ++ #else ++ {"DANE_NOT_ENABLED", 20, 175}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_CERTIFICATE ++ {"DANE_TLSA_BAD_CERTIFICATE", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE}, ++ #else ++ {"DANE_TLSA_BAD_CERTIFICATE", 20, 180}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE ++ {"DANE_TLSA_BAD_CERTIFICATE_USAGE", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE}, ++ #else ++ {"DANE_TLSA_BAD_CERTIFICATE_USAGE", 20, 184}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_DATA_LENGTH ++ {"DANE_TLSA_BAD_DATA_LENGTH", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH}, ++ #else ++ {"DANE_TLSA_BAD_DATA_LENGTH", 20, 189}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH ++ {"DANE_TLSA_BAD_DIGEST_LENGTH", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH}, ++ #else ++ {"DANE_TLSA_BAD_DIGEST_LENGTH", 20, 192}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_MATCHING_TYPE ++ {"DANE_TLSA_BAD_MATCHING_TYPE", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE}, ++ #else ++ {"DANE_TLSA_BAD_MATCHING_TYPE", 20, 200}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_PUBLIC_KEY ++ {"DANE_TLSA_BAD_PUBLIC_KEY", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY}, ++ #else ++ {"DANE_TLSA_BAD_PUBLIC_KEY", 20, 201}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_SELECTOR ++ {"DANE_TLSA_BAD_SELECTOR", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR}, ++ #else ++ {"DANE_TLSA_BAD_SELECTOR", 20, 202}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_NULL_DATA ++ {"DANE_TLSA_NULL_DATA", ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA}, ++ #else ++ {"DANE_TLSA_NULL_DATA", 20, 203}, ++ #endif ++ #ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ++ {"DATA_BETWEEN_CCS_AND_FINISHED", ERR_LIB_SSL, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED}, ++ #else ++ {"DATA_BETWEEN_CCS_AND_FINISHED", 20, 145}, ++ #endif ++ #ifdef SSL_R_DATA_LENGTH_TOO_LONG ++ {"DATA_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG}, ++ #else ++ {"DATA_LENGTH_TOO_LONG", 20, 146}, ++ #endif ++ #ifdef SSL_R_DECRYPTION_FAILED ++ {"DECRYPTION_FAILED", ERR_LIB_SSL, SSL_R_DECRYPTION_FAILED}, ++ #else ++ {"DECRYPTION_FAILED", 20, 147}, ++ #endif ++ #ifdef SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ++ {"DECRYPTION_FAILED_OR_BAD_RECORD_MAC", ERR_LIB_SSL, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC}, ++ #else ++ {"DECRYPTION_FAILED_OR_BAD_RECORD_MAC", 20, 281}, ++ #endif ++ #ifdef SSL_R_DH_KEY_TOO_SMALL ++ {"DH_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL}, ++ #else ++ {"DH_KEY_TOO_SMALL", 20, 394}, ++ #endif ++ #ifdef SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ++ {"DH_PUBLIC_VALUE_LENGTH_IS_WRONG", ERR_LIB_SSL, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG}, ++ #else ++ {"DH_PUBLIC_VALUE_LENGTH_IS_WRONG", 20, 148}, ++ #endif ++ #ifdef SSL_R_DIGEST_CHECK_FAILED ++ {"DIGEST_CHECK_FAILED", ERR_LIB_SSL, SSL_R_DIGEST_CHECK_FAILED}, ++ #else ++ {"DIGEST_CHECK_FAILED", 20, 149}, ++ #endif ++ #ifdef SSL_R_DTLS_MESSAGE_TOO_BIG ++ {"DTLS_MESSAGE_TOO_BIG", ERR_LIB_SSL, SSL_R_DTLS_MESSAGE_TOO_BIG}, ++ #else ++ {"DTLS_MESSAGE_TOO_BIG", 20, 334}, ++ #endif ++ #ifdef SSL_R_DUPLICATE_COMPRESSION_ID ++ {"DUPLICATE_COMPRESSION_ID", ERR_LIB_SSL, SSL_R_DUPLICATE_COMPRESSION_ID}, ++ #else ++ {"DUPLICATE_COMPRESSION_ID", 20, 309}, ++ #endif ++ #ifdef SSL_R_ECC_CERT_NOT_FOR_SIGNING ++ {"ECC_CERT_NOT_FOR_SIGNING", ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING}, ++ #else ++ {"ECC_CERT_NOT_FOR_SIGNING", 20, 318}, ++ #endif ++ #ifdef SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE ++ {"ECDH_REQUIRED_FOR_SUITEB_MODE", ERR_LIB_SSL, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE}, ++ #else ++ {"ECDH_REQUIRED_FOR_SUITEB_MODE", 20, 374}, ++ #endif ++ #ifdef SSL_R_EE_KEY_TOO_SMALL ++ {"EE_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_EE_KEY_TOO_SMALL}, ++ #else ++ {"EE_KEY_TOO_SMALL", 20, 399}, ++ #endif ++ #ifdef SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST ++ {"EMPTY_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST}, ++ #else ++ {"EMPTY_SRTP_PROTECTION_PROFILE_LIST", 20, 354}, ++ #endif ++ #ifdef SSL_R_ENCRYPTED_LENGTH_TOO_LONG ++ {"ENCRYPTED_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_ENCRYPTED_LENGTH_TOO_LONG}, ++ #else ++ {"ENCRYPTED_LENGTH_TOO_LONG", 20, 150}, ++ #endif ++ #ifdef SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ++ {"ERROR_IN_RECEIVED_CIPHER_LIST", ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST}, ++ #else ++ {"ERROR_IN_RECEIVED_CIPHER_LIST", 20, 151}, ++ #endif ++ #ifdef SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN ++ {"ERROR_SETTING_TLSA_BASE_DOMAIN", ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN}, ++ #else ++ {"ERROR_SETTING_TLSA_BASE_DOMAIN", 20, 204}, ++ #endif ++ #ifdef SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE ++ {"EXCEEDS_MAX_FRAGMENT_SIZE", ERR_LIB_SSL, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE}, ++ #else ++ {"EXCEEDS_MAX_FRAGMENT_SIZE", 20, 194}, ++ #endif ++ #ifdef SSL_R_EXCESSIVE_MESSAGE_SIZE ++ {"EXCESSIVE_MESSAGE_SIZE", ERR_LIB_SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE}, ++ #else ++ {"EXCESSIVE_MESSAGE_SIZE", 20, 152}, ++ #endif ++ #ifdef SSL_R_EXTENSION_NOT_RECEIVED ++ {"EXTENSION_NOT_RECEIVED", ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED}, ++ #else ++ {"EXTENSION_NOT_RECEIVED", 20, 279}, ++ #endif ++ #ifdef SSL_R_EXTRA_DATA_IN_MESSAGE ++ {"EXTRA_DATA_IN_MESSAGE", ERR_LIB_SSL, SSL_R_EXTRA_DATA_IN_MESSAGE}, ++ #else ++ {"EXTRA_DATA_IN_MESSAGE", 20, 153}, ++ #endif ++ #ifdef SSL_R_EXT_LENGTH_MISMATCH ++ {"EXT_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_EXT_LENGTH_MISMATCH}, ++ #else ++ {"EXT_LENGTH_MISMATCH", 20, 163}, ++ #endif ++ #ifdef SSL_R_FAILED_TO_INIT_ASYNC ++ {"FAILED_TO_INIT_ASYNC", ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC}, ++ #else ++ {"FAILED_TO_INIT_ASYNC", 20, 405}, ++ #endif ++ #ifdef SSL_R_FRAGMENTED_CLIENT_HELLO ++ {"FRAGMENTED_CLIENT_HELLO", ERR_LIB_SSL, SSL_R_FRAGMENTED_CLIENT_HELLO}, ++ #else ++ {"FRAGMENTED_CLIENT_HELLO", 20, 401}, ++ #endif ++ #ifdef SSL_R_GOT_A_FIN_BEFORE_A_CCS ++ {"GOT_A_FIN_BEFORE_A_CCS", ERR_LIB_SSL, SSL_R_GOT_A_FIN_BEFORE_A_CCS}, ++ #else ++ {"GOT_A_FIN_BEFORE_A_CCS", 20, 154}, ++ #endif ++ #ifdef SSL_R_HTTPS_PROXY_REQUEST ++ {"HTTPS_PROXY_REQUEST", ERR_LIB_SSL, SSL_R_HTTPS_PROXY_REQUEST}, ++ #else ++ {"HTTPS_PROXY_REQUEST", 20, 155}, ++ #endif ++ #ifdef SSL_R_HTTP_REQUEST ++ {"HTTP_REQUEST", ERR_LIB_SSL, SSL_R_HTTP_REQUEST}, ++ #else ++ {"HTTP_REQUEST", 20, 156}, ++ #endif ++ #ifdef SSL_R_ILLEGAL_POINT_COMPRESSION ++ {"ILLEGAL_POINT_COMPRESSION", ERR_LIB_SSL, SSL_R_ILLEGAL_POINT_COMPRESSION}, ++ #else ++ {"ILLEGAL_POINT_COMPRESSION", 20, 162}, ++ #endif ++ #ifdef SSL_R_ILLEGAL_SUITEB_DIGEST ++ {"ILLEGAL_SUITEB_DIGEST", ERR_LIB_SSL, SSL_R_ILLEGAL_SUITEB_DIGEST}, ++ #else ++ {"ILLEGAL_SUITEB_DIGEST", 20, 380}, ++ #endif ++ #ifdef SSL_R_INAPPROPRIATE_FALLBACK ++ {"INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, SSL_R_INAPPROPRIATE_FALLBACK}, ++ #else ++ {"INAPPROPRIATE_FALLBACK", 20, 373}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_COMPRESSION ++ {"INCONSISTENT_COMPRESSION", ERR_LIB_SSL, SSL_R_INCONSISTENT_COMPRESSION}, ++ #else ++ {"INCONSISTENT_COMPRESSION", 20, 340}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_EARLY_DATA_ALPN ++ {"INCONSISTENT_EARLY_DATA_ALPN", ERR_LIB_SSL, SSL_R_INCONSISTENT_EARLY_DATA_ALPN}, ++ #else ++ {"INCONSISTENT_EARLY_DATA_ALPN", 20, 222}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_EARLY_DATA_SNI ++ {"INCONSISTENT_EARLY_DATA_SNI", ERR_LIB_SSL, SSL_R_INCONSISTENT_EARLY_DATA_SNI}, ++ #else ++ {"INCONSISTENT_EARLY_DATA_SNI", 20, 231}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_EXTMS ++ {"INCONSISTENT_EXTMS", ERR_LIB_SSL, SSL_R_INCONSISTENT_EXTMS}, ++ #else ++ {"INCONSISTENT_EXTMS", 20, 104}, ++ #endif ++ #ifdef SSL_R_INSUFFICIENT_SECURITY ++ {"INSUFFICIENT_SECURITY", ERR_LIB_SSL, SSL_R_INSUFFICIENT_SECURITY}, ++ #else ++ {"INSUFFICIENT_SECURITY", 20, 241}, ++ #endif ++ #ifdef SSL_R_INVALID_ALERT ++ {"INVALID_ALERT", ERR_LIB_SSL, SSL_R_INVALID_ALERT}, ++ #else ++ {"INVALID_ALERT", 20, 205}, ++ #endif ++ #ifdef SSL_R_INVALID_CCS_MESSAGE ++ {"INVALID_CCS_MESSAGE", ERR_LIB_SSL, SSL_R_INVALID_CCS_MESSAGE}, ++ #else ++ {"INVALID_CCS_MESSAGE", 20, 260}, ++ #endif ++ #ifdef SSL_R_INVALID_CERTIFICATE_OR_ALG ++ {"INVALID_CERTIFICATE_OR_ALG", ERR_LIB_SSL, SSL_R_INVALID_CERTIFICATE_OR_ALG}, ++ #else ++ {"INVALID_CERTIFICATE_OR_ALG", 20, 238}, ++ #endif ++ #ifdef SSL_R_INVALID_COMMAND ++ {"INVALID_COMMAND", ERR_LIB_SSL, SSL_R_INVALID_COMMAND}, ++ #else ++ {"INVALID_COMMAND", 20, 280}, ++ #endif ++ #ifdef SSL_R_INVALID_COMPRESSION_ALGORITHM ++ {"INVALID_COMPRESSION_ALGORITHM", ERR_LIB_SSL, SSL_R_INVALID_COMPRESSION_ALGORITHM}, ++ #else ++ {"INVALID_COMPRESSION_ALGORITHM", 20, 341}, ++ #endif ++ #ifdef SSL_R_INVALID_CONFIG ++ {"INVALID_CONFIG", ERR_LIB_SSL, SSL_R_INVALID_CONFIG}, ++ #else ++ {"INVALID_CONFIG", 20, 283}, ++ #endif ++ #ifdef SSL_R_INVALID_CONFIGURATION_NAME ++ {"INVALID_CONFIGURATION_NAME", ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME}, ++ #else ++ {"INVALID_CONFIGURATION_NAME", 20, 113}, ++ #endif ++ #ifdef SSL_R_INVALID_CONTEXT ++ {"INVALID_CONTEXT", ERR_LIB_SSL, SSL_R_INVALID_CONTEXT}, ++ #else ++ {"INVALID_CONTEXT", 20, 282}, ++ #endif ++ #ifdef SSL_R_INVALID_CT_VALIDATION_TYPE ++ {"INVALID_CT_VALIDATION_TYPE", ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE}, ++ #else ++ {"INVALID_CT_VALIDATION_TYPE", 20, 212}, ++ #endif ++ #ifdef SSL_R_INVALID_KEY_UPDATE_TYPE ++ {"INVALID_KEY_UPDATE_TYPE", ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE}, ++ #else ++ {"INVALID_KEY_UPDATE_TYPE", 20, 120}, ++ #endif ++ #ifdef SSL_R_INVALID_MAX_EARLY_DATA ++ {"INVALID_MAX_EARLY_DATA", ERR_LIB_SSL, SSL_R_INVALID_MAX_EARLY_DATA}, ++ #else ++ {"INVALID_MAX_EARLY_DATA", 20, 174}, ++ #endif ++ #ifdef SSL_R_INVALID_NULL_CMD_NAME ++ {"INVALID_NULL_CMD_NAME", ERR_LIB_SSL, SSL_R_INVALID_NULL_CMD_NAME}, ++ #else ++ {"INVALID_NULL_CMD_NAME", 20, 385}, ++ #endif ++ #ifdef SSL_R_INVALID_SEQUENCE_NUMBER ++ {"INVALID_SEQUENCE_NUMBER", ERR_LIB_SSL, SSL_R_INVALID_SEQUENCE_NUMBER}, ++ #else ++ {"INVALID_SEQUENCE_NUMBER", 20, 402}, ++ #endif ++ #ifdef SSL_R_INVALID_SERVERINFO_DATA ++ {"INVALID_SERVERINFO_DATA", ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA}, ++ #else ++ {"INVALID_SERVERINFO_DATA", 20, 388}, ++ #endif ++ #ifdef SSL_R_INVALID_SESSION_ID ++ {"INVALID_SESSION_ID", ERR_LIB_SSL, SSL_R_INVALID_SESSION_ID}, ++ #else ++ {"INVALID_SESSION_ID", 20, 999}, ++ #endif ++ #ifdef SSL_R_INVALID_SRP_USERNAME ++ {"INVALID_SRP_USERNAME", ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME}, ++ #else ++ {"INVALID_SRP_USERNAME", 20, 357}, ++ #endif ++ #ifdef SSL_R_INVALID_STATUS_RESPONSE ++ {"INVALID_STATUS_RESPONSE", ERR_LIB_SSL, SSL_R_INVALID_STATUS_RESPONSE}, ++ #else ++ {"INVALID_STATUS_RESPONSE", 20, 328}, ++ #endif ++ #ifdef SSL_R_INVALID_TICKET_KEYS_LENGTH ++ {"INVALID_TICKET_KEYS_LENGTH", ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH}, ++ #else ++ {"INVALID_TICKET_KEYS_LENGTH", 20, 325}, ++ #endif ++ #ifdef SSL_R_LENGTH_MISMATCH ++ {"LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH}, ++ #else ++ {"LENGTH_MISMATCH", 20, 159}, ++ #endif ++ #ifdef SSL_R_LENGTH_TOO_LONG ++ {"LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_LENGTH_TOO_LONG}, ++ #else ++ {"LENGTH_TOO_LONG", 20, 404}, ++ #endif ++ #ifdef SSL_R_LENGTH_TOO_SHORT ++ {"LENGTH_TOO_SHORT", ERR_LIB_SSL, SSL_R_LENGTH_TOO_SHORT}, ++ #else ++ {"LENGTH_TOO_SHORT", 20, 160}, ++ #endif ++ #ifdef SSL_R_LIBRARY_BUG ++ {"LIBRARY_BUG", ERR_LIB_SSL, SSL_R_LIBRARY_BUG}, ++ #else ++ {"LIBRARY_BUG", 20, 274}, ++ #endif ++ #ifdef SSL_R_LIBRARY_HAS_NO_CIPHERS ++ {"LIBRARY_HAS_NO_CIPHERS", ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS}, ++ #else ++ {"LIBRARY_HAS_NO_CIPHERS", 20, 161}, ++ #endif ++ #ifdef SSL_R_MISSING_DSA_SIGNING_CERT ++ {"MISSING_DSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_DSA_SIGNING_CERT}, ++ #else ++ {"MISSING_DSA_SIGNING_CERT", 20, 165}, ++ #endif ++ #ifdef SSL_R_MISSING_ECDSA_SIGNING_CERT ++ {"MISSING_ECDSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_ECDSA_SIGNING_CERT}, ++ #else ++ {"MISSING_ECDSA_SIGNING_CERT", 20, 381}, ++ #endif ++ #ifdef SSL_R_MISSING_FATAL ++ {"MISSING_FATAL", ERR_LIB_SSL, SSL_R_MISSING_FATAL}, ++ #else ++ {"MISSING_FATAL", 20, 256}, ++ #endif ++ #ifdef SSL_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 20, 290}, ++ #endif ++ #ifdef SSL_R_MISSING_RSA_CERTIFICATE ++ {"MISSING_RSA_CERTIFICATE", ERR_LIB_SSL, SSL_R_MISSING_RSA_CERTIFICATE}, ++ #else ++ {"MISSING_RSA_CERTIFICATE", 20, 168}, ++ #endif ++ #ifdef SSL_R_MISSING_RSA_ENCRYPTING_CERT ++ {"MISSING_RSA_ENCRYPTING_CERT", ERR_LIB_SSL, SSL_R_MISSING_RSA_ENCRYPTING_CERT}, ++ #else ++ {"MISSING_RSA_ENCRYPTING_CERT", 20, 169}, ++ #endif ++ #ifdef SSL_R_MISSING_RSA_SIGNING_CERT ++ {"MISSING_RSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_RSA_SIGNING_CERT}, ++ #else ++ {"MISSING_RSA_SIGNING_CERT", 20, 170}, ++ #endif ++ #ifdef SSL_R_MISSING_SIGALGS_EXTENSION ++ {"MISSING_SIGALGS_EXTENSION", ERR_LIB_SSL, SSL_R_MISSING_SIGALGS_EXTENSION}, ++ #else ++ {"MISSING_SIGALGS_EXTENSION", 20, 112}, ++ #endif ++ #ifdef SSL_R_MISSING_SIGNING_CERT ++ {"MISSING_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_SIGNING_CERT}, ++ #else ++ {"MISSING_SIGNING_CERT", 20, 221}, ++ #endif ++ #ifdef SSL_R_MISSING_SRP_PARAM ++ {"MISSING_SRP_PARAM", ERR_LIB_SSL, SSL_R_MISSING_SRP_PARAM}, ++ #else ++ {"MISSING_SRP_PARAM", 20, 358}, ++ #endif ++ #ifdef SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION ++ {"MISSING_SUPPORTED_GROUPS_EXTENSION", ERR_LIB_SSL, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION}, ++ #else ++ {"MISSING_SUPPORTED_GROUPS_EXTENSION", 20, 209}, ++ #endif ++ #ifdef SSL_R_MISSING_TMP_DH_KEY ++ {"MISSING_TMP_DH_KEY", ERR_LIB_SSL, SSL_R_MISSING_TMP_DH_KEY}, ++ #else ++ {"MISSING_TMP_DH_KEY", 20, 171}, ++ #endif ++ #ifdef SSL_R_MISSING_TMP_ECDH_KEY ++ {"MISSING_TMP_ECDH_KEY", ERR_LIB_SSL, SSL_R_MISSING_TMP_ECDH_KEY}, ++ #else ++ {"MISSING_TMP_ECDH_KEY", 20, 311}, ++ #endif ++ #ifdef SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ++ {"MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA", ERR_LIB_SSL, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA}, ++ #else ++ {"MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA", 20, 293}, ++ #endif ++ #ifdef SSL_R_NOT_ON_RECORD_BOUNDARY ++ {"NOT_ON_RECORD_BOUNDARY", ERR_LIB_SSL, SSL_R_NOT_ON_RECORD_BOUNDARY}, ++ #else ++ {"NOT_ON_RECORD_BOUNDARY", 20, 182}, ++ #endif ++ #ifdef SSL_R_NOT_REPLACING_CERTIFICATE ++ {"NOT_REPLACING_CERTIFICATE", ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE}, ++ #else ++ {"NOT_REPLACING_CERTIFICATE", 20, 289}, ++ #endif ++ #ifdef SSL_R_NOT_SERVER ++ {"NOT_SERVER", ERR_LIB_SSL, SSL_R_NOT_SERVER}, ++ #else ++ {"NOT_SERVER", 20, 284}, ++ #endif ++ #ifdef SSL_R_NO_APPLICATION_PROTOCOL ++ {"NO_APPLICATION_PROTOCOL", ERR_LIB_SSL, SSL_R_NO_APPLICATION_PROTOCOL}, ++ #else ++ {"NO_APPLICATION_PROTOCOL", 20, 235}, ++ #endif ++ #ifdef SSL_R_NO_CERTIFICATES_RETURNED ++ {"NO_CERTIFICATES_RETURNED", ERR_LIB_SSL, SSL_R_NO_CERTIFICATES_RETURNED}, ++ #else ++ {"NO_CERTIFICATES_RETURNED", 20, 176}, ++ #endif ++ #ifdef SSL_R_NO_CERTIFICATE_ASSIGNED ++ {"NO_CERTIFICATE_ASSIGNED", ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED}, ++ #else ++ {"NO_CERTIFICATE_ASSIGNED", 20, 177}, ++ #endif ++ #ifdef SSL_R_NO_CERTIFICATE_SET ++ {"NO_CERTIFICATE_SET", ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET}, ++ #else ++ {"NO_CERTIFICATE_SET", 20, 179}, ++ #endif ++ #ifdef SSL_R_NO_CHANGE_FOLLOWING_HRR ++ {"NO_CHANGE_FOLLOWING_HRR", ERR_LIB_SSL, SSL_R_NO_CHANGE_FOLLOWING_HRR}, ++ #else ++ {"NO_CHANGE_FOLLOWING_HRR", 20, 214}, ++ #endif ++ #ifdef SSL_R_NO_CIPHERS_AVAILABLE ++ {"NO_CIPHERS_AVAILABLE", ERR_LIB_SSL, SSL_R_NO_CIPHERS_AVAILABLE}, ++ #else ++ {"NO_CIPHERS_AVAILABLE", 20, 181}, ++ #endif ++ #ifdef SSL_R_NO_CIPHERS_SPECIFIED ++ {"NO_CIPHERS_SPECIFIED", ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED}, ++ #else ++ {"NO_CIPHERS_SPECIFIED", 20, 183}, ++ #endif ++ #ifdef SSL_R_NO_CIPHER_MATCH ++ {"NO_CIPHER_MATCH", ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH}, ++ #else ++ {"NO_CIPHER_MATCH", 20, 185}, ++ #endif ++ #ifdef SSL_R_NO_CLIENT_CERT_METHOD ++ {"NO_CLIENT_CERT_METHOD", ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD}, ++ #else ++ {"NO_CLIENT_CERT_METHOD", 20, 331}, ++ #endif ++ #ifdef SSL_R_NO_COMPRESSION_SPECIFIED ++ {"NO_COMPRESSION_SPECIFIED", ERR_LIB_SSL, SSL_R_NO_COMPRESSION_SPECIFIED}, ++ #else ++ {"NO_COMPRESSION_SPECIFIED", 20, 187}, ++ #endif ++ #ifdef SSL_R_NO_COOKIE_CALLBACK_SET ++ {"NO_COOKIE_CALLBACK_SET", ERR_LIB_SSL, SSL_R_NO_COOKIE_CALLBACK_SET}, ++ #else ++ {"NO_COOKIE_CALLBACK_SET", 20, 287}, ++ #endif ++ #ifdef SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER ++ {"NO_GOST_CERTIFICATE_SENT_BY_PEER", ERR_LIB_SSL, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER}, ++ #else ++ {"NO_GOST_CERTIFICATE_SENT_BY_PEER", 20, 330}, ++ #endif ++ #ifdef SSL_R_NO_METHOD_SPECIFIED ++ {"NO_METHOD_SPECIFIED", ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED}, ++ #else ++ {"NO_METHOD_SPECIFIED", 20, 188}, ++ #endif ++ #ifdef SSL_R_NO_PEM_EXTENSIONS ++ {"NO_PEM_EXTENSIONS", ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS}, ++ #else ++ {"NO_PEM_EXTENSIONS", 20, 389}, ++ #endif ++ #ifdef SSL_R_NO_PRIVATE_KEY_ASSIGNED ++ {"NO_PRIVATE_KEY_ASSIGNED", ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED}, ++ #else ++ {"NO_PRIVATE_KEY_ASSIGNED", 20, 190}, ++ #endif ++ #ifdef SSL_R_NO_PROTOCOLS_AVAILABLE ++ {"NO_PROTOCOLS_AVAILABLE", ERR_LIB_SSL, SSL_R_NO_PROTOCOLS_AVAILABLE}, ++ #else ++ {"NO_PROTOCOLS_AVAILABLE", 20, 191}, ++ #endif ++ #ifdef SSL_R_NO_RENEGOTIATION ++ {"NO_RENEGOTIATION", ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION}, ++ #else ++ {"NO_RENEGOTIATION", 20, 339}, ++ #endif ++ #ifdef SSL_R_NO_REQUIRED_DIGEST ++ {"NO_REQUIRED_DIGEST", ERR_LIB_SSL, SSL_R_NO_REQUIRED_DIGEST}, ++ #else ++ {"NO_REQUIRED_DIGEST", 20, 324}, ++ #endif ++ #ifdef SSL_R_NO_SHARED_CIPHER ++ {"NO_SHARED_CIPHER", ERR_LIB_SSL, SSL_R_NO_SHARED_CIPHER}, ++ #else ++ {"NO_SHARED_CIPHER", 20, 193}, ++ #endif ++ #ifdef SSL_R_NO_SHARED_GROUPS ++ {"NO_SHARED_GROUPS", ERR_LIB_SSL, SSL_R_NO_SHARED_GROUPS}, ++ #else ++ {"NO_SHARED_GROUPS", 20, 410}, ++ #endif ++ #ifdef SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS ++ {"NO_SHARED_SIGNATURE_ALGORITHMS", ERR_LIB_SSL, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS}, ++ #else ++ {"NO_SHARED_SIGNATURE_ALGORITHMS", 20, 376}, ++ #endif ++ #ifdef SSL_R_NO_SRTP_PROFILES ++ {"NO_SRTP_PROFILES", ERR_LIB_SSL, SSL_R_NO_SRTP_PROFILES}, ++ #else ++ {"NO_SRTP_PROFILES", 20, 359}, ++ #endif ++ #ifdef SSL_R_NO_SUITABLE_KEY_SHARE ++ {"NO_SUITABLE_KEY_SHARE", ERR_LIB_SSL, SSL_R_NO_SUITABLE_KEY_SHARE}, ++ #else ++ {"NO_SUITABLE_KEY_SHARE", 20, 101}, ++ #endif ++ #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM ++ {"NO_SUITABLE_SIGNATURE_ALGORITHM", ERR_LIB_SSL, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM}, ++ #else ++ {"NO_SUITABLE_SIGNATURE_ALGORITHM", 20, 118}, ++ #endif ++ #ifdef SSL_R_NO_VALID_SCTS ++ {"NO_VALID_SCTS", ERR_LIB_SSL, SSL_R_NO_VALID_SCTS}, ++ #else ++ {"NO_VALID_SCTS", 20, 216}, ++ #endif ++ #ifdef SSL_R_NO_VERIFY_COOKIE_CALLBACK ++ {"NO_VERIFY_COOKIE_CALLBACK", ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK}, ++ #else ++ {"NO_VERIFY_COOKIE_CALLBACK", 20, 403}, ++ #endif ++ #ifdef SSL_R_NULL_SSL_CTX ++ {"NULL_SSL_CTX", ERR_LIB_SSL, SSL_R_NULL_SSL_CTX}, ++ #else ++ {"NULL_SSL_CTX", 20, 195}, ++ #endif ++ #ifdef SSL_R_NULL_SSL_METHOD_PASSED ++ {"NULL_SSL_METHOD_PASSED", ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED}, ++ #else ++ {"NULL_SSL_METHOD_PASSED", 20, 196}, ++ #endif ++ #ifdef SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ++ {"OLD_SESSION_CIPHER_NOT_RETURNED", ERR_LIB_SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED}, ++ #else ++ {"OLD_SESSION_CIPHER_NOT_RETURNED", 20, 197}, ++ #endif ++ #ifdef SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED ++ {"OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED", ERR_LIB_SSL, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED}, ++ #else ++ {"OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED", 20, 344}, ++ #endif ++ #ifdef SSL_R_OVERFLOW_ERROR ++ {"OVERFLOW_ERROR", ERR_LIB_SSL, SSL_R_OVERFLOW_ERROR}, ++ #else ++ {"OVERFLOW_ERROR", 20, 237}, ++ #endif ++ #ifdef SSL_R_PACKET_LENGTH_TOO_LONG ++ {"PACKET_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_PACKET_LENGTH_TOO_LONG}, ++ #else ++ {"PACKET_LENGTH_TOO_LONG", 20, 198}, ++ #endif ++ #ifdef SSL_R_PARSE_TLSEXT ++ {"PARSE_TLSEXT", ERR_LIB_SSL, SSL_R_PARSE_TLSEXT}, ++ #else ++ {"PARSE_TLSEXT", 20, 227}, ++ #endif ++ #ifdef SSL_R_PATH_TOO_LONG ++ {"PATH_TOO_LONG", ERR_LIB_SSL, SSL_R_PATH_TOO_LONG}, ++ #else ++ {"PATH_TOO_LONG", 20, 270}, ++ #endif ++ #ifdef SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ++ {"PEER_DID_NOT_RETURN_A_CERTIFICATE", ERR_LIB_SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE}, ++ #else ++ {"PEER_DID_NOT_RETURN_A_CERTIFICATE", 20, 199}, ++ #endif ++ #ifdef SSL_R_PEM_NAME_BAD_PREFIX ++ {"PEM_NAME_BAD_PREFIX", ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX}, ++ #else ++ {"PEM_NAME_BAD_PREFIX", 20, 391}, ++ #endif ++ #ifdef SSL_R_PEM_NAME_TOO_SHORT ++ {"PEM_NAME_TOO_SHORT", ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT}, ++ #else ++ {"PEM_NAME_TOO_SHORT", 20, 392}, ++ #endif ++ #ifdef SSL_R_PIPELINE_FAILURE ++ {"PIPELINE_FAILURE", ERR_LIB_SSL, SSL_R_PIPELINE_FAILURE}, ++ #else ++ {"PIPELINE_FAILURE", 20, 406}, ++ #endif ++ #ifdef SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR ++ {"POST_HANDSHAKE_AUTH_ENCODING_ERR", ERR_LIB_SSL, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR}, ++ #else ++ {"POST_HANDSHAKE_AUTH_ENCODING_ERR", 20, 278}, ++ #endif ++ #ifdef SSL_R_PRIVATE_KEY_MISMATCH ++ {"PRIVATE_KEY_MISMATCH", ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH}, ++ #else ++ {"PRIVATE_KEY_MISMATCH", 20, 288}, ++ #endif ++ #ifdef SSL_R_PROTOCOL_IS_SHUTDOWN ++ {"PROTOCOL_IS_SHUTDOWN", ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN}, ++ #else ++ {"PROTOCOL_IS_SHUTDOWN", 20, 207}, ++ #endif ++ #ifdef SSL_R_PSK_IDENTITY_NOT_FOUND ++ {"PSK_IDENTITY_NOT_FOUND", ERR_LIB_SSL, SSL_R_PSK_IDENTITY_NOT_FOUND}, ++ #else ++ {"PSK_IDENTITY_NOT_FOUND", 20, 223}, ++ #endif ++ #ifdef SSL_R_PSK_NO_CLIENT_CB ++ {"PSK_NO_CLIENT_CB", ERR_LIB_SSL, SSL_R_PSK_NO_CLIENT_CB}, ++ #else ++ {"PSK_NO_CLIENT_CB", 20, 224}, ++ #endif ++ #ifdef SSL_R_PSK_NO_SERVER_CB ++ {"PSK_NO_SERVER_CB", ERR_LIB_SSL, SSL_R_PSK_NO_SERVER_CB}, ++ #else ++ {"PSK_NO_SERVER_CB", 20, 225}, ++ #endif ++ #ifdef SSL_R_READ_BIO_NOT_SET ++ {"READ_BIO_NOT_SET", ERR_LIB_SSL, SSL_R_READ_BIO_NOT_SET}, ++ #else ++ {"READ_BIO_NOT_SET", 20, 211}, ++ #endif ++ #ifdef SSL_R_READ_TIMEOUT_EXPIRED ++ {"READ_TIMEOUT_EXPIRED", ERR_LIB_SSL, SSL_R_READ_TIMEOUT_EXPIRED}, ++ #else ++ {"READ_TIMEOUT_EXPIRED", 20, 312}, ++ #endif ++ #ifdef SSL_R_RECORD_LENGTH_MISMATCH ++ {"RECORD_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_RECORD_LENGTH_MISMATCH}, ++ #else ++ {"RECORD_LENGTH_MISMATCH", 20, 213}, ++ #endif ++ #ifdef SSL_R_RECORD_TOO_SMALL ++ {"RECORD_TOO_SMALL", ERR_LIB_SSL, SSL_R_RECORD_TOO_SMALL}, ++ #else ++ {"RECORD_TOO_SMALL", 20, 298}, ++ #endif ++ #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG ++ {"RENEGOTIATE_EXT_TOO_LONG", ERR_LIB_SSL, SSL_R_RENEGOTIATE_EXT_TOO_LONG}, ++ #else ++ {"RENEGOTIATE_EXT_TOO_LONG", 20, 335}, ++ #endif ++ #ifdef SSL_R_RENEGOTIATION_ENCODING_ERR ++ {"RENEGOTIATION_ENCODING_ERR", ERR_LIB_SSL, SSL_R_RENEGOTIATION_ENCODING_ERR}, ++ #else ++ {"RENEGOTIATION_ENCODING_ERR", 20, 336}, ++ #endif ++ #ifdef SSL_R_RENEGOTIATION_MISMATCH ++ {"RENEGOTIATION_MISMATCH", ERR_LIB_SSL, SSL_R_RENEGOTIATION_MISMATCH}, ++ #else ++ {"RENEGOTIATION_MISMATCH", 20, 337}, ++ #endif ++ #ifdef SSL_R_REQUEST_PENDING ++ {"REQUEST_PENDING", ERR_LIB_SSL, SSL_R_REQUEST_PENDING}, ++ #else ++ {"REQUEST_PENDING", 20, 285}, ++ #endif ++ #ifdef SSL_R_REQUEST_SENT ++ {"REQUEST_SENT", ERR_LIB_SSL, SSL_R_REQUEST_SENT}, ++ #else ++ {"REQUEST_SENT", 20, 286}, ++ #endif ++ #ifdef SSL_R_REQUIRED_CIPHER_MISSING ++ {"REQUIRED_CIPHER_MISSING", ERR_LIB_SSL, SSL_R_REQUIRED_CIPHER_MISSING}, ++ #else ++ {"REQUIRED_CIPHER_MISSING", 20, 215}, ++ #endif ++ #ifdef SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING ++ {"REQUIRED_COMPRESSION_ALGORITHM_MISSING", ERR_LIB_SSL, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING}, ++ #else ++ {"REQUIRED_COMPRESSION_ALGORITHM_MISSING", 20, 342}, ++ #endif ++ #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING ++ {"SCSV_RECEIVED_WHEN_RENEGOTIATING", ERR_LIB_SSL, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING}, ++ #else ++ {"SCSV_RECEIVED_WHEN_RENEGOTIATING", 20, 345}, ++ #endif ++ #ifdef SSL_R_SCT_VERIFICATION_FAILED ++ {"SCT_VERIFICATION_FAILED", ERR_LIB_SSL, SSL_R_SCT_VERIFICATION_FAILED}, ++ #else ++ {"SCT_VERIFICATION_FAILED", 20, 208}, ++ #endif ++ #ifdef SSL_R_SERVERHELLO_TLSEXT ++ {"SERVERHELLO_TLSEXT", ERR_LIB_SSL, SSL_R_SERVERHELLO_TLSEXT}, ++ #else ++ {"SERVERHELLO_TLSEXT", 20, 275}, ++ #endif ++ #ifdef SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ++ {"SESSION_ID_CONTEXT_UNINITIALIZED", ERR_LIB_SSL, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED}, ++ #else ++ {"SESSION_ID_CONTEXT_UNINITIALIZED", 20, 277}, ++ #endif ++ #ifdef SSL_R_SHUTDOWN_WHILE_IN_INIT ++ {"SHUTDOWN_WHILE_IN_INIT", ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT}, ++ #else ++ {"SHUTDOWN_WHILE_IN_INIT", 20, 407}, ++ #endif ++ #ifdef SSL_R_SIGNATURE_ALGORITHMS_ERROR ++ {"SIGNATURE_ALGORITHMS_ERROR", ERR_LIB_SSL, SSL_R_SIGNATURE_ALGORITHMS_ERROR}, ++ #else ++ {"SIGNATURE_ALGORITHMS_ERROR", 20, 360}, ++ #endif ++ #ifdef SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE ++ {"SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", ERR_LIB_SSL, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE}, ++ #else ++ {"SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", 20, 220}, ++ #endif ++ #ifdef SSL_R_SRP_A_CALC ++ {"SRP_A_CALC", ERR_LIB_SSL, SSL_R_SRP_A_CALC}, ++ #else ++ {"SRP_A_CALC", 20, 361}, ++ #endif ++ #ifdef SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES ++ {"SRTP_COULD_NOT_ALLOCATE_PROFILES", ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES}, ++ #else ++ {"SRTP_COULD_NOT_ALLOCATE_PROFILES", 20, 362}, ++ #endif ++ #ifdef SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG ++ {"SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", ERR_LIB_SSL, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG}, ++ #else ++ {"SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", 20, 363}, ++ #endif ++ #ifdef SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE ++ {"SRTP_UNKNOWN_PROTECTION_PROFILE", ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE}, ++ #else ++ {"SRTP_UNKNOWN_PROTECTION_PROFILE", 20, 364}, ++ #endif ++ #ifdef SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH ++ {"SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH", ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH}, ++ #else ++ {"SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH", 20, 232}, ++ #endif ++ #ifdef SSL_R_SSL3_EXT_INVALID_SERVERNAME ++ {"SSL3_EXT_INVALID_SERVERNAME", ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME}, ++ #else ++ {"SSL3_EXT_INVALID_SERVERNAME", 20, 319}, ++ #endif ++ #ifdef SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE ++ {"SSL3_EXT_INVALID_SERVERNAME_TYPE", ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE}, ++ #else ++ {"SSL3_EXT_INVALID_SERVERNAME_TYPE", 20, 320}, ++ #endif ++ #ifdef SSL_R_SSL3_SESSION_ID_TOO_LONG ++ {"SSL3_SESSION_ID_TOO_LONG", ERR_LIB_SSL, SSL_R_SSL3_SESSION_ID_TOO_LONG}, ++ #else ++ {"SSL3_SESSION_ID_TOO_LONG", 20, 300}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ++ {"SSLV3_ALERT_BAD_CERTIFICATE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE}, ++ #else ++ {"SSLV3_ALERT_BAD_CERTIFICATE", 20, 1042}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ++ {"SSLV3_ALERT_BAD_RECORD_MAC", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC}, ++ #else ++ {"SSLV3_ALERT_BAD_RECORD_MAC", 20, 1020}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ++ {"SSLV3_ALERT_CERTIFICATE_EXPIRED", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED}, ++ #else ++ {"SSLV3_ALERT_CERTIFICATE_EXPIRED", 20, 1045}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ++ {"SSLV3_ALERT_CERTIFICATE_REVOKED", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED}, ++ #else ++ {"SSLV3_ALERT_CERTIFICATE_REVOKED", 20, 1044}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ++ {"SSLV3_ALERT_CERTIFICATE_UNKNOWN", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN}, ++ #else ++ {"SSLV3_ALERT_CERTIFICATE_UNKNOWN", 20, 1046}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ++ {"SSLV3_ALERT_DECOMPRESSION_FAILURE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE}, ++ #else ++ {"SSLV3_ALERT_DECOMPRESSION_FAILURE", 20, 1030}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ++ {"SSLV3_ALERT_HANDSHAKE_FAILURE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE}, ++ #else ++ {"SSLV3_ALERT_HANDSHAKE_FAILURE", 20, 1040}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ++ {"SSLV3_ALERT_ILLEGAL_PARAMETER", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER}, ++ #else ++ {"SSLV3_ALERT_ILLEGAL_PARAMETER", 20, 1047}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_NO_CERTIFICATE ++ {"SSLV3_ALERT_NO_CERTIFICATE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_NO_CERTIFICATE}, ++ #else ++ {"SSLV3_ALERT_NO_CERTIFICATE", 20, 1041}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ++ {"SSLV3_ALERT_UNEXPECTED_MESSAGE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE}, ++ #else ++ {"SSLV3_ALERT_UNEXPECTED_MESSAGE", 20, 1010}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE ++ {"SSLV3_ALERT_UNSUPPORTED_CERTIFICATE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE}, ++ #else ++ {"SSLV3_ALERT_UNSUPPORTED_CERTIFICATE", 20, 1043}, ++ #endif ++ #ifdef SSL_R_SSL_COMMAND_SECTION_EMPTY ++ {"SSL_COMMAND_SECTION_EMPTY", ERR_LIB_SSL, SSL_R_SSL_COMMAND_SECTION_EMPTY}, ++ #else ++ {"SSL_COMMAND_SECTION_EMPTY", 20, 117}, ++ #endif ++ #ifdef SSL_R_SSL_COMMAND_SECTION_NOT_FOUND ++ {"SSL_COMMAND_SECTION_NOT_FOUND", ERR_LIB_SSL, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_COMMAND_SECTION_NOT_FOUND", 20, 125}, ++ #endif ++ #ifdef SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION ++ {"SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION", ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION}, ++ #else ++ {"SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION", 20, 228}, ++ #endif ++ #ifdef SSL_R_SSL_HANDSHAKE_FAILURE ++ {"SSL_HANDSHAKE_FAILURE", ERR_LIB_SSL, SSL_R_SSL_HANDSHAKE_FAILURE}, ++ #else ++ {"SSL_HANDSHAKE_FAILURE", 20, 229}, ++ #endif ++ #ifdef SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ++ {"SSL_LIBRARY_HAS_NO_CIPHERS", ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS}, ++ #else ++ {"SSL_LIBRARY_HAS_NO_CIPHERS", 20, 230}, ++ #endif ++ #ifdef SSL_R_SSL_NEGATIVE_LENGTH ++ {"SSL_NEGATIVE_LENGTH", ERR_LIB_SSL, SSL_R_SSL_NEGATIVE_LENGTH}, ++ #else ++ {"SSL_NEGATIVE_LENGTH", 20, 372}, ++ #endif ++ #ifdef SSL_R_SSL_SECTION_EMPTY ++ {"SSL_SECTION_EMPTY", ERR_LIB_SSL, SSL_R_SSL_SECTION_EMPTY}, ++ #else ++ {"SSL_SECTION_EMPTY", 20, 126}, ++ #endif ++ #ifdef SSL_R_SSL_SECTION_NOT_FOUND ++ {"SSL_SECTION_NOT_FOUND", ERR_LIB_SSL, SSL_R_SSL_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_SECTION_NOT_FOUND", 20, 136}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ++ {"SSL_SESSION_ID_CALLBACK_FAILED", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED}, ++ #else ++ {"SSL_SESSION_ID_CALLBACK_FAILED", 20, 301}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_CONFLICT ++ {"SSL_SESSION_ID_CONFLICT", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONFLICT}, ++ #else ++ {"SSL_SESSION_ID_CONFLICT", 20, 302}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ++ {"SSL_SESSION_ID_CONTEXT_TOO_LONG", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG}, ++ #else ++ {"SSL_SESSION_ID_CONTEXT_TOO_LONG", 20, 273}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ++ {"SSL_SESSION_ID_HAS_BAD_LENGTH", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH}, ++ #else ++ {"SSL_SESSION_ID_HAS_BAD_LENGTH", 20, 303}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_TOO_LONG ++ {"SSL_SESSION_ID_TOO_LONG", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG}, ++ #else ++ {"SSL_SESSION_ID_TOO_LONG", 20, 408}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_VERSION_MISMATCH ++ {"SSL_SESSION_VERSION_MISMATCH", ERR_LIB_SSL, SSL_R_SSL_SESSION_VERSION_MISMATCH}, ++ #else ++ {"SSL_SESSION_VERSION_MISMATCH", 20, 210}, ++ #endif ++ #ifdef SSL_R_STILL_IN_INIT ++ {"STILL_IN_INIT", ERR_LIB_SSL, SSL_R_STILL_IN_INIT}, ++ #else ++ {"STILL_IN_INIT", 20, 121}, ++ #endif ++ #ifdef SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED ++ {"TLSV13_ALERT_CERTIFICATE_REQUIRED", ERR_LIB_SSL, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED}, ++ #else ++ {"TLSV13_ALERT_CERTIFICATE_REQUIRED", 20, 1116}, ++ #endif ++ #ifdef SSL_R_TLSV13_ALERT_MISSING_EXTENSION ++ {"TLSV13_ALERT_MISSING_EXTENSION", ERR_LIB_SSL, SSL_R_TLSV13_ALERT_MISSING_EXTENSION}, ++ #else ++ {"TLSV13_ALERT_MISSING_EXTENSION", 20, 1109}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_ACCESS_DENIED ++ {"TLSV1_ALERT_ACCESS_DENIED", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_ACCESS_DENIED}, ++ #else ++ {"TLSV1_ALERT_ACCESS_DENIED", 20, 1049}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_DECODE_ERROR ++ {"TLSV1_ALERT_DECODE_ERROR", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_DECODE_ERROR}, ++ #else ++ {"TLSV1_ALERT_DECODE_ERROR", 20, 1050}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ++ {"TLSV1_ALERT_DECRYPTION_FAILED", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED}, ++ #else ++ {"TLSV1_ALERT_DECRYPTION_FAILED", 20, 1021}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_DECRYPT_ERROR ++ {"TLSV1_ALERT_DECRYPT_ERROR", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_DECRYPT_ERROR}, ++ #else ++ {"TLSV1_ALERT_DECRYPT_ERROR", 20, 1051}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ++ {"TLSV1_ALERT_EXPORT_RESTRICTION", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION}, ++ #else ++ {"TLSV1_ALERT_EXPORT_RESTRICTION", 20, 1060}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK ++ {"TLSV1_ALERT_INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK}, ++ #else ++ {"TLSV1_ALERT_INAPPROPRIATE_FALLBACK", 20, 1086}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ++ {"TLSV1_ALERT_INSUFFICIENT_SECURITY", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY}, ++ #else ++ {"TLSV1_ALERT_INSUFFICIENT_SECURITY", 20, 1071}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_INTERNAL_ERROR ++ {"TLSV1_ALERT_INTERNAL_ERROR", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INTERNAL_ERROR}, ++ #else ++ {"TLSV1_ALERT_INTERNAL_ERROR", 20, 1080}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ++ {"TLSV1_ALERT_NO_RENEGOTIATION", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION}, ++ #else ++ {"TLSV1_ALERT_NO_RENEGOTIATION", 20, 1100}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ++ {"TLSV1_ALERT_PROTOCOL_VERSION", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION}, ++ #else ++ {"TLSV1_ALERT_PROTOCOL_VERSION", 20, 1070}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ++ {"TLSV1_ALERT_RECORD_OVERFLOW", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW}, ++ #else ++ {"TLSV1_ALERT_RECORD_OVERFLOW", 20, 1022}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_UNKNOWN_CA ++ {"TLSV1_ALERT_UNKNOWN_CA", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_UNKNOWN_CA}, ++ #else ++ {"TLSV1_ALERT_UNKNOWN_CA", 20, 1048}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_USER_CANCELLED ++ {"TLSV1_ALERT_USER_CANCELLED", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_USER_CANCELLED}, ++ #else ++ {"TLSV1_ALERT_USER_CANCELLED", 20, 1090}, ++ #endif ++ #ifdef SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE ++ {"TLSV1_BAD_CERTIFICATE_HASH_VALUE", ERR_LIB_SSL, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE}, ++ #else ++ {"TLSV1_BAD_CERTIFICATE_HASH_VALUE", 20, 1114}, ++ #endif ++ #ifdef SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE ++ {"TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE", ERR_LIB_SSL, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE}, ++ #else ++ {"TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE", 20, 1113}, ++ #endif ++ #ifdef SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE ++ {"TLSV1_CERTIFICATE_UNOBTAINABLE", ERR_LIB_SSL, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE}, ++ #else ++ {"TLSV1_CERTIFICATE_UNOBTAINABLE", 20, 1111}, ++ #endif ++ #ifdef SSL_R_TLSV1_UNRECOGNIZED_NAME ++ {"TLSV1_UNRECOGNIZED_NAME", ERR_LIB_SSL, SSL_R_TLSV1_UNRECOGNIZED_NAME}, ++ #else ++ {"TLSV1_UNRECOGNIZED_NAME", 20, 1112}, ++ #endif ++ #ifdef SSL_R_TLSV1_UNSUPPORTED_EXTENSION ++ {"TLSV1_UNSUPPORTED_EXTENSION", ERR_LIB_SSL, SSL_R_TLSV1_UNSUPPORTED_EXTENSION}, ++ #else ++ {"TLSV1_UNSUPPORTED_EXTENSION", 20, 1110}, ++ #endif ++ #ifdef SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT ++ {"TLS_HEARTBEAT_PEER_DOESNT_ACCEPT", ERR_LIB_SSL, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT}, ++ #else ++ {"TLS_HEARTBEAT_PEER_DOESNT_ACCEPT", 20, 365}, ++ #endif ++ #ifdef SSL_R_TLS_HEARTBEAT_PENDING ++ {"TLS_HEARTBEAT_PENDING", ERR_LIB_SSL, SSL_R_TLS_HEARTBEAT_PENDING}, ++ #else ++ {"TLS_HEARTBEAT_PENDING", 20, 366}, ++ #endif ++ #ifdef SSL_R_TLS_ILLEGAL_EXPORTER_LABEL ++ {"TLS_ILLEGAL_EXPORTER_LABEL", ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL}, ++ #else ++ {"TLS_ILLEGAL_EXPORTER_LABEL", 20, 367}, ++ #endif ++ #ifdef SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST ++ {"TLS_INVALID_ECPOINTFORMAT_LIST", ERR_LIB_SSL, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST}, ++ #else ++ {"TLS_INVALID_ECPOINTFORMAT_LIST", 20, 157}, ++ #endif ++ #ifdef SSL_R_TOO_MANY_KEY_UPDATES ++ {"TOO_MANY_KEY_UPDATES", ERR_LIB_SSL, SSL_R_TOO_MANY_KEY_UPDATES}, ++ #else ++ {"TOO_MANY_KEY_UPDATES", 20, 132}, ++ #endif ++ #ifdef SSL_R_TOO_MANY_WARN_ALERTS ++ {"TOO_MANY_WARN_ALERTS", ERR_LIB_SSL, SSL_R_TOO_MANY_WARN_ALERTS}, ++ #else ++ {"TOO_MANY_WARN_ALERTS", 20, 409}, ++ #endif ++ #ifdef SSL_R_TOO_MUCH_EARLY_DATA ++ {"TOO_MUCH_EARLY_DATA", ERR_LIB_SSL, SSL_R_TOO_MUCH_EARLY_DATA}, ++ #else ++ {"TOO_MUCH_EARLY_DATA", 20, 164}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS ++ {"UNABLE_TO_FIND_ECDH_PARAMETERS", ERR_LIB_SSL, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS}, ++ #else ++ {"UNABLE_TO_FIND_ECDH_PARAMETERS", 20, 314}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS ++ {"UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS", ERR_LIB_SSL, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS}, ++ #else ++ {"UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS", 20, 239}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ++ {"UNABLE_TO_LOAD_SSL3_MD5_ROUTINES", ERR_LIB_SSL, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES}, ++ #else ++ {"UNABLE_TO_LOAD_SSL3_MD5_ROUTINES", 20, 242}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ++ {"UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES", ERR_LIB_SSL, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES}, ++ #else ++ {"UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES", 20, 243}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_CCS_MESSAGE ++ {"UNEXPECTED_CCS_MESSAGE", ERR_LIB_SSL, SSL_R_UNEXPECTED_CCS_MESSAGE}, ++ #else ++ {"UNEXPECTED_CCS_MESSAGE", 20, 262}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_END_OF_EARLY_DATA ++ {"UNEXPECTED_END_OF_EARLY_DATA", ERR_LIB_SSL, SSL_R_UNEXPECTED_END_OF_EARLY_DATA}, ++ #else ++ {"UNEXPECTED_END_OF_EARLY_DATA", 20, 178}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_MESSAGE ++ {"UNEXPECTED_MESSAGE", ERR_LIB_SSL, SSL_R_UNEXPECTED_MESSAGE}, ++ #else ++ {"UNEXPECTED_MESSAGE", 20, 244}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_RECORD ++ {"UNEXPECTED_RECORD", ERR_LIB_SSL, SSL_R_UNEXPECTED_RECORD}, ++ #else ++ {"UNEXPECTED_RECORD", 20, 245}, ++ #endif ++ #ifdef SSL_R_UNINITIALIZED ++ {"UNINITIALIZED", ERR_LIB_SSL, SSL_R_UNINITIALIZED}, ++ #else ++ {"UNINITIALIZED", 20, 276}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_ALERT_TYPE ++ {"UNKNOWN_ALERT_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_ALERT_TYPE}, ++ #else ++ {"UNKNOWN_ALERT_TYPE", 20, 246}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CERTIFICATE_TYPE ++ {"UNKNOWN_CERTIFICATE_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE}, ++ #else ++ {"UNKNOWN_CERTIFICATE_TYPE", 20, 247}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CIPHER_RETURNED ++ {"UNKNOWN_CIPHER_RETURNED", ERR_LIB_SSL, SSL_R_UNKNOWN_CIPHER_RETURNED}, ++ #else ++ {"UNKNOWN_CIPHER_RETURNED", 20, 248}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CIPHER_TYPE ++ {"UNKNOWN_CIPHER_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_CIPHER_TYPE}, ++ #else ++ {"UNKNOWN_CIPHER_TYPE", 20, 249}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CMD_NAME ++ {"UNKNOWN_CMD_NAME", ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME}, ++ #else ++ {"UNKNOWN_CMD_NAME", 20, 386}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_COMMAND ++ {"UNKNOWN_COMMAND", ERR_LIB_SSL, SSL_R_UNKNOWN_COMMAND}, ++ #else ++ {"UNKNOWN_COMMAND", 20, 139}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_SSL, SSL_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 20, 368}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ++ {"UNKNOWN_KEY_EXCHANGE_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE}, ++ #else ++ {"UNKNOWN_KEY_EXCHANGE_TYPE", 20, 250}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_PKEY_TYPE ++ {"UNKNOWN_PKEY_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_PKEY_TYPE}, ++ #else ++ {"UNKNOWN_PKEY_TYPE", 20, 251}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_PROTOCOL ++ {"UNKNOWN_PROTOCOL", ERR_LIB_SSL, SSL_R_UNKNOWN_PROTOCOL}, ++ #else ++ {"UNKNOWN_PROTOCOL", 20, 252}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_SSL_VERSION ++ {"UNKNOWN_SSL_VERSION", ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION}, ++ #else ++ {"UNKNOWN_SSL_VERSION", 20, 254}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_STATE ++ {"UNKNOWN_STATE", ERR_LIB_SSL, SSL_R_UNKNOWN_STATE}, ++ #else ++ {"UNKNOWN_STATE", 20, 255}, ++ #endif ++ #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED ++ {"UNSAFE_LEGACY_RENEGOTIATION_DISABLED", ERR_LIB_SSL, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED}, ++ #else ++ {"UNSAFE_LEGACY_RENEGOTIATION_DISABLED", 20, 338}, ++ #endif ++ #ifdef SSL_R_UNSOLICITED_EXTENSION ++ {"UNSOLICITED_EXTENSION", ERR_LIB_SSL, SSL_R_UNSOLICITED_EXTENSION}, ++ #else ++ {"UNSOLICITED_EXTENSION", 20, 217}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", ERR_LIB_SSL, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", 20, 257}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_ELLIPTIC_CURVE ++ {"UNSUPPORTED_ELLIPTIC_CURVE", ERR_LIB_SSL, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE}, ++ #else ++ {"UNSUPPORTED_ELLIPTIC_CURVE", 20, 315}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_PROTOCOL ++ {"UNSUPPORTED_PROTOCOL", ERR_LIB_SSL, SSL_R_UNSUPPORTED_PROTOCOL}, ++ #else ++ {"UNSUPPORTED_PROTOCOL", 20, 258}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_SSL_VERSION ++ {"UNSUPPORTED_SSL_VERSION", ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION}, ++ #else ++ {"UNSUPPORTED_SSL_VERSION", 20, 259}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_STATUS_TYPE ++ {"UNSUPPORTED_STATUS_TYPE", ERR_LIB_SSL, SSL_R_UNSUPPORTED_STATUS_TYPE}, ++ #else ++ {"UNSUPPORTED_STATUS_TYPE", 20, 329}, ++ #endif ++ #ifdef SSL_R_USE_SRTP_NOT_NEGOTIATED ++ {"USE_SRTP_NOT_NEGOTIATED", ERR_LIB_SSL, SSL_R_USE_SRTP_NOT_NEGOTIATED}, ++ #else ++ {"USE_SRTP_NOT_NEGOTIATED", 20, 369}, ++ #endif ++ #ifdef SSL_R_VERSION_TOO_HIGH ++ {"VERSION_TOO_HIGH", ERR_LIB_SSL, SSL_R_VERSION_TOO_HIGH}, ++ #else ++ {"VERSION_TOO_HIGH", 20, 166}, ++ #endif ++ #ifdef SSL_R_VERSION_TOO_LOW ++ {"VERSION_TOO_LOW", ERR_LIB_SSL, SSL_R_VERSION_TOO_LOW}, ++ #else ++ {"VERSION_TOO_LOW", 20, 396}, ++ #endif ++ #ifdef SSL_R_WRONG_CERTIFICATE_TYPE ++ {"WRONG_CERTIFICATE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_CERTIFICATE_TYPE}, ++ #else ++ {"WRONG_CERTIFICATE_TYPE", 20, 383}, ++ #endif ++ #ifdef SSL_R_WRONG_CIPHER_RETURNED ++ {"WRONG_CIPHER_RETURNED", ERR_LIB_SSL, SSL_R_WRONG_CIPHER_RETURNED}, ++ #else ++ {"WRONG_CIPHER_RETURNED", 20, 261}, ++ #endif ++ #ifdef SSL_R_WRONG_CURVE ++ {"WRONG_CURVE", ERR_LIB_SSL, SSL_R_WRONG_CURVE}, ++ #else ++ {"WRONG_CURVE", 20, 378}, ++ #endif ++ #ifdef SSL_R_WRONG_SIGNATURE_LENGTH ++ {"WRONG_SIGNATURE_LENGTH", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_LENGTH}, ++ #else ++ {"WRONG_SIGNATURE_LENGTH", 20, 264}, ++ #endif ++ #ifdef SSL_R_WRONG_SIGNATURE_SIZE ++ {"WRONG_SIGNATURE_SIZE", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_SIZE}, ++ #else ++ {"WRONG_SIGNATURE_SIZE", 20, 265}, ++ #endif ++ #ifdef SSL_R_WRONG_SIGNATURE_TYPE ++ {"WRONG_SIGNATURE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_TYPE}, ++ #else ++ {"WRONG_SIGNATURE_TYPE", 20, 370}, ++ #endif ++ #ifdef SSL_R_WRONG_SSL_VERSION ++ {"WRONG_SSL_VERSION", ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION}, ++ #else ++ {"WRONG_SSL_VERSION", 20, 266}, ++ #endif ++ #ifdef SSL_R_WRONG_VERSION_NUMBER ++ {"WRONG_VERSION_NUMBER", ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER}, ++ #else ++ {"WRONG_VERSION_NUMBER", 20, 267}, ++ #endif ++ #ifdef SSL_R_X509_LIB ++ {"X509_LIB", ERR_LIB_SSL, SSL_R_X509_LIB}, ++ #else ++ {"X509_LIB", 20, 268}, ++ #endif ++ #ifdef SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ++ {"X509_VERIFICATION_SETUP_PROBLEMS", ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS}, ++ #else ++ {"X509_VERIFICATION_SETUP_PROBLEMS", 20, 269}, ++ #endif ++ #ifdef TS_R_BAD_PKCS7_TYPE ++ {"BAD_PKCS7_TYPE", ERR_LIB_TS, TS_R_BAD_PKCS7_TYPE}, ++ #else ++ {"BAD_PKCS7_TYPE", 47, 132}, ++ #endif ++ #ifdef TS_R_BAD_TYPE ++ {"BAD_TYPE", ERR_LIB_TS, TS_R_BAD_TYPE}, ++ #else ++ {"BAD_TYPE", 47, 133}, ++ #endif ++ #ifdef TS_R_CANNOT_LOAD_CERT ++ {"CANNOT_LOAD_CERT", ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT}, ++ #else ++ {"CANNOT_LOAD_CERT", 47, 137}, ++ #endif ++ #ifdef TS_R_CANNOT_LOAD_KEY ++ {"CANNOT_LOAD_KEY", ERR_LIB_TS, TS_R_CANNOT_LOAD_KEY}, ++ #else ++ {"CANNOT_LOAD_KEY", 47, 138}, ++ #endif ++ #ifdef TS_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_TS, TS_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 47, 100}, ++ #endif ++ #ifdef TS_R_COULD_NOT_SET_ENGINE ++ {"COULD_NOT_SET_ENGINE", ERR_LIB_TS, TS_R_COULD_NOT_SET_ENGINE}, ++ #else ++ {"COULD_NOT_SET_ENGINE", 47, 127}, ++ #endif ++ #ifdef TS_R_COULD_NOT_SET_TIME ++ {"COULD_NOT_SET_TIME", ERR_LIB_TS, TS_R_COULD_NOT_SET_TIME}, ++ #else ++ {"COULD_NOT_SET_TIME", 47, 115}, ++ #endif ++ #ifdef TS_R_DETACHED_CONTENT ++ {"DETACHED_CONTENT", ERR_LIB_TS, TS_R_DETACHED_CONTENT}, ++ #else ++ {"DETACHED_CONTENT", 47, 134}, ++ #endif ++ #ifdef TS_R_ESS_ADD_SIGNING_CERT_ERROR ++ {"ESS_ADD_SIGNING_CERT_ERROR", ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR}, ++ #else ++ {"ESS_ADD_SIGNING_CERT_ERROR", 47, 116}, ++ #endif ++ #ifdef TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR ++ {"ESS_ADD_SIGNING_CERT_V2_ERROR", ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR}, ++ #else ++ {"ESS_ADD_SIGNING_CERT_V2_ERROR", 47, 139}, ++ #endif ++ #ifdef TS_R_ESS_SIGNING_CERTIFICATE_ERROR ++ {"ESS_SIGNING_CERTIFICATE_ERROR", ERR_LIB_TS, TS_R_ESS_SIGNING_CERTIFICATE_ERROR}, ++ #else ++ {"ESS_SIGNING_CERTIFICATE_ERROR", 47, 101}, ++ #endif ++ #ifdef TS_R_INVALID_NULL_POINTER ++ {"INVALID_NULL_POINTER", ERR_LIB_TS, TS_R_INVALID_NULL_POINTER}, ++ #else ++ {"INVALID_NULL_POINTER", 47, 102}, ++ #endif ++ #ifdef TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE ++ {"INVALID_SIGNER_CERTIFICATE_PURPOSE", ERR_LIB_TS, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE}, ++ #else ++ {"INVALID_SIGNER_CERTIFICATE_PURPOSE", 47, 117}, ++ #endif ++ #ifdef TS_R_MESSAGE_IMPRINT_MISMATCH ++ {"MESSAGE_IMPRINT_MISMATCH", ERR_LIB_TS, TS_R_MESSAGE_IMPRINT_MISMATCH}, ++ #else ++ {"MESSAGE_IMPRINT_MISMATCH", 47, 103}, ++ #endif ++ #ifdef TS_R_NONCE_MISMATCH ++ {"NONCE_MISMATCH", ERR_LIB_TS, TS_R_NONCE_MISMATCH}, ++ #else ++ {"NONCE_MISMATCH", 47, 104}, ++ #endif ++ #ifdef TS_R_NONCE_NOT_RETURNED ++ {"NONCE_NOT_RETURNED", ERR_LIB_TS, TS_R_NONCE_NOT_RETURNED}, ++ #else ++ {"NONCE_NOT_RETURNED", 47, 105}, ++ #endif ++ #ifdef TS_R_NO_CONTENT ++ {"NO_CONTENT", ERR_LIB_TS, TS_R_NO_CONTENT}, ++ #else ++ {"NO_CONTENT", 47, 106}, ++ #endif ++ #ifdef TS_R_NO_TIME_STAMP_TOKEN ++ {"NO_TIME_STAMP_TOKEN", ERR_LIB_TS, TS_R_NO_TIME_STAMP_TOKEN}, ++ #else ++ {"NO_TIME_STAMP_TOKEN", 47, 107}, ++ #endif ++ #ifdef TS_R_PKCS7_ADD_SIGNATURE_ERROR ++ {"PKCS7_ADD_SIGNATURE_ERROR", ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNATURE_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNATURE_ERROR", 47, 118}, ++ #endif ++ #ifdef TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR ++ {"PKCS7_ADD_SIGNED_ATTR_ERROR", ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNED_ATTR_ERROR", 47, 119}, ++ #endif ++ #ifdef TS_R_PKCS7_TO_TS_TST_INFO_FAILED ++ {"PKCS7_TO_TS_TST_INFO_FAILED", ERR_LIB_TS, TS_R_PKCS7_TO_TS_TST_INFO_FAILED}, ++ #else ++ {"PKCS7_TO_TS_TST_INFO_FAILED", 47, 129}, ++ #endif ++ #ifdef TS_R_POLICY_MISMATCH ++ {"POLICY_MISMATCH", ERR_LIB_TS, TS_R_POLICY_MISMATCH}, ++ #else ++ {"POLICY_MISMATCH", 47, 108}, ++ #endif ++ #ifdef TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_TS, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 47, 120}, ++ #endif ++ #ifdef TS_R_RESPONSE_SETUP_ERROR ++ {"RESPONSE_SETUP_ERROR", ERR_LIB_TS, TS_R_RESPONSE_SETUP_ERROR}, ++ #else ++ {"RESPONSE_SETUP_ERROR", 47, 121}, ++ #endif ++ #ifdef TS_R_SIGNATURE_FAILURE ++ {"SIGNATURE_FAILURE", ERR_LIB_TS, TS_R_SIGNATURE_FAILURE}, ++ #else ++ {"SIGNATURE_FAILURE", 47, 109}, ++ #endif ++ #ifdef TS_R_THERE_MUST_BE_ONE_SIGNER ++ {"THERE_MUST_BE_ONE_SIGNER", ERR_LIB_TS, TS_R_THERE_MUST_BE_ONE_SIGNER}, ++ #else ++ {"THERE_MUST_BE_ONE_SIGNER", 47, 110}, ++ #endif ++ #ifdef TS_R_TIME_SYSCALL_ERROR ++ {"TIME_SYSCALL_ERROR", ERR_LIB_TS, TS_R_TIME_SYSCALL_ERROR}, ++ #else ++ {"TIME_SYSCALL_ERROR", 47, 122}, ++ #endif ++ #ifdef TS_R_TOKEN_NOT_PRESENT ++ {"TOKEN_NOT_PRESENT", ERR_LIB_TS, TS_R_TOKEN_NOT_PRESENT}, ++ #else ++ {"TOKEN_NOT_PRESENT", 47, 130}, ++ #endif ++ #ifdef TS_R_TOKEN_PRESENT ++ {"TOKEN_PRESENT", ERR_LIB_TS, TS_R_TOKEN_PRESENT}, ++ #else ++ {"TOKEN_PRESENT", 47, 131}, ++ #endif ++ #ifdef TS_R_TSA_NAME_MISMATCH ++ {"TSA_NAME_MISMATCH", ERR_LIB_TS, TS_R_TSA_NAME_MISMATCH}, ++ #else ++ {"TSA_NAME_MISMATCH", 47, 111}, ++ #endif ++ #ifdef TS_R_TSA_UNTRUSTED ++ {"TSA_UNTRUSTED", ERR_LIB_TS, TS_R_TSA_UNTRUSTED}, ++ #else ++ {"TSA_UNTRUSTED", 47, 112}, ++ #endif ++ #ifdef TS_R_TST_INFO_SETUP_ERROR ++ {"TST_INFO_SETUP_ERROR", ERR_LIB_TS, TS_R_TST_INFO_SETUP_ERROR}, ++ #else ++ {"TST_INFO_SETUP_ERROR", 47, 123}, ++ #endif ++ #ifdef TS_R_TS_DATASIGN ++ {"TS_DATASIGN", ERR_LIB_TS, TS_R_TS_DATASIGN}, ++ #else ++ {"TS_DATASIGN", 47, 124}, ++ #endif ++ #ifdef TS_R_UNACCEPTABLE_POLICY ++ {"UNACCEPTABLE_POLICY", ERR_LIB_TS, TS_R_UNACCEPTABLE_POLICY}, ++ #else ++ {"UNACCEPTABLE_POLICY", 47, 125}, ++ #endif ++ #ifdef TS_R_UNSUPPORTED_MD_ALGORITHM ++ {"UNSUPPORTED_MD_ALGORITHM", ERR_LIB_TS, TS_R_UNSUPPORTED_MD_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_MD_ALGORITHM", 47, 126}, ++ #endif ++ #ifdef TS_R_UNSUPPORTED_VERSION ++ {"UNSUPPORTED_VERSION", ERR_LIB_TS, TS_R_UNSUPPORTED_VERSION}, ++ #else ++ {"UNSUPPORTED_VERSION", 47, 113}, ++ #endif ++ #ifdef TS_R_VAR_BAD_VALUE ++ {"VAR_BAD_VALUE", ERR_LIB_TS, TS_R_VAR_BAD_VALUE}, ++ #else ++ {"VAR_BAD_VALUE", 47, 135}, ++ #endif ++ #ifdef TS_R_VAR_LOOKUP_FAILURE ++ {"VAR_LOOKUP_FAILURE", ERR_LIB_TS, TS_R_VAR_LOOKUP_FAILURE}, ++ #else ++ {"VAR_LOOKUP_FAILURE", 47, 136}, ++ #endif ++ #ifdef TS_R_WRONG_CONTENT_TYPE ++ {"WRONG_CONTENT_TYPE", ERR_LIB_TS, TS_R_WRONG_CONTENT_TYPE}, ++ #else ++ {"WRONG_CONTENT_TYPE", 47, 114}, ++ #endif ++ #ifdef UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ++ {"COMMON_OK_AND_CANCEL_CHARACTERS", ERR_LIB_UI, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS}, ++ #else ++ {"COMMON_OK_AND_CANCEL_CHARACTERS", 40, 104}, ++ #endif ++ #ifdef UI_R_INDEX_TOO_LARGE ++ {"INDEX_TOO_LARGE", ERR_LIB_UI, UI_R_INDEX_TOO_LARGE}, ++ #else ++ {"INDEX_TOO_LARGE", 40, 102}, ++ #endif ++ #ifdef UI_R_INDEX_TOO_SMALL ++ {"INDEX_TOO_SMALL", ERR_LIB_UI, UI_R_INDEX_TOO_SMALL}, ++ #else ++ {"INDEX_TOO_SMALL", 40, 103}, ++ #endif ++ #ifdef UI_R_NO_RESULT_BUFFER ++ {"NO_RESULT_BUFFER", ERR_LIB_UI, UI_R_NO_RESULT_BUFFER}, ++ #else ++ {"NO_RESULT_BUFFER", 40, 105}, ++ #endif ++ #ifdef UI_R_PROCESSING_ERROR ++ {"PROCESSING_ERROR", ERR_LIB_UI, UI_R_PROCESSING_ERROR}, ++ #else ++ {"PROCESSING_ERROR", 40, 107}, ++ #endif ++ #ifdef UI_R_RESULT_TOO_LARGE ++ {"RESULT_TOO_LARGE", ERR_LIB_UI, UI_R_RESULT_TOO_LARGE}, ++ #else ++ {"RESULT_TOO_LARGE", 40, 100}, ++ #endif ++ #ifdef UI_R_RESULT_TOO_SMALL ++ {"RESULT_TOO_SMALL", ERR_LIB_UI, UI_R_RESULT_TOO_SMALL}, ++ #else ++ {"RESULT_TOO_SMALL", 40, 101}, ++ #endif ++ #ifdef UI_R_SYSASSIGN_ERROR ++ {"SYSASSIGN_ERROR", ERR_LIB_UI, UI_R_SYSASSIGN_ERROR}, ++ #else ++ {"SYSASSIGN_ERROR", 40, 109}, ++ #endif ++ #ifdef UI_R_SYSDASSGN_ERROR ++ {"SYSDASSGN_ERROR", ERR_LIB_UI, UI_R_SYSDASSGN_ERROR}, ++ #else ++ {"SYSDASSGN_ERROR", 40, 110}, ++ #endif ++ #ifdef UI_R_SYSQIOW_ERROR ++ {"SYSQIOW_ERROR", ERR_LIB_UI, UI_R_SYSQIOW_ERROR}, ++ #else ++ {"SYSQIOW_ERROR", 40, 111}, ++ #endif ++ #ifdef UI_R_UNKNOWN_CONTROL_COMMAND ++ {"UNKNOWN_CONTROL_COMMAND", ERR_LIB_UI, UI_R_UNKNOWN_CONTROL_COMMAND}, ++ #else ++ {"UNKNOWN_CONTROL_COMMAND", 40, 106}, ++ #endif ++ #ifdef UI_R_UNKNOWN_TTYGET_ERRNO_VALUE ++ {"UNKNOWN_TTYGET_ERRNO_VALUE", ERR_LIB_UI, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE}, ++ #else ++ {"UNKNOWN_TTYGET_ERRNO_VALUE", 40, 108}, ++ #endif ++ #ifdef UI_R_USER_DATA_DUPLICATION_UNSUPPORTED ++ {"USER_DATA_DUPLICATION_UNSUPPORTED", ERR_LIB_UI, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED}, ++ #else ++ {"USER_DATA_DUPLICATION_UNSUPPORTED", 40, 112}, ++ #endif ++ #ifdef X509V3_R_BAD_IP_ADDRESS ++ {"BAD_IP_ADDRESS", ERR_LIB_X509V3, X509V3_R_BAD_IP_ADDRESS}, ++ #else ++ {"BAD_IP_ADDRESS", 34, 118}, ++ #endif ++ #ifdef X509V3_R_BAD_OBJECT ++ {"BAD_OBJECT", ERR_LIB_X509V3, X509V3_R_BAD_OBJECT}, ++ #else ++ {"BAD_OBJECT", 34, 119}, ++ #endif ++ #ifdef X509V3_R_BN_DEC2BN_ERROR ++ {"BN_DEC2BN_ERROR", ERR_LIB_X509V3, X509V3_R_BN_DEC2BN_ERROR}, ++ #else ++ {"BN_DEC2BN_ERROR", 34, 100}, ++ #endif ++ #ifdef X509V3_R_BN_TO_ASN1_INTEGER_ERROR ++ {"BN_TO_ASN1_INTEGER_ERROR", ERR_LIB_X509V3, X509V3_R_BN_TO_ASN1_INTEGER_ERROR}, ++ #else ++ {"BN_TO_ASN1_INTEGER_ERROR", 34, 101}, ++ #endif ++ #ifdef X509V3_R_DIRNAME_ERROR ++ {"DIRNAME_ERROR", ERR_LIB_X509V3, X509V3_R_DIRNAME_ERROR}, ++ #else ++ {"DIRNAME_ERROR", 34, 149}, ++ #endif ++ #ifdef X509V3_R_DISTPOINT_ALREADY_SET ++ {"DISTPOINT_ALREADY_SET", ERR_LIB_X509V3, X509V3_R_DISTPOINT_ALREADY_SET}, ++ #else ++ {"DISTPOINT_ALREADY_SET", 34, 160}, ++ #endif ++ #ifdef X509V3_R_DUPLICATE_ZONE_ID ++ {"DUPLICATE_ZONE_ID", ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID}, ++ #else ++ {"DUPLICATE_ZONE_ID", 34, 133}, ++ #endif ++ #ifdef X509V3_R_ERROR_CONVERTING_ZONE ++ {"ERROR_CONVERTING_ZONE", ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE}, ++ #else ++ {"ERROR_CONVERTING_ZONE", 34, 131}, ++ #endif ++ #ifdef X509V3_R_ERROR_CREATING_EXTENSION ++ {"ERROR_CREATING_EXTENSION", ERR_LIB_X509V3, X509V3_R_ERROR_CREATING_EXTENSION}, ++ #else ++ {"ERROR_CREATING_EXTENSION", 34, 144}, ++ #endif ++ #ifdef X509V3_R_ERROR_IN_EXTENSION ++ {"ERROR_IN_EXTENSION", ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION}, ++ #else ++ {"ERROR_IN_EXTENSION", 34, 128}, ++ #endif ++ #ifdef X509V3_R_EXPECTED_A_SECTION_NAME ++ {"EXPECTED_A_SECTION_NAME", ERR_LIB_X509V3, X509V3_R_EXPECTED_A_SECTION_NAME}, ++ #else ++ {"EXPECTED_A_SECTION_NAME", 34, 137}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_EXISTS ++ {"EXTENSION_EXISTS", ERR_LIB_X509V3, X509V3_R_EXTENSION_EXISTS}, ++ #else ++ {"EXTENSION_EXISTS", 34, 145}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_NAME_ERROR ++ {"EXTENSION_NAME_ERROR", ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR}, ++ #else ++ {"EXTENSION_NAME_ERROR", 34, 115}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_NOT_FOUND ++ {"EXTENSION_NOT_FOUND", ERR_LIB_X509V3, X509V3_R_EXTENSION_NOT_FOUND}, ++ #else ++ {"EXTENSION_NOT_FOUND", 34, 102}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED ++ {"EXTENSION_SETTING_NOT_SUPPORTED", ERR_LIB_X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED}, ++ #else ++ {"EXTENSION_SETTING_NOT_SUPPORTED", 34, 103}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_VALUE_ERROR ++ {"EXTENSION_VALUE_ERROR", ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR}, ++ #else ++ {"EXTENSION_VALUE_ERROR", 34, 116}, ++ #endif ++ #ifdef X509V3_R_ILLEGAL_EMPTY_EXTENSION ++ {"ILLEGAL_EMPTY_EXTENSION", ERR_LIB_X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION}, ++ #else ++ {"ILLEGAL_EMPTY_EXTENSION", 34, 151}, ++ #endif ++ #ifdef X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ++ {"INCORRECT_POLICY_SYNTAX_TAG", ERR_LIB_X509V3, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG}, ++ #else ++ {"INCORRECT_POLICY_SYNTAX_TAG", 34, 152}, ++ #endif ++ #ifdef X509V3_R_INVALID_ASNUMBER ++ {"INVALID_ASNUMBER", ERR_LIB_X509V3, X509V3_R_INVALID_ASNUMBER}, ++ #else ++ {"INVALID_ASNUMBER", 34, 162}, ++ #endif ++ #ifdef X509V3_R_INVALID_ASRANGE ++ {"INVALID_ASRANGE", ERR_LIB_X509V3, X509V3_R_INVALID_ASRANGE}, ++ #else ++ {"INVALID_ASRANGE", 34, 163}, ++ #endif ++ #ifdef X509V3_R_INVALID_BOOLEAN_STRING ++ {"INVALID_BOOLEAN_STRING", ERR_LIB_X509V3, X509V3_R_INVALID_BOOLEAN_STRING}, ++ #else ++ {"INVALID_BOOLEAN_STRING", 34, 104}, ++ #endif ++ #ifdef X509V3_R_INVALID_EXTENSION_STRING ++ {"INVALID_EXTENSION_STRING", ERR_LIB_X509V3, X509V3_R_INVALID_EXTENSION_STRING}, ++ #else ++ {"INVALID_EXTENSION_STRING", 34, 105}, ++ #endif ++ #ifdef X509V3_R_INVALID_INHERITANCE ++ {"INVALID_INHERITANCE", ERR_LIB_X509V3, X509V3_R_INVALID_INHERITANCE}, ++ #else ++ {"INVALID_INHERITANCE", 34, 165}, ++ #endif ++ #ifdef X509V3_R_INVALID_IPADDRESS ++ {"INVALID_IPADDRESS", ERR_LIB_X509V3, X509V3_R_INVALID_IPADDRESS}, ++ #else ++ {"INVALID_IPADDRESS", 34, 166}, ++ #endif ++ #ifdef X509V3_R_INVALID_MULTIPLE_RDNS ++ {"INVALID_MULTIPLE_RDNS", ERR_LIB_X509V3, X509V3_R_INVALID_MULTIPLE_RDNS}, ++ #else ++ {"INVALID_MULTIPLE_RDNS", 34, 161}, ++ #endif ++ #ifdef X509V3_R_INVALID_NAME ++ {"INVALID_NAME", ERR_LIB_X509V3, X509V3_R_INVALID_NAME}, ++ #else ++ {"INVALID_NAME", 34, 106}, ++ #endif ++ #ifdef X509V3_R_INVALID_NULL_ARGUMENT ++ {"INVALID_NULL_ARGUMENT", ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT}, ++ #else ++ {"INVALID_NULL_ARGUMENT", 34, 107}, ++ #endif ++ #ifdef X509V3_R_INVALID_NULL_NAME ++ {"INVALID_NULL_NAME", ERR_LIB_X509V3, X509V3_R_INVALID_NULL_NAME}, ++ #else ++ {"INVALID_NULL_NAME", 34, 108}, ++ #endif ++ #ifdef X509V3_R_INVALID_NULL_VALUE ++ {"INVALID_NULL_VALUE", ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE}, ++ #else ++ {"INVALID_NULL_VALUE", 34, 109}, ++ #endif ++ #ifdef X509V3_R_INVALID_NUMBER ++ {"INVALID_NUMBER", ERR_LIB_X509V3, X509V3_R_INVALID_NUMBER}, ++ #else ++ {"INVALID_NUMBER", 34, 140}, ++ #endif ++ #ifdef X509V3_R_INVALID_NUMBERS ++ {"INVALID_NUMBERS", ERR_LIB_X509V3, X509V3_R_INVALID_NUMBERS}, ++ #else ++ {"INVALID_NUMBERS", 34, 141}, ++ #endif ++ #ifdef X509V3_R_INVALID_OBJECT_IDENTIFIER ++ {"INVALID_OBJECT_IDENTIFIER", ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER}, ++ #else ++ {"INVALID_OBJECT_IDENTIFIER", 34, 110}, ++ #endif ++ #ifdef X509V3_R_INVALID_OPTION ++ {"INVALID_OPTION", ERR_LIB_X509V3, X509V3_R_INVALID_OPTION}, ++ #else ++ {"INVALID_OPTION", 34, 138}, ++ #endif ++ #ifdef X509V3_R_INVALID_POLICY_IDENTIFIER ++ {"INVALID_POLICY_IDENTIFIER", ERR_LIB_X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER}, ++ #else ++ {"INVALID_POLICY_IDENTIFIER", 34, 134}, ++ #endif ++ #ifdef X509V3_R_INVALID_PROXY_POLICY_SETTING ++ {"INVALID_PROXY_POLICY_SETTING", ERR_LIB_X509V3, X509V3_R_INVALID_PROXY_POLICY_SETTING}, ++ #else ++ {"INVALID_PROXY_POLICY_SETTING", 34, 153}, ++ #endif ++ #ifdef X509V3_R_INVALID_PURPOSE ++ {"INVALID_PURPOSE", ERR_LIB_X509V3, X509V3_R_INVALID_PURPOSE}, ++ #else ++ {"INVALID_PURPOSE", 34, 146}, ++ #endif ++ #ifdef X509V3_R_INVALID_SAFI ++ {"INVALID_SAFI", ERR_LIB_X509V3, X509V3_R_INVALID_SAFI}, ++ #else ++ {"INVALID_SAFI", 34, 164}, ++ #endif ++ #ifdef X509V3_R_INVALID_SECTION ++ {"INVALID_SECTION", ERR_LIB_X509V3, X509V3_R_INVALID_SECTION}, ++ #else ++ {"INVALID_SECTION", 34, 135}, ++ #endif ++ #ifdef X509V3_R_INVALID_SYNTAX ++ {"INVALID_SYNTAX", ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX}, ++ #else ++ {"INVALID_SYNTAX", 34, 143}, ++ #endif ++ #ifdef X509V3_R_ISSUER_DECODE_ERROR ++ {"ISSUER_DECODE_ERROR", ERR_LIB_X509V3, X509V3_R_ISSUER_DECODE_ERROR}, ++ #else ++ {"ISSUER_DECODE_ERROR", 34, 126}, ++ #endif ++ #ifdef X509V3_R_MISSING_VALUE ++ {"MISSING_VALUE", ERR_LIB_X509V3, X509V3_R_MISSING_VALUE}, ++ #else ++ {"MISSING_VALUE", 34, 124}, ++ #endif ++ #ifdef X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ++ {"NEED_ORGANIZATION_AND_NUMBERS", ERR_LIB_X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS}, ++ #else ++ {"NEED_ORGANIZATION_AND_NUMBERS", 34, 142}, ++ #endif ++ #ifdef X509V3_R_NO_CONFIG_DATABASE ++ {"NO_CONFIG_DATABASE", ERR_LIB_X509V3, X509V3_R_NO_CONFIG_DATABASE}, ++ #else ++ {"NO_CONFIG_DATABASE", 34, 136}, ++ #endif ++ #ifdef X509V3_R_NO_ISSUER_CERTIFICATE ++ {"NO_ISSUER_CERTIFICATE", ERR_LIB_X509V3, X509V3_R_NO_ISSUER_CERTIFICATE}, ++ #else ++ {"NO_ISSUER_CERTIFICATE", 34, 121}, ++ #endif ++ #ifdef X509V3_R_NO_ISSUER_DETAILS ++ {"NO_ISSUER_DETAILS", ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS}, ++ #else ++ {"NO_ISSUER_DETAILS", 34, 127}, ++ #endif ++ #ifdef X509V3_R_NO_POLICY_IDENTIFIER ++ {"NO_POLICY_IDENTIFIER", ERR_LIB_X509V3, X509V3_R_NO_POLICY_IDENTIFIER}, ++ #else ++ {"NO_POLICY_IDENTIFIER", 34, 139}, ++ #endif ++ #ifdef X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED ++ {"NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED", ERR_LIB_X509V3, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED}, ++ #else ++ {"NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED", 34, 154}, ++ #endif ++ #ifdef X509V3_R_NO_PUBLIC_KEY ++ {"NO_PUBLIC_KEY", ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY}, ++ #else ++ {"NO_PUBLIC_KEY", 34, 114}, ++ #endif ++ #ifdef X509V3_R_NO_SUBJECT_DETAILS ++ {"NO_SUBJECT_DETAILS", ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS}, ++ #else ++ {"NO_SUBJECT_DETAILS", 34, 125}, ++ #endif ++ #ifdef X509V3_R_OPERATION_NOT_DEFINED ++ {"OPERATION_NOT_DEFINED", ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED}, ++ #else ++ {"OPERATION_NOT_DEFINED", 34, 148}, ++ #endif ++ #ifdef X509V3_R_OTHERNAME_ERROR ++ {"OTHERNAME_ERROR", ERR_LIB_X509V3, X509V3_R_OTHERNAME_ERROR}, ++ #else ++ {"OTHERNAME_ERROR", 34, 147}, ++ #endif ++ #ifdef X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED ++ {"POLICY_LANGUAGE_ALREADY_DEFINED", ERR_LIB_X509V3, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED}, ++ #else ++ {"POLICY_LANGUAGE_ALREADY_DEFINED", 34, 155}, ++ #endif ++ #ifdef X509V3_R_POLICY_PATH_LENGTH ++ {"POLICY_PATH_LENGTH", ERR_LIB_X509V3, X509V3_R_POLICY_PATH_LENGTH}, ++ #else ++ {"POLICY_PATH_LENGTH", 34, 156}, ++ #endif ++ #ifdef X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED ++ {"POLICY_PATH_LENGTH_ALREADY_DEFINED", ERR_LIB_X509V3, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED}, ++ #else ++ {"POLICY_PATH_LENGTH_ALREADY_DEFINED", 34, 157}, ++ #endif ++ #ifdef X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY ++ {"POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY", ERR_LIB_X509V3, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY}, ++ #else ++ {"POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY", 34, 159}, ++ #endif ++ #ifdef X509V3_R_SECTION_NOT_FOUND ++ {"SECTION_NOT_FOUND", ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND}, ++ #else ++ {"SECTION_NOT_FOUND", 34, 150}, ++ #endif ++ #ifdef X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ++ {"UNABLE_TO_GET_ISSUER_DETAILS", ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS}, ++ #else ++ {"UNABLE_TO_GET_ISSUER_DETAILS", 34, 122}, ++ #endif ++ #ifdef X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ++ {"UNABLE_TO_GET_ISSUER_KEYID", ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID}, ++ #else ++ {"UNABLE_TO_GET_ISSUER_KEYID", 34, 123}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ++ {"UNKNOWN_BIT_STRING_ARGUMENT", ERR_LIB_X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT}, ++ #else ++ {"UNKNOWN_BIT_STRING_ARGUMENT", 34, 111}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_EXTENSION ++ {"UNKNOWN_EXTENSION", ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION}, ++ #else ++ {"UNKNOWN_EXTENSION", 34, 129}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_EXTENSION_NAME ++ {"UNKNOWN_EXTENSION_NAME", ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME}, ++ #else ++ {"UNKNOWN_EXTENSION_NAME", 34, 130}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_OPTION ++ {"UNKNOWN_OPTION", ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION}, ++ #else ++ {"UNKNOWN_OPTION", 34, 120}, ++ #endif ++ #ifdef X509V3_R_UNSUPPORTED_OPTION ++ {"UNSUPPORTED_OPTION", ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_OPTION}, ++ #else ++ {"UNSUPPORTED_OPTION", 34, 117}, ++ #endif ++ #ifdef X509V3_R_UNSUPPORTED_TYPE ++ {"UNSUPPORTED_TYPE", ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_TYPE}, ++ #else ++ {"UNSUPPORTED_TYPE", 34, 167}, ++ #endif ++ #ifdef X509V3_R_USER_TOO_LONG ++ {"USER_TOO_LONG", ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG}, ++ #else ++ {"USER_TOO_LONG", 34, 132}, ++ #endif ++ #ifdef X509_R_AKID_MISMATCH ++ {"AKID_MISMATCH", ERR_LIB_X509, X509_R_AKID_MISMATCH}, ++ #else ++ {"AKID_MISMATCH", 11, 110}, ++ #endif ++ #ifdef X509_R_BAD_SELECTOR ++ {"BAD_SELECTOR", ERR_LIB_X509, X509_R_BAD_SELECTOR}, ++ #else ++ {"BAD_SELECTOR", 11, 133}, ++ #endif ++ #ifdef X509_R_BAD_X509_FILETYPE ++ {"BAD_X509_FILETYPE", ERR_LIB_X509, X509_R_BAD_X509_FILETYPE}, ++ #else ++ {"BAD_X509_FILETYPE", 11, 100}, ++ #endif ++ #ifdef X509_R_BASE64_DECODE_ERROR ++ {"BASE64_DECODE_ERROR", ERR_LIB_X509, X509_R_BASE64_DECODE_ERROR}, ++ #else ++ {"BASE64_DECODE_ERROR", 11, 118}, ++ #endif ++ #ifdef X509_R_CANT_CHECK_DH_KEY ++ {"CANT_CHECK_DH_KEY", ERR_LIB_X509, X509_R_CANT_CHECK_DH_KEY}, ++ #else ++ {"CANT_CHECK_DH_KEY", 11, 114}, ++ #endif ++ #ifdef X509_R_CERT_ALREADY_IN_HASH_TABLE ++ {"CERT_ALREADY_IN_HASH_TABLE", ERR_LIB_X509, X509_R_CERT_ALREADY_IN_HASH_TABLE}, ++ #else ++ {"CERT_ALREADY_IN_HASH_TABLE", 11, 101}, ++ #endif ++ #ifdef X509_R_CRL_ALREADY_DELTA ++ {"CRL_ALREADY_DELTA", ERR_LIB_X509, X509_R_CRL_ALREADY_DELTA}, ++ #else ++ {"CRL_ALREADY_DELTA", 11, 127}, ++ #endif ++ #ifdef X509_R_CRL_VERIFY_FAILURE ++ {"CRL_VERIFY_FAILURE", ERR_LIB_X509, X509_R_CRL_VERIFY_FAILURE}, ++ #else ++ {"CRL_VERIFY_FAILURE", 11, 131}, ++ #endif ++ #ifdef X509_R_IDP_MISMATCH ++ {"IDP_MISMATCH", ERR_LIB_X509, X509_R_IDP_MISMATCH}, ++ #else ++ {"IDP_MISMATCH", 11, 128}, ++ #endif ++ #ifdef X509_R_INVALID_ATTRIBUTES ++ {"INVALID_ATTRIBUTES", ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES}, ++ #else ++ {"INVALID_ATTRIBUTES", 11, 138}, ++ #endif ++ #ifdef X509_R_INVALID_DIRECTORY ++ {"INVALID_DIRECTORY", ERR_LIB_X509, X509_R_INVALID_DIRECTORY}, ++ #else ++ {"INVALID_DIRECTORY", 11, 113}, ++ #endif ++ #ifdef X509_R_INVALID_FIELD_NAME ++ {"INVALID_FIELD_NAME", ERR_LIB_X509, X509_R_INVALID_FIELD_NAME}, ++ #else ++ {"INVALID_FIELD_NAME", 11, 119}, ++ #endif ++ #ifdef X509_R_INVALID_TRUST ++ {"INVALID_TRUST", ERR_LIB_X509, X509_R_INVALID_TRUST}, ++ #else ++ {"INVALID_TRUST", 11, 123}, ++ #endif ++ #ifdef X509_R_ISSUER_MISMATCH ++ {"ISSUER_MISMATCH", ERR_LIB_X509, X509_R_ISSUER_MISMATCH}, ++ #else ++ {"ISSUER_MISMATCH", 11, 129}, ++ #endif ++ #ifdef X509_R_KEY_TYPE_MISMATCH ++ {"KEY_TYPE_MISMATCH", ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH}, ++ #else ++ {"KEY_TYPE_MISMATCH", 11, 115}, ++ #endif ++ #ifdef X509_R_KEY_VALUES_MISMATCH ++ {"KEY_VALUES_MISMATCH", ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH}, ++ #else ++ {"KEY_VALUES_MISMATCH", 11, 116}, ++ #endif ++ #ifdef X509_R_LOADING_CERT_DIR ++ {"LOADING_CERT_DIR", ERR_LIB_X509, X509_R_LOADING_CERT_DIR}, ++ #else ++ {"LOADING_CERT_DIR", 11, 103}, ++ #endif ++ #ifdef X509_R_LOADING_DEFAULTS ++ {"LOADING_DEFAULTS", ERR_LIB_X509, X509_R_LOADING_DEFAULTS}, ++ #else ++ {"LOADING_DEFAULTS", 11, 104}, ++ #endif ++ #ifdef X509_R_METHOD_NOT_SUPPORTED ++ {"METHOD_NOT_SUPPORTED", ERR_LIB_X509, X509_R_METHOD_NOT_SUPPORTED}, ++ #else ++ {"METHOD_NOT_SUPPORTED", 11, 124}, ++ #endif ++ #ifdef X509_R_NAME_TOO_LONG ++ {"NAME_TOO_LONG", ERR_LIB_X509, X509_R_NAME_TOO_LONG}, ++ #else ++ {"NAME_TOO_LONG", 11, 134}, ++ #endif ++ #ifdef X509_R_NEWER_CRL_NOT_NEWER ++ {"NEWER_CRL_NOT_NEWER", ERR_LIB_X509, X509_R_NEWER_CRL_NOT_NEWER}, ++ #else ++ {"NEWER_CRL_NOT_NEWER", 11, 132}, ++ #endif ++ #ifdef X509_R_NO_CERTIFICATE_FOUND ++ {"NO_CERTIFICATE_FOUND", ERR_LIB_X509, X509_R_NO_CERTIFICATE_FOUND}, ++ #else ++ {"NO_CERTIFICATE_FOUND", 11, 135}, ++ #endif ++ #ifdef X509_R_NO_CERTIFICATE_OR_CRL_FOUND ++ {"NO_CERTIFICATE_OR_CRL_FOUND", ERR_LIB_X509, X509_R_NO_CERTIFICATE_OR_CRL_FOUND}, ++ #else ++ {"NO_CERTIFICATE_OR_CRL_FOUND", 11, 136}, ++ #endif ++ #ifdef X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ++ {"NO_CERT_SET_FOR_US_TO_VERIFY", ERR_LIB_X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY}, ++ #else ++ {"NO_CERT_SET_FOR_US_TO_VERIFY", 11, 105}, ++ #endif ++ #ifdef X509_R_NO_CRL_FOUND ++ {"NO_CRL_FOUND", ERR_LIB_X509, X509_R_NO_CRL_FOUND}, ++ #else ++ {"NO_CRL_FOUND", 11, 137}, ++ #endif ++ #ifdef X509_R_NO_CRL_NUMBER ++ {"NO_CRL_NUMBER", ERR_LIB_X509, X509_R_NO_CRL_NUMBER}, ++ #else ++ {"NO_CRL_NUMBER", 11, 130}, ++ #endif ++ #ifdef X509_R_PUBLIC_KEY_DECODE_ERROR ++ {"PUBLIC_KEY_DECODE_ERROR", ERR_LIB_X509, X509_R_PUBLIC_KEY_DECODE_ERROR}, ++ #else ++ {"PUBLIC_KEY_DECODE_ERROR", 11, 125}, ++ #endif ++ #ifdef X509_R_PUBLIC_KEY_ENCODE_ERROR ++ {"PUBLIC_KEY_ENCODE_ERROR", ERR_LIB_X509, X509_R_PUBLIC_KEY_ENCODE_ERROR}, ++ #else ++ {"PUBLIC_KEY_ENCODE_ERROR", 11, 126}, ++ #endif ++ #ifdef X509_R_SHOULD_RETRY ++ {"SHOULD_RETRY", ERR_LIB_X509, X509_R_SHOULD_RETRY}, ++ #else ++ {"SHOULD_RETRY", 11, 106}, ++ #endif ++ #ifdef X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN ++ {"UNABLE_TO_FIND_PARAMETERS_IN_CHAIN", ERR_LIB_X509, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN}, ++ #else ++ {"UNABLE_TO_FIND_PARAMETERS_IN_CHAIN", 11, 107}, ++ #endif ++ #ifdef X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ++ {"UNABLE_TO_GET_CERTS_PUBLIC_KEY", ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY}, ++ #else ++ {"UNABLE_TO_GET_CERTS_PUBLIC_KEY", 11, 108}, ++ #endif ++ #ifdef X509_R_UNKNOWN_KEY_TYPE ++ {"UNKNOWN_KEY_TYPE", ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE}, ++ #else ++ {"UNKNOWN_KEY_TYPE", 11, 117}, ++ #endif ++ #ifdef X509_R_UNKNOWN_NID ++ {"UNKNOWN_NID", ERR_LIB_X509, X509_R_UNKNOWN_NID}, ++ #else ++ {"UNKNOWN_NID", 11, 109}, ++ #endif ++ #ifdef X509_R_UNKNOWN_PURPOSE_ID ++ {"UNKNOWN_PURPOSE_ID", ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID}, ++ #else ++ {"UNKNOWN_PURPOSE_ID", 11, 121}, ++ #endif ++ #ifdef X509_R_UNKNOWN_TRUST_ID ++ {"UNKNOWN_TRUST_ID", ERR_LIB_X509, X509_R_UNKNOWN_TRUST_ID}, ++ #else ++ {"UNKNOWN_TRUST_ID", 11, 120}, ++ #endif ++ #ifdef X509_R_UNSUPPORTED_ALGORITHM ++ {"UNSUPPORTED_ALGORITHM", ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_ALGORITHM", 11, 111}, ++ #endif ++ #ifdef X509_R_WRONG_LOOKUP_TYPE ++ {"WRONG_LOOKUP_TYPE", ERR_LIB_X509, X509_R_WRONG_LOOKUP_TYPE}, ++ #else ++ {"WRONG_LOOKUP_TYPE", 11, 112}, ++ #endif ++ #ifdef X509_R_WRONG_TYPE ++ {"WRONG_TYPE", ERR_LIB_X509, X509_R_WRONG_TYPE}, ++ #else ++ {"WRONG_TYPE", 11, 122}, ++ #endif ++ { NULL } ++}; ++ +diff --git a/Modules/_ssl_data_300.h b/Modules/_ssl_data_300.h +new file mode 100644 +index 0000000000..6be8b24ee1 +--- /dev/null ++++ b/Modules/_ssl_data_300.h +@@ -0,0 +1,8435 @@ ++/* File generated by Tools/ssl/make_ssl_data.py *//* Generated on 2021-04-09T09:44:43.288448 */ ++static struct py_ssl_library_code library_codes[] = { ++#ifdef ERR_LIB_ASN1 ++ {"ASN1", ERR_LIB_ASN1}, ++#endif ++#ifdef ERR_LIB_ASYNC ++ {"ASYNC", ERR_LIB_ASYNC}, ++#endif ++#ifdef ERR_LIB_BIO ++ {"BIO", ERR_LIB_BIO}, ++#endif ++#ifdef ERR_LIB_BN ++ {"BN", ERR_LIB_BN}, ++#endif ++#ifdef ERR_LIB_BUF ++ {"BUF", ERR_LIB_BUF}, ++#endif ++#ifdef ERR_LIB_CMP ++ {"CMP", ERR_LIB_CMP}, ++#endif ++#ifdef ERR_LIB_CMS ++ {"CMS", ERR_LIB_CMS}, ++#endif ++#ifdef ERR_LIB_COMP ++ {"COMP", ERR_LIB_COMP}, ++#endif ++#ifdef ERR_LIB_CONF ++ {"CONF", ERR_LIB_CONF}, ++#endif ++#ifdef ERR_LIB_CRMF ++ {"CRMF", ERR_LIB_CRMF}, ++#endif ++#ifdef ERR_LIB_CRYPTO ++ {"CRYPTO", ERR_LIB_CRYPTO}, ++#endif ++#ifdef ERR_LIB_CT ++ {"CT", ERR_LIB_CT}, ++#endif ++#ifdef ERR_LIB_DH ++ {"DH", ERR_LIB_DH}, ++#endif ++#ifdef ERR_LIB_DSA ++ {"DSA", ERR_LIB_DSA}, ++#endif ++#ifdef ERR_LIB_DSO ++ {"DSO", ERR_LIB_DSO}, ++#endif ++#ifdef ERR_LIB_EC ++ {"EC", ERR_LIB_EC}, ++#endif ++#ifdef ERR_LIB_ECDH ++ {"ECDH", ERR_LIB_ECDH}, ++#endif ++#ifdef ERR_LIB_ECDSA ++ {"ECDSA", ERR_LIB_ECDSA}, ++#endif ++#ifdef ERR_LIB_ENGINE ++ {"ENGINE", ERR_LIB_ENGINE}, ++#endif ++#ifdef ERR_LIB_ESS ++ {"ESS", ERR_LIB_ESS}, ++#endif ++#ifdef ERR_LIB_EVP ++ {"EVP", ERR_LIB_EVP}, ++#endif ++#ifdef ERR_LIB_FIPS ++ {"FIPS", ERR_LIB_FIPS}, ++#endif ++#ifdef ERR_LIB_HMAC ++ {"HMAC", ERR_LIB_HMAC}, ++#endif ++#ifdef ERR_LIB_HTTP ++ {"HTTP", ERR_LIB_HTTP}, ++#endif ++#ifdef ERR_LIB_JPAKE ++ {"JPAKE", ERR_LIB_JPAKE}, ++#endif ++#ifdef ERR_LIB_KDF ++ {"KDF", ERR_LIB_KDF}, ++#endif ++#ifdef ERR_LIB_MASK ++ {"MASK", ERR_LIB_MASK}, ++#endif ++#ifdef ERR_LIB_METH ++ {"METH", ERR_LIB_METH}, ++#endif ++#ifdef ERR_LIB_NONE ++ {"NONE", ERR_LIB_NONE}, ++#endif ++#ifdef ERR_LIB_OBJ ++ {"OBJ", ERR_LIB_OBJ}, ++#endif ++#ifdef ERR_LIB_OCSP ++ {"OCSP", ERR_LIB_OCSP}, ++#endif ++#ifdef ERR_LIB_OFFSET ++ {"OFFSET", ERR_LIB_OFFSET}, ++#endif ++#ifdef ERR_LIB_OSSL_DECODER ++ {"OSSL_DECODER", ERR_LIB_OSSL_DECODER}, ++#endif ++#ifdef ERR_LIB_OSSL_ENCODER ++ {"OSSL_ENCODER", ERR_LIB_OSSL_ENCODER}, ++#endif ++#ifdef ERR_LIB_OSSL_STORE ++ {"OSSL_STORE", ERR_LIB_OSSL_STORE}, ++#endif ++#ifdef ERR_LIB_PEM ++ {"PEM", ERR_LIB_PEM}, ++#endif ++#ifdef ERR_LIB_PKCS12 ++ {"PKCS12", ERR_LIB_PKCS12}, ++#endif ++#ifdef ERR_LIB_PKCS7 ++ {"PKCS7", ERR_LIB_PKCS7}, ++#endif ++#ifdef ERR_LIB_PROP ++ {"PROP", ERR_LIB_PROP}, ++#endif ++#ifdef ERR_LIB_PROV ++ {"PROV", ERR_LIB_PROV}, ++#endif ++#ifdef ERR_LIB_PROXY ++ {"PROXY", ERR_LIB_PROXY}, ++#endif ++#ifdef ERR_LIB_RAND ++ {"RAND", ERR_LIB_RAND}, ++#endif ++#ifdef ERR_LIB_RSA ++ {"RSA", ERR_LIB_RSA}, ++#endif ++#ifdef ERR_LIB_RSAREF ++ {"RSAREF", ERR_LIB_RSAREF}, ++#endif ++#ifdef ERR_LIB_SM2 ++ {"SM2", ERR_LIB_SM2}, ++#endif ++#ifdef ERR_LIB_SSL ++ {"SSL", ERR_LIB_SSL}, ++#endif ++#ifdef ERR_LIB_SSL2 ++ {"SSL2", ERR_LIB_SSL2}, ++#endif ++#ifdef ERR_LIB_SSL23 ++ {"SSL23", ERR_LIB_SSL23}, ++#endif ++#ifdef ERR_LIB_SSL3 ++ {"SSL3", ERR_LIB_SSL3}, ++#endif ++#ifdef ERR_LIB_SYS ++ {"SYS", ERR_LIB_SYS}, ++#endif ++#ifdef ERR_LIB_TS ++ {"TS", ERR_LIB_TS}, ++#endif ++#ifdef ERR_LIB_UI ++ {"UI", ERR_LIB_UI}, ++#endif ++#ifdef ERR_LIB_USER ++ {"USER", ERR_LIB_USER}, ++#endif ++#ifdef ERR_LIB_X509 ++ {"X509", ERR_LIB_X509}, ++#endif ++#ifdef ERR_LIB_X509V3 ++ {"X509V3", ERR_LIB_X509V3}, ++#endif ++ { NULL } ++}; ++ ++ ++static struct py_ssl_error_code error_codes[] = { ++ #ifdef ASN1_R_ADDING_OBJECT ++ {"ADDING_OBJECT", ERR_LIB_ASN1, ASN1_R_ADDING_OBJECT}, ++ #else ++ {"ADDING_OBJECT", 13, 171}, ++ #endif ++ #ifdef ASN1_R_ASN1_PARSE_ERROR ++ {"ASN1_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR}, ++ #else ++ {"ASN1_PARSE_ERROR", 13, 203}, ++ #endif ++ #ifdef ASN1_R_ASN1_SIG_PARSE_ERROR ++ {"ASN1_SIG_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR}, ++ #else ++ {"ASN1_SIG_PARSE_ERROR", 13, 204}, ++ #endif ++ #ifdef ASN1_R_AUX_ERROR ++ {"AUX_ERROR", ERR_LIB_ASN1, ASN1_R_AUX_ERROR}, ++ #else ++ {"AUX_ERROR", 13, 100}, ++ #endif ++ #ifdef ASN1_R_BAD_OBJECT_HEADER ++ {"BAD_OBJECT_HEADER", ERR_LIB_ASN1, ASN1_R_BAD_OBJECT_HEADER}, ++ #else ++ {"BAD_OBJECT_HEADER", 13, 102}, ++ #endif ++ #ifdef ASN1_R_BAD_TEMPLATE ++ {"BAD_TEMPLATE", ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE}, ++ #else ++ {"BAD_TEMPLATE", 13, 230}, ++ #endif ++ #ifdef ASN1_R_BMPSTRING_IS_WRONG_LENGTH ++ {"BMPSTRING_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH}, ++ #else ++ {"BMPSTRING_IS_WRONG_LENGTH", 13, 214}, ++ #endif ++ #ifdef ASN1_R_BN_LIB ++ {"BN_LIB", ERR_LIB_ASN1, ASN1_R_BN_LIB}, ++ #else ++ {"BN_LIB", 13, 105}, ++ #endif ++ #ifdef ASN1_R_BOOLEAN_IS_WRONG_LENGTH ++ {"BOOLEAN_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH}, ++ #else ++ {"BOOLEAN_IS_WRONG_LENGTH", 13, 106}, ++ #endif ++ #ifdef ASN1_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_ASN1, ASN1_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 13, 107}, ++ #endif ++ #ifdef ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER}, ++ #else ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", 13, 108}, ++ #endif ++ #ifdef ASN1_R_CONTEXT_NOT_INITIALISED ++ {"CONTEXT_NOT_INITIALISED", ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED}, ++ #else ++ {"CONTEXT_NOT_INITIALISED", 13, 217}, ++ #endif ++ #ifdef ASN1_R_DATA_IS_WRONG ++ {"DATA_IS_WRONG", ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG}, ++ #else ++ {"DATA_IS_WRONG", 13, 109}, ++ #endif ++ #ifdef ASN1_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_ASN1, ASN1_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 13, 110}, ++ #endif ++ #ifdef ASN1_R_DEPTH_EXCEEDED ++ {"DEPTH_EXCEEDED", ERR_LIB_ASN1, ASN1_R_DEPTH_EXCEEDED}, ++ #else ++ {"DEPTH_EXCEEDED", 13, 174}, ++ #endif ++ #ifdef ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED ++ {"DIGEST_AND_KEY_TYPE_NOT_SUPPORTED", ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED}, ++ #else ++ {"DIGEST_AND_KEY_TYPE_NOT_SUPPORTED", 13, 198}, ++ #endif ++ #ifdef ASN1_R_ENCODE_ERROR ++ {"ENCODE_ERROR", ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR}, ++ #else ++ {"ENCODE_ERROR", 13, 112}, ++ #endif ++ #ifdef ASN1_R_ERROR_GETTING_TIME ++ {"ERROR_GETTING_TIME", ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME}, ++ #else ++ {"ERROR_GETTING_TIME", 13, 173}, ++ #endif ++ #ifdef ASN1_R_ERROR_LOADING_SECTION ++ {"ERROR_LOADING_SECTION", ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION}, ++ #else ++ {"ERROR_LOADING_SECTION", 13, 172}, ++ #endif ++ #ifdef ASN1_R_ERROR_SETTING_CIPHER_PARAMS ++ {"ERROR_SETTING_CIPHER_PARAMS", ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS}, ++ #else ++ {"ERROR_SETTING_CIPHER_PARAMS", 13, 114}, ++ #endif ++ #ifdef ASN1_R_EXPECTING_AN_INTEGER ++ {"EXPECTING_AN_INTEGER", ERR_LIB_ASN1, ASN1_R_EXPECTING_AN_INTEGER}, ++ #else ++ {"EXPECTING_AN_INTEGER", 13, 115}, ++ #endif ++ #ifdef ASN1_R_EXPECTING_AN_OBJECT ++ {"EXPECTING_AN_OBJECT", ERR_LIB_ASN1, ASN1_R_EXPECTING_AN_OBJECT}, ++ #else ++ {"EXPECTING_AN_OBJECT", 13, 116}, ++ #endif ++ #ifdef ASN1_R_EXPLICIT_LENGTH_MISMATCH ++ {"EXPLICIT_LENGTH_MISMATCH", ERR_LIB_ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH}, ++ #else ++ {"EXPLICIT_LENGTH_MISMATCH", 13, 119}, ++ #endif ++ #ifdef ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ++ {"EXPLICIT_TAG_NOT_CONSTRUCTED", ERR_LIB_ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED}, ++ #else ++ {"EXPLICIT_TAG_NOT_CONSTRUCTED", 13, 120}, ++ #endif ++ #ifdef ASN1_R_FIELD_MISSING ++ {"FIELD_MISSING", ERR_LIB_ASN1, ASN1_R_FIELD_MISSING}, ++ #else ++ {"FIELD_MISSING", 13, 121}, ++ #endif ++ #ifdef ASN1_R_FIRST_NUM_TOO_LARGE ++ {"FIRST_NUM_TOO_LARGE", ERR_LIB_ASN1, ASN1_R_FIRST_NUM_TOO_LARGE}, ++ #else ++ {"FIRST_NUM_TOO_LARGE", 13, 122}, ++ #endif ++ #ifdef ASN1_R_HEADER_TOO_LONG ++ {"HEADER_TOO_LONG", ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG}, ++ #else ++ {"HEADER_TOO_LONG", 13, 123}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_BITSTRING_FORMAT ++ {"ILLEGAL_BITSTRING_FORMAT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT}, ++ #else ++ {"ILLEGAL_BITSTRING_FORMAT", 13, 175}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_BOOLEAN ++ {"ILLEGAL_BOOLEAN", ERR_LIB_ASN1, ASN1_R_ILLEGAL_BOOLEAN}, ++ #else ++ {"ILLEGAL_BOOLEAN", 13, 176}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_CHARACTERS ++ {"ILLEGAL_CHARACTERS", ERR_LIB_ASN1, ASN1_R_ILLEGAL_CHARACTERS}, ++ #else ++ {"ILLEGAL_CHARACTERS", 13, 124}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_FORMAT ++ {"ILLEGAL_FORMAT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_FORMAT}, ++ #else ++ {"ILLEGAL_FORMAT", 13, 177}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_HEX ++ {"ILLEGAL_HEX", ERR_LIB_ASN1, ASN1_R_ILLEGAL_HEX}, ++ #else ++ {"ILLEGAL_HEX", 13, 178}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_IMPLICIT_TAG ++ {"ILLEGAL_IMPLICIT_TAG", ERR_LIB_ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG}, ++ #else ++ {"ILLEGAL_IMPLICIT_TAG", 13, 179}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_INTEGER ++ {"ILLEGAL_INTEGER", ERR_LIB_ASN1, ASN1_R_ILLEGAL_INTEGER}, ++ #else ++ {"ILLEGAL_INTEGER", 13, 180}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NEGATIVE_VALUE ++ {"ILLEGAL_NEGATIVE_VALUE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE}, ++ #else ++ {"ILLEGAL_NEGATIVE_VALUE", 13, 226}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NESTED_TAGGING ++ {"ILLEGAL_NESTED_TAGGING", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING}, ++ #else ++ {"ILLEGAL_NESTED_TAGGING", 13, 181}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NULL ++ {"ILLEGAL_NULL", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL}, ++ #else ++ {"ILLEGAL_NULL", 13, 125}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_NULL_VALUE ++ {"ILLEGAL_NULL_VALUE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL_VALUE}, ++ #else ++ {"ILLEGAL_NULL_VALUE", 13, 182}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_OBJECT ++ {"ILLEGAL_OBJECT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_OBJECT}, ++ #else ++ {"ILLEGAL_OBJECT", 13, 183}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_OPTIONAL_ANY ++ {"ILLEGAL_OPTIONAL_ANY", ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY}, ++ #else ++ {"ILLEGAL_OPTIONAL_ANY", 13, 126}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ++ {"ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE}, ++ #else ++ {"ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE", 13, 170}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_PADDING ++ {"ILLEGAL_PADDING", ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING}, ++ #else ++ {"ILLEGAL_PADDING", 13, 221}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_TAGGED_ANY ++ {"ILLEGAL_TAGGED_ANY", ERR_LIB_ASN1, ASN1_R_ILLEGAL_TAGGED_ANY}, ++ #else ++ {"ILLEGAL_TAGGED_ANY", 13, 127}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_TIME_VALUE ++ {"ILLEGAL_TIME_VALUE", ERR_LIB_ASN1, ASN1_R_ILLEGAL_TIME_VALUE}, ++ #else ++ {"ILLEGAL_TIME_VALUE", 13, 184}, ++ #endif ++ #ifdef ASN1_R_ILLEGAL_ZERO_CONTENT ++ {"ILLEGAL_ZERO_CONTENT", ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT}, ++ #else ++ {"ILLEGAL_ZERO_CONTENT", 13, 222}, ++ #endif ++ #ifdef ASN1_R_INTEGER_NOT_ASCII_FORMAT ++ {"INTEGER_NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT}, ++ #else ++ {"INTEGER_NOT_ASCII_FORMAT", 13, 185}, ++ #endif ++ #ifdef ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ++ {"INTEGER_TOO_LARGE_FOR_LONG", ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG}, ++ #else ++ {"INTEGER_TOO_LARGE_FOR_LONG", 13, 128}, ++ #endif ++ #ifdef ASN1_R_INVALID_BIT_STRING_BITS_LEFT ++ {"INVALID_BIT_STRING_BITS_LEFT", ERR_LIB_ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT}, ++ #else ++ {"INVALID_BIT_STRING_BITS_LEFT", 13, 220}, ++ #endif ++ #ifdef ASN1_R_INVALID_BMPSTRING_LENGTH ++ {"INVALID_BMPSTRING_LENGTH", ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH}, ++ #else ++ {"INVALID_BMPSTRING_LENGTH", 13, 129}, ++ #endif ++ #ifdef ASN1_R_INVALID_DIGIT ++ {"INVALID_DIGIT", ERR_LIB_ASN1, ASN1_R_INVALID_DIGIT}, ++ #else ++ {"INVALID_DIGIT", 13, 130}, ++ #endif ++ #ifdef ASN1_R_INVALID_MIME_TYPE ++ {"INVALID_MIME_TYPE", ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE}, ++ #else ++ {"INVALID_MIME_TYPE", 13, 205}, ++ #endif ++ #ifdef ASN1_R_INVALID_MODIFIER ++ {"INVALID_MODIFIER", ERR_LIB_ASN1, ASN1_R_INVALID_MODIFIER}, ++ #else ++ {"INVALID_MODIFIER", 13, 186}, ++ #endif ++ #ifdef ASN1_R_INVALID_NUMBER ++ {"INVALID_NUMBER", ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER}, ++ #else ++ {"INVALID_NUMBER", 13, 187}, ++ #endif ++ #ifdef ASN1_R_INVALID_OBJECT_ENCODING ++ {"INVALID_OBJECT_ENCODING", ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING}, ++ #else ++ {"INVALID_OBJECT_ENCODING", 13, 216}, ++ #endif ++ #ifdef ASN1_R_INVALID_SCRYPT_PARAMETERS ++ {"INVALID_SCRYPT_PARAMETERS", ERR_LIB_ASN1, ASN1_R_INVALID_SCRYPT_PARAMETERS}, ++ #else ++ {"INVALID_SCRYPT_PARAMETERS", 13, 227}, ++ #endif ++ #ifdef ASN1_R_INVALID_SEPARATOR ++ {"INVALID_SEPARATOR", ERR_LIB_ASN1, ASN1_R_INVALID_SEPARATOR}, ++ #else ++ {"INVALID_SEPARATOR", 13, 131}, ++ #endif ++ #ifdef ASN1_R_INVALID_STRING_TABLE_VALUE ++ {"INVALID_STRING_TABLE_VALUE", ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE}, ++ #else ++ {"INVALID_STRING_TABLE_VALUE", 13, 218}, ++ #endif ++ #ifdef ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ++ {"INVALID_UNIVERSALSTRING_LENGTH", ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH}, ++ #else ++ {"INVALID_UNIVERSALSTRING_LENGTH", 13, 133}, ++ #endif ++ #ifdef ASN1_R_INVALID_UTF8STRING ++ {"INVALID_UTF8STRING", ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING}, ++ #else ++ {"INVALID_UTF8STRING", 13, 134}, ++ #endif ++ #ifdef ASN1_R_INVALID_VALUE ++ {"INVALID_VALUE", ERR_LIB_ASN1, ASN1_R_INVALID_VALUE}, ++ #else ++ {"INVALID_VALUE", 13, 219}, ++ #endif ++ #ifdef ASN1_R_LENGTH_TOO_LONG ++ {"LENGTH_TOO_LONG", ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG}, ++ #else ++ {"LENGTH_TOO_LONG", 13, 231}, ++ #endif ++ #ifdef ASN1_R_LIST_ERROR ++ {"LIST_ERROR", ERR_LIB_ASN1, ASN1_R_LIST_ERROR}, ++ #else ++ {"LIST_ERROR", 13, 188}, ++ #endif ++ #ifdef ASN1_R_MIME_NO_CONTENT_TYPE ++ {"MIME_NO_CONTENT_TYPE", ERR_LIB_ASN1, ASN1_R_MIME_NO_CONTENT_TYPE}, ++ #else ++ {"MIME_NO_CONTENT_TYPE", 13, 206}, ++ #endif ++ #ifdef ASN1_R_MIME_PARSE_ERROR ++ {"MIME_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_MIME_PARSE_ERROR}, ++ #else ++ {"MIME_PARSE_ERROR", 13, 207}, ++ #endif ++ #ifdef ASN1_R_MIME_SIG_PARSE_ERROR ++ {"MIME_SIG_PARSE_ERROR", ERR_LIB_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR}, ++ #else ++ {"MIME_SIG_PARSE_ERROR", 13, 208}, ++ #endif ++ #ifdef ASN1_R_MISSING_EOC ++ {"MISSING_EOC", ERR_LIB_ASN1, ASN1_R_MISSING_EOC}, ++ #else ++ {"MISSING_EOC", 13, 137}, ++ #endif ++ #ifdef ASN1_R_MISSING_SECOND_NUMBER ++ {"MISSING_SECOND_NUMBER", ERR_LIB_ASN1, ASN1_R_MISSING_SECOND_NUMBER}, ++ #else ++ {"MISSING_SECOND_NUMBER", 13, 138}, ++ #endif ++ #ifdef ASN1_R_MISSING_VALUE ++ {"MISSING_VALUE", ERR_LIB_ASN1, ASN1_R_MISSING_VALUE}, ++ #else ++ {"MISSING_VALUE", 13, 189}, ++ #endif ++ #ifdef ASN1_R_MSTRING_NOT_UNIVERSAL ++ {"MSTRING_NOT_UNIVERSAL", ERR_LIB_ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL}, ++ #else ++ {"MSTRING_NOT_UNIVERSAL", 13, 139}, ++ #endif ++ #ifdef ASN1_R_MSTRING_WRONG_TAG ++ {"MSTRING_WRONG_TAG", ERR_LIB_ASN1, ASN1_R_MSTRING_WRONG_TAG}, ++ #else ++ {"MSTRING_WRONG_TAG", 13, 140}, ++ #endif ++ #ifdef ASN1_R_NESTED_ASN1_STRING ++ {"NESTED_ASN1_STRING", ERR_LIB_ASN1, ASN1_R_NESTED_ASN1_STRING}, ++ #else ++ {"NESTED_ASN1_STRING", 13, 197}, ++ #endif ++ #ifdef ASN1_R_NESTED_TOO_DEEP ++ {"NESTED_TOO_DEEP", ERR_LIB_ASN1, ASN1_R_NESTED_TOO_DEEP}, ++ #else ++ {"NESTED_TOO_DEEP", 13, 201}, ++ #endif ++ #ifdef ASN1_R_NON_HEX_CHARACTERS ++ {"NON_HEX_CHARACTERS", ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS}, ++ #else ++ {"NON_HEX_CHARACTERS", 13, 141}, ++ #endif ++ #ifdef ASN1_R_NOT_ASCII_FORMAT ++ {"NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_NOT_ASCII_FORMAT}, ++ #else ++ {"NOT_ASCII_FORMAT", 13, 190}, ++ #endif ++ #ifdef ASN1_R_NOT_ENOUGH_DATA ++ {"NOT_ENOUGH_DATA", ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA}, ++ #else ++ {"NOT_ENOUGH_DATA", 13, 142}, ++ #endif ++ #ifdef ASN1_R_NO_CONTENT_TYPE ++ {"NO_CONTENT_TYPE", ERR_LIB_ASN1, ASN1_R_NO_CONTENT_TYPE}, ++ #else ++ {"NO_CONTENT_TYPE", 13, 209}, ++ #endif ++ #ifdef ASN1_R_NO_MATCHING_CHOICE_TYPE ++ {"NO_MATCHING_CHOICE_TYPE", ERR_LIB_ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE}, ++ #else ++ {"NO_MATCHING_CHOICE_TYPE", 13, 143}, ++ #endif ++ #ifdef ASN1_R_NO_MULTIPART_BODY_FAILURE ++ {"NO_MULTIPART_BODY_FAILURE", ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE}, ++ #else ++ {"NO_MULTIPART_BODY_FAILURE", 13, 210}, ++ #endif ++ #ifdef ASN1_R_NO_MULTIPART_BOUNDARY ++ {"NO_MULTIPART_BOUNDARY", ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY}, ++ #else ++ {"NO_MULTIPART_BOUNDARY", 13, 211}, ++ #endif ++ #ifdef ASN1_R_NO_SIG_CONTENT_TYPE ++ {"NO_SIG_CONTENT_TYPE", ERR_LIB_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE}, ++ #else ++ {"NO_SIG_CONTENT_TYPE", 13, 212}, ++ #endif ++ #ifdef ASN1_R_NULL_IS_WRONG_LENGTH ++ {"NULL_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_NULL_IS_WRONG_LENGTH}, ++ #else ++ {"NULL_IS_WRONG_LENGTH", 13, 144}, ++ #endif ++ #ifdef ASN1_R_OBJECT_NOT_ASCII_FORMAT ++ {"OBJECT_NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT}, ++ #else ++ {"OBJECT_NOT_ASCII_FORMAT", 13, 191}, ++ #endif ++ #ifdef ASN1_R_ODD_NUMBER_OF_CHARS ++ {"ODD_NUMBER_OF_CHARS", ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS}, ++ #else ++ {"ODD_NUMBER_OF_CHARS", 13, 145}, ++ #endif ++ #ifdef ASN1_R_SECOND_NUMBER_TOO_LARGE ++ {"SECOND_NUMBER_TOO_LARGE", ERR_LIB_ASN1, ASN1_R_SECOND_NUMBER_TOO_LARGE}, ++ #else ++ {"SECOND_NUMBER_TOO_LARGE", 13, 147}, ++ #endif ++ #ifdef ASN1_R_SEQUENCE_LENGTH_MISMATCH ++ {"SEQUENCE_LENGTH_MISMATCH", ERR_LIB_ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH}, ++ #else ++ {"SEQUENCE_LENGTH_MISMATCH", 13, 148}, ++ #endif ++ #ifdef ASN1_R_SEQUENCE_NOT_CONSTRUCTED ++ {"SEQUENCE_NOT_CONSTRUCTED", ERR_LIB_ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED}, ++ #else ++ {"SEQUENCE_NOT_CONSTRUCTED", 13, 149}, ++ #endif ++ #ifdef ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG ++ {"SEQUENCE_OR_SET_NEEDS_CONFIG", ERR_LIB_ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG}, ++ #else ++ {"SEQUENCE_OR_SET_NEEDS_CONFIG", 13, 192}, ++ #endif ++ #ifdef ASN1_R_SHORT_LINE ++ {"SHORT_LINE", ERR_LIB_ASN1, ASN1_R_SHORT_LINE}, ++ #else ++ {"SHORT_LINE", 13, 150}, ++ #endif ++ #ifdef ASN1_R_SIG_INVALID_MIME_TYPE ++ {"SIG_INVALID_MIME_TYPE", ERR_LIB_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE}, ++ #else ++ {"SIG_INVALID_MIME_TYPE", 13, 213}, ++ #endif ++ #ifdef ASN1_R_STREAMING_NOT_SUPPORTED ++ {"STREAMING_NOT_SUPPORTED", ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED}, ++ #else ++ {"STREAMING_NOT_SUPPORTED", 13, 202}, ++ #endif ++ #ifdef ASN1_R_STRING_TOO_LONG ++ {"STRING_TOO_LONG", ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG}, ++ #else ++ {"STRING_TOO_LONG", 13, 151}, ++ #endif ++ #ifdef ASN1_R_STRING_TOO_SHORT ++ {"STRING_TOO_SHORT", ERR_LIB_ASN1, ASN1_R_STRING_TOO_SHORT}, ++ #else ++ {"STRING_TOO_SHORT", 13, 152}, ++ #endif ++ #ifdef ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", ERR_LIB_ASN1, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD}, ++ #else ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", 13, 154}, ++ #endif ++ #ifdef ASN1_R_TIME_NOT_ASCII_FORMAT ++ {"TIME_NOT_ASCII_FORMAT", ERR_LIB_ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT}, ++ #else ++ {"TIME_NOT_ASCII_FORMAT", 13, 193}, ++ #endif ++ #ifdef ASN1_R_TOO_LARGE ++ {"TOO_LARGE", ERR_LIB_ASN1, ASN1_R_TOO_LARGE}, ++ #else ++ {"TOO_LARGE", 13, 223}, ++ #endif ++ #ifdef ASN1_R_TOO_LONG ++ {"TOO_LONG", ERR_LIB_ASN1, ASN1_R_TOO_LONG}, ++ #else ++ {"TOO_LONG", 13, 155}, ++ #endif ++ #ifdef ASN1_R_TOO_SMALL ++ {"TOO_SMALL", ERR_LIB_ASN1, ASN1_R_TOO_SMALL}, ++ #else ++ {"TOO_SMALL", 13, 224}, ++ #endif ++ #ifdef ASN1_R_TYPE_NOT_CONSTRUCTED ++ {"TYPE_NOT_CONSTRUCTED", ERR_LIB_ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED}, ++ #else ++ {"TYPE_NOT_CONSTRUCTED", 13, 156}, ++ #endif ++ #ifdef ASN1_R_TYPE_NOT_PRIMITIVE ++ {"TYPE_NOT_PRIMITIVE", ERR_LIB_ASN1, ASN1_R_TYPE_NOT_PRIMITIVE}, ++ #else ++ {"TYPE_NOT_PRIMITIVE", 13, 195}, ++ #endif ++ #ifdef ASN1_R_UNEXPECTED_EOC ++ {"UNEXPECTED_EOC", ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC}, ++ #else ++ {"UNEXPECTED_EOC", 13, 159}, ++ #endif ++ #ifdef ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH ++ {"UNIVERSALSTRING_IS_WRONG_LENGTH", ERR_LIB_ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH}, ++ #else ++ {"UNIVERSALSTRING_IS_WRONG_LENGTH", 13, 215}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_ASN1, ASN1_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 13, 229}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_FORMAT ++ {"UNKNOWN_FORMAT", ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT}, ++ #else ++ {"UNKNOWN_FORMAT", 13, 160}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ++ {"UNKNOWN_MESSAGE_DIGEST_ALGORITHM", ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM}, ++ #else ++ {"UNKNOWN_MESSAGE_DIGEST_ALGORITHM", 13, 161}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_OBJECT_TYPE ++ {"UNKNOWN_OBJECT_TYPE", ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE}, ++ #else ++ {"UNKNOWN_OBJECT_TYPE", 13, 162}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ++ {"UNKNOWN_PUBLIC_KEY_TYPE", ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE}, ++ #else ++ {"UNKNOWN_PUBLIC_KEY_TYPE", 13, 163}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM ++ {"UNKNOWN_SIGNATURE_ALGORITHM", ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM}, ++ #else ++ {"UNKNOWN_SIGNATURE_ALGORITHM", 13, 199}, ++ #endif ++ #ifdef ASN1_R_UNKNOWN_TAG ++ {"UNKNOWN_TAG", ERR_LIB_ASN1, ASN1_R_UNKNOWN_TAG}, ++ #else ++ {"UNKNOWN_TAG", 13, 194}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ++ {"UNSUPPORTED_ANY_DEFINED_BY_TYPE", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE}, ++ #else ++ {"UNSUPPORTED_ANY_DEFINED_BY_TYPE", 13, 164}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 13, 228}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE}, ++ #else ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", 13, 167}, ++ #endif ++ #ifdef ASN1_R_UNSUPPORTED_TYPE ++ {"UNSUPPORTED_TYPE", ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE}, ++ #else ++ {"UNSUPPORTED_TYPE", 13, 196}, ++ #endif ++ #ifdef ASN1_R_WRONG_INTEGER_TYPE ++ {"WRONG_INTEGER_TYPE", ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE}, ++ #else ++ {"WRONG_INTEGER_TYPE", 13, 225}, ++ #endif ++ #ifdef ASN1_R_WRONG_PUBLIC_KEY_TYPE ++ {"WRONG_PUBLIC_KEY_TYPE", ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE}, ++ #else ++ {"WRONG_PUBLIC_KEY_TYPE", 13, 200}, ++ #endif ++ #ifdef ASN1_R_WRONG_TAG ++ {"WRONG_TAG", ERR_LIB_ASN1, ASN1_R_WRONG_TAG}, ++ #else ++ {"WRONG_TAG", 13, 168}, ++ #endif ++ #ifdef ASYNC_R_FAILED_TO_SET_POOL ++ {"FAILED_TO_SET_POOL", ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SET_POOL}, ++ #else ++ {"FAILED_TO_SET_POOL", 51, 101}, ++ #endif ++ #ifdef ASYNC_R_FAILED_TO_SWAP_CONTEXT ++ {"FAILED_TO_SWAP_CONTEXT", ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT}, ++ #else ++ {"FAILED_TO_SWAP_CONTEXT", 51, 102}, ++ #endif ++ #ifdef ASYNC_R_INIT_FAILED ++ {"INIT_FAILED", ERR_LIB_ASYNC, ASYNC_R_INIT_FAILED}, ++ #else ++ {"INIT_FAILED", 51, 105}, ++ #endif ++ #ifdef ASYNC_R_INVALID_POOL_SIZE ++ {"INVALID_POOL_SIZE", ERR_LIB_ASYNC, ASYNC_R_INVALID_POOL_SIZE}, ++ #else ++ {"INVALID_POOL_SIZE", 51, 103}, ++ #endif ++ #ifdef BIO_R_ACCEPT_ERROR ++ {"ACCEPT_ERROR", ERR_LIB_BIO, BIO_R_ACCEPT_ERROR}, ++ #else ++ {"ACCEPT_ERROR", 32, 100}, ++ #endif ++ #ifdef BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET ++ {"ADDRINFO_ADDR_IS_NOT_AF_INET", ERR_LIB_BIO, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET}, ++ #else ++ {"ADDRINFO_ADDR_IS_NOT_AF_INET", 32, 141}, ++ #endif ++ #ifdef BIO_R_AMBIGUOUS_HOST_OR_SERVICE ++ {"AMBIGUOUS_HOST_OR_SERVICE", ERR_LIB_BIO, BIO_R_AMBIGUOUS_HOST_OR_SERVICE}, ++ #else ++ {"AMBIGUOUS_HOST_OR_SERVICE", 32, 129}, ++ #endif ++ #ifdef BIO_R_BAD_FOPEN_MODE ++ {"BAD_FOPEN_MODE", ERR_LIB_BIO, BIO_R_BAD_FOPEN_MODE}, ++ #else ++ {"BAD_FOPEN_MODE", 32, 101}, ++ #endif ++ #ifdef BIO_R_BROKEN_PIPE ++ {"BROKEN_PIPE", ERR_LIB_BIO, BIO_R_BROKEN_PIPE}, ++ #else ++ {"BROKEN_PIPE", 32, 124}, ++ #endif ++ #ifdef BIO_R_CONNECT_ERROR ++ {"CONNECT_ERROR", ERR_LIB_BIO, BIO_R_CONNECT_ERROR}, ++ #else ++ {"CONNECT_ERROR", 32, 103}, ++ #endif ++ #ifdef BIO_R_CONNECT_TIMEOUT ++ {"CONNECT_TIMEOUT", ERR_LIB_BIO, BIO_R_CONNECT_TIMEOUT}, ++ #else ++ {"CONNECT_TIMEOUT", 32, 147}, ++ #endif ++ #ifdef BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ++ {"GETHOSTBYNAME_ADDR_IS_NOT_AF_INET", ERR_LIB_BIO, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET}, ++ #else ++ {"GETHOSTBYNAME_ADDR_IS_NOT_AF_INET", 32, 107}, ++ #endif ++ #ifdef BIO_R_GETSOCKNAME_ERROR ++ {"GETSOCKNAME_ERROR", ERR_LIB_BIO, BIO_R_GETSOCKNAME_ERROR}, ++ #else ++ {"GETSOCKNAME_ERROR", 32, 132}, ++ #endif ++ #ifdef BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS ++ {"GETSOCKNAME_TRUNCATED_ADDRESS", ERR_LIB_BIO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS}, ++ #else ++ {"GETSOCKNAME_TRUNCATED_ADDRESS", 32, 133}, ++ #endif ++ #ifdef BIO_R_GETTING_SOCKTYPE ++ {"GETTING_SOCKTYPE", ERR_LIB_BIO, BIO_R_GETTING_SOCKTYPE}, ++ #else ++ {"GETTING_SOCKTYPE", 32, 134}, ++ #endif ++ #ifdef BIO_R_INVALID_ARGUMENT ++ {"INVALID_ARGUMENT", ERR_LIB_BIO, BIO_R_INVALID_ARGUMENT}, ++ #else ++ {"INVALID_ARGUMENT", 32, 125}, ++ #endif ++ #ifdef BIO_R_INVALID_SOCKET ++ {"INVALID_SOCKET", ERR_LIB_BIO, BIO_R_INVALID_SOCKET}, ++ #else ++ {"INVALID_SOCKET", 32, 135}, ++ #endif ++ #ifdef BIO_R_IN_USE ++ {"IN_USE", ERR_LIB_BIO, BIO_R_IN_USE}, ++ #else ++ {"IN_USE", 32, 123}, ++ #endif ++ #ifdef BIO_R_LENGTH_TOO_LONG ++ {"LENGTH_TOO_LONG", ERR_LIB_BIO, BIO_R_LENGTH_TOO_LONG}, ++ #else ++ {"LENGTH_TOO_LONG", 32, 102}, ++ #endif ++ #ifdef BIO_R_LISTEN_V6_ONLY ++ {"LISTEN_V6_ONLY", ERR_LIB_BIO, BIO_R_LISTEN_V6_ONLY}, ++ #else ++ {"LISTEN_V6_ONLY", 32, 136}, ++ #endif ++ #ifdef BIO_R_LOOKUP_RETURNED_NOTHING ++ {"LOOKUP_RETURNED_NOTHING", ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING}, ++ #else ++ {"LOOKUP_RETURNED_NOTHING", 32, 142}, ++ #endif ++ #ifdef BIO_R_MALFORMED_HOST_OR_SERVICE ++ {"MALFORMED_HOST_OR_SERVICE", ERR_LIB_BIO, BIO_R_MALFORMED_HOST_OR_SERVICE}, ++ #else ++ {"MALFORMED_HOST_OR_SERVICE", 32, 130}, ++ #endif ++ #ifdef BIO_R_NBIO_CONNECT_ERROR ++ {"NBIO_CONNECT_ERROR", ERR_LIB_BIO, BIO_R_NBIO_CONNECT_ERROR}, ++ #else ++ {"NBIO_CONNECT_ERROR", 32, 110}, ++ #endif ++ #ifdef BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED ++ {"NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED", ERR_LIB_BIO, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED}, ++ #else ++ {"NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED", 32, 143}, ++ #endif ++ #ifdef BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED ++ {"NO_HOSTNAME_OR_SERVICE_SPECIFIED", ERR_LIB_BIO, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED}, ++ #else ++ {"NO_HOSTNAME_OR_SERVICE_SPECIFIED", 32, 144}, ++ #endif ++ #ifdef BIO_R_NO_PORT_DEFINED ++ {"NO_PORT_DEFINED", ERR_LIB_BIO, BIO_R_NO_PORT_DEFINED}, ++ #else ++ {"NO_PORT_DEFINED", 32, 113}, ++ #endif ++ #ifdef BIO_R_NO_SUCH_FILE ++ {"NO_SUCH_FILE", ERR_LIB_BIO, BIO_R_NO_SUCH_FILE}, ++ #else ++ {"NO_SUCH_FILE", 32, 128}, ++ #endif ++ #ifdef BIO_R_TRANSFER_ERROR ++ {"TRANSFER_ERROR", ERR_LIB_BIO, BIO_R_TRANSFER_ERROR}, ++ #else ++ {"TRANSFER_ERROR", 32, 104}, ++ #endif ++ #ifdef BIO_R_TRANSFER_TIMEOUT ++ {"TRANSFER_TIMEOUT", ERR_LIB_BIO, BIO_R_TRANSFER_TIMEOUT}, ++ #else ++ {"TRANSFER_TIMEOUT", 32, 105}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_BIND_SOCKET ++ {"UNABLE_TO_BIND_SOCKET", ERR_LIB_BIO, BIO_R_UNABLE_TO_BIND_SOCKET}, ++ #else ++ {"UNABLE_TO_BIND_SOCKET", 32, 117}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_CREATE_SOCKET ++ {"UNABLE_TO_CREATE_SOCKET", ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET}, ++ #else ++ {"UNABLE_TO_CREATE_SOCKET", 32, 118}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_KEEPALIVE ++ {"UNABLE_TO_KEEPALIVE", ERR_LIB_BIO, BIO_R_UNABLE_TO_KEEPALIVE}, ++ #else ++ {"UNABLE_TO_KEEPALIVE", 32, 137}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_LISTEN_SOCKET ++ {"UNABLE_TO_LISTEN_SOCKET", ERR_LIB_BIO, BIO_R_UNABLE_TO_LISTEN_SOCKET}, ++ #else ++ {"UNABLE_TO_LISTEN_SOCKET", 32, 119}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_NODELAY ++ {"UNABLE_TO_NODELAY", ERR_LIB_BIO, BIO_R_UNABLE_TO_NODELAY}, ++ #else ++ {"UNABLE_TO_NODELAY", 32, 138}, ++ #endif ++ #ifdef BIO_R_UNABLE_TO_REUSEADDR ++ {"UNABLE_TO_REUSEADDR", ERR_LIB_BIO, BIO_R_UNABLE_TO_REUSEADDR}, ++ #else ++ {"UNABLE_TO_REUSEADDR", 32, 139}, ++ #endif ++ #ifdef BIO_R_UNAVAILABLE_IP_FAMILY ++ {"UNAVAILABLE_IP_FAMILY", ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY}, ++ #else ++ {"UNAVAILABLE_IP_FAMILY", 32, 145}, ++ #endif ++ #ifdef BIO_R_UNINITIALIZED ++ {"UNINITIALIZED", ERR_LIB_BIO, BIO_R_UNINITIALIZED}, ++ #else ++ {"UNINITIALIZED", 32, 120}, ++ #endif ++ #ifdef BIO_R_UNKNOWN_INFO_TYPE ++ {"UNKNOWN_INFO_TYPE", ERR_LIB_BIO, BIO_R_UNKNOWN_INFO_TYPE}, ++ #else ++ {"UNKNOWN_INFO_TYPE", 32, 140}, ++ #endif ++ #ifdef BIO_R_UNSUPPORTED_IP_FAMILY ++ {"UNSUPPORTED_IP_FAMILY", ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY}, ++ #else ++ {"UNSUPPORTED_IP_FAMILY", 32, 146}, ++ #endif ++ #ifdef BIO_R_UNSUPPORTED_METHOD ++ {"UNSUPPORTED_METHOD", ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD}, ++ #else ++ {"UNSUPPORTED_METHOD", 32, 121}, ++ #endif ++ #ifdef BIO_R_UNSUPPORTED_PROTOCOL_FAMILY ++ {"UNSUPPORTED_PROTOCOL_FAMILY", ERR_LIB_BIO, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY}, ++ #else ++ {"UNSUPPORTED_PROTOCOL_FAMILY", 32, 131}, ++ #endif ++ #ifdef BIO_R_WRITE_TO_READ_ONLY_BIO ++ {"WRITE_TO_READ_ONLY_BIO", ERR_LIB_BIO, BIO_R_WRITE_TO_READ_ONLY_BIO}, ++ #else ++ {"WRITE_TO_READ_ONLY_BIO", 32, 126}, ++ #endif ++ #ifdef BIO_R_WSASTARTUP ++ {"WSASTARTUP", ERR_LIB_BIO, BIO_R_WSASTARTUP}, ++ #else ++ {"WSASTARTUP", 32, 122}, ++ #endif ++ #ifdef BN_R_ARG2_LT_ARG3 ++ {"ARG2_LT_ARG3", ERR_LIB_BN, BN_R_ARG2_LT_ARG3}, ++ #else ++ {"ARG2_LT_ARG3", 3, 100}, ++ #endif ++ #ifdef BN_R_BAD_RECIPROCAL ++ {"BAD_RECIPROCAL", ERR_LIB_BN, BN_R_BAD_RECIPROCAL}, ++ #else ++ {"BAD_RECIPROCAL", 3, 101}, ++ #endif ++ #ifdef BN_R_BIGNUM_TOO_LONG ++ {"BIGNUM_TOO_LONG", ERR_LIB_BN, BN_R_BIGNUM_TOO_LONG}, ++ #else ++ {"BIGNUM_TOO_LONG", 3, 114}, ++ #endif ++ #ifdef BN_R_BITS_TOO_SMALL ++ {"BITS_TOO_SMALL", ERR_LIB_BN, BN_R_BITS_TOO_SMALL}, ++ #else ++ {"BITS_TOO_SMALL", 3, 118}, ++ #endif ++ #ifdef BN_R_CALLED_WITH_EVEN_MODULUS ++ {"CALLED_WITH_EVEN_MODULUS", ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS}, ++ #else ++ {"CALLED_WITH_EVEN_MODULUS", 3, 102}, ++ #endif ++ #ifdef BN_R_DIV_BY_ZERO ++ {"DIV_BY_ZERO", ERR_LIB_BN, BN_R_DIV_BY_ZERO}, ++ #else ++ {"DIV_BY_ZERO", 3, 103}, ++ #endif ++ #ifdef BN_R_ENCODING_ERROR ++ {"ENCODING_ERROR", ERR_LIB_BN, BN_R_ENCODING_ERROR}, ++ #else ++ {"ENCODING_ERROR", 3, 104}, ++ #endif ++ #ifdef BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ++ {"EXPAND_ON_STATIC_BIGNUM_DATA", ERR_LIB_BN, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA}, ++ #else ++ {"EXPAND_ON_STATIC_BIGNUM_DATA", 3, 105}, ++ #endif ++ #ifdef BN_R_INPUT_NOT_REDUCED ++ {"INPUT_NOT_REDUCED", ERR_LIB_BN, BN_R_INPUT_NOT_REDUCED}, ++ #else ++ {"INPUT_NOT_REDUCED", 3, 110}, ++ #endif ++ #ifdef BN_R_INVALID_LENGTH ++ {"INVALID_LENGTH", ERR_LIB_BN, BN_R_INVALID_LENGTH}, ++ #else ++ {"INVALID_LENGTH", 3, 106}, ++ #endif ++ #ifdef BN_R_INVALID_RANGE ++ {"INVALID_RANGE", ERR_LIB_BN, BN_R_INVALID_RANGE}, ++ #else ++ {"INVALID_RANGE", 3, 115}, ++ #endif ++ #ifdef BN_R_INVALID_SHIFT ++ {"INVALID_SHIFT", ERR_LIB_BN, BN_R_INVALID_SHIFT}, ++ #else ++ {"INVALID_SHIFT", 3, 119}, ++ #endif ++ #ifdef BN_R_NOT_A_SQUARE ++ {"NOT_A_SQUARE", ERR_LIB_BN, BN_R_NOT_A_SQUARE}, ++ #else ++ {"NOT_A_SQUARE", 3, 111}, ++ #endif ++ #ifdef BN_R_NOT_INITIALIZED ++ {"NOT_INITIALIZED", ERR_LIB_BN, BN_R_NOT_INITIALIZED}, ++ #else ++ {"NOT_INITIALIZED", 3, 107}, ++ #endif ++ #ifdef BN_R_NO_INVERSE ++ {"NO_INVERSE", ERR_LIB_BN, BN_R_NO_INVERSE}, ++ #else ++ {"NO_INVERSE", 3, 108}, ++ #endif ++ #ifdef BN_R_NO_SOLUTION ++ {"NO_SOLUTION", ERR_LIB_BN, BN_R_NO_SOLUTION}, ++ #else ++ {"NO_SOLUTION", 3, 116}, ++ #endif ++ #ifdef BN_R_NO_SUITABLE_DIGEST ++ {"NO_SUITABLE_DIGEST", ERR_LIB_BN, BN_R_NO_SUITABLE_DIGEST}, ++ #else ++ {"NO_SUITABLE_DIGEST", 3, 120}, ++ #endif ++ #ifdef BN_R_PRIVATE_KEY_TOO_LARGE ++ {"PRIVATE_KEY_TOO_LARGE", ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE}, ++ #else ++ {"PRIVATE_KEY_TOO_LARGE", 3, 117}, ++ #endif ++ #ifdef BN_R_P_IS_NOT_PRIME ++ {"P_IS_NOT_PRIME", ERR_LIB_BN, BN_R_P_IS_NOT_PRIME}, ++ #else ++ {"P_IS_NOT_PRIME", 3, 112}, ++ #endif ++ #ifdef BN_R_TOO_MANY_ITERATIONS ++ {"TOO_MANY_ITERATIONS", ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS}, ++ #else ++ {"TOO_MANY_ITERATIONS", 3, 113}, ++ #endif ++ #ifdef BN_R_TOO_MANY_TEMPORARY_VARIABLES ++ {"TOO_MANY_TEMPORARY_VARIABLES", ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES}, ++ #else ++ {"TOO_MANY_TEMPORARY_VARIABLES", 3, 109}, ++ #endif ++ #ifdef CMP_R_ALGORITHM_NOT_SUPPORTED ++ {"ALGORITHM_NOT_SUPPORTED", ERR_LIB_CMP, CMP_R_ALGORITHM_NOT_SUPPORTED}, ++ #else ++ {"ALGORITHM_NOT_SUPPORTED", 58, 139}, ++ #endif ++ #ifdef CMP_R_BAD_CHECKAFTER_IN_POLLREP ++ {"BAD_CHECKAFTER_IN_POLLREP", ERR_LIB_CMP, CMP_R_BAD_CHECKAFTER_IN_POLLREP}, ++ #else ++ {"BAD_CHECKAFTER_IN_POLLREP", 58, 167}, ++ #endif ++ #ifdef CMP_R_BAD_REQUEST_ID ++ {"BAD_REQUEST_ID", ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID}, ++ #else ++ {"BAD_REQUEST_ID", 58, 108}, ++ #endif ++ #ifdef CMP_R_CERTHASH_UNMATCHED ++ {"CERTHASH_UNMATCHED", ERR_LIB_CMP, CMP_R_CERTHASH_UNMATCHED}, ++ #else ++ {"CERTHASH_UNMATCHED", 58, 156}, ++ #endif ++ #ifdef CMP_R_CERTID_NOT_FOUND ++ {"CERTID_NOT_FOUND", ERR_LIB_CMP, CMP_R_CERTID_NOT_FOUND}, ++ #else ++ {"CERTID_NOT_FOUND", 58, 109}, ++ #endif ++ #ifdef CMP_R_CERTIFICATE_NOT_ACCEPTED ++ {"CERTIFICATE_NOT_ACCEPTED", ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED}, ++ #else ++ {"CERTIFICATE_NOT_ACCEPTED", 58, 169}, ++ #endif ++ #ifdef CMP_R_CERTIFICATE_NOT_FOUND ++ {"CERTIFICATE_NOT_FOUND", ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"CERTIFICATE_NOT_FOUND", 58, 112}, ++ #endif ++ #ifdef CMP_R_CERTREQMSG_NOT_FOUND ++ {"CERTREQMSG_NOT_FOUND", ERR_LIB_CMP, CMP_R_CERTREQMSG_NOT_FOUND}, ++ #else ++ {"CERTREQMSG_NOT_FOUND", 58, 157}, ++ #endif ++ #ifdef CMP_R_CERTRESPONSE_NOT_FOUND ++ {"CERTRESPONSE_NOT_FOUND", ERR_LIB_CMP, CMP_R_CERTRESPONSE_NOT_FOUND}, ++ #else ++ {"CERTRESPONSE_NOT_FOUND", 58, 113}, ++ #endif ++ #ifdef CMP_R_CERT_AND_KEY_DO_NOT_MATCH ++ {"CERT_AND_KEY_DO_NOT_MATCH", ERR_LIB_CMP, CMP_R_CERT_AND_KEY_DO_NOT_MATCH}, ++ #else ++ {"CERT_AND_KEY_DO_NOT_MATCH", 58, 114}, ++ #endif ++ #ifdef CMP_R_CHECKAFTER_OUT_OF_RANGE ++ {"CHECKAFTER_OUT_OF_RANGE", ERR_LIB_CMP, CMP_R_CHECKAFTER_OUT_OF_RANGE}, ++ #else ++ {"CHECKAFTER_OUT_OF_RANGE", 58, 181}, ++ #endif ++ #ifdef CMP_R_ENCOUNTERED_KEYUPDATEWARNING ++ {"ENCOUNTERED_KEYUPDATEWARNING", ERR_LIB_CMP, CMP_R_ENCOUNTERED_KEYUPDATEWARNING}, ++ #else ++ {"ENCOUNTERED_KEYUPDATEWARNING", 58, 176}, ++ #endif ++ #ifdef CMP_R_ENCOUNTERED_WAITING ++ {"ENCOUNTERED_WAITING", ERR_LIB_CMP, CMP_R_ENCOUNTERED_WAITING}, ++ #else ++ {"ENCOUNTERED_WAITING", 58, 162}, ++ #endif ++ #ifdef CMP_R_ERROR_CALCULATING_PROTECTION ++ {"ERROR_CALCULATING_PROTECTION", ERR_LIB_CMP, CMP_R_ERROR_CALCULATING_PROTECTION}, ++ #else ++ {"ERROR_CALCULATING_PROTECTION", 58, 115}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_CERTCONF ++ {"ERROR_CREATING_CERTCONF", ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTCONF}, ++ #else ++ {"ERROR_CREATING_CERTCONF", 58, 116}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_CERTREP ++ {"ERROR_CREATING_CERTREP", ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP}, ++ #else ++ {"ERROR_CREATING_CERTREP", 58, 117}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_CERTREQ ++ {"ERROR_CREATING_CERTREQ", ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREQ}, ++ #else ++ {"ERROR_CREATING_CERTREQ", 58, 163}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_ERROR ++ {"ERROR_CREATING_ERROR", ERR_LIB_CMP, CMP_R_ERROR_CREATING_ERROR}, ++ #else ++ {"ERROR_CREATING_ERROR", 58, 118}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_GENM ++ {"ERROR_CREATING_GENM", ERR_LIB_CMP, CMP_R_ERROR_CREATING_GENM}, ++ #else ++ {"ERROR_CREATING_GENM", 58, 119}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_GENP ++ {"ERROR_CREATING_GENP", ERR_LIB_CMP, CMP_R_ERROR_CREATING_GENP}, ++ #else ++ {"ERROR_CREATING_GENP", 58, 120}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_PKICONF ++ {"ERROR_CREATING_PKICONF", ERR_LIB_CMP, CMP_R_ERROR_CREATING_PKICONF}, ++ #else ++ {"ERROR_CREATING_PKICONF", 58, 122}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_POLLREP ++ {"ERROR_CREATING_POLLREP", ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREP}, ++ #else ++ {"ERROR_CREATING_POLLREP", 58, 123}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_POLLREQ ++ {"ERROR_CREATING_POLLREQ", ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREQ}, ++ #else ++ {"ERROR_CREATING_POLLREQ", 58, 124}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_RP ++ {"ERROR_CREATING_RP", ERR_LIB_CMP, CMP_R_ERROR_CREATING_RP}, ++ #else ++ {"ERROR_CREATING_RP", 58, 125}, ++ #endif ++ #ifdef CMP_R_ERROR_CREATING_RR ++ {"ERROR_CREATING_RR", ERR_LIB_CMP, CMP_R_ERROR_CREATING_RR}, ++ #else ++ {"ERROR_CREATING_RR", 58, 126}, ++ #endif ++ #ifdef CMP_R_ERROR_PARSING_PKISTATUS ++ {"ERROR_PARSING_PKISTATUS", ERR_LIB_CMP, CMP_R_ERROR_PARSING_PKISTATUS}, ++ #else ++ {"ERROR_PARSING_PKISTATUS", 58, 107}, ++ #endif ++ #ifdef CMP_R_ERROR_PROCESSING_MESSAGE ++ {"ERROR_PROCESSING_MESSAGE", ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE}, ++ #else ++ {"ERROR_PROCESSING_MESSAGE", 58, 158}, ++ #endif ++ #ifdef CMP_R_ERROR_PROTECTING_MESSAGE ++ {"ERROR_PROTECTING_MESSAGE", ERR_LIB_CMP, CMP_R_ERROR_PROTECTING_MESSAGE}, ++ #else ++ {"ERROR_PROTECTING_MESSAGE", 58, 127}, ++ #endif ++ #ifdef CMP_R_ERROR_SETTING_CERTHASH ++ {"ERROR_SETTING_CERTHASH", ERR_LIB_CMP, CMP_R_ERROR_SETTING_CERTHASH}, ++ #else ++ {"ERROR_SETTING_CERTHASH", 58, 128}, ++ #endif ++ #ifdef CMP_R_ERROR_UNEXPECTED_CERTCONF ++ {"ERROR_UNEXPECTED_CERTCONF", ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF}, ++ #else ++ {"ERROR_UNEXPECTED_CERTCONF", 58, 160}, ++ #endif ++ #ifdef CMP_R_ERROR_VALIDATING_PROTECTION ++ {"ERROR_VALIDATING_PROTECTION", ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_PROTECTION}, ++ #else ++ {"ERROR_VALIDATING_PROTECTION", 58, 140}, ++ #endif ++ #ifdef CMP_R_ERROR_VALIDATING_SIGNATURE ++ {"ERROR_VALIDATING_SIGNATURE", ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE}, ++ #else ++ {"ERROR_VALIDATING_SIGNATURE", 58, 171}, ++ #endif ++ #ifdef CMP_R_FAILED_BUILDING_OWN_CHAIN ++ {"FAILED_BUILDING_OWN_CHAIN", ERR_LIB_CMP, CMP_R_FAILED_BUILDING_OWN_CHAIN}, ++ #else ++ {"FAILED_BUILDING_OWN_CHAIN", 58, 164}, ++ #endif ++ #ifdef CMP_R_FAILED_EXTRACTING_PUBKEY ++ {"FAILED_EXTRACTING_PUBKEY", ERR_LIB_CMP, CMP_R_FAILED_EXTRACTING_PUBKEY}, ++ #else ++ {"FAILED_EXTRACTING_PUBKEY", 58, 141}, ++ #endif ++ #ifdef CMP_R_FAILURE_OBTAINING_RANDOM ++ {"FAILURE_OBTAINING_RANDOM", ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM}, ++ #else ++ {"FAILURE_OBTAINING_RANDOM", 58, 110}, ++ #endif ++ #ifdef CMP_R_FAIL_INFO_OUT_OF_RANGE ++ {"FAIL_INFO_OUT_OF_RANGE", ERR_LIB_CMP, CMP_R_FAIL_INFO_OUT_OF_RANGE}, ++ #else ++ {"FAIL_INFO_OUT_OF_RANGE", 58, 129}, ++ #endif ++ #ifdef CMP_R_INVALID_ARGS ++ {"INVALID_ARGS", ERR_LIB_CMP, CMP_R_INVALID_ARGS}, ++ #else ++ {"INVALID_ARGS", 58, 100}, ++ #endif ++ #ifdef CMP_R_INVALID_OPTION ++ {"INVALID_OPTION", ERR_LIB_CMP, CMP_R_INVALID_OPTION}, ++ #else ++ {"INVALID_OPTION", 58, 174}, ++ #endif ++ #ifdef CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION ++ {"MISSING_KEY_INPUT_FOR_CREATING_PROTECTION", ERR_LIB_CMP, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION}, ++ #else ++ {"MISSING_KEY_INPUT_FOR_CREATING_PROTECTION", 58, 130}, ++ #endif ++ #ifdef CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE ++ {"MISSING_KEY_USAGE_DIGITALSIGNATURE", ERR_LIB_CMP, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE}, ++ #else ++ {"MISSING_KEY_USAGE_DIGITALSIGNATURE", 58, 142}, ++ #endif ++ #ifdef CMP_R_MISSING_P10CSR ++ {"MISSING_P10CSR", ERR_LIB_CMP, CMP_R_MISSING_P10CSR}, ++ #else ++ {"MISSING_P10CSR", 58, 121}, ++ #endif ++ #ifdef CMP_R_MISSING_PBM_SECRET ++ {"MISSING_PBM_SECRET", ERR_LIB_CMP, CMP_R_MISSING_PBM_SECRET}, ++ #else ++ {"MISSING_PBM_SECRET", 58, 166}, ++ #endif ++ #ifdef CMP_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 58, 131}, ++ #endif ++ #ifdef CMP_R_MISSING_PROTECTION ++ {"MISSING_PROTECTION", ERR_LIB_CMP, CMP_R_MISSING_PROTECTION}, ++ #else ++ {"MISSING_PROTECTION", 58, 143}, ++ #endif ++ #ifdef CMP_R_MISSING_REFERENCE_CERT ++ {"MISSING_REFERENCE_CERT", ERR_LIB_CMP, CMP_R_MISSING_REFERENCE_CERT}, ++ #else ++ {"MISSING_REFERENCE_CERT", 58, 168}, ++ #endif ++ #ifdef CMP_R_MISSING_SENDER_IDENTIFICATION ++ {"MISSING_SENDER_IDENTIFICATION", ERR_LIB_CMP, CMP_R_MISSING_SENDER_IDENTIFICATION}, ++ #else ++ {"MISSING_SENDER_IDENTIFICATION", 58, 111}, ++ #endif ++ #ifdef CMP_R_MISSING_TRUST_STORE ++ {"MISSING_TRUST_STORE", ERR_LIB_CMP, CMP_R_MISSING_TRUST_STORE}, ++ #else ++ {"MISSING_TRUST_STORE", 58, 144}, ++ #endif ++ #ifdef CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED ++ {"MULTIPLE_REQUESTS_NOT_SUPPORTED", ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED}, ++ #else ++ {"MULTIPLE_REQUESTS_NOT_SUPPORTED", 58, 161}, ++ #endif ++ #ifdef CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED ++ {"MULTIPLE_RESPONSES_NOT_SUPPORTED", ERR_LIB_CMP, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED}, ++ #else ++ {"MULTIPLE_RESPONSES_NOT_SUPPORTED", 58, 170}, ++ #endif ++ #ifdef CMP_R_MULTIPLE_SAN_SOURCES ++ {"MULTIPLE_SAN_SOURCES", ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES}, ++ #else ++ {"MULTIPLE_SAN_SOURCES", 58, 102}, ++ #endif ++ #ifdef CMP_R_NO_STDIO ++ {"NO_STDIO", ERR_LIB_CMP, CMP_R_NO_STDIO}, ++ #else ++ {"NO_STDIO", 58, 194}, ++ #endif ++ #ifdef CMP_R_NO_SUITABLE_SENDER_CERT ++ {"NO_SUITABLE_SENDER_CERT", ERR_LIB_CMP, CMP_R_NO_SUITABLE_SENDER_CERT}, ++ #else ++ {"NO_SUITABLE_SENDER_CERT", 58, 145}, ++ #endif ++ #ifdef CMP_R_NULL_ARGUMENT ++ {"NULL_ARGUMENT", ERR_LIB_CMP, CMP_R_NULL_ARGUMENT}, ++ #else ++ {"NULL_ARGUMENT", 58, 103}, ++ #endif ++ #ifdef CMP_R_PKIBODY_ERROR ++ {"PKIBODY_ERROR", ERR_LIB_CMP, CMP_R_PKIBODY_ERROR}, ++ #else ++ {"PKIBODY_ERROR", 58, 146}, ++ #endif ++ #ifdef CMP_R_PKISTATUSINFO_NOT_FOUND ++ {"PKISTATUSINFO_NOT_FOUND", ERR_LIB_CMP, CMP_R_PKISTATUSINFO_NOT_FOUND}, ++ #else ++ {"PKISTATUSINFO_NOT_FOUND", 58, 132}, ++ #endif ++ #ifdef CMP_R_POLLING_FAILED ++ {"POLLING_FAILED", ERR_LIB_CMP, CMP_R_POLLING_FAILED}, ++ #else ++ {"POLLING_FAILED", 58, 172}, ++ #endif ++ #ifdef CMP_R_POTENTIALLY_INVALID_CERTIFICATE ++ {"POTENTIALLY_INVALID_CERTIFICATE", ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE}, ++ #else ++ {"POTENTIALLY_INVALID_CERTIFICATE", 58, 147}, ++ #endif ++ #ifdef CMP_R_RECEIVED_ERROR ++ {"RECEIVED_ERROR", ERR_LIB_CMP, CMP_R_RECEIVED_ERROR}, ++ #else ++ {"RECEIVED_ERROR", 58, 180}, ++ #endif ++ #ifdef CMP_R_RECIPNONCE_UNMATCHED ++ {"RECIPNONCE_UNMATCHED", ERR_LIB_CMP, CMP_R_RECIPNONCE_UNMATCHED}, ++ #else ++ {"RECIPNONCE_UNMATCHED", 58, 148}, ++ #endif ++ #ifdef CMP_R_REQUEST_NOT_ACCEPTED ++ {"REQUEST_NOT_ACCEPTED", ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED}, ++ #else ++ {"REQUEST_NOT_ACCEPTED", 58, 149}, ++ #endif ++ #ifdef CMP_R_REQUEST_REJECTED_BY_SERVER ++ {"REQUEST_REJECTED_BY_SERVER", ERR_LIB_CMP, CMP_R_REQUEST_REJECTED_BY_SERVER}, ++ #else ++ {"REQUEST_REJECTED_BY_SERVER", 58, 182}, ++ #endif ++ #ifdef CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED ++ {"SENDER_GENERALNAME_TYPE_NOT_SUPPORTED", ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED}, ++ #else ++ {"SENDER_GENERALNAME_TYPE_NOT_SUPPORTED", 58, 150}, ++ #endif ++ #ifdef CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG ++ {"SRVCERT_DOES_NOT_VALIDATE_MSG", ERR_LIB_CMP, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG}, ++ #else ++ {"SRVCERT_DOES_NOT_VALIDATE_MSG", 58, 151}, ++ #endif ++ #ifdef CMP_R_TOTAL_TIMEOUT ++ {"TOTAL_TIMEOUT", ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT}, ++ #else ++ {"TOTAL_TIMEOUT", 58, 184}, ++ #endif ++ #ifdef CMP_R_TRANSACTIONID_UNMATCHED ++ {"TRANSACTIONID_UNMATCHED", ERR_LIB_CMP, CMP_R_TRANSACTIONID_UNMATCHED}, ++ #else ++ {"TRANSACTIONID_UNMATCHED", 58, 152}, ++ #endif ++ #ifdef CMP_R_TRANSFER_ERROR ++ {"TRANSFER_ERROR", ERR_LIB_CMP, CMP_R_TRANSFER_ERROR}, ++ #else ++ {"TRANSFER_ERROR", 58, 159}, ++ #endif ++ #ifdef CMP_R_UNEXPECTED_PKIBODY ++ {"UNEXPECTED_PKIBODY", ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY}, ++ #else ++ {"UNEXPECTED_PKIBODY", 58, 133}, ++ #endif ++ #ifdef CMP_R_UNEXPECTED_PKISTATUS ++ {"UNEXPECTED_PKISTATUS", ERR_LIB_CMP, CMP_R_UNEXPECTED_PKISTATUS}, ++ #else ++ {"UNEXPECTED_PKISTATUS", 58, 185}, ++ #endif ++ #ifdef CMP_R_UNEXPECTED_PVNO ++ {"UNEXPECTED_PVNO", ERR_LIB_CMP, CMP_R_UNEXPECTED_PVNO}, ++ #else ++ {"UNEXPECTED_PVNO", 58, 153}, ++ #endif ++ #ifdef CMP_R_UNKNOWN_ALGORITHM_ID ++ {"UNKNOWN_ALGORITHM_ID", ERR_LIB_CMP, CMP_R_UNKNOWN_ALGORITHM_ID}, ++ #else ++ {"UNKNOWN_ALGORITHM_ID", 58, 134}, ++ #endif ++ #ifdef CMP_R_UNKNOWN_CERT_TYPE ++ {"UNKNOWN_CERT_TYPE", ERR_LIB_CMP, CMP_R_UNKNOWN_CERT_TYPE}, ++ #else ++ {"UNKNOWN_CERT_TYPE", 58, 135}, ++ #endif ++ #ifdef CMP_R_UNKNOWN_PKISTATUS ++ {"UNKNOWN_PKISTATUS", ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS}, ++ #else ++ {"UNKNOWN_PKISTATUS", 58, 186}, ++ #endif ++ #ifdef CMP_R_UNSUPPORTED_ALGORITHM ++ {"UNSUPPORTED_ALGORITHM", ERR_LIB_CMP, CMP_R_UNSUPPORTED_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_ALGORITHM", 58, 136}, ++ #endif ++ #ifdef CMP_R_UNSUPPORTED_KEY_TYPE ++ {"UNSUPPORTED_KEY_TYPE", ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE}, ++ #else ++ {"UNSUPPORTED_KEY_TYPE", 58, 137}, ++ #endif ++ #ifdef CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC ++ {"UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC", ERR_LIB_CMP, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC}, ++ #else ++ {"UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC", 58, 154}, ++ #endif ++ #ifdef CMP_R_VALUE_TOO_LARGE ++ {"VALUE_TOO_LARGE", ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE}, ++ #else ++ {"VALUE_TOO_LARGE", 58, 175}, ++ #endif ++ #ifdef CMP_R_VALUE_TOO_SMALL ++ {"VALUE_TOO_SMALL", ERR_LIB_CMP, CMP_R_VALUE_TOO_SMALL}, ++ #else ++ {"VALUE_TOO_SMALL", 58, 177}, ++ #endif ++ #ifdef CMP_R_WRONG_ALGORITHM_OID ++ {"WRONG_ALGORITHM_OID", ERR_LIB_CMP, CMP_R_WRONG_ALGORITHM_OID}, ++ #else ++ {"WRONG_ALGORITHM_OID", 58, 138}, ++ #endif ++ #ifdef CMP_R_WRONG_CERTID_IN_RP ++ {"WRONG_CERTID_IN_RP", ERR_LIB_CMP, CMP_R_WRONG_CERTID_IN_RP}, ++ #else ++ {"WRONG_CERTID_IN_RP", 58, 187}, ++ #endif ++ #ifdef CMP_R_WRONG_PBM_VALUE ++ {"WRONG_PBM_VALUE", ERR_LIB_CMP, CMP_R_WRONG_PBM_VALUE}, ++ #else ++ {"WRONG_PBM_VALUE", 58, 155}, ++ #endif ++ #ifdef CMP_R_WRONG_RP_COMPONENT_COUNT ++ {"WRONG_RP_COMPONENT_COUNT", ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT}, ++ #else ++ {"WRONG_RP_COMPONENT_COUNT", 58, 188}, ++ #endif ++ #ifdef CMP_R_WRONG_SERIAL_IN_RP ++ {"WRONG_SERIAL_IN_RP", ERR_LIB_CMP, CMP_R_WRONG_SERIAL_IN_RP}, ++ #else ++ {"WRONG_SERIAL_IN_RP", 58, 173}, ++ #endif ++ #ifdef CMS_R_ADD_SIGNER_ERROR ++ {"ADD_SIGNER_ERROR", ERR_LIB_CMS, CMS_R_ADD_SIGNER_ERROR}, ++ #else ++ {"ADD_SIGNER_ERROR", 46, 99}, ++ #endif ++ #ifdef CMS_R_ATTRIBUTE_ERROR ++ {"ATTRIBUTE_ERROR", ERR_LIB_CMS, CMS_R_ATTRIBUTE_ERROR}, ++ #else ++ {"ATTRIBUTE_ERROR", 46, 161}, ++ #endif ++ #ifdef CMS_R_CERTIFICATE_ALREADY_PRESENT ++ {"CERTIFICATE_ALREADY_PRESENT", ERR_LIB_CMS, CMS_R_CERTIFICATE_ALREADY_PRESENT}, ++ #else ++ {"CERTIFICATE_ALREADY_PRESENT", 46, 175}, ++ #endif ++ #ifdef CMS_R_CERTIFICATE_HAS_NO_KEYID ++ {"CERTIFICATE_HAS_NO_KEYID", ERR_LIB_CMS, CMS_R_CERTIFICATE_HAS_NO_KEYID}, ++ #else ++ {"CERTIFICATE_HAS_NO_KEYID", 46, 160}, ++ #endif ++ #ifdef CMS_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_CMS, CMS_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 46, 100}, ++ #endif ++ #ifdef CMS_R_CIPHER_AEAD_SET_TAG_ERROR ++ {"CIPHER_AEAD_SET_TAG_ERROR", ERR_LIB_CMS, CMS_R_CIPHER_AEAD_SET_TAG_ERROR}, ++ #else ++ {"CIPHER_AEAD_SET_TAG_ERROR", 46, 184}, ++ #endif ++ #ifdef CMS_R_CIPHER_GET_TAG ++ {"CIPHER_GET_TAG", ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG}, ++ #else ++ {"CIPHER_GET_TAG", 46, 185}, ++ #endif ++ #ifdef CMS_R_CIPHER_INITIALISATION_ERROR ++ {"CIPHER_INITIALISATION_ERROR", ERR_LIB_CMS, CMS_R_CIPHER_INITIALISATION_ERROR}, ++ #else ++ {"CIPHER_INITIALISATION_ERROR", 46, 101}, ++ #endif ++ #ifdef CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR ++ {"CIPHER_PARAMETER_INITIALISATION_ERROR", ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR}, ++ #else ++ {"CIPHER_PARAMETER_INITIALISATION_ERROR", 46, 102}, ++ #endif ++ #ifdef CMS_R_CMS_DATAFINAL_ERROR ++ {"CMS_DATAFINAL_ERROR", ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR}, ++ #else ++ {"CMS_DATAFINAL_ERROR", 46, 103}, ++ #endif ++ #ifdef CMS_R_CMS_LIB ++ {"CMS_LIB", ERR_LIB_CMS, CMS_R_CMS_LIB}, ++ #else ++ {"CMS_LIB", 46, 104}, ++ #endif ++ #ifdef CMS_R_CONTENTIDENTIFIER_MISMATCH ++ {"CONTENTIDENTIFIER_MISMATCH", ERR_LIB_CMS, CMS_R_CONTENTIDENTIFIER_MISMATCH}, ++ #else ++ {"CONTENTIDENTIFIER_MISMATCH", 46, 170}, ++ #endif ++ #ifdef CMS_R_CONTENT_NOT_FOUND ++ {"CONTENT_NOT_FOUND", ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND}, ++ #else ++ {"CONTENT_NOT_FOUND", 46, 105}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_MISMATCH ++ {"CONTENT_TYPE_MISMATCH", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_MISMATCH}, ++ #else ++ {"CONTENT_TYPE_MISMATCH", 46, 171}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA ++ {"CONTENT_TYPE_NOT_COMPRESSED_DATA", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_COMPRESSED_DATA", 46, 106}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA ++ {"CONTENT_TYPE_NOT_ENVELOPED_DATA", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_ENVELOPED_DATA", 46, 107}, ++ #endif ++ #ifdef CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA ++ {"CONTENT_TYPE_NOT_SIGNED_DATA", ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_SIGNED_DATA", 46, 108}, ++ #endif ++ #ifdef CMS_R_CONTENT_VERIFY_ERROR ++ {"CONTENT_VERIFY_ERROR", ERR_LIB_CMS, CMS_R_CONTENT_VERIFY_ERROR}, ++ #else ++ {"CONTENT_VERIFY_ERROR", 46, 109}, ++ #endif ++ #ifdef CMS_R_CTRL_ERROR ++ {"CTRL_ERROR", ERR_LIB_CMS, CMS_R_CTRL_ERROR}, ++ #else ++ {"CTRL_ERROR", 46, 110}, ++ #endif ++ #ifdef CMS_R_CTRL_FAILURE ++ {"CTRL_FAILURE", ERR_LIB_CMS, CMS_R_CTRL_FAILURE}, ++ #else ++ {"CTRL_FAILURE", 46, 111}, ++ #endif ++ #ifdef CMS_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_CMS, CMS_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 46, 187}, ++ #endif ++ #ifdef CMS_R_DECRYPT_ERROR ++ {"DECRYPT_ERROR", ERR_LIB_CMS, CMS_R_DECRYPT_ERROR}, ++ #else ++ {"DECRYPT_ERROR", 46, 112}, ++ #endif ++ #ifdef CMS_R_ERROR_GETTING_PUBLIC_KEY ++ {"ERROR_GETTING_PUBLIC_KEY", ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY}, ++ #else ++ {"ERROR_GETTING_PUBLIC_KEY", 46, 113}, ++ #endif ++ #ifdef CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE ++ {"ERROR_READING_MESSAGEDIGEST_ATTRIBUTE", ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE}, ++ #else ++ {"ERROR_READING_MESSAGEDIGEST_ATTRIBUTE", 46, 114}, ++ #endif ++ #ifdef CMS_R_ERROR_SETTING_KEY ++ {"ERROR_SETTING_KEY", ERR_LIB_CMS, CMS_R_ERROR_SETTING_KEY}, ++ #else ++ {"ERROR_SETTING_KEY", 46, 115}, ++ #endif ++ #ifdef CMS_R_ERROR_SETTING_RECIPIENTINFO ++ {"ERROR_SETTING_RECIPIENTINFO", ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO}, ++ #else ++ {"ERROR_SETTING_RECIPIENTINFO", 46, 116}, ++ #endif ++ #ifdef CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR ++ {"ESS_SIGNING_CERTID_MISMATCH_ERROR", ERR_LIB_CMS, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR}, ++ #else ++ {"ESS_SIGNING_CERTID_MISMATCH_ERROR", 46, 183}, ++ #endif ++ #ifdef CMS_R_INVALID_ENCRYPTED_KEY_LENGTH ++ {"INVALID_ENCRYPTED_KEY_LENGTH", ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH}, ++ #else ++ {"INVALID_ENCRYPTED_KEY_LENGTH", 46, 117}, ++ #endif ++ #ifdef CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER ++ {"INVALID_KEY_ENCRYPTION_PARAMETER", ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER}, ++ #else ++ {"INVALID_KEY_ENCRYPTION_PARAMETER", 46, 176}, ++ #endif ++ #ifdef CMS_R_INVALID_KEY_LENGTH ++ {"INVALID_KEY_LENGTH", ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH}, ++ #else ++ {"INVALID_KEY_LENGTH", 46, 118}, ++ #endif ++ #ifdef CMS_R_INVALID_LABEL ++ {"INVALID_LABEL", ERR_LIB_CMS, CMS_R_INVALID_LABEL}, ++ #else ++ {"INVALID_LABEL", 46, 190}, ++ #endif ++ #ifdef CMS_R_INVALID_OAEP_PARAMETERS ++ {"INVALID_OAEP_PARAMETERS", ERR_LIB_CMS, CMS_R_INVALID_OAEP_PARAMETERS}, ++ #else ++ {"INVALID_OAEP_PARAMETERS", 46, 191}, ++ #endif ++ #ifdef CMS_R_KDF_PARAMETER_ERROR ++ {"KDF_PARAMETER_ERROR", ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR}, ++ #else ++ {"KDF_PARAMETER_ERROR", 46, 186}, ++ #endif ++ #ifdef CMS_R_MD_BIO_INIT_ERROR ++ {"MD_BIO_INIT_ERROR", ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR}, ++ #else ++ {"MD_BIO_INIT_ERROR", 46, 119}, ++ #endif ++ #ifdef CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH ++ {"MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH", ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH}, ++ #else ++ {"MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH", 46, 120}, ++ #endif ++ #ifdef CMS_R_MESSAGEDIGEST_WRONG_LENGTH ++ {"MESSAGEDIGEST_WRONG_LENGTH", ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_WRONG_LENGTH}, ++ #else ++ {"MESSAGEDIGEST_WRONG_LENGTH", 46, 121}, ++ #endif ++ #ifdef CMS_R_MSGSIGDIGEST_ERROR ++ {"MSGSIGDIGEST_ERROR", ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_ERROR}, ++ #else ++ {"MSGSIGDIGEST_ERROR", 46, 172}, ++ #endif ++ #ifdef CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE ++ {"MSGSIGDIGEST_VERIFICATION_FAILURE", ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE}, ++ #else ++ {"MSGSIGDIGEST_VERIFICATION_FAILURE", 46, 162}, ++ #endif ++ #ifdef CMS_R_MSGSIGDIGEST_WRONG_LENGTH ++ {"MSGSIGDIGEST_WRONG_LENGTH", ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_WRONG_LENGTH}, ++ #else ++ {"MSGSIGDIGEST_WRONG_LENGTH", 46, 163}, ++ #endif ++ #ifdef CMS_R_NEED_ONE_SIGNER ++ {"NEED_ONE_SIGNER", ERR_LIB_CMS, CMS_R_NEED_ONE_SIGNER}, ++ #else ++ {"NEED_ONE_SIGNER", 46, 164}, ++ #endif ++ #ifdef CMS_R_NOT_A_SIGNED_RECEIPT ++ {"NOT_A_SIGNED_RECEIPT", ERR_LIB_CMS, CMS_R_NOT_A_SIGNED_RECEIPT}, ++ #else ++ {"NOT_A_SIGNED_RECEIPT", 46, 165}, ++ #endif ++ #ifdef CMS_R_NOT_ENCRYPTED_DATA ++ {"NOT_ENCRYPTED_DATA", ERR_LIB_CMS, CMS_R_NOT_ENCRYPTED_DATA}, ++ #else ++ {"NOT_ENCRYPTED_DATA", 46, 122}, ++ #endif ++ #ifdef CMS_R_NOT_KEK ++ {"NOT_KEK", ERR_LIB_CMS, CMS_R_NOT_KEK}, ++ #else ++ {"NOT_KEK", 46, 123}, ++ #endif ++ #ifdef CMS_R_NOT_KEY_AGREEMENT ++ {"NOT_KEY_AGREEMENT", ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT}, ++ #else ++ {"NOT_KEY_AGREEMENT", 46, 181}, ++ #endif ++ #ifdef CMS_R_NOT_KEY_TRANSPORT ++ {"NOT_KEY_TRANSPORT", ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT}, ++ #else ++ {"NOT_KEY_TRANSPORT", 46, 124}, ++ #endif ++ #ifdef CMS_R_NOT_PWRI ++ {"NOT_PWRI", ERR_LIB_CMS, CMS_R_NOT_PWRI}, ++ #else ++ {"NOT_PWRI", 46, 177}, ++ #endif ++ #ifdef CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE ++ {"NOT_SUPPORTED_FOR_THIS_KEY_TYPE", ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE}, ++ #else ++ {"NOT_SUPPORTED_FOR_THIS_KEY_TYPE", 46, 125}, ++ #endif ++ #ifdef CMS_R_NO_CIPHER ++ {"NO_CIPHER", ERR_LIB_CMS, CMS_R_NO_CIPHER}, ++ #else ++ {"NO_CIPHER", 46, 126}, ++ #endif ++ #ifdef CMS_R_NO_CONTENT ++ {"NO_CONTENT", ERR_LIB_CMS, CMS_R_NO_CONTENT}, ++ #else ++ {"NO_CONTENT", 46, 127}, ++ #endif ++ #ifdef CMS_R_NO_CONTENT_TYPE ++ {"NO_CONTENT_TYPE", ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE}, ++ #else ++ {"NO_CONTENT_TYPE", 46, 173}, ++ #endif ++ #ifdef CMS_R_NO_DEFAULT_DIGEST ++ {"NO_DEFAULT_DIGEST", ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST}, ++ #else ++ {"NO_DEFAULT_DIGEST", 46, 128}, ++ #endif ++ #ifdef CMS_R_NO_DIGEST_SET ++ {"NO_DIGEST_SET", ERR_LIB_CMS, CMS_R_NO_DIGEST_SET}, ++ #else ++ {"NO_DIGEST_SET", 46, 129}, ++ #endif ++ #ifdef CMS_R_NO_KEY ++ {"NO_KEY", ERR_LIB_CMS, CMS_R_NO_KEY}, ++ #else ++ {"NO_KEY", 46, 130}, ++ #endif ++ #ifdef CMS_R_NO_KEY_OR_CERT ++ {"NO_KEY_OR_CERT", ERR_LIB_CMS, CMS_R_NO_KEY_OR_CERT}, ++ #else ++ {"NO_KEY_OR_CERT", 46, 174}, ++ #endif ++ #ifdef CMS_R_NO_MATCHING_DIGEST ++ {"NO_MATCHING_DIGEST", ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST}, ++ #else ++ {"NO_MATCHING_DIGEST", 46, 131}, ++ #endif ++ #ifdef CMS_R_NO_MATCHING_RECIPIENT ++ {"NO_MATCHING_RECIPIENT", ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT}, ++ #else ++ {"NO_MATCHING_RECIPIENT", 46, 132}, ++ #endif ++ #ifdef CMS_R_NO_MATCHING_SIGNATURE ++ {"NO_MATCHING_SIGNATURE", ERR_LIB_CMS, CMS_R_NO_MATCHING_SIGNATURE}, ++ #else ++ {"NO_MATCHING_SIGNATURE", 46, 166}, ++ #endif ++ #ifdef CMS_R_NO_MSGSIGDIGEST ++ {"NO_MSGSIGDIGEST", ERR_LIB_CMS, CMS_R_NO_MSGSIGDIGEST}, ++ #else ++ {"NO_MSGSIGDIGEST", 46, 167}, ++ #endif ++ #ifdef CMS_R_NO_PASSWORD ++ {"NO_PASSWORD", ERR_LIB_CMS, CMS_R_NO_PASSWORD}, ++ #else ++ {"NO_PASSWORD", 46, 178}, ++ #endif ++ #ifdef CMS_R_NO_PRIVATE_KEY ++ {"NO_PRIVATE_KEY", ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY}, ++ #else ++ {"NO_PRIVATE_KEY", 46, 133}, ++ #endif ++ #ifdef CMS_R_NO_PUBLIC_KEY ++ {"NO_PUBLIC_KEY", ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY}, ++ #else ++ {"NO_PUBLIC_KEY", 46, 134}, ++ #endif ++ #ifdef CMS_R_NO_RECEIPT_REQUEST ++ {"NO_RECEIPT_REQUEST", ERR_LIB_CMS, CMS_R_NO_RECEIPT_REQUEST}, ++ #else ++ {"NO_RECEIPT_REQUEST", 46, 168}, ++ #endif ++ #ifdef CMS_R_NO_SIGNERS ++ {"NO_SIGNERS", ERR_LIB_CMS, CMS_R_NO_SIGNERS}, ++ #else ++ {"NO_SIGNERS", 46, 135}, ++ #endif ++ #ifdef CMS_R_PEER_KEY_ERROR ++ {"PEER_KEY_ERROR", ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR}, ++ #else ++ {"PEER_KEY_ERROR", 46, 188}, ++ #endif ++ #ifdef CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 46, 136}, ++ #endif ++ #ifdef CMS_R_RECEIPT_DECODE_ERROR ++ {"RECEIPT_DECODE_ERROR", ERR_LIB_CMS, CMS_R_RECEIPT_DECODE_ERROR}, ++ #else ++ {"RECEIPT_DECODE_ERROR", 46, 169}, ++ #endif ++ #ifdef CMS_R_RECIPIENT_ERROR ++ {"RECIPIENT_ERROR", ERR_LIB_CMS, CMS_R_RECIPIENT_ERROR}, ++ #else ++ {"RECIPIENT_ERROR", 46, 137}, ++ #endif ++ #ifdef CMS_R_SHARED_INFO_ERROR ++ {"SHARED_INFO_ERROR", ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR}, ++ #else ++ {"SHARED_INFO_ERROR", 46, 189}, ++ #endif ++ #ifdef CMS_R_SIGNER_CERTIFICATE_NOT_FOUND ++ {"SIGNER_CERTIFICATE_NOT_FOUND", ERR_LIB_CMS, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"SIGNER_CERTIFICATE_NOT_FOUND", 46, 138}, ++ #endif ++ #ifdef CMS_R_SIGNFINAL_ERROR ++ {"SIGNFINAL_ERROR", ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR}, ++ #else ++ {"SIGNFINAL_ERROR", 46, 139}, ++ #endif ++ #ifdef CMS_R_SMIME_TEXT_ERROR ++ {"SMIME_TEXT_ERROR", ERR_LIB_CMS, CMS_R_SMIME_TEXT_ERROR}, ++ #else ++ {"SMIME_TEXT_ERROR", 46, 140}, ++ #endif ++ #ifdef CMS_R_STORE_INIT_ERROR ++ {"STORE_INIT_ERROR", ERR_LIB_CMS, CMS_R_STORE_INIT_ERROR}, ++ #else ++ {"STORE_INIT_ERROR", 46, 141}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_COMPRESSED_DATA ++ {"TYPE_NOT_COMPRESSED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_COMPRESSED_DATA}, ++ #else ++ {"TYPE_NOT_COMPRESSED_DATA", 46, 142}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_DATA ++ {"TYPE_NOT_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_DATA}, ++ #else ++ {"TYPE_NOT_DATA", 46, 143}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_DIGESTED_DATA ++ {"TYPE_NOT_DIGESTED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_DIGESTED_DATA}, ++ #else ++ {"TYPE_NOT_DIGESTED_DATA", 46, 144}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_ENCRYPTED_DATA ++ {"TYPE_NOT_ENCRYPTED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_ENCRYPTED_DATA}, ++ #else ++ {"TYPE_NOT_ENCRYPTED_DATA", 46, 145}, ++ #endif ++ #ifdef CMS_R_TYPE_NOT_ENVELOPED_DATA ++ {"TYPE_NOT_ENVELOPED_DATA", ERR_LIB_CMS, CMS_R_TYPE_NOT_ENVELOPED_DATA}, ++ #else ++ {"TYPE_NOT_ENVELOPED_DATA", 46, 146}, ++ #endif ++ #ifdef CMS_R_UNABLE_TO_FINALIZE_CONTEXT ++ {"UNABLE_TO_FINALIZE_CONTEXT", ERR_LIB_CMS, CMS_R_UNABLE_TO_FINALIZE_CONTEXT}, ++ #else ++ {"UNABLE_TO_FINALIZE_CONTEXT", 46, 147}, ++ #endif ++ #ifdef CMS_R_UNKNOWN_CIPHER ++ {"UNKNOWN_CIPHER", ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER}, ++ #else ++ {"UNKNOWN_CIPHER", 46, 148}, ++ #endif ++ #ifdef CMS_R_UNKNOWN_DIGEST_ALGORITHM ++ {"UNKNOWN_DIGEST_ALGORITHM", ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM}, ++ #else ++ {"UNKNOWN_DIGEST_ALGORITHM", 46, 149}, ++ #endif ++ #ifdef CMS_R_UNKNOWN_ID ++ {"UNKNOWN_ID", ERR_LIB_CMS, CMS_R_UNKNOWN_ID}, ++ #else ++ {"UNKNOWN_ID", 46, 150}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", 46, 151}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_CONTENT_TYPE ++ {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE}, ++ #else ++ {"UNSUPPORTED_CONTENT_TYPE", 46, 152}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_ENCRYPTION_TYPE ++ {"UNSUPPORTED_ENCRYPTION_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE}, ++ #else ++ {"UNSUPPORTED_ENCRYPTION_TYPE", 46, 192}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_KEK_ALGORITHM ++ {"UNSUPPORTED_KEK_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_KEK_ALGORITHM", 46, 153}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM ++ {"UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM", 46, 179}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_LABEL_SOURCE ++ {"UNSUPPORTED_LABEL_SOURCE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE}, ++ #else ++ {"UNSUPPORTED_LABEL_SOURCE", 46, 193}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE ++ {"UNSUPPORTED_RECIPIENTINFO_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE}, ++ #else ++ {"UNSUPPORTED_RECIPIENTINFO_TYPE", 46, 155}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_RECIPIENT_TYPE ++ {"UNSUPPORTED_RECIPIENT_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE}, ++ #else ++ {"UNSUPPORTED_RECIPIENT_TYPE", 46, 154}, ++ #endif ++ #ifdef CMS_R_UNSUPPORTED_TYPE ++ {"UNSUPPORTED_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE}, ++ #else ++ {"UNSUPPORTED_TYPE", 46, 156}, ++ #endif ++ #ifdef CMS_R_UNWRAP_ERROR ++ {"UNWRAP_ERROR", ERR_LIB_CMS, CMS_R_UNWRAP_ERROR}, ++ #else ++ {"UNWRAP_ERROR", 46, 157}, ++ #endif ++ #ifdef CMS_R_UNWRAP_FAILURE ++ {"UNWRAP_FAILURE", ERR_LIB_CMS, CMS_R_UNWRAP_FAILURE}, ++ #else ++ {"UNWRAP_FAILURE", 46, 180}, ++ #endif ++ #ifdef CMS_R_VERIFICATION_FAILURE ++ {"VERIFICATION_FAILURE", ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE}, ++ #else ++ {"VERIFICATION_FAILURE", 46, 158}, ++ #endif ++ #ifdef CMS_R_WRAP_ERROR ++ {"WRAP_ERROR", ERR_LIB_CMS, CMS_R_WRAP_ERROR}, ++ #else ++ {"WRAP_ERROR", 46, 159}, ++ #endif ++ #ifdef COMP_R_ZLIB_DEFLATE_ERROR ++ {"ZLIB_DEFLATE_ERROR", ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR}, ++ #else ++ {"ZLIB_DEFLATE_ERROR", 41, 99}, ++ #endif ++ #ifdef COMP_R_ZLIB_INFLATE_ERROR ++ {"ZLIB_INFLATE_ERROR", ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR}, ++ #else ++ {"ZLIB_INFLATE_ERROR", 41, 100}, ++ #endif ++ #ifdef COMP_R_ZLIB_NOT_SUPPORTED ++ {"ZLIB_NOT_SUPPORTED", ERR_LIB_COMP, COMP_R_ZLIB_NOT_SUPPORTED}, ++ #else ++ {"ZLIB_NOT_SUPPORTED", 41, 101}, ++ #endif ++ #ifdef CONF_R_ERROR_LOADING_DSO ++ {"ERROR_LOADING_DSO", ERR_LIB_CONF, CONF_R_ERROR_LOADING_DSO}, ++ #else ++ {"ERROR_LOADING_DSO", 14, 110}, ++ #endif ++ #ifdef CONF_R_INVALID_PRAGMA ++ {"INVALID_PRAGMA", ERR_LIB_CONF, CONF_R_INVALID_PRAGMA}, ++ #else ++ {"INVALID_PRAGMA", 14, 122}, ++ #endif ++ #ifdef CONF_R_LIST_CANNOT_BE_NULL ++ {"LIST_CANNOT_BE_NULL", ERR_LIB_CONF, CONF_R_LIST_CANNOT_BE_NULL}, ++ #else ++ {"LIST_CANNOT_BE_NULL", 14, 115}, ++ #endif ++ #ifdef CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION ++ {"MANDATORY_BRACES_IN_VARIABLE_EXPANSION", ERR_LIB_CONF, CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION}, ++ #else ++ {"MANDATORY_BRACES_IN_VARIABLE_EXPANSION", 14, 123}, ++ #endif ++ #ifdef CONF_R_MISSING_CLOSE_SQUARE_BRACKET ++ {"MISSING_CLOSE_SQUARE_BRACKET", ERR_LIB_CONF, CONF_R_MISSING_CLOSE_SQUARE_BRACKET}, ++ #else ++ {"MISSING_CLOSE_SQUARE_BRACKET", 14, 100}, ++ #endif ++ #ifdef CONF_R_MISSING_EQUAL_SIGN ++ {"MISSING_EQUAL_SIGN", ERR_LIB_CONF, CONF_R_MISSING_EQUAL_SIGN}, ++ #else ++ {"MISSING_EQUAL_SIGN", 14, 101}, ++ #endif ++ #ifdef CONF_R_MISSING_INIT_FUNCTION ++ {"MISSING_INIT_FUNCTION", ERR_LIB_CONF, CONF_R_MISSING_INIT_FUNCTION}, ++ #else ++ {"MISSING_INIT_FUNCTION", 14, 112}, ++ #endif ++ #ifdef CONF_R_MODULE_INITIALIZATION_ERROR ++ {"MODULE_INITIALIZATION_ERROR", ERR_LIB_CONF, CONF_R_MODULE_INITIALIZATION_ERROR}, ++ #else ++ {"MODULE_INITIALIZATION_ERROR", 14, 109}, ++ #endif ++ #ifdef CONF_R_NO_CLOSE_BRACE ++ {"NO_CLOSE_BRACE", ERR_LIB_CONF, CONF_R_NO_CLOSE_BRACE}, ++ #else ++ {"NO_CLOSE_BRACE", 14, 102}, ++ #endif ++ #ifdef CONF_R_NO_CONF ++ {"NO_CONF", ERR_LIB_CONF, CONF_R_NO_CONF}, ++ #else ++ {"NO_CONF", 14, 105}, ++ #endif ++ #ifdef CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ++ {"NO_CONF_OR_ENVIRONMENT_VARIABLE", ERR_LIB_CONF, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE}, ++ #else ++ {"NO_CONF_OR_ENVIRONMENT_VARIABLE", 14, 106}, ++ #endif ++ #ifdef CONF_R_NO_SECTION ++ {"NO_SECTION", ERR_LIB_CONF, CONF_R_NO_SECTION}, ++ #else ++ {"NO_SECTION", 14, 107}, ++ #endif ++ #ifdef CONF_R_NO_SUCH_FILE ++ {"NO_SUCH_FILE", ERR_LIB_CONF, CONF_R_NO_SUCH_FILE}, ++ #else ++ {"NO_SUCH_FILE", 14, 114}, ++ #endif ++ #ifdef CONF_R_NO_VALUE ++ {"NO_VALUE", ERR_LIB_CONF, CONF_R_NO_VALUE}, ++ #else ++ {"NO_VALUE", 14, 108}, ++ #endif ++ #ifdef CONF_R_NUMBER_TOO_LARGE ++ {"NUMBER_TOO_LARGE", ERR_LIB_CONF, CONF_R_NUMBER_TOO_LARGE}, ++ #else ++ {"NUMBER_TOO_LARGE", 14, 121}, ++ #endif ++ #ifdef CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION ++ {"OPENSSL_CONF_REFERENCES_MISSING_SECTION", ERR_LIB_CONF, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION}, ++ #else ++ {"OPENSSL_CONF_REFERENCES_MISSING_SECTION", 14, 124}, ++ #endif ++ #ifdef CONF_R_RECURSIVE_DIRECTORY_INCLUDE ++ {"RECURSIVE_DIRECTORY_INCLUDE", ERR_LIB_CONF, CONF_R_RECURSIVE_DIRECTORY_INCLUDE}, ++ #else ++ {"RECURSIVE_DIRECTORY_INCLUDE", 14, 111}, ++ #endif ++ #ifdef CONF_R_SSL_COMMAND_SECTION_EMPTY ++ {"SSL_COMMAND_SECTION_EMPTY", ERR_LIB_CONF, CONF_R_SSL_COMMAND_SECTION_EMPTY}, ++ #else ++ {"SSL_COMMAND_SECTION_EMPTY", 14, 117}, ++ #endif ++ #ifdef CONF_R_SSL_COMMAND_SECTION_NOT_FOUND ++ {"SSL_COMMAND_SECTION_NOT_FOUND", ERR_LIB_CONF, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_COMMAND_SECTION_NOT_FOUND", 14, 118}, ++ #endif ++ #ifdef CONF_R_SSL_SECTION_EMPTY ++ {"SSL_SECTION_EMPTY", ERR_LIB_CONF, CONF_R_SSL_SECTION_EMPTY}, ++ #else ++ {"SSL_SECTION_EMPTY", 14, 119}, ++ #endif ++ #ifdef CONF_R_SSL_SECTION_NOT_FOUND ++ {"SSL_SECTION_NOT_FOUND", ERR_LIB_CONF, CONF_R_SSL_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_SECTION_NOT_FOUND", 14, 120}, ++ #endif ++ #ifdef CONF_R_UNABLE_TO_CREATE_NEW_SECTION ++ {"UNABLE_TO_CREATE_NEW_SECTION", ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION}, ++ #else ++ {"UNABLE_TO_CREATE_NEW_SECTION", 14, 103}, ++ #endif ++ #ifdef CONF_R_UNKNOWN_MODULE_NAME ++ {"UNKNOWN_MODULE_NAME", ERR_LIB_CONF, CONF_R_UNKNOWN_MODULE_NAME}, ++ #else ++ {"UNKNOWN_MODULE_NAME", 14, 113}, ++ #endif ++ #ifdef CONF_R_VARIABLE_EXPANSION_TOO_LONG ++ {"VARIABLE_EXPANSION_TOO_LONG", ERR_LIB_CONF, CONF_R_VARIABLE_EXPANSION_TOO_LONG}, ++ #else ++ {"VARIABLE_EXPANSION_TOO_LONG", 14, 116}, ++ #endif ++ #ifdef CONF_R_VARIABLE_HAS_NO_VALUE ++ {"VARIABLE_HAS_NO_VALUE", ERR_LIB_CONF, CONF_R_VARIABLE_HAS_NO_VALUE}, ++ #else ++ {"VARIABLE_HAS_NO_VALUE", 14, 104}, ++ #endif ++ #ifdef CRMF_R_BAD_PBM_ITERATIONCOUNT ++ {"BAD_PBM_ITERATIONCOUNT", ERR_LIB_CRMF, CRMF_R_BAD_PBM_ITERATIONCOUNT}, ++ #else ++ {"BAD_PBM_ITERATIONCOUNT", 56, 100}, ++ #endif ++ #ifdef CRMF_R_CRMFERROR ++ {"CRMFERROR", ERR_LIB_CRMF, CRMF_R_CRMFERROR}, ++ #else ++ {"CRMFERROR", 56, 102}, ++ #endif ++ #ifdef CRMF_R_ERROR ++ {"ERROR", ERR_LIB_CRMF, CRMF_R_ERROR}, ++ #else ++ {"ERROR", 56, 103}, ++ #endif ++ #ifdef CRMF_R_ERROR_DECODING_CERTIFICATE ++ {"ERROR_DECODING_CERTIFICATE", ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE}, ++ #else ++ {"ERROR_DECODING_CERTIFICATE", 56, 104}, ++ #endif ++ #ifdef CRMF_R_ERROR_DECRYPTING_CERTIFICATE ++ {"ERROR_DECRYPTING_CERTIFICATE", ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_CERTIFICATE}, ++ #else ++ {"ERROR_DECRYPTING_CERTIFICATE", 56, 105}, ++ #endif ++ #ifdef CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY ++ {"ERROR_DECRYPTING_SYMMETRIC_KEY", ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY}, ++ #else ++ {"ERROR_DECRYPTING_SYMMETRIC_KEY", 56, 106}, ++ #endif ++ #ifdef CRMF_R_FAILURE_OBTAINING_RANDOM ++ {"FAILURE_OBTAINING_RANDOM", ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM}, ++ #else ++ {"FAILURE_OBTAINING_RANDOM", 56, 107}, ++ #endif ++ #ifdef CRMF_R_ITERATIONCOUNT_BELOW_100 ++ {"ITERATIONCOUNT_BELOW_100", ERR_LIB_CRMF, CRMF_R_ITERATIONCOUNT_BELOW_100}, ++ #else ++ {"ITERATIONCOUNT_BELOW_100", 56, 108}, ++ #endif ++ #ifdef CRMF_R_MALFORMED_IV ++ {"MALFORMED_IV", ERR_LIB_CRMF, CRMF_R_MALFORMED_IV}, ++ #else ++ {"MALFORMED_IV", 56, 101}, ++ #endif ++ #ifdef CRMF_R_NULL_ARGUMENT ++ {"NULL_ARGUMENT", ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT}, ++ #else ++ {"NULL_ARGUMENT", 56, 109}, ++ #endif ++ #ifdef CRMF_R_POPOSKINPUT_NOT_SUPPORTED ++ {"POPOSKINPUT_NOT_SUPPORTED", ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED}, ++ #else ++ {"POPOSKINPUT_NOT_SUPPORTED", 56, 113}, ++ #endif ++ #ifdef CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY ++ {"POPO_INCONSISTENT_PUBLIC_KEY", ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY}, ++ #else ++ {"POPO_INCONSISTENT_PUBLIC_KEY", 56, 117}, ++ #endif ++ #ifdef CRMF_R_POPO_MISSING ++ {"POPO_MISSING", ERR_LIB_CRMF, CRMF_R_POPO_MISSING}, ++ #else ++ {"POPO_MISSING", 56, 121}, ++ #endif ++ #ifdef CRMF_R_POPO_MISSING_PUBLIC_KEY ++ {"POPO_MISSING_PUBLIC_KEY", ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY}, ++ #else ++ {"POPO_MISSING_PUBLIC_KEY", 56, 118}, ++ #endif ++ #ifdef CRMF_R_POPO_MISSING_SUBJECT ++ {"POPO_MISSING_SUBJECT", ERR_LIB_CRMF, CRMF_R_POPO_MISSING_SUBJECT}, ++ #else ++ {"POPO_MISSING_SUBJECT", 56, 119}, ++ #endif ++ #ifdef CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED ++ {"POPO_RAVERIFIED_NOT_ACCEPTED", ERR_LIB_CRMF, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED}, ++ #else ++ {"POPO_RAVERIFIED_NOT_ACCEPTED", 56, 120}, ++ #endif ++ #ifdef CRMF_R_SETTING_MAC_ALGOR_FAILURE ++ {"SETTING_MAC_ALGOR_FAILURE", ERR_LIB_CRMF, CRMF_R_SETTING_MAC_ALGOR_FAILURE}, ++ #else ++ {"SETTING_MAC_ALGOR_FAILURE", 56, 110}, ++ #endif ++ #ifdef CRMF_R_SETTING_OWF_ALGOR_FAILURE ++ {"SETTING_OWF_ALGOR_FAILURE", ERR_LIB_CRMF, CRMF_R_SETTING_OWF_ALGOR_FAILURE}, ++ #else ++ {"SETTING_OWF_ALGOR_FAILURE", 56, 111}, ++ #endif ++ #ifdef CRMF_R_UNSUPPORTED_ALGORITHM ++ {"UNSUPPORTED_ALGORITHM", ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_ALGORITHM", 56, 112}, ++ #endif ++ #ifdef CRMF_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 56, 114}, ++ #endif ++ #ifdef CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO ++ {"UNSUPPORTED_METHOD_FOR_CREATING_POPO", ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO}, ++ #else ++ {"UNSUPPORTED_METHOD_FOR_CREATING_POPO", 56, 115}, ++ #endif ++ #ifdef CRMF_R_UNSUPPORTED_POPO_METHOD ++ {"UNSUPPORTED_POPO_METHOD", ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD}, ++ #else ++ {"UNSUPPORTED_POPO_METHOD", 56, 116}, ++ #endif ++ #ifdef CRYPTO_R_BAD_ALGORITHM_NAME ++ {"BAD_ALGORITHM_NAME", ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME}, ++ #else ++ {"BAD_ALGORITHM_NAME", 15, 117}, ++ #endif ++ #ifdef CRYPTO_R_CONFLICTING_NAMES ++ {"CONFLICTING_NAMES", ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES}, ++ #else ++ {"CONFLICTING_NAMES", 15, 118}, ++ #endif ++ #ifdef CRYPTO_R_FIPS_MODE_NOT_SUPPORTED ++ {"FIPS_MODE_NOT_SUPPORTED", ERR_LIB_CRYPTO, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED}, ++ #else ++ {"FIPS_MODE_NOT_SUPPORTED", 15, 101}, ++ #endif ++ #ifdef CRYPTO_R_HEX_STRING_TOO_SHORT ++ {"HEX_STRING_TOO_SHORT", ERR_LIB_CRYPTO, CRYPTO_R_HEX_STRING_TOO_SHORT}, ++ #else ++ {"HEX_STRING_TOO_SHORT", 15, 121}, ++ #endif ++ #ifdef CRYPTO_R_ILLEGAL_HEX_DIGIT ++ {"ILLEGAL_HEX_DIGIT", ERR_LIB_CRYPTO, CRYPTO_R_ILLEGAL_HEX_DIGIT}, ++ #else ++ {"ILLEGAL_HEX_DIGIT", 15, 102}, ++ #endif ++ #ifdef CRYPTO_R_INSUFFICIENT_DATA_SPACE ++ {"INSUFFICIENT_DATA_SPACE", ERR_LIB_CRYPTO, CRYPTO_R_INSUFFICIENT_DATA_SPACE}, ++ #else ++ {"INSUFFICIENT_DATA_SPACE", 15, 106}, ++ #endif ++ #ifdef CRYPTO_R_INSUFFICIENT_PARAM_SIZE ++ {"INSUFFICIENT_PARAM_SIZE", ERR_LIB_CRYPTO, CRYPTO_R_INSUFFICIENT_PARAM_SIZE}, ++ #else ++ {"INSUFFICIENT_PARAM_SIZE", 15, 107}, ++ #endif ++ #ifdef CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE ++ {"INSUFFICIENT_SECURE_DATA_SPACE", ERR_LIB_CRYPTO, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE}, ++ #else ++ {"INSUFFICIENT_SECURE_DATA_SPACE", 15, 108}, ++ #endif ++ #ifdef CRYPTO_R_INVALID_NULL_ARGUMENT ++ {"INVALID_NULL_ARGUMENT", ERR_LIB_CRYPTO, CRYPTO_R_INVALID_NULL_ARGUMENT}, ++ #else ++ {"INVALID_NULL_ARGUMENT", 15, 109}, ++ #endif ++ #ifdef CRYPTO_R_INVALID_OSSL_PARAM_TYPE ++ {"INVALID_OSSL_PARAM_TYPE", ERR_LIB_CRYPTO, CRYPTO_R_INVALID_OSSL_PARAM_TYPE}, ++ #else ++ {"INVALID_OSSL_PARAM_TYPE", 15, 110}, ++ #endif ++ #ifdef CRYPTO_R_ODD_NUMBER_OF_DIGITS ++ {"ODD_NUMBER_OF_DIGITS", ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS}, ++ #else ++ {"ODD_NUMBER_OF_DIGITS", 15, 103}, ++ #endif ++ #ifdef CRYPTO_R_PROVIDER_ALREADY_EXISTS ++ {"PROVIDER_ALREADY_EXISTS", ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS}, ++ #else ++ {"PROVIDER_ALREADY_EXISTS", 15, 104}, ++ #endif ++ #ifdef CRYPTO_R_PROVIDER_SECTION_ERROR ++ {"PROVIDER_SECTION_ERROR", ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR}, ++ #else ++ {"PROVIDER_SECTION_ERROR", 15, 105}, ++ #endif ++ #ifdef CRYPTO_R_RANDOM_SECTION_ERROR ++ {"RANDOM_SECTION_ERROR", ERR_LIB_CRYPTO, CRYPTO_R_RANDOM_SECTION_ERROR}, ++ #else ++ {"RANDOM_SECTION_ERROR", 15, 119}, ++ #endif ++ #ifdef CRYPTO_R_SECURE_MALLOC_FAILURE ++ {"SECURE_MALLOC_FAILURE", ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE}, ++ #else ++ {"SECURE_MALLOC_FAILURE", 15, 111}, ++ #endif ++ #ifdef CRYPTO_R_STRING_TOO_LONG ++ {"STRING_TOO_LONG", ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG}, ++ #else ++ {"STRING_TOO_LONG", 15, 112}, ++ #endif ++ #ifdef CRYPTO_R_TOO_MANY_BYTES ++ {"TOO_MANY_BYTES", ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES}, ++ #else ++ {"TOO_MANY_BYTES", 15, 113}, ++ #endif ++ #ifdef CRYPTO_R_TOO_MANY_RECORDS ++ {"TOO_MANY_RECORDS", ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS}, ++ #else ++ {"TOO_MANY_RECORDS", 15, 114}, ++ #endif ++ #ifdef CRYPTO_R_TOO_SMALL_BUFFER ++ {"TOO_SMALL_BUFFER", ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER}, ++ #else ++ {"TOO_SMALL_BUFFER", 15, 116}, ++ #endif ++ #ifdef CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION ++ {"UNKNOWN_NAME_IN_RANDOM_SECTION", ERR_LIB_CRYPTO, CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION}, ++ #else ++ {"UNKNOWN_NAME_IN_RANDOM_SECTION", 15, 120}, ++ #endif ++ #ifdef CRYPTO_R_ZERO_LENGTH_NUMBER ++ {"ZERO_LENGTH_NUMBER", ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER}, ++ #else ++ {"ZERO_LENGTH_NUMBER", 15, 115}, ++ #endif ++ #ifdef CT_R_BASE64_DECODE_ERROR ++ {"BASE64_DECODE_ERROR", ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR}, ++ #else ++ {"BASE64_DECODE_ERROR", 50, 108}, ++ #endif ++ #ifdef CT_R_INVALID_LOG_ID_LENGTH ++ {"INVALID_LOG_ID_LENGTH", ERR_LIB_CT, CT_R_INVALID_LOG_ID_LENGTH}, ++ #else ++ {"INVALID_LOG_ID_LENGTH", 50, 100}, ++ #endif ++ #ifdef CT_R_LOG_CONF_INVALID ++ {"LOG_CONF_INVALID", ERR_LIB_CT, CT_R_LOG_CONF_INVALID}, ++ #else ++ {"LOG_CONF_INVALID", 50, 109}, ++ #endif ++ #ifdef CT_R_LOG_CONF_INVALID_KEY ++ {"LOG_CONF_INVALID_KEY", ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY}, ++ #else ++ {"LOG_CONF_INVALID_KEY", 50, 110}, ++ #endif ++ #ifdef CT_R_LOG_CONF_MISSING_DESCRIPTION ++ {"LOG_CONF_MISSING_DESCRIPTION", ERR_LIB_CT, CT_R_LOG_CONF_MISSING_DESCRIPTION}, ++ #else ++ {"LOG_CONF_MISSING_DESCRIPTION", 50, 111}, ++ #endif ++ #ifdef CT_R_LOG_CONF_MISSING_KEY ++ {"LOG_CONF_MISSING_KEY", ERR_LIB_CT, CT_R_LOG_CONF_MISSING_KEY}, ++ #else ++ {"LOG_CONF_MISSING_KEY", 50, 112}, ++ #endif ++ #ifdef CT_R_LOG_KEY_INVALID ++ {"LOG_KEY_INVALID", ERR_LIB_CT, CT_R_LOG_KEY_INVALID}, ++ #else ++ {"LOG_KEY_INVALID", 50, 113}, ++ #endif ++ #ifdef CT_R_SCT_FUTURE_TIMESTAMP ++ {"SCT_FUTURE_TIMESTAMP", ERR_LIB_CT, CT_R_SCT_FUTURE_TIMESTAMP}, ++ #else ++ {"SCT_FUTURE_TIMESTAMP", 50, 116}, ++ #endif ++ #ifdef CT_R_SCT_INVALID ++ {"SCT_INVALID", ERR_LIB_CT, CT_R_SCT_INVALID}, ++ #else ++ {"SCT_INVALID", 50, 104}, ++ #endif ++ #ifdef CT_R_SCT_INVALID_SIGNATURE ++ {"SCT_INVALID_SIGNATURE", ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE}, ++ #else ++ {"SCT_INVALID_SIGNATURE", 50, 107}, ++ #endif ++ #ifdef CT_R_SCT_LIST_INVALID ++ {"SCT_LIST_INVALID", ERR_LIB_CT, CT_R_SCT_LIST_INVALID}, ++ #else ++ {"SCT_LIST_INVALID", 50, 105}, ++ #endif ++ #ifdef CT_R_SCT_LOG_ID_MISMATCH ++ {"SCT_LOG_ID_MISMATCH", ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH}, ++ #else ++ {"SCT_LOG_ID_MISMATCH", 50, 114}, ++ #endif ++ #ifdef CT_R_SCT_NOT_SET ++ {"SCT_NOT_SET", ERR_LIB_CT, CT_R_SCT_NOT_SET}, ++ #else ++ {"SCT_NOT_SET", 50, 106}, ++ #endif ++ #ifdef CT_R_SCT_UNSUPPORTED_VERSION ++ {"SCT_UNSUPPORTED_VERSION", ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION}, ++ #else ++ {"SCT_UNSUPPORTED_VERSION", 50, 115}, ++ #endif ++ #ifdef CT_R_UNRECOGNIZED_SIGNATURE_NID ++ {"UNRECOGNIZED_SIGNATURE_NID", ERR_LIB_CT, CT_R_UNRECOGNIZED_SIGNATURE_NID}, ++ #else ++ {"UNRECOGNIZED_SIGNATURE_NID", 50, 101}, ++ #endif ++ #ifdef CT_R_UNSUPPORTED_ENTRY_TYPE ++ {"UNSUPPORTED_ENTRY_TYPE", ERR_LIB_CT, CT_R_UNSUPPORTED_ENTRY_TYPE}, ++ #else ++ {"UNSUPPORTED_ENTRY_TYPE", 50, 102}, ++ #endif ++ #ifdef CT_R_UNSUPPORTED_VERSION ++ {"UNSUPPORTED_VERSION", ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION}, ++ #else ++ {"UNSUPPORTED_VERSION", 50, 103}, ++ #endif ++ #ifdef DH_R_BAD_FFC_PARAMETERS ++ {"BAD_FFC_PARAMETERS", ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS}, ++ #else ++ {"BAD_FFC_PARAMETERS", 5, 127}, ++ #endif ++ #ifdef DH_R_BAD_GENERATOR ++ {"BAD_GENERATOR", ERR_LIB_DH, DH_R_BAD_GENERATOR}, ++ #else ++ {"BAD_GENERATOR", 5, 101}, ++ #endif ++ #ifdef DH_R_BN_DECODE_ERROR ++ {"BN_DECODE_ERROR", ERR_LIB_DH, DH_R_BN_DECODE_ERROR}, ++ #else ++ {"BN_DECODE_ERROR", 5, 109}, ++ #endif ++ #ifdef DH_R_BN_ERROR ++ {"BN_ERROR", ERR_LIB_DH, DH_R_BN_ERROR}, ++ #else ++ {"BN_ERROR", 5, 106}, ++ #endif ++ #ifdef DH_R_CHECK_INVALID_J_VALUE ++ {"CHECK_INVALID_J_VALUE", ERR_LIB_DH, DH_R_CHECK_INVALID_J_VALUE}, ++ #else ++ {"CHECK_INVALID_J_VALUE", 5, 115}, ++ #endif ++ #ifdef DH_R_CHECK_INVALID_Q_VALUE ++ {"CHECK_INVALID_Q_VALUE", ERR_LIB_DH, DH_R_CHECK_INVALID_Q_VALUE}, ++ #else ++ {"CHECK_INVALID_Q_VALUE", 5, 116}, ++ #endif ++ #ifdef DH_R_CHECK_PUBKEY_INVALID ++ {"CHECK_PUBKEY_INVALID", ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID}, ++ #else ++ {"CHECK_PUBKEY_INVALID", 5, 122}, ++ #endif ++ #ifdef DH_R_CHECK_PUBKEY_TOO_LARGE ++ {"CHECK_PUBKEY_TOO_LARGE", ERR_LIB_DH, DH_R_CHECK_PUBKEY_TOO_LARGE}, ++ #else ++ {"CHECK_PUBKEY_TOO_LARGE", 5, 123}, ++ #endif ++ #ifdef DH_R_CHECK_PUBKEY_TOO_SMALL ++ {"CHECK_PUBKEY_TOO_SMALL", ERR_LIB_DH, DH_R_CHECK_PUBKEY_TOO_SMALL}, ++ #else ++ {"CHECK_PUBKEY_TOO_SMALL", 5, 124}, ++ #endif ++ #ifdef DH_R_CHECK_P_NOT_PRIME ++ {"CHECK_P_NOT_PRIME", ERR_LIB_DH, DH_R_CHECK_P_NOT_PRIME}, ++ #else ++ {"CHECK_P_NOT_PRIME", 5, 117}, ++ #endif ++ #ifdef DH_R_CHECK_P_NOT_SAFE_PRIME ++ {"CHECK_P_NOT_SAFE_PRIME", ERR_LIB_DH, DH_R_CHECK_P_NOT_SAFE_PRIME}, ++ #else ++ {"CHECK_P_NOT_SAFE_PRIME", 5, 118}, ++ #endif ++ #ifdef DH_R_CHECK_Q_NOT_PRIME ++ {"CHECK_Q_NOT_PRIME", ERR_LIB_DH, DH_R_CHECK_Q_NOT_PRIME}, ++ #else ++ {"CHECK_Q_NOT_PRIME", 5, 119}, ++ #endif ++ #ifdef DH_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_DH, DH_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 5, 104}, ++ #endif ++ #ifdef DH_R_INVALID_PARAMETER_NAME ++ {"INVALID_PARAMETER_NAME", ERR_LIB_DH, DH_R_INVALID_PARAMETER_NAME}, ++ #else ++ {"INVALID_PARAMETER_NAME", 5, 110}, ++ #endif ++ #ifdef DH_R_INVALID_PARAMETER_NID ++ {"INVALID_PARAMETER_NID", ERR_LIB_DH, DH_R_INVALID_PARAMETER_NID}, ++ #else ++ {"INVALID_PARAMETER_NID", 5, 114}, ++ #endif ++ #ifdef DH_R_INVALID_PUBKEY ++ {"INVALID_PUBKEY", ERR_LIB_DH, DH_R_INVALID_PUBKEY}, ++ #else ++ {"INVALID_PUBKEY", 5, 102}, ++ #endif ++ #ifdef DH_R_INVALID_SECRET ++ {"INVALID_SECRET", ERR_LIB_DH, DH_R_INVALID_SECRET}, ++ #else ++ {"INVALID_SECRET", 5, 128}, ++ #endif ++ #ifdef DH_R_KDF_PARAMETER_ERROR ++ {"KDF_PARAMETER_ERROR", ERR_LIB_DH, DH_R_KDF_PARAMETER_ERROR}, ++ #else ++ {"KDF_PARAMETER_ERROR", 5, 112}, ++ #endif ++ #ifdef DH_R_KEYS_NOT_SET ++ {"KEYS_NOT_SET", ERR_LIB_DH, DH_R_KEYS_NOT_SET}, ++ #else ++ {"KEYS_NOT_SET", 5, 108}, ++ #endif ++ #ifdef DH_R_MISSING_PUBKEY ++ {"MISSING_PUBKEY", ERR_LIB_DH, DH_R_MISSING_PUBKEY}, ++ #else ++ {"MISSING_PUBKEY", 5, 125}, ++ #endif ++ #ifdef DH_R_MODULUS_TOO_LARGE ++ {"MODULUS_TOO_LARGE", ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE}, ++ #else ++ {"MODULUS_TOO_LARGE", 5, 103}, ++ #endif ++ #ifdef DH_R_MODULUS_TOO_SMALL ++ {"MODULUS_TOO_SMALL", ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL}, ++ #else ++ {"MODULUS_TOO_SMALL", 5, 126}, ++ #endif ++ #ifdef DH_R_NOT_SUITABLE_GENERATOR ++ {"NOT_SUITABLE_GENERATOR", ERR_LIB_DH, DH_R_NOT_SUITABLE_GENERATOR}, ++ #else ++ {"NOT_SUITABLE_GENERATOR", 5, 120}, ++ #endif ++ #ifdef DH_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_DH, DH_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 5, 107}, ++ #endif ++ #ifdef DH_R_NO_PRIVATE_VALUE ++ {"NO_PRIVATE_VALUE", ERR_LIB_DH, DH_R_NO_PRIVATE_VALUE}, ++ #else ++ {"NO_PRIVATE_VALUE", 5, 100}, ++ #endif ++ #ifdef DH_R_PARAMETER_ENCODING_ERROR ++ {"PARAMETER_ENCODING_ERROR", ERR_LIB_DH, DH_R_PARAMETER_ENCODING_ERROR}, ++ #else ++ {"PARAMETER_ENCODING_ERROR", 5, 105}, ++ #endif ++ #ifdef DH_R_PEER_KEY_ERROR ++ {"PEER_KEY_ERROR", ERR_LIB_DH, DH_R_PEER_KEY_ERROR}, ++ #else ++ {"PEER_KEY_ERROR", 5, 111}, ++ #endif ++ #ifdef DH_R_SHARED_INFO_ERROR ++ {"SHARED_INFO_ERROR", ERR_LIB_DH, DH_R_SHARED_INFO_ERROR}, ++ #else ++ {"SHARED_INFO_ERROR", 5, 113}, ++ #endif ++ #ifdef DH_R_UNABLE_TO_CHECK_GENERATOR ++ {"UNABLE_TO_CHECK_GENERATOR", ERR_LIB_DH, DH_R_UNABLE_TO_CHECK_GENERATOR}, ++ #else ++ {"UNABLE_TO_CHECK_GENERATOR", 5, 121}, ++ #endif ++ #ifdef DSA_R_BAD_FFC_PARAMETERS ++ {"BAD_FFC_PARAMETERS", ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS}, ++ #else ++ {"BAD_FFC_PARAMETERS", 10, 114}, ++ #endif ++ #ifdef DSA_R_BAD_Q_VALUE ++ {"BAD_Q_VALUE", ERR_LIB_DSA, DSA_R_BAD_Q_VALUE}, ++ #else ++ {"BAD_Q_VALUE", 10, 102}, ++ #endif ++ #ifdef DSA_R_BN_DECODE_ERROR ++ {"BN_DECODE_ERROR", ERR_LIB_DSA, DSA_R_BN_DECODE_ERROR}, ++ #else ++ {"BN_DECODE_ERROR", 10, 108}, ++ #endif ++ #ifdef DSA_R_BN_ERROR ++ {"BN_ERROR", ERR_LIB_DSA, DSA_R_BN_ERROR}, ++ #else ++ {"BN_ERROR", 10, 109}, ++ #endif ++ #ifdef DSA_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_DSA, DSA_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 10, 104}, ++ #endif ++ #ifdef DSA_R_INVALID_DIGEST_TYPE ++ {"INVALID_DIGEST_TYPE", ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE}, ++ #else ++ {"INVALID_DIGEST_TYPE", 10, 106}, ++ #endif ++ #ifdef DSA_R_INVALID_PARAMETERS ++ {"INVALID_PARAMETERS", ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS}, ++ #else ++ {"INVALID_PARAMETERS", 10, 112}, ++ #endif ++ #ifdef DSA_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 10, 101}, ++ #endif ++ #ifdef DSA_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_DSA, DSA_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 10, 111}, ++ #endif ++ #ifdef DSA_R_MODULUS_TOO_LARGE ++ {"MODULUS_TOO_LARGE", ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE}, ++ #else ++ {"MODULUS_TOO_LARGE", 10, 103}, ++ #endif ++ #ifdef DSA_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_DSA, DSA_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 10, 107}, ++ #endif ++ #ifdef DSA_R_PARAMETER_ENCODING_ERROR ++ {"PARAMETER_ENCODING_ERROR", ERR_LIB_DSA, DSA_R_PARAMETER_ENCODING_ERROR}, ++ #else ++ {"PARAMETER_ENCODING_ERROR", 10, 105}, ++ #endif ++ #ifdef DSA_R_P_NOT_PRIME ++ {"P_NOT_PRIME", ERR_LIB_DSA, DSA_R_P_NOT_PRIME}, ++ #else ++ {"P_NOT_PRIME", 10, 115}, ++ #endif ++ #ifdef DSA_R_Q_NOT_PRIME ++ {"Q_NOT_PRIME", ERR_LIB_DSA, DSA_R_Q_NOT_PRIME}, ++ #else ++ {"Q_NOT_PRIME", 10, 113}, ++ #endif ++ #ifdef DSA_R_SEED_LEN_SMALL ++ {"SEED_LEN_SMALL", ERR_LIB_DSA, DSA_R_SEED_LEN_SMALL}, ++ #else ++ {"SEED_LEN_SMALL", 10, 110}, ++ #endif ++ #ifdef DSO_R_CTRL_FAILED ++ {"CTRL_FAILED", ERR_LIB_DSO, DSO_R_CTRL_FAILED}, ++ #else ++ {"CTRL_FAILED", 37, 100}, ++ #endif ++ #ifdef DSO_R_DSO_ALREADY_LOADED ++ {"DSO_ALREADY_LOADED", ERR_LIB_DSO, DSO_R_DSO_ALREADY_LOADED}, ++ #else ++ {"DSO_ALREADY_LOADED", 37, 110}, ++ #endif ++ #ifdef DSO_R_EMPTY_FILE_STRUCTURE ++ {"EMPTY_FILE_STRUCTURE", ERR_LIB_DSO, DSO_R_EMPTY_FILE_STRUCTURE}, ++ #else ++ {"EMPTY_FILE_STRUCTURE", 37, 113}, ++ #endif ++ #ifdef DSO_R_FAILURE ++ {"FAILURE", ERR_LIB_DSO, DSO_R_FAILURE}, ++ #else ++ {"FAILURE", 37, 114}, ++ #endif ++ #ifdef DSO_R_FILENAME_TOO_BIG ++ {"FILENAME_TOO_BIG", ERR_LIB_DSO, DSO_R_FILENAME_TOO_BIG}, ++ #else ++ {"FILENAME_TOO_BIG", 37, 101}, ++ #endif ++ #ifdef DSO_R_FINISH_FAILED ++ {"FINISH_FAILED", ERR_LIB_DSO, DSO_R_FINISH_FAILED}, ++ #else ++ {"FINISH_FAILED", 37, 102}, ++ #endif ++ #ifdef DSO_R_INCORRECT_FILE_SYNTAX ++ {"INCORRECT_FILE_SYNTAX", ERR_LIB_DSO, DSO_R_INCORRECT_FILE_SYNTAX}, ++ #else ++ {"INCORRECT_FILE_SYNTAX", 37, 115}, ++ #endif ++ #ifdef DSO_R_LOAD_FAILED ++ {"LOAD_FAILED", ERR_LIB_DSO, DSO_R_LOAD_FAILED}, ++ #else ++ {"LOAD_FAILED", 37, 103}, ++ #endif ++ #ifdef DSO_R_NAME_TRANSLATION_FAILED ++ {"NAME_TRANSLATION_FAILED", ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED}, ++ #else ++ {"NAME_TRANSLATION_FAILED", 37, 109}, ++ #endif ++ #ifdef DSO_R_NO_FILENAME ++ {"NO_FILENAME", ERR_LIB_DSO, DSO_R_NO_FILENAME}, ++ #else ++ {"NO_FILENAME", 37, 111}, ++ #endif ++ #ifdef DSO_R_NULL_HANDLE ++ {"NULL_HANDLE", ERR_LIB_DSO, DSO_R_NULL_HANDLE}, ++ #else ++ {"NULL_HANDLE", 37, 104}, ++ #endif ++ #ifdef DSO_R_SET_FILENAME_FAILED ++ {"SET_FILENAME_FAILED", ERR_LIB_DSO, DSO_R_SET_FILENAME_FAILED}, ++ #else ++ {"SET_FILENAME_FAILED", 37, 112}, ++ #endif ++ #ifdef DSO_R_STACK_ERROR ++ {"STACK_ERROR", ERR_LIB_DSO, DSO_R_STACK_ERROR}, ++ #else ++ {"STACK_ERROR", 37, 105}, ++ #endif ++ #ifdef DSO_R_SYM_FAILURE ++ {"SYM_FAILURE", ERR_LIB_DSO, DSO_R_SYM_FAILURE}, ++ #else ++ {"SYM_FAILURE", 37, 106}, ++ #endif ++ #ifdef DSO_R_UNLOAD_FAILED ++ {"UNLOAD_FAILED", ERR_LIB_DSO, DSO_R_UNLOAD_FAILED}, ++ #else ++ {"UNLOAD_FAILED", 37, 107}, ++ #endif ++ #ifdef DSO_R_UNSUPPORTED ++ {"UNSUPPORTED", ERR_LIB_DSO, DSO_R_UNSUPPORTED}, ++ #else ++ {"UNSUPPORTED", 37, 108}, ++ #endif ++ #ifdef EC_R_ASN1_ERROR ++ {"ASN1_ERROR", ERR_LIB_EC, EC_R_ASN1_ERROR}, ++ #else ++ {"ASN1_ERROR", 16, 115}, ++ #endif ++ #ifdef EC_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_EC, EC_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 16, 156}, ++ #endif ++ #ifdef EC_R_BIGNUM_OUT_OF_RANGE ++ {"BIGNUM_OUT_OF_RANGE", ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE}, ++ #else ++ {"BIGNUM_OUT_OF_RANGE", 16, 144}, ++ #endif ++ #ifdef EC_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 16, 100}, ++ #endif ++ #ifdef EC_R_CANNOT_INVERT ++ {"CANNOT_INVERT", ERR_LIB_EC, EC_R_CANNOT_INVERT}, ++ #else ++ {"CANNOT_INVERT", 16, 165}, ++ #endif ++ #ifdef EC_R_COORDINATES_OUT_OF_RANGE ++ {"COORDINATES_OUT_OF_RANGE", ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE}, ++ #else ++ {"COORDINATES_OUT_OF_RANGE", 16, 146}, ++ #endif ++ #ifdef EC_R_CURVE_DOES_NOT_SUPPORT_ECDH ++ {"CURVE_DOES_NOT_SUPPORT_ECDH", ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH}, ++ #else ++ {"CURVE_DOES_NOT_SUPPORT_ECDH", 16, 160}, ++ #endif ++ #ifdef EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA ++ {"CURVE_DOES_NOT_SUPPORT_ECDSA", ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA}, ++ #else ++ {"CURVE_DOES_NOT_SUPPORT_ECDSA", 16, 170}, ++ #endif ++ #ifdef EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING ++ {"CURVE_DOES_NOT_SUPPORT_SIGNING", ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING}, ++ #else ++ {"CURVE_DOES_NOT_SUPPORT_SIGNING", 16, 159}, ++ #endif ++ #ifdef EC_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_EC, EC_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 16, 142}, ++ #endif ++ #ifdef EC_R_DISCRIMINANT_IS_ZERO ++ {"DISCRIMINANT_IS_ZERO", ERR_LIB_EC, EC_R_DISCRIMINANT_IS_ZERO}, ++ #else ++ {"DISCRIMINANT_IS_ZERO", 16, 118}, ++ #endif ++ #ifdef EC_R_EC_GROUP_NEW_BY_NAME_FAILURE ++ {"EC_GROUP_NEW_BY_NAME_FAILURE", ERR_LIB_EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE}, ++ #else ++ {"EC_GROUP_NEW_BY_NAME_FAILURE", 16, 119}, ++ #endif ++ #ifdef EC_R_FAILED_MAKING_PUBLIC_KEY ++ {"FAILED_MAKING_PUBLIC_KEY", ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY}, ++ #else ++ {"FAILED_MAKING_PUBLIC_KEY", 16, 166}, ++ #endif ++ #ifdef EC_R_FIELD_TOO_LARGE ++ {"FIELD_TOO_LARGE", ERR_LIB_EC, EC_R_FIELD_TOO_LARGE}, ++ #else ++ {"FIELD_TOO_LARGE", 16, 143}, ++ #endif ++ #ifdef EC_R_GF2M_NOT_SUPPORTED ++ {"GF2M_NOT_SUPPORTED", ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED}, ++ #else ++ {"GF2M_NOT_SUPPORTED", 16, 147}, ++ #endif ++ #ifdef EC_R_GROUP2PKPARAMETERS_FAILURE ++ {"GROUP2PKPARAMETERS_FAILURE", ERR_LIB_EC, EC_R_GROUP2PKPARAMETERS_FAILURE}, ++ #else ++ {"GROUP2PKPARAMETERS_FAILURE", 16, 120}, ++ #endif ++ #ifdef EC_R_I2D_ECPKPARAMETERS_FAILURE ++ {"I2D_ECPKPARAMETERS_FAILURE", ERR_LIB_EC, EC_R_I2D_ECPKPARAMETERS_FAILURE}, ++ #else ++ {"I2D_ECPKPARAMETERS_FAILURE", 16, 121}, ++ #endif ++ #ifdef EC_R_INCOMPATIBLE_OBJECTS ++ {"INCOMPATIBLE_OBJECTS", ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS}, ++ #else ++ {"INCOMPATIBLE_OBJECTS", 16, 101}, ++ #endif ++ #ifdef EC_R_INVALID_A ++ {"INVALID_A", ERR_LIB_EC, EC_R_INVALID_A}, ++ #else ++ {"INVALID_A", 16, 168}, ++ #endif ++ #ifdef EC_R_INVALID_ARGUMENT ++ {"INVALID_ARGUMENT", ERR_LIB_EC, EC_R_INVALID_ARGUMENT}, ++ #else ++ {"INVALID_ARGUMENT", 16, 112}, ++ #endif ++ #ifdef EC_R_INVALID_B ++ {"INVALID_B", ERR_LIB_EC, EC_R_INVALID_B}, ++ #else ++ {"INVALID_B", 16, 169}, ++ #endif ++ #ifdef EC_R_INVALID_COFACTOR ++ {"INVALID_COFACTOR", ERR_LIB_EC, EC_R_INVALID_COFACTOR}, ++ #else ++ {"INVALID_COFACTOR", 16, 171}, ++ #endif ++ #ifdef EC_R_INVALID_COMPRESSED_POINT ++ {"INVALID_COMPRESSED_POINT", ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT}, ++ #else ++ {"INVALID_COMPRESSED_POINT", 16, 110}, ++ #endif ++ #ifdef EC_R_INVALID_COMPRESSION_BIT ++ {"INVALID_COMPRESSION_BIT", ERR_LIB_EC, EC_R_INVALID_COMPRESSION_BIT}, ++ #else ++ {"INVALID_COMPRESSION_BIT", 16, 109}, ++ #endif ++ #ifdef EC_R_INVALID_CURVE ++ {"INVALID_CURVE", ERR_LIB_EC, EC_R_INVALID_CURVE}, ++ #else ++ {"INVALID_CURVE", 16, 141}, ++ #endif ++ #ifdef EC_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_EC, EC_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 16, 151}, ++ #endif ++ #ifdef EC_R_INVALID_DIGEST_TYPE ++ {"INVALID_DIGEST_TYPE", ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE}, ++ #else ++ {"INVALID_DIGEST_TYPE", 16, 138}, ++ #endif ++ #ifdef EC_R_INVALID_ENCODING ++ {"INVALID_ENCODING", ERR_LIB_EC, EC_R_INVALID_ENCODING}, ++ #else ++ {"INVALID_ENCODING", 16, 102}, ++ #endif ++ #ifdef EC_R_INVALID_FIELD ++ {"INVALID_FIELD", ERR_LIB_EC, EC_R_INVALID_FIELD}, ++ #else ++ {"INVALID_FIELD", 16, 103}, ++ #endif ++ #ifdef EC_R_INVALID_FORM ++ {"INVALID_FORM", ERR_LIB_EC, EC_R_INVALID_FORM}, ++ #else ++ {"INVALID_FORM", 16, 104}, ++ #endif ++ #ifdef EC_R_INVALID_GENERATOR ++ {"INVALID_GENERATOR", ERR_LIB_EC, EC_R_INVALID_GENERATOR}, ++ #else ++ {"INVALID_GENERATOR", 16, 173}, ++ #endif ++ #ifdef EC_R_INVALID_GROUP_ORDER ++ {"INVALID_GROUP_ORDER", ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER}, ++ #else ++ {"INVALID_GROUP_ORDER", 16, 122}, ++ #endif ++ #ifdef EC_R_INVALID_KEY ++ {"INVALID_KEY", ERR_LIB_EC, EC_R_INVALID_KEY}, ++ #else ++ {"INVALID_KEY", 16, 116}, ++ #endif ++ #ifdef EC_R_INVALID_NAMED_GROUP_CONVERSION ++ {"INVALID_NAMED_GROUP_CONVERSION", ERR_LIB_EC, EC_R_INVALID_NAMED_GROUP_CONVERSION}, ++ #else ++ {"INVALID_NAMED_GROUP_CONVERSION", 16, 174}, ++ #endif ++ #ifdef EC_R_INVALID_OUTPUT_LENGTH ++ {"INVALID_OUTPUT_LENGTH", ERR_LIB_EC, EC_R_INVALID_OUTPUT_LENGTH}, ++ #else ++ {"INVALID_OUTPUT_LENGTH", 16, 161}, ++ #endif ++ #ifdef EC_R_INVALID_P ++ {"INVALID_P", ERR_LIB_EC, EC_R_INVALID_P}, ++ #else ++ {"INVALID_P", 16, 172}, ++ #endif ++ #ifdef EC_R_INVALID_PEER_KEY ++ {"INVALID_PEER_KEY", ERR_LIB_EC, EC_R_INVALID_PEER_KEY}, ++ #else ++ {"INVALID_PEER_KEY", 16, 133}, ++ #endif ++ #ifdef EC_R_INVALID_PENTANOMIAL_BASIS ++ {"INVALID_PENTANOMIAL_BASIS", ERR_LIB_EC, EC_R_INVALID_PENTANOMIAL_BASIS}, ++ #else ++ {"INVALID_PENTANOMIAL_BASIS", 16, 132}, ++ #endif ++ #ifdef EC_R_INVALID_PRIVATE_KEY ++ {"INVALID_PRIVATE_KEY", ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY}, ++ #else ++ {"INVALID_PRIVATE_KEY", 16, 123}, ++ #endif ++ #ifdef EC_R_INVALID_SEED ++ {"INVALID_SEED", ERR_LIB_EC, EC_R_INVALID_SEED}, ++ #else ++ {"INVALID_SEED", 16, 175}, ++ #endif ++ #ifdef EC_R_INVALID_TRINOMIAL_BASIS ++ {"INVALID_TRINOMIAL_BASIS", ERR_LIB_EC, EC_R_INVALID_TRINOMIAL_BASIS}, ++ #else ++ {"INVALID_TRINOMIAL_BASIS", 16, 137}, ++ #endif ++ #ifdef EC_R_KDF_PARAMETER_ERROR ++ {"KDF_PARAMETER_ERROR", ERR_LIB_EC, EC_R_KDF_PARAMETER_ERROR}, ++ #else ++ {"KDF_PARAMETER_ERROR", 16, 148}, ++ #endif ++ #ifdef EC_R_KEYS_NOT_SET ++ {"KEYS_NOT_SET", ERR_LIB_EC, EC_R_KEYS_NOT_SET}, ++ #else ++ {"KEYS_NOT_SET", 16, 140}, ++ #endif ++ #ifdef EC_R_LADDER_POST_FAILURE ++ {"LADDER_POST_FAILURE", ERR_LIB_EC, EC_R_LADDER_POST_FAILURE}, ++ #else ++ {"LADDER_POST_FAILURE", 16, 136}, ++ #endif ++ #ifdef EC_R_LADDER_PRE_FAILURE ++ {"LADDER_PRE_FAILURE", ERR_LIB_EC, EC_R_LADDER_PRE_FAILURE}, ++ #else ++ {"LADDER_PRE_FAILURE", 16, 153}, ++ #endif ++ #ifdef EC_R_LADDER_STEP_FAILURE ++ {"LADDER_STEP_FAILURE", ERR_LIB_EC, EC_R_LADDER_STEP_FAILURE}, ++ #else ++ {"LADDER_STEP_FAILURE", 16, 162}, ++ #endif ++ #ifdef EC_R_MISSING_OID ++ {"MISSING_OID", ERR_LIB_EC, EC_R_MISSING_OID}, ++ #else ++ {"MISSING_OID", 16, 167}, ++ #endif ++ #ifdef EC_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_EC, EC_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 16, 124}, ++ #endif ++ #ifdef EC_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 16, 125}, ++ #endif ++ #ifdef EC_R_NEED_NEW_SETUP_VALUES ++ {"NEED_NEW_SETUP_VALUES", ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES}, ++ #else ++ {"NEED_NEW_SETUP_VALUES", 16, 157}, ++ #endif ++ #ifdef EC_R_NOT_A_NIST_PRIME ++ {"NOT_A_NIST_PRIME", ERR_LIB_EC, EC_R_NOT_A_NIST_PRIME}, ++ #else ++ {"NOT_A_NIST_PRIME", 16, 135}, ++ #endif ++ #ifdef EC_R_NOT_IMPLEMENTED ++ {"NOT_IMPLEMENTED", ERR_LIB_EC, EC_R_NOT_IMPLEMENTED}, ++ #else ++ {"NOT_IMPLEMENTED", 16, 126}, ++ #endif ++ #ifdef EC_R_NOT_INITIALIZED ++ {"NOT_INITIALIZED", ERR_LIB_EC, EC_R_NOT_INITIALIZED}, ++ #else ++ {"NOT_INITIALIZED", 16, 111}, ++ #endif ++ #ifdef EC_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_EC, EC_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 16, 139}, ++ #endif ++ #ifdef EC_R_NO_PRIVATE_VALUE ++ {"NO_PRIVATE_VALUE", ERR_LIB_EC, EC_R_NO_PRIVATE_VALUE}, ++ #else ++ {"NO_PRIVATE_VALUE", 16, 154}, ++ #endif ++ #ifdef EC_R_OPERATION_NOT_SUPPORTED ++ {"OPERATION_NOT_SUPPORTED", ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED}, ++ #else ++ {"OPERATION_NOT_SUPPORTED", 16, 152}, ++ #endif ++ #ifdef EC_R_PASSED_NULL_PARAMETER ++ {"PASSED_NULL_PARAMETER", ERR_LIB_EC, EC_R_PASSED_NULL_PARAMETER}, ++ #else ++ {"PASSED_NULL_PARAMETER", 16, 134}, ++ #endif ++ #ifdef EC_R_PEER_KEY_ERROR ++ {"PEER_KEY_ERROR", ERR_LIB_EC, EC_R_PEER_KEY_ERROR}, ++ #else ++ {"PEER_KEY_ERROR", 16, 149}, ++ #endif ++ #ifdef EC_R_POINT_ARITHMETIC_FAILURE ++ {"POINT_ARITHMETIC_FAILURE", ERR_LIB_EC, EC_R_POINT_ARITHMETIC_FAILURE}, ++ #else ++ {"POINT_ARITHMETIC_FAILURE", 16, 155}, ++ #endif ++ #ifdef EC_R_POINT_AT_INFINITY ++ {"POINT_AT_INFINITY", ERR_LIB_EC, EC_R_POINT_AT_INFINITY}, ++ #else ++ {"POINT_AT_INFINITY", 16, 106}, ++ #endif ++ #ifdef EC_R_POINT_COORDINATES_BLIND_FAILURE ++ {"POINT_COORDINATES_BLIND_FAILURE", ERR_LIB_EC, EC_R_POINT_COORDINATES_BLIND_FAILURE}, ++ #else ++ {"POINT_COORDINATES_BLIND_FAILURE", 16, 163}, ++ #endif ++ #ifdef EC_R_POINT_IS_NOT_ON_CURVE ++ {"POINT_IS_NOT_ON_CURVE", ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE}, ++ #else ++ {"POINT_IS_NOT_ON_CURVE", 16, 107}, ++ #endif ++ #ifdef EC_R_RANDOM_NUMBER_GENERATION_FAILED ++ {"RANDOM_NUMBER_GENERATION_FAILED", ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED}, ++ #else ++ {"RANDOM_NUMBER_GENERATION_FAILED", 16, 158}, ++ #endif ++ #ifdef EC_R_SHARED_INFO_ERROR ++ {"SHARED_INFO_ERROR", ERR_LIB_EC, EC_R_SHARED_INFO_ERROR}, ++ #else ++ {"SHARED_INFO_ERROR", 16, 150}, ++ #endif ++ #ifdef EC_R_SLOT_FULL ++ {"SLOT_FULL", ERR_LIB_EC, EC_R_SLOT_FULL}, ++ #else ++ {"SLOT_FULL", 16, 108}, ++ #endif ++ #ifdef EC_R_UNDEFINED_GENERATOR ++ {"UNDEFINED_GENERATOR", ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR}, ++ #else ++ {"UNDEFINED_GENERATOR", 16, 113}, ++ #endif ++ #ifdef EC_R_UNDEFINED_ORDER ++ {"UNDEFINED_ORDER", ERR_LIB_EC, EC_R_UNDEFINED_ORDER}, ++ #else ++ {"UNDEFINED_ORDER", 16, 128}, ++ #endif ++ #ifdef EC_R_UNKNOWN_COFACTOR ++ {"UNKNOWN_COFACTOR", ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR}, ++ #else ++ {"UNKNOWN_COFACTOR", 16, 164}, ++ #endif ++ #ifdef EC_R_UNKNOWN_GROUP ++ {"UNKNOWN_GROUP", ERR_LIB_EC, EC_R_UNKNOWN_GROUP}, ++ #else ++ {"UNKNOWN_GROUP", 16, 129}, ++ #endif ++ #ifdef EC_R_UNKNOWN_ORDER ++ {"UNKNOWN_ORDER", ERR_LIB_EC, EC_R_UNKNOWN_ORDER}, ++ #else ++ {"UNKNOWN_ORDER", 16, 114}, ++ #endif ++ #ifdef EC_R_UNSUPPORTED_FIELD ++ {"UNSUPPORTED_FIELD", ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD}, ++ #else ++ {"UNSUPPORTED_FIELD", 16, 131}, ++ #endif ++ #ifdef EC_R_WRONG_CURVE_PARAMETERS ++ {"WRONG_CURVE_PARAMETERS", ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS}, ++ #else ++ {"WRONG_CURVE_PARAMETERS", 16, 145}, ++ #endif ++ #ifdef EC_R_WRONG_ORDER ++ {"WRONG_ORDER", ERR_LIB_EC, EC_R_WRONG_ORDER}, ++ #else ++ {"WRONG_ORDER", 16, 130}, ++ #endif ++ #ifdef ENGINE_R_ALREADY_LOADED ++ {"ALREADY_LOADED", ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED}, ++ #else ++ {"ALREADY_LOADED", 38, 100}, ++ #endif ++ #ifdef ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ++ {"ARGUMENT_IS_NOT_A_NUMBER", ERR_LIB_ENGINE, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER}, ++ #else ++ {"ARGUMENT_IS_NOT_A_NUMBER", 38, 133}, ++ #endif ++ #ifdef ENGINE_R_CMD_NOT_EXECUTABLE ++ {"CMD_NOT_EXECUTABLE", ERR_LIB_ENGINE, ENGINE_R_CMD_NOT_EXECUTABLE}, ++ #else ++ {"CMD_NOT_EXECUTABLE", 38, 134}, ++ #endif ++ #ifdef ENGINE_R_COMMAND_TAKES_INPUT ++ {"COMMAND_TAKES_INPUT", ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_INPUT}, ++ #else ++ {"COMMAND_TAKES_INPUT", 38, 135}, ++ #endif ++ #ifdef ENGINE_R_COMMAND_TAKES_NO_INPUT ++ {"COMMAND_TAKES_NO_INPUT", ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_NO_INPUT}, ++ #else ++ {"COMMAND_TAKES_NO_INPUT", 38, 136}, ++ #endif ++ #ifdef ENGINE_R_CONFLICTING_ENGINE_ID ++ {"CONFLICTING_ENGINE_ID", ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID}, ++ #else ++ {"CONFLICTING_ENGINE_ID", 38, 103}, ++ #endif ++ #ifdef ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ++ {"CTRL_COMMAND_NOT_IMPLEMENTED", ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED}, ++ #else ++ {"CTRL_COMMAND_NOT_IMPLEMENTED", 38, 119}, ++ #endif ++ #ifdef ENGINE_R_DSO_FAILURE ++ {"DSO_FAILURE", ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE}, ++ #else ++ {"DSO_FAILURE", 38, 104}, ++ #endif ++ #ifdef ENGINE_R_DSO_NOT_FOUND ++ {"DSO_NOT_FOUND", ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND}, ++ #else ++ {"DSO_NOT_FOUND", 38, 132}, ++ #endif ++ #ifdef ENGINE_R_ENGINES_SECTION_ERROR ++ {"ENGINES_SECTION_ERROR", ERR_LIB_ENGINE, ENGINE_R_ENGINES_SECTION_ERROR}, ++ #else ++ {"ENGINES_SECTION_ERROR", 38, 148}, ++ #endif ++ #ifdef ENGINE_R_ENGINE_CONFIGURATION_ERROR ++ {"ENGINE_CONFIGURATION_ERROR", ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR}, ++ #else ++ {"ENGINE_CONFIGURATION_ERROR", 38, 102}, ++ #endif ++ #ifdef ENGINE_R_ENGINE_IS_NOT_IN_LIST ++ {"ENGINE_IS_NOT_IN_LIST", ERR_LIB_ENGINE, ENGINE_R_ENGINE_IS_NOT_IN_LIST}, ++ #else ++ {"ENGINE_IS_NOT_IN_LIST", 38, 105}, ++ #endif ++ #ifdef ENGINE_R_ENGINE_SECTION_ERROR ++ {"ENGINE_SECTION_ERROR", ERR_LIB_ENGINE, ENGINE_R_ENGINE_SECTION_ERROR}, ++ #else ++ {"ENGINE_SECTION_ERROR", 38, 149}, ++ #endif ++ #ifdef ENGINE_R_FAILED_LOADING_PRIVATE_KEY ++ {"FAILED_LOADING_PRIVATE_KEY", ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY}, ++ #else ++ {"FAILED_LOADING_PRIVATE_KEY", 38, 128}, ++ #endif ++ #ifdef ENGINE_R_FAILED_LOADING_PUBLIC_KEY ++ {"FAILED_LOADING_PUBLIC_KEY", ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PUBLIC_KEY}, ++ #else ++ {"FAILED_LOADING_PUBLIC_KEY", 38, 129}, ++ #endif ++ #ifdef ENGINE_R_FINISH_FAILED ++ {"FINISH_FAILED", ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED}, ++ #else ++ {"FINISH_FAILED", 38, 106}, ++ #endif ++ #ifdef ENGINE_R_ID_OR_NAME_MISSING ++ {"ID_OR_NAME_MISSING", ERR_LIB_ENGINE, ENGINE_R_ID_OR_NAME_MISSING}, ++ #else ++ {"ID_OR_NAME_MISSING", 38, 108}, ++ #endif ++ #ifdef ENGINE_R_INIT_FAILED ++ {"INIT_FAILED", ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED}, ++ #else ++ {"INIT_FAILED", 38, 109}, ++ #endif ++ #ifdef ENGINE_R_INTERNAL_LIST_ERROR ++ {"INTERNAL_LIST_ERROR", ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR}, ++ #else ++ {"INTERNAL_LIST_ERROR", 38, 110}, ++ #endif ++ #ifdef ENGINE_R_INVALID_ARGUMENT ++ {"INVALID_ARGUMENT", ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT}, ++ #else ++ {"INVALID_ARGUMENT", 38, 143}, ++ #endif ++ #ifdef ENGINE_R_INVALID_CMD_NAME ++ {"INVALID_CMD_NAME", ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME}, ++ #else ++ {"INVALID_CMD_NAME", 38, 137}, ++ #endif ++ #ifdef ENGINE_R_INVALID_CMD_NUMBER ++ {"INVALID_CMD_NUMBER", ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER}, ++ #else ++ {"INVALID_CMD_NUMBER", 38, 138}, ++ #endif ++ #ifdef ENGINE_R_INVALID_INIT_VALUE ++ {"INVALID_INIT_VALUE", ERR_LIB_ENGINE, ENGINE_R_INVALID_INIT_VALUE}, ++ #else ++ {"INVALID_INIT_VALUE", 38, 151}, ++ #endif ++ #ifdef ENGINE_R_INVALID_STRING ++ {"INVALID_STRING", ERR_LIB_ENGINE, ENGINE_R_INVALID_STRING}, ++ #else ++ {"INVALID_STRING", 38, 150}, ++ #endif ++ #ifdef ENGINE_R_NOT_INITIALISED ++ {"NOT_INITIALISED", ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED}, ++ #else ++ {"NOT_INITIALISED", 38, 117}, ++ #endif ++ #ifdef ENGINE_R_NOT_LOADED ++ {"NOT_LOADED", ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED}, ++ #else ++ {"NOT_LOADED", 38, 112}, ++ #endif ++ #ifdef ENGINE_R_NO_CONTROL_FUNCTION ++ {"NO_CONTROL_FUNCTION", ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION}, ++ #else ++ {"NO_CONTROL_FUNCTION", 38, 120}, ++ #endif ++ #ifdef ENGINE_R_NO_INDEX ++ {"NO_INDEX", ERR_LIB_ENGINE, ENGINE_R_NO_INDEX}, ++ #else ++ {"NO_INDEX", 38, 144}, ++ #endif ++ #ifdef ENGINE_R_NO_LOAD_FUNCTION ++ {"NO_LOAD_FUNCTION", ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION}, ++ #else ++ {"NO_LOAD_FUNCTION", 38, 125}, ++ #endif ++ #ifdef ENGINE_R_NO_REFERENCE ++ {"NO_REFERENCE", ERR_LIB_ENGINE, ENGINE_R_NO_REFERENCE}, ++ #else ++ {"NO_REFERENCE", 38, 130}, ++ #endif ++ #ifdef ENGINE_R_NO_SUCH_ENGINE ++ {"NO_SUCH_ENGINE", ERR_LIB_ENGINE, ENGINE_R_NO_SUCH_ENGINE}, ++ #else ++ {"NO_SUCH_ENGINE", 38, 116}, ++ #endif ++ #ifdef ENGINE_R_UNIMPLEMENTED_CIPHER ++ {"UNIMPLEMENTED_CIPHER", ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_CIPHER}, ++ #else ++ {"UNIMPLEMENTED_CIPHER", 38, 146}, ++ #endif ++ #ifdef ENGINE_R_UNIMPLEMENTED_DIGEST ++ {"UNIMPLEMENTED_DIGEST", ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_DIGEST}, ++ #else ++ {"UNIMPLEMENTED_DIGEST", 38, 147}, ++ #endif ++ #ifdef ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD ++ {"UNIMPLEMENTED_PUBLIC_KEY_METHOD", ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD}, ++ #else ++ {"UNIMPLEMENTED_PUBLIC_KEY_METHOD", 38, 101}, ++ #endif ++ #ifdef ENGINE_R_VERSION_INCOMPATIBILITY ++ {"VERSION_INCOMPATIBILITY", ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY}, ++ #else ++ {"VERSION_INCOMPATIBILITY", 38, 145}, ++ #endif ++ #ifdef ESS_R_EMPTY_ESS_CERT_ID_LIST ++ {"EMPTY_ESS_CERT_ID_LIST", ERR_LIB_ESS, ESS_R_EMPTY_ESS_CERT_ID_LIST}, ++ #else ++ {"EMPTY_ESS_CERT_ID_LIST", 54, 107}, ++ #endif ++ #ifdef ESS_R_ESS_CERT_DIGEST_ERROR ++ {"ESS_CERT_DIGEST_ERROR", ERR_LIB_ESS, ESS_R_ESS_CERT_DIGEST_ERROR}, ++ #else ++ {"ESS_CERT_DIGEST_ERROR", 54, 103}, ++ #endif ++ #ifdef ESS_R_ESS_CERT_ID_NOT_FOUND ++ {"ESS_CERT_ID_NOT_FOUND", ERR_LIB_ESS, ESS_R_ESS_CERT_ID_NOT_FOUND}, ++ #else ++ {"ESS_CERT_ID_NOT_FOUND", 54, 104}, ++ #endif ++ #ifdef ESS_R_ESS_CERT_ID_WRONG_ORDER ++ {"ESS_CERT_ID_WRONG_ORDER", ERR_LIB_ESS, ESS_R_ESS_CERT_ID_WRONG_ORDER}, ++ #else ++ {"ESS_CERT_ID_WRONG_ORDER", 54, 105}, ++ #endif ++ #ifdef ESS_R_ESS_DIGEST_ALG_UNKNOWN ++ {"ESS_DIGEST_ALG_UNKNOWN", ERR_LIB_ESS, ESS_R_ESS_DIGEST_ALG_UNKNOWN}, ++ #else ++ {"ESS_DIGEST_ALG_UNKNOWN", 54, 106}, ++ #endif ++ #ifdef ESS_R_ESS_SIGNING_CERTIFICATE_ERROR ++ {"ESS_SIGNING_CERTIFICATE_ERROR", ERR_LIB_ESS, ESS_R_ESS_SIGNING_CERTIFICATE_ERROR}, ++ #else ++ {"ESS_SIGNING_CERTIFICATE_ERROR", 54, 102}, ++ #endif ++ #ifdef ESS_R_ESS_SIGNING_CERT_ADD_ERROR ++ {"ESS_SIGNING_CERT_ADD_ERROR", ERR_LIB_ESS, ESS_R_ESS_SIGNING_CERT_ADD_ERROR}, ++ #else ++ {"ESS_SIGNING_CERT_ADD_ERROR", 54, 100}, ++ #endif ++ #ifdef ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR ++ {"ESS_SIGNING_CERT_V2_ADD_ERROR", ERR_LIB_ESS, ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR}, ++ #else ++ {"ESS_SIGNING_CERT_V2_ADD_ERROR", 54, 101}, ++ #endif ++ #ifdef ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE ++ {"MISSING_SIGNING_CERTIFICATE_ATTRIBUTE", ERR_LIB_ESS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE}, ++ #else ++ {"MISSING_SIGNING_CERTIFICATE_ATTRIBUTE", 54, 108}, ++ #endif ++ #ifdef EVP_R_AES_KEY_SETUP_FAILED ++ {"AES_KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_AES_KEY_SETUP_FAILED}, ++ #else ++ {"AES_KEY_SETUP_FAILED", 6, 143}, ++ #endif ++ #ifdef EVP_R_ARIA_KEY_SETUP_FAILED ++ {"ARIA_KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED}, ++ #else ++ {"ARIA_KEY_SETUP_FAILED", 6, 176}, ++ #endif ++ #ifdef EVP_R_BAD_ALGORITHM_NAME ++ {"BAD_ALGORITHM_NAME", ERR_LIB_EVP, EVP_R_BAD_ALGORITHM_NAME}, ++ #else ++ {"BAD_ALGORITHM_NAME", 6, 200}, ++ #endif ++ #ifdef EVP_R_BAD_DECRYPT ++ {"BAD_DECRYPT", ERR_LIB_EVP, EVP_R_BAD_DECRYPT}, ++ #else ++ {"BAD_DECRYPT", 6, 100}, ++ #endif ++ #ifdef EVP_R_BAD_KEY_LENGTH ++ {"BAD_KEY_LENGTH", ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH}, ++ #else ++ {"BAD_KEY_LENGTH", 6, 195}, ++ #endif ++ #ifdef EVP_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 6, 155}, ++ #endif ++ #ifdef EVP_R_CACHE_CONSTANTS_FAILED ++ {"CACHE_CONSTANTS_FAILED", ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED}, ++ #else ++ {"CACHE_CONSTANTS_FAILED", 6, 225}, ++ #endif ++ #ifdef EVP_R_CAMELLIA_KEY_SETUP_FAILED ++ {"CAMELLIA_KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED}, ++ #else ++ {"CAMELLIA_KEY_SETUP_FAILED", 6, 157}, ++ #endif ++ #ifdef EVP_R_CANNOT_GET_PARAMETERS ++ {"CANNOT_GET_PARAMETERS", ERR_LIB_EVP, EVP_R_CANNOT_GET_PARAMETERS}, ++ #else ++ {"CANNOT_GET_PARAMETERS", 6, 197}, ++ #endif ++ #ifdef EVP_R_CANNOT_SET_PARAMETERS ++ {"CANNOT_SET_PARAMETERS", ERR_LIB_EVP, EVP_R_CANNOT_SET_PARAMETERS}, ++ #else ++ {"CANNOT_SET_PARAMETERS", 6, 198}, ++ #endif ++ #ifdef EVP_R_CIPHER_NOT_GCM_MODE ++ {"CIPHER_NOT_GCM_MODE", ERR_LIB_EVP, EVP_R_CIPHER_NOT_GCM_MODE}, ++ #else ++ {"CIPHER_NOT_GCM_MODE", 6, 184}, ++ #endif ++ #ifdef EVP_R_CIPHER_PARAMETER_ERROR ++ {"CIPHER_PARAMETER_ERROR", ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR}, ++ #else ++ {"CIPHER_PARAMETER_ERROR", 6, 122}, ++ #endif ++ #ifdef EVP_R_COMMAND_NOT_SUPPORTED ++ {"COMMAND_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED}, ++ #else ++ {"COMMAND_NOT_SUPPORTED", 6, 147}, ++ #endif ++ #ifdef EVP_R_CONFLICTING_ALGORITHM_NAME ++ {"CONFLICTING_ALGORITHM_NAME", ERR_LIB_EVP, EVP_R_CONFLICTING_ALGORITHM_NAME}, ++ #else ++ {"CONFLICTING_ALGORITHM_NAME", 6, 201}, ++ #endif ++ #ifdef EVP_R_COPY_ERROR ++ {"COPY_ERROR", ERR_LIB_EVP, EVP_R_COPY_ERROR}, ++ #else ++ {"COPY_ERROR", 6, 173}, ++ #endif ++ #ifdef EVP_R_CTRL_NOT_IMPLEMENTED ++ {"CTRL_NOT_IMPLEMENTED", ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED}, ++ #else ++ {"CTRL_NOT_IMPLEMENTED", 6, 132}, ++ #endif ++ #ifdef EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ++ {"CTRL_OPERATION_NOT_IMPLEMENTED", ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED}, ++ #else ++ {"CTRL_OPERATION_NOT_IMPLEMENTED", 6, 133}, ++ #endif ++ #ifdef EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ++ {"DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH", ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH}, ++ #else ++ {"DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH", 6, 138}, ++ #endif ++ #ifdef EVP_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_EVP, EVP_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 6, 114}, ++ #endif ++ #ifdef EVP_R_DEFAULT_QUERY_PARSE_ERROR ++ {"DEFAULT_QUERY_PARSE_ERROR", ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR}, ++ #else ++ {"DEFAULT_QUERY_PARSE_ERROR", 6, 210}, ++ #endif ++ #ifdef EVP_R_DIFFERENT_KEY_TYPES ++ {"DIFFERENT_KEY_TYPES", ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES}, ++ #else ++ {"DIFFERENT_KEY_TYPES", 6, 101}, ++ #endif ++ #ifdef EVP_R_DIFFERENT_PARAMETERS ++ {"DIFFERENT_PARAMETERS", ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS}, ++ #else ++ {"DIFFERENT_PARAMETERS", 6, 153}, ++ #endif ++ #ifdef EVP_R_ERROR_LOADING_SECTION ++ {"ERROR_LOADING_SECTION", ERR_LIB_EVP, EVP_R_ERROR_LOADING_SECTION}, ++ #else ++ {"ERROR_LOADING_SECTION", 6, 165}, ++ #endif ++ #ifdef EVP_R_ERROR_SETTING_FIPS_MODE ++ {"ERROR_SETTING_FIPS_MODE", ERR_LIB_EVP, EVP_R_ERROR_SETTING_FIPS_MODE}, ++ #else ++ {"ERROR_SETTING_FIPS_MODE", 6, 166}, ++ #endif ++ #ifdef EVP_R_EXPECTING_AN_HMAC_KEY ++ {"EXPECTING_AN_HMAC_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY}, ++ #else ++ {"EXPECTING_AN_HMAC_KEY", 6, 174}, ++ #endif ++ #ifdef EVP_R_EXPECTING_AN_RSA_KEY ++ {"EXPECTING_AN_RSA_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY}, ++ #else ++ {"EXPECTING_AN_RSA_KEY", 6, 127}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_DH_KEY ++ {"EXPECTING_A_DH_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_DH_KEY}, ++ #else ++ {"EXPECTING_A_DH_KEY", 6, 128}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_DSA_KEY ++ {"EXPECTING_A_DSA_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_DSA_KEY}, ++ #else ++ {"EXPECTING_A_DSA_KEY", 6, 129}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_ECX_KEY ++ {"EXPECTING_A_ECX_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY}, ++ #else ++ {"EXPECTING_A_ECX_KEY", 6, 219}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_EC_KEY ++ {"EXPECTING_A_EC_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY}, ++ #else ++ {"EXPECTING_A_EC_KEY", 6, 142}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_POLY1305_KEY ++ {"EXPECTING_A_POLY1305_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY}, ++ #else ++ {"EXPECTING_A_POLY1305_KEY", 6, 164}, ++ #endif ++ #ifdef EVP_R_EXPECTING_A_SIPHASH_KEY ++ {"EXPECTING_A_SIPHASH_KEY", ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY}, ++ #else ++ {"EXPECTING_A_SIPHASH_KEY", 6, 175}, ++ #endif ++ #ifdef EVP_R_FINAL_ERROR ++ {"FINAL_ERROR", ERR_LIB_EVP, EVP_R_FINAL_ERROR}, ++ #else ++ {"FINAL_ERROR", 6, 188}, ++ #endif ++ #ifdef EVP_R_FIPS_MODE_NOT_SUPPORTED ++ {"FIPS_MODE_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_FIPS_MODE_NOT_SUPPORTED}, ++ #else ++ {"FIPS_MODE_NOT_SUPPORTED", 6, 167}, ++ #endif ++ #ifdef EVP_R_GENERATE_ERROR ++ {"GENERATE_ERROR", ERR_LIB_EVP, EVP_R_GENERATE_ERROR}, ++ #else ++ {"GENERATE_ERROR", 6, 214}, ++ #endif ++ #ifdef EVP_R_GET_RAW_KEY_FAILED ++ {"GET_RAW_KEY_FAILED", ERR_LIB_EVP, EVP_R_GET_RAW_KEY_FAILED}, ++ #else ++ {"GET_RAW_KEY_FAILED", 6, 182}, ++ #endif ++ #ifdef EVP_R_ILLEGAL_SCRYPT_PARAMETERS ++ {"ILLEGAL_SCRYPT_PARAMETERS", ERR_LIB_EVP, EVP_R_ILLEGAL_SCRYPT_PARAMETERS}, ++ #else ++ {"ILLEGAL_SCRYPT_PARAMETERS", 6, 171}, ++ #endif ++ #ifdef EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS ++ {"INACCESSIBLE_DOMAIN_PARAMETERS", ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS}, ++ #else ++ {"INACCESSIBLE_DOMAIN_PARAMETERS", 6, 204}, ++ #endif ++ #ifdef EVP_R_INACCESSIBLE_KEY ++ {"INACCESSIBLE_KEY", ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY}, ++ #else ++ {"INACCESSIBLE_KEY", 6, 203}, ++ #endif ++ #ifdef EVP_R_INITIALIZATION_ERROR ++ {"INITIALIZATION_ERROR", ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR}, ++ #else ++ {"INITIALIZATION_ERROR", 6, 134}, ++ #endif ++ #ifdef EVP_R_INPUT_NOT_INITIALIZED ++ {"INPUT_NOT_INITIALIZED", ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED}, ++ #else ++ {"INPUT_NOT_INITIALIZED", 6, 111}, ++ #endif ++ #ifdef EVP_R_INVALID_CUSTOM_LENGTH ++ {"INVALID_CUSTOM_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_CUSTOM_LENGTH}, ++ #else ++ {"INVALID_CUSTOM_LENGTH", 6, 185}, ++ #endif ++ #ifdef EVP_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_EVP, EVP_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 6, 152}, ++ #endif ++ #ifdef EVP_R_INVALID_FIPS_MODE ++ {"INVALID_FIPS_MODE", ERR_LIB_EVP, EVP_R_INVALID_FIPS_MODE}, ++ #else ++ {"INVALID_FIPS_MODE", 6, 168}, ++ #endif ++ #ifdef EVP_R_INVALID_IV_LENGTH ++ {"INVALID_IV_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH}, ++ #else ++ {"INVALID_IV_LENGTH", 6, 194}, ++ #endif ++ #ifdef EVP_R_INVALID_KEY ++ {"INVALID_KEY", ERR_LIB_EVP, EVP_R_INVALID_KEY}, ++ #else ++ {"INVALID_KEY", 6, 163}, ++ #endif ++ #ifdef EVP_R_INVALID_KEY_LENGTH ++ {"INVALID_KEY_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH}, ++ #else ++ {"INVALID_KEY_LENGTH", 6, 130}, ++ #endif ++ #ifdef EVP_R_INVALID_LENGTH ++ {"INVALID_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_LENGTH}, ++ #else ++ {"INVALID_LENGTH", 6, 221}, ++ #endif ++ #ifdef EVP_R_INVALID_NULL_ALGORITHM ++ {"INVALID_NULL_ALGORITHM", ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM}, ++ #else ++ {"INVALID_NULL_ALGORITHM", 6, 218}, ++ #endif ++ #ifdef EVP_R_INVALID_OPERATION ++ {"INVALID_OPERATION", ERR_LIB_EVP, EVP_R_INVALID_OPERATION}, ++ #else ++ {"INVALID_OPERATION", 6, 148}, ++ #endif ++ #ifdef EVP_R_INVALID_PROVIDER_FUNCTIONS ++ {"INVALID_PROVIDER_FUNCTIONS", ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS}, ++ #else ++ {"INVALID_PROVIDER_FUNCTIONS", 6, 193}, ++ #endif ++ #ifdef EVP_R_INVALID_SALT_LENGTH ++ {"INVALID_SALT_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_SALT_LENGTH}, ++ #else ++ {"INVALID_SALT_LENGTH", 6, 186}, ++ #endif ++ #ifdef EVP_R_INVALID_SECRET_LENGTH ++ {"INVALID_SECRET_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_SECRET_LENGTH}, ++ #else ++ {"INVALID_SECRET_LENGTH", 6, 223}, ++ #endif ++ #ifdef EVP_R_INVALID_SEED_LENGTH ++ {"INVALID_SEED_LENGTH", ERR_LIB_EVP, EVP_R_INVALID_SEED_LENGTH}, ++ #else ++ {"INVALID_SEED_LENGTH", 6, 220}, ++ #endif ++ #ifdef EVP_R_INVALID_VALUE ++ {"INVALID_VALUE", ERR_LIB_EVP, EVP_R_INVALID_VALUE}, ++ #else ++ {"INVALID_VALUE", 6, 222}, ++ #endif ++ #ifdef EVP_R_KEYMGMT_EXPORT_FAILURE ++ {"KEYMGMT_EXPORT_FAILURE", ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE}, ++ #else ++ {"KEYMGMT_EXPORT_FAILURE", 6, 205}, ++ #endif ++ #ifdef EVP_R_KEY_SETUP_FAILED ++ {"KEY_SETUP_FAILED", ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED}, ++ #else ++ {"KEY_SETUP_FAILED", 6, 180}, ++ #endif ++ #ifdef EVP_R_LOCKING_NOT_SUPPORTED ++ {"LOCKING_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED}, ++ #else ++ {"LOCKING_NOT_SUPPORTED", 6, 213}, ++ #endif ++ #ifdef EVP_R_MEMORY_LIMIT_EXCEEDED ++ {"MEMORY_LIMIT_EXCEEDED", ERR_LIB_EVP, EVP_R_MEMORY_LIMIT_EXCEEDED}, ++ #else ++ {"MEMORY_LIMIT_EXCEEDED", 6, 172}, ++ #endif ++ #ifdef EVP_R_MESSAGE_DIGEST_IS_NULL ++ {"MESSAGE_DIGEST_IS_NULL", ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL}, ++ #else ++ {"MESSAGE_DIGEST_IS_NULL", 6, 159}, ++ #endif ++ #ifdef EVP_R_METHOD_NOT_SUPPORTED ++ {"METHOD_NOT_SUPPORTED", ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED}, ++ #else ++ {"METHOD_NOT_SUPPORTED", 6, 144}, ++ #endif ++ #ifdef EVP_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_EVP, EVP_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 6, 103}, ++ #endif ++ #ifdef EVP_R_NOT_ABLE_TO_COPY_CTX ++ {"NOT_ABLE_TO_COPY_CTX", ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX}, ++ #else ++ {"NOT_ABLE_TO_COPY_CTX", 6, 190}, ++ #endif ++ #ifdef EVP_R_NOT_XOF_OR_INVALID_LENGTH ++ {"NOT_XOF_OR_INVALID_LENGTH", ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH}, ++ #else ++ {"NOT_XOF_OR_INVALID_LENGTH", 6, 178}, ++ #endif ++ #ifdef EVP_R_NO_CIPHER_SET ++ {"NO_CIPHER_SET", ERR_LIB_EVP, EVP_R_NO_CIPHER_SET}, ++ #else ++ {"NO_CIPHER_SET", 6, 131}, ++ #endif ++ #ifdef EVP_R_NO_DEFAULT_DIGEST ++ {"NO_DEFAULT_DIGEST", ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST}, ++ #else ++ {"NO_DEFAULT_DIGEST", 6, 158}, ++ #endif ++ #ifdef EVP_R_NO_DIGEST_SET ++ {"NO_DIGEST_SET", ERR_LIB_EVP, EVP_R_NO_DIGEST_SET}, ++ #else ++ {"NO_DIGEST_SET", 6, 139}, ++ #endif ++ #ifdef EVP_R_NO_IMPORT_FUNCTION ++ {"NO_IMPORT_FUNCTION", ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION}, ++ #else ++ {"NO_IMPORT_FUNCTION", 6, 206}, ++ #endif ++ #ifdef EVP_R_NO_KEYMGMT_AVAILABLE ++ {"NO_KEYMGMT_AVAILABLE", ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE}, ++ #else ++ {"NO_KEYMGMT_AVAILABLE", 6, 199}, ++ #endif ++ #ifdef EVP_R_NO_KEYMGMT_PRESENT ++ {"NO_KEYMGMT_PRESENT", ERR_LIB_EVP, EVP_R_NO_KEYMGMT_PRESENT}, ++ #else ++ {"NO_KEYMGMT_PRESENT", 6, 196}, ++ #endif ++ #ifdef EVP_R_NO_KEY_SET ++ {"NO_KEY_SET", ERR_LIB_EVP, EVP_R_NO_KEY_SET}, ++ #else ++ {"NO_KEY_SET", 6, 154}, ++ #endif ++ #ifdef EVP_R_NO_OPERATION_SET ++ {"NO_OPERATION_SET", ERR_LIB_EVP, EVP_R_NO_OPERATION_SET}, ++ #else ++ {"NO_OPERATION_SET", 6, 149}, ++ #endif ++ #ifdef EVP_R_NULL_MAC_PKEY_CTX ++ {"NULL_MAC_PKEY_CTX", ERR_LIB_EVP, EVP_R_NULL_MAC_PKEY_CTX}, ++ #else ++ {"NULL_MAC_PKEY_CTX", 6, 208}, ++ #endif ++ #ifdef EVP_R_ONLY_ONESHOT_SUPPORTED ++ {"ONLY_ONESHOT_SUPPORTED", ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED}, ++ #else ++ {"ONLY_ONESHOT_SUPPORTED", 6, 177}, ++ #endif ++ #ifdef EVP_R_OPERATION_NOT_INITIALIZED ++ {"OPERATION_NOT_INITIALIZED", ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED}, ++ #else ++ {"OPERATION_NOT_INITIALIZED", 6, 151}, ++ #endif ++ #ifdef EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", 6, 150}, ++ #endif ++ #ifdef EVP_R_OUTPUT_WOULD_OVERFLOW ++ {"OUTPUT_WOULD_OVERFLOW", ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW}, ++ #else ++ {"OUTPUT_WOULD_OVERFLOW", 6, 202}, ++ #endif ++ #ifdef EVP_R_PARAMETER_TOO_LARGE ++ {"PARAMETER_TOO_LARGE", ERR_LIB_EVP, EVP_R_PARAMETER_TOO_LARGE}, ++ #else ++ {"PARAMETER_TOO_LARGE", 6, 187}, ++ #endif ++ #ifdef EVP_R_PARTIALLY_OVERLAPPING ++ {"PARTIALLY_OVERLAPPING", ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING}, ++ #else ++ {"PARTIALLY_OVERLAPPING", 6, 162}, ++ #endif ++ #ifdef EVP_R_PBKDF2_ERROR ++ {"PBKDF2_ERROR", ERR_LIB_EVP, EVP_R_PBKDF2_ERROR}, ++ #else ++ {"PBKDF2_ERROR", 6, 181}, ++ #endif ++ #ifdef EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED ++ {"PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED", ERR_LIB_EVP, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED}, ++ #else ++ {"PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED", 6, 179}, ++ #endif ++ #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR ++ {"PRIVATE_KEY_DECODE_ERROR", ERR_LIB_EVP, EVP_R_PRIVATE_KEY_DECODE_ERROR}, ++ #else ++ {"PRIVATE_KEY_DECODE_ERROR", 6, 145}, ++ #endif ++ #ifdef EVP_R_PRIVATE_KEY_ENCODE_ERROR ++ {"PRIVATE_KEY_ENCODE_ERROR", ERR_LIB_EVP, EVP_R_PRIVATE_KEY_ENCODE_ERROR}, ++ #else ++ {"PRIVATE_KEY_ENCODE_ERROR", 6, 146}, ++ #endif ++ #ifdef EVP_R_PUBLIC_KEY_NOT_RSA ++ {"PUBLIC_KEY_NOT_RSA", ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA}, ++ #else ++ {"PUBLIC_KEY_NOT_RSA", 6, 106}, ++ #endif ++ #ifdef EVP_R_SET_DEFAULT_PROPERTY_FAILURE ++ {"SET_DEFAULT_PROPERTY_FAILURE", ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE}, ++ #else ++ {"SET_DEFAULT_PROPERTY_FAILURE", 6, 209}, ++ #endif ++ #ifdef EVP_R_TOO_MANY_RECORDS ++ {"TOO_MANY_RECORDS", ERR_LIB_EVP, EVP_R_TOO_MANY_RECORDS}, ++ #else ++ {"TOO_MANY_RECORDS", 6, 183}, ++ #endif ++ #ifdef EVP_R_UNABLE_TO_ENABLE_LOCKING ++ {"UNABLE_TO_ENABLE_LOCKING", ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING}, ++ #else ++ {"UNABLE_TO_ENABLE_LOCKING", 6, 212}, ++ #endif ++ #ifdef EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE ++ {"UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE", ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE}, ++ #else ++ {"UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE", 6, 215}, ++ #endif ++ #ifdef EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH ++ {"UNABLE_TO_GET_RANDOM_STRENGTH", ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH}, ++ #else ++ {"UNABLE_TO_GET_RANDOM_STRENGTH", 6, 216}, ++ #endif ++ #ifdef EVP_R_UNABLE_TO_LOCK_CONTEXT ++ {"UNABLE_TO_LOCK_CONTEXT", ERR_LIB_EVP, EVP_R_UNABLE_TO_LOCK_CONTEXT}, ++ #else ++ {"UNABLE_TO_LOCK_CONTEXT", 6, 211}, ++ #endif ++ #ifdef EVP_R_UNABLE_TO_SET_CALLBACKS ++ {"UNABLE_TO_SET_CALLBACKS", ERR_LIB_EVP, EVP_R_UNABLE_TO_SET_CALLBACKS}, ++ #else ++ {"UNABLE_TO_SET_CALLBACKS", 6, 217}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_CIPHER ++ {"UNKNOWN_CIPHER", ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER}, ++ #else ++ {"UNKNOWN_CIPHER", 6, 160}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 6, 161}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_KEY_TYPE ++ {"UNKNOWN_KEY_TYPE", ERR_LIB_EVP, EVP_R_UNKNOWN_KEY_TYPE}, ++ #else ++ {"UNKNOWN_KEY_TYPE", 6, 207}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_OPTION ++ {"UNKNOWN_OPTION", ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION}, ++ #else ++ {"UNKNOWN_OPTION", 6, 169}, ++ #endif ++ #ifdef EVP_R_UNKNOWN_PBE_ALGORITHM ++ {"UNKNOWN_PBE_ALGORITHM", ERR_LIB_EVP, EVP_R_UNKNOWN_PBE_ALGORITHM}, ++ #else ++ {"UNKNOWN_PBE_ALGORITHM", 6, 121}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_ALGORITHM ++ {"UNSUPPORTED_ALGORITHM", ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_ALGORITHM", 6, 156}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 6, 107}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEYLENGTH ++ {"UNSUPPORTED_KEYLENGTH", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEYLENGTH}, ++ #else ++ {"UNSUPPORTED_KEYLENGTH", 6, 123}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION ++ {"UNSUPPORTED_KEY_DERIVATION_FUNCTION", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION}, ++ #else ++ {"UNSUPPORTED_KEY_DERIVATION_FUNCTION", 6, 124}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEY_SIZE ++ {"UNSUPPORTED_KEY_SIZE", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_SIZE}, ++ #else ++ {"UNSUPPORTED_KEY_SIZE", 6, 108}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_KEY_TYPE ++ {"UNSUPPORTED_KEY_TYPE", ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE}, ++ #else ++ {"UNSUPPORTED_KEY_TYPE", 6, 224}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS ++ {"UNSUPPORTED_NUMBER_OF_ROUNDS", ERR_LIB_EVP, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS}, ++ #else ++ {"UNSUPPORTED_NUMBER_OF_ROUNDS", 6, 135}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_PRF ++ {"UNSUPPORTED_PRF", ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF}, ++ #else ++ {"UNSUPPORTED_PRF", 6, 125}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ++ {"UNSUPPORTED_PRIVATE_KEY_ALGORITHM", ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_PRIVATE_KEY_ALGORITHM", 6, 118}, ++ #endif ++ #ifdef EVP_R_UNSUPPORTED_SALT_TYPE ++ {"UNSUPPORTED_SALT_TYPE", ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE}, ++ #else ++ {"UNSUPPORTED_SALT_TYPE", 6, 126}, ++ #endif ++ #ifdef EVP_R_UPDATE_ERROR ++ {"UPDATE_ERROR", ERR_LIB_EVP, EVP_R_UPDATE_ERROR}, ++ #else ++ {"UPDATE_ERROR", 6, 189}, ++ #endif ++ #ifdef EVP_R_WRAP_MODE_NOT_ALLOWED ++ {"WRAP_MODE_NOT_ALLOWED", ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED}, ++ #else ++ {"WRAP_MODE_NOT_ALLOWED", 6, 170}, ++ #endif ++ #ifdef EVP_R_WRONG_FINAL_BLOCK_LENGTH ++ {"WRONG_FINAL_BLOCK_LENGTH", ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH}, ++ #else ++ {"WRONG_FINAL_BLOCK_LENGTH", 6, 109}, ++ #endif ++ #ifdef EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE ++ {"XTS_DATA_UNIT_IS_TOO_LARGE", ERR_LIB_EVP, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE}, ++ #else ++ {"XTS_DATA_UNIT_IS_TOO_LARGE", 6, 191}, ++ #endif ++ #ifdef EVP_R_XTS_DUPLICATED_KEYS ++ {"XTS_DUPLICATED_KEYS", ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS}, ++ #else ++ {"XTS_DUPLICATED_KEYS", 6, 192}, ++ #endif ++ #ifdef HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN ++ {"ASN1_LEN_EXCEEDS_MAX_RESP_LEN", ERR_LIB_HTTP, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN}, ++ #else ++ {"ASN1_LEN_EXCEEDS_MAX_RESP_LEN", 61, 108}, ++ #endif ++ #ifdef HTTP_R_CONNECT_FAILURE ++ {"CONNECT_FAILURE", ERR_LIB_HTTP, HTTP_R_CONNECT_FAILURE}, ++ #else ++ {"CONNECT_FAILURE", 61, 100}, ++ #endif ++ #ifdef HTTP_R_ERROR_PARSING_ASN1_LENGTH ++ {"ERROR_PARSING_ASN1_LENGTH", ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_ASN1_LENGTH}, ++ #else ++ {"ERROR_PARSING_ASN1_LENGTH", 61, 109}, ++ #endif ++ #ifdef HTTP_R_ERROR_PARSING_CONTENT_LENGTH ++ {"ERROR_PARSING_CONTENT_LENGTH", ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_CONTENT_LENGTH}, ++ #else ++ {"ERROR_PARSING_CONTENT_LENGTH", 61, 119}, ++ #endif ++ #ifdef HTTP_R_ERROR_PARSING_URL ++ {"ERROR_PARSING_URL", ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL}, ++ #else ++ {"ERROR_PARSING_URL", 61, 101}, ++ #endif ++ #ifdef HTTP_R_ERROR_RECEIVING ++ {"ERROR_RECEIVING", ERR_LIB_HTTP, HTTP_R_ERROR_RECEIVING}, ++ #else ++ {"ERROR_RECEIVING", 61, 103}, ++ #endif ++ #ifdef HTTP_R_ERROR_SENDING ++ {"ERROR_SENDING", ERR_LIB_HTTP, HTTP_R_ERROR_SENDING}, ++ #else ++ {"ERROR_SENDING", 61, 102}, ++ #endif ++ #ifdef HTTP_R_FAILED_READING_DATA ++ {"FAILED_READING_DATA", ERR_LIB_HTTP, HTTP_R_FAILED_READING_DATA}, ++ #else ++ {"FAILED_READING_DATA", 61, 128}, ++ #endif ++ #ifdef HTTP_R_INCONSISTENT_CONTENT_LENGTH ++ {"INCONSISTENT_CONTENT_LENGTH", ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH}, ++ #else ++ {"INCONSISTENT_CONTENT_LENGTH", 61, 120}, ++ #endif ++ #ifdef HTTP_R_INVALID_PORT_NUMBER ++ {"INVALID_PORT_NUMBER", ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER}, ++ #else ++ {"INVALID_PORT_NUMBER", 61, 123}, ++ #endif ++ #ifdef HTTP_R_INVALID_URL_PATH ++ {"INVALID_URL_PATH", ERR_LIB_HTTP, HTTP_R_INVALID_URL_PATH}, ++ #else ++ {"INVALID_URL_PATH", 61, 125}, ++ #endif ++ #ifdef HTTP_R_INVALID_URL_SCHEME ++ {"INVALID_URL_SCHEME", ERR_LIB_HTTP, HTTP_R_INVALID_URL_SCHEME}, ++ #else ++ {"INVALID_URL_SCHEME", 61, 124}, ++ #endif ++ #ifdef HTTP_R_MAX_RESP_LEN_EXCEEDED ++ {"MAX_RESP_LEN_EXCEEDED", ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED}, ++ #else ++ {"MAX_RESP_LEN_EXCEEDED", 61, 117}, ++ #endif ++ #ifdef HTTP_R_MISSING_ASN1_ENCODING ++ {"MISSING_ASN1_ENCODING", ERR_LIB_HTTP, HTTP_R_MISSING_ASN1_ENCODING}, ++ #else ++ {"MISSING_ASN1_ENCODING", 61, 110}, ++ #endif ++ #ifdef HTTP_R_MISSING_CONTENT_TYPE ++ {"MISSING_CONTENT_TYPE", ERR_LIB_HTTP, HTTP_R_MISSING_CONTENT_TYPE}, ++ #else ++ {"MISSING_CONTENT_TYPE", 61, 121}, ++ #endif ++ #ifdef HTTP_R_MISSING_REDIRECT_LOCATION ++ {"MISSING_REDIRECT_LOCATION", ERR_LIB_HTTP, HTTP_R_MISSING_REDIRECT_LOCATION}, ++ #else ++ {"MISSING_REDIRECT_LOCATION", 61, 111}, ++ #endif ++ #ifdef HTTP_R_RECEIVED_ERROR ++ {"RECEIVED_ERROR", ERR_LIB_HTTP, HTTP_R_RECEIVED_ERROR}, ++ #else ++ {"RECEIVED_ERROR", 61, 105}, ++ #endif ++ #ifdef HTTP_R_RECEIVED_WRONG_HTTP_VERSION ++ {"RECEIVED_WRONG_HTTP_VERSION", ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION}, ++ #else ++ {"RECEIVED_WRONG_HTTP_VERSION", 61, 106}, ++ #endif ++ #ifdef HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP ++ {"REDIRECTION_FROM_HTTPS_TO_HTTP", ERR_LIB_HTTP, HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP}, ++ #else ++ {"REDIRECTION_FROM_HTTPS_TO_HTTP", 61, 112}, ++ #endif ++ #ifdef HTTP_R_REDIRECTION_NOT_ENABLED ++ {"REDIRECTION_NOT_ENABLED", ERR_LIB_HTTP, HTTP_R_REDIRECTION_NOT_ENABLED}, ++ #else ++ {"REDIRECTION_NOT_ENABLED", 61, 116}, ++ #endif ++ #ifdef HTTP_R_RESPONSE_LINE_TOO_LONG ++ {"RESPONSE_LINE_TOO_LONG", ERR_LIB_HTTP, HTTP_R_RESPONSE_LINE_TOO_LONG}, ++ #else ++ {"RESPONSE_LINE_TOO_LONG", 61, 113}, ++ #endif ++ #ifdef HTTP_R_RESPONSE_PARSE_ERROR ++ {"RESPONSE_PARSE_ERROR", ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR}, ++ #else ++ {"RESPONSE_PARSE_ERROR", 61, 104}, ++ #endif ++ #ifdef HTTP_R_SOCK_NOT_SUPPORTED ++ {"SOCK_NOT_SUPPORTED", ERR_LIB_HTTP, HTTP_R_SOCK_NOT_SUPPORTED}, ++ #else ++ {"SOCK_NOT_SUPPORTED", 61, 122}, ++ #endif ++ #ifdef HTTP_R_STATUS_CODE_UNSUPPORTED ++ {"STATUS_CODE_UNSUPPORTED", ERR_LIB_HTTP, HTTP_R_STATUS_CODE_UNSUPPORTED}, ++ #else ++ {"STATUS_CODE_UNSUPPORTED", 61, 114}, ++ #endif ++ #ifdef HTTP_R_TLS_NOT_ENABLED ++ {"TLS_NOT_ENABLED", ERR_LIB_HTTP, HTTP_R_TLS_NOT_ENABLED}, ++ #else ++ {"TLS_NOT_ENABLED", 61, 107}, ++ #endif ++ #ifdef HTTP_R_TOO_MANY_REDIRECTIONS ++ {"TOO_MANY_REDIRECTIONS", ERR_LIB_HTTP, HTTP_R_TOO_MANY_REDIRECTIONS}, ++ #else ++ {"TOO_MANY_REDIRECTIONS", 61, 115}, ++ #endif ++ #ifdef HTTP_R_UNEXPECTED_CONTENT_TYPE ++ {"UNEXPECTED_CONTENT_TYPE", ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE}, ++ #else ++ {"UNEXPECTED_CONTENT_TYPE", 61, 118}, ++ #endif ++ #ifdef OBJ_R_OID_EXISTS ++ {"OID_EXISTS", ERR_LIB_OBJ, OBJ_R_OID_EXISTS}, ++ #else ++ {"OID_EXISTS", 8, 102}, ++ #endif ++ #ifdef OBJ_R_UNKNOWN_NID ++ {"UNKNOWN_NID", ERR_LIB_OBJ, OBJ_R_UNKNOWN_NID}, ++ #else ++ {"UNKNOWN_NID", 8, 101}, ++ #endif ++ #ifdef OBJ_R_UNKNOWN_OBJECT_NAME ++ {"UNKNOWN_OBJECT_NAME", ERR_LIB_OBJ, OBJ_R_UNKNOWN_OBJECT_NAME}, ++ #else ++ {"UNKNOWN_OBJECT_NAME", 8, 103}, ++ #endif ++ #ifdef OCSP_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 39, 101}, ++ #endif ++ #ifdef OCSP_R_DIGEST_ERR ++ {"DIGEST_ERR", ERR_LIB_OCSP, OCSP_R_DIGEST_ERR}, ++ #else ++ {"DIGEST_ERR", 39, 102}, ++ #endif ++ #ifdef OCSP_R_DIGEST_NAME_ERR ++ {"DIGEST_NAME_ERR", ERR_LIB_OCSP, OCSP_R_DIGEST_NAME_ERR}, ++ #else ++ {"DIGEST_NAME_ERR", 39, 106}, ++ #endif ++ #ifdef OCSP_R_DIGEST_SIZE_ERR ++ {"DIGEST_SIZE_ERR", ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR}, ++ #else ++ {"DIGEST_SIZE_ERR", 39, 107}, ++ #endif ++ #ifdef OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ++ {"ERROR_IN_NEXTUPDATE_FIELD", ERR_LIB_OCSP, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD}, ++ #else ++ {"ERROR_IN_NEXTUPDATE_FIELD", 39, 122}, ++ #endif ++ #ifdef OCSP_R_ERROR_IN_THISUPDATE_FIELD ++ {"ERROR_IN_THISUPDATE_FIELD", ERR_LIB_OCSP, OCSP_R_ERROR_IN_THISUPDATE_FIELD}, ++ #else ++ {"ERROR_IN_THISUPDATE_FIELD", 39, 123}, ++ #endif ++ #ifdef OCSP_R_MISSING_OCSPSIGNING_USAGE ++ {"MISSING_OCSPSIGNING_USAGE", ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE}, ++ #else ++ {"MISSING_OCSPSIGNING_USAGE", 39, 103}, ++ #endif ++ #ifdef OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ++ {"NEXTUPDATE_BEFORE_THISUPDATE", ERR_LIB_OCSP, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE}, ++ #else ++ {"NEXTUPDATE_BEFORE_THISUPDATE", 39, 124}, ++ #endif ++ #ifdef OCSP_R_NOT_BASIC_RESPONSE ++ {"NOT_BASIC_RESPONSE", ERR_LIB_OCSP, OCSP_R_NOT_BASIC_RESPONSE}, ++ #else ++ {"NOT_BASIC_RESPONSE", 39, 104}, ++ #endif ++ #ifdef OCSP_R_NO_CERTIFICATES_IN_CHAIN ++ {"NO_CERTIFICATES_IN_CHAIN", ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN}, ++ #else ++ {"NO_CERTIFICATES_IN_CHAIN", 39, 105}, ++ #endif ++ #ifdef OCSP_R_NO_RESPONSE_DATA ++ {"NO_RESPONSE_DATA", ERR_LIB_OCSP, OCSP_R_NO_RESPONSE_DATA}, ++ #else ++ {"NO_RESPONSE_DATA", 39, 108}, ++ #endif ++ #ifdef OCSP_R_NO_REVOKED_TIME ++ {"NO_REVOKED_TIME", ERR_LIB_OCSP, OCSP_R_NO_REVOKED_TIME}, ++ #else ++ {"NO_REVOKED_TIME", 39, 109}, ++ #endif ++ #ifdef OCSP_R_NO_SIGNER_KEY ++ {"NO_SIGNER_KEY", ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY}, ++ #else ++ {"NO_SIGNER_KEY", 39, 130}, ++ #endif ++ #ifdef OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 39, 110}, ++ #endif ++ #ifdef OCSP_R_REQUEST_NOT_SIGNED ++ {"REQUEST_NOT_SIGNED", ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED}, ++ #else ++ {"REQUEST_NOT_SIGNED", 39, 128}, ++ #endif ++ #ifdef OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA ++ {"RESPONSE_CONTAINS_NO_REVOCATION_DATA", ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA}, ++ #else ++ {"RESPONSE_CONTAINS_NO_REVOCATION_DATA", 39, 111}, ++ #endif ++ #ifdef OCSP_R_ROOT_CA_NOT_TRUSTED ++ {"ROOT_CA_NOT_TRUSTED", ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED}, ++ #else ++ {"ROOT_CA_NOT_TRUSTED", 39, 112}, ++ #endif ++ #ifdef OCSP_R_SIGNATURE_FAILURE ++ {"SIGNATURE_FAILURE", ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE}, ++ #else ++ {"SIGNATURE_FAILURE", 39, 117}, ++ #endif ++ #ifdef OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ++ {"SIGNER_CERTIFICATE_NOT_FOUND", ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"SIGNER_CERTIFICATE_NOT_FOUND", 39, 118}, ++ #endif ++ #ifdef OCSP_R_STATUS_EXPIRED ++ {"STATUS_EXPIRED", ERR_LIB_OCSP, OCSP_R_STATUS_EXPIRED}, ++ #else ++ {"STATUS_EXPIRED", 39, 125}, ++ #endif ++ #ifdef OCSP_R_STATUS_NOT_YET_VALID ++ {"STATUS_NOT_YET_VALID", ERR_LIB_OCSP, OCSP_R_STATUS_NOT_YET_VALID}, ++ #else ++ {"STATUS_NOT_YET_VALID", 39, 126}, ++ #endif ++ #ifdef OCSP_R_STATUS_TOO_OLD ++ {"STATUS_TOO_OLD", ERR_LIB_OCSP, OCSP_R_STATUS_TOO_OLD}, ++ #else ++ {"STATUS_TOO_OLD", 39, 127}, ++ #endif ++ #ifdef OCSP_R_UNKNOWN_MESSAGE_DIGEST ++ {"UNKNOWN_MESSAGE_DIGEST", ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST}, ++ #else ++ {"UNKNOWN_MESSAGE_DIGEST", 39, 119}, ++ #endif ++ #ifdef OCSP_R_UNKNOWN_NID ++ {"UNKNOWN_NID", ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID}, ++ #else ++ {"UNKNOWN_NID", 39, 120}, ++ #endif ++ #ifdef OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ++ {"UNSUPPORTED_REQUESTORNAME_TYPE", ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE}, ++ #else ++ {"UNSUPPORTED_REQUESTORNAME_TYPE", 39, 129}, ++ #endif ++ #ifdef OSSL_DECODER_R_MISSING_GET_PARAMS ++ {"MISSING_GET_PARAMS", ERR_LIB_OSSL_DECODER, OSSL_DECODER_R_MISSING_GET_PARAMS}, ++ #else ++ {"MISSING_GET_PARAMS", 60, 100}, ++ #endif ++ #ifdef OSSL_ENCODER_R_ENCODER_NOT_FOUND ++ {"ENCODER_NOT_FOUND", ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_ENCODER_NOT_FOUND}, ++ #else ++ {"ENCODER_NOT_FOUND", 59, 101}, ++ #endif ++ #ifdef OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY ++ {"INCORRECT_PROPERTY_QUERY", ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY}, ++ #else ++ {"INCORRECT_PROPERTY_QUERY", 59, 100}, ++ #endif ++ #ifdef OSSL_ENCODER_R_MISSING_GET_PARAMS ++ {"MISSING_GET_PARAMS", ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_MISSING_GET_PARAMS}, ++ #else ++ {"MISSING_GET_PARAMS", 59, 102}, ++ #endif ++ #ifdef OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE ++ {"AMBIGUOUS_CONTENT_TYPE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE}, ++ #else ++ {"AMBIGUOUS_CONTENT_TYPE", 44, 107}, ++ #endif ++ #ifdef OSSL_STORE_R_BAD_PASSWORD_READ ++ {"BAD_PASSWORD_READ", ERR_LIB_OSSL_STORE, OSSL_STORE_R_BAD_PASSWORD_READ}, ++ #else ++ {"BAD_PASSWORD_READ", 44, 115}, ++ #endif ++ #ifdef OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC ++ {"ERROR_VERIFYING_PKCS12_MAC", ERR_LIB_OSSL_STORE, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC}, ++ #else ++ {"ERROR_VERIFYING_PKCS12_MAC", 44, 113}, ++ #endif ++ #ifdef OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST ++ {"FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST", ERR_LIB_OSSL_STORE, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST}, ++ #else ++ {"FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST", 44, 121}, ++ #endif ++ #ifdef OSSL_STORE_R_INVALID_SCHEME ++ {"INVALID_SCHEME", ERR_LIB_OSSL_STORE, OSSL_STORE_R_INVALID_SCHEME}, ++ #else ++ {"INVALID_SCHEME", 44, 106}, ++ #endif ++ #ifdef OSSL_STORE_R_IS_NOT_A ++ {"IS_NOT_A", ERR_LIB_OSSL_STORE, OSSL_STORE_R_IS_NOT_A}, ++ #else ++ {"IS_NOT_A", 44, 112}, ++ #endif ++ #ifdef OSSL_STORE_R_LOADER_INCOMPLETE ++ {"LOADER_INCOMPLETE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADER_INCOMPLETE}, ++ #else ++ {"LOADER_INCOMPLETE", 44, 116}, ++ #endif ++ #ifdef OSSL_STORE_R_LOADING_STARTED ++ {"LOADING_STARTED", ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED}, ++ #else ++ {"LOADING_STARTED", 44, 117}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_CERTIFICATE ++ {"NOT_A_CERTIFICATE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE}, ++ #else ++ {"NOT_A_CERTIFICATE", 44, 100}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_CRL ++ {"NOT_A_CRL", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL}, ++ #else ++ {"NOT_A_CRL", 44, 101}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_NAME ++ {"NOT_A_NAME", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME}, ++ #else ++ {"NOT_A_NAME", 44, 103}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_PRIVATE_KEY ++ {"NOT_A_PRIVATE_KEY", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY}, ++ #else ++ {"NOT_A_PRIVATE_KEY", 44, 102}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_A_PUBLIC_KEY ++ {"NOT_A_PUBLIC_KEY", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY}, ++ #else ++ {"NOT_A_PUBLIC_KEY", 44, 122}, ++ #endif ++ #ifdef OSSL_STORE_R_NOT_PARAMETERS ++ {"NOT_PARAMETERS", ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS}, ++ #else ++ {"NOT_PARAMETERS", 44, 104}, ++ #endif ++ #ifdef OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR ++ {"PASSPHRASE_CALLBACK_ERROR", ERR_LIB_OSSL_STORE, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR}, ++ #else ++ {"PASSPHRASE_CALLBACK_ERROR", 44, 114}, ++ #endif ++ #ifdef OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE ++ {"PATH_MUST_BE_ABSOLUTE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE}, ++ #else ++ {"PATH_MUST_BE_ABSOLUTE", 44, 108}, ++ #endif ++ #ifdef OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES ++ {"SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES", ERR_LIB_OSSL_STORE, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES}, ++ #else ++ {"SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES", 44, 119}, ++ #endif ++ #ifdef OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED ++ {"UI_PROCESS_INTERRUPTED_OR_CANCELLED", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED}, ++ #else ++ {"UI_PROCESS_INTERRUPTED_OR_CANCELLED", 44, 109}, ++ #endif ++ #ifdef OSSL_STORE_R_UNREGISTERED_SCHEME ++ {"UNREGISTERED_SCHEME", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNREGISTERED_SCHEME}, ++ #else ++ {"UNREGISTERED_SCHEME", 44, 105}, ++ #endif ++ #ifdef OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE ++ {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE}, ++ #else ++ {"UNSUPPORTED_CONTENT_TYPE", 44, 110}, ++ #endif ++ #ifdef OSSL_STORE_R_UNSUPPORTED_OPERATION ++ {"UNSUPPORTED_OPERATION", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION}, ++ #else ++ {"UNSUPPORTED_OPERATION", 44, 118}, ++ #endif ++ #ifdef OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE ++ {"UNSUPPORTED_SEARCH_TYPE", ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE}, ++ #else ++ {"UNSUPPORTED_SEARCH_TYPE", 44, 120}, ++ #endif ++ #ifdef OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED ++ {"URI_AUTHORITY_UNSUPPORTED", ERR_LIB_OSSL_STORE, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED}, ++ #else ++ {"URI_AUTHORITY_UNSUPPORTED", 44, 111}, ++ #endif ++ #ifdef PEM_R_BAD_BASE64_DECODE ++ {"BAD_BASE64_DECODE", ERR_LIB_PEM, PEM_R_BAD_BASE64_DECODE}, ++ #else ++ {"BAD_BASE64_DECODE", 9, 100}, ++ #endif ++ #ifdef PEM_R_BAD_DECRYPT ++ {"BAD_DECRYPT", ERR_LIB_PEM, PEM_R_BAD_DECRYPT}, ++ #else ++ {"BAD_DECRYPT", 9, 101}, ++ #endif ++ #ifdef PEM_R_BAD_END_LINE ++ {"BAD_END_LINE", ERR_LIB_PEM, PEM_R_BAD_END_LINE}, ++ #else ++ {"BAD_END_LINE", 9, 102}, ++ #endif ++ #ifdef PEM_R_BAD_IV_CHARS ++ {"BAD_IV_CHARS", ERR_LIB_PEM, PEM_R_BAD_IV_CHARS}, ++ #else ++ {"BAD_IV_CHARS", 9, 103}, ++ #endif ++ #ifdef PEM_R_BAD_MAGIC_NUMBER ++ {"BAD_MAGIC_NUMBER", ERR_LIB_PEM, PEM_R_BAD_MAGIC_NUMBER}, ++ #else ++ {"BAD_MAGIC_NUMBER", 9, 116}, ++ #endif ++ #ifdef PEM_R_BAD_PASSWORD_READ ++ {"BAD_PASSWORD_READ", ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ}, ++ #else ++ {"BAD_PASSWORD_READ", 9, 104}, ++ #endif ++ #ifdef PEM_R_BAD_VERSION_NUMBER ++ {"BAD_VERSION_NUMBER", ERR_LIB_PEM, PEM_R_BAD_VERSION_NUMBER}, ++ #else ++ {"BAD_VERSION_NUMBER", 9, 117}, ++ #endif ++ #ifdef PEM_R_BIO_WRITE_FAILURE ++ {"BIO_WRITE_FAILURE", ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE}, ++ #else ++ {"BIO_WRITE_FAILURE", 9, 118}, ++ #endif ++ #ifdef PEM_R_CIPHER_IS_NULL ++ {"CIPHER_IS_NULL", ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL}, ++ #else ++ {"CIPHER_IS_NULL", 9, 127}, ++ #endif ++ #ifdef PEM_R_ERROR_CONVERTING_PRIVATE_KEY ++ {"ERROR_CONVERTING_PRIVATE_KEY", ERR_LIB_PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY}, ++ #else ++ {"ERROR_CONVERTING_PRIVATE_KEY", 9, 115}, ++ #endif ++ #ifdef PEM_R_EXPECTING_DSS_KEY_BLOB ++ {"EXPECTING_DSS_KEY_BLOB", ERR_LIB_PEM, PEM_R_EXPECTING_DSS_KEY_BLOB}, ++ #else ++ {"EXPECTING_DSS_KEY_BLOB", 9, 131}, ++ #endif ++ #ifdef PEM_R_EXPECTING_PRIVATE_KEY_BLOB ++ {"EXPECTING_PRIVATE_KEY_BLOB", ERR_LIB_PEM, PEM_R_EXPECTING_PRIVATE_KEY_BLOB}, ++ #else ++ {"EXPECTING_PRIVATE_KEY_BLOB", 9, 119}, ++ #endif ++ #ifdef PEM_R_EXPECTING_PUBLIC_KEY_BLOB ++ {"EXPECTING_PUBLIC_KEY_BLOB", ERR_LIB_PEM, PEM_R_EXPECTING_PUBLIC_KEY_BLOB}, ++ #else ++ {"EXPECTING_PUBLIC_KEY_BLOB", 9, 120}, ++ #endif ++ #ifdef PEM_R_EXPECTING_RSA_KEY_BLOB ++ {"EXPECTING_RSA_KEY_BLOB", ERR_LIB_PEM, PEM_R_EXPECTING_RSA_KEY_BLOB}, ++ #else ++ {"EXPECTING_RSA_KEY_BLOB", 9, 132}, ++ #endif ++ #ifdef PEM_R_HEADER_TOO_LONG ++ {"HEADER_TOO_LONG", ERR_LIB_PEM, PEM_R_HEADER_TOO_LONG}, ++ #else ++ {"HEADER_TOO_LONG", 9, 128}, ++ #endif ++ #ifdef PEM_R_INCONSISTENT_HEADER ++ {"INCONSISTENT_HEADER", ERR_LIB_PEM, PEM_R_INCONSISTENT_HEADER}, ++ #else ++ {"INCONSISTENT_HEADER", 9, 121}, ++ #endif ++ #ifdef PEM_R_KEYBLOB_HEADER_PARSE_ERROR ++ {"KEYBLOB_HEADER_PARSE_ERROR", ERR_LIB_PEM, PEM_R_KEYBLOB_HEADER_PARSE_ERROR}, ++ #else ++ {"KEYBLOB_HEADER_PARSE_ERROR", 9, 122}, ++ #endif ++ #ifdef PEM_R_KEYBLOB_TOO_SHORT ++ {"KEYBLOB_TOO_SHORT", ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT}, ++ #else ++ {"KEYBLOB_TOO_SHORT", 9, 123}, ++ #endif ++ #ifdef PEM_R_MISSING_DEK_IV ++ {"MISSING_DEK_IV", ERR_LIB_PEM, PEM_R_MISSING_DEK_IV}, ++ #else ++ {"MISSING_DEK_IV", 9, 129}, ++ #endif ++ #ifdef PEM_R_NOT_DEK_INFO ++ {"NOT_DEK_INFO", ERR_LIB_PEM, PEM_R_NOT_DEK_INFO}, ++ #else ++ {"NOT_DEK_INFO", 9, 105}, ++ #endif ++ #ifdef PEM_R_NOT_ENCRYPTED ++ {"NOT_ENCRYPTED", ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED}, ++ #else ++ {"NOT_ENCRYPTED", 9, 106}, ++ #endif ++ #ifdef PEM_R_NOT_PROC_TYPE ++ {"NOT_PROC_TYPE", ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE}, ++ #else ++ {"NOT_PROC_TYPE", 9, 107}, ++ #endif ++ #ifdef PEM_R_NO_START_LINE ++ {"NO_START_LINE", ERR_LIB_PEM, PEM_R_NO_START_LINE}, ++ #else ++ {"NO_START_LINE", 9, 108}, ++ #endif ++ #ifdef PEM_R_PROBLEMS_GETTING_PASSWORD ++ {"PROBLEMS_GETTING_PASSWORD", ERR_LIB_PEM, PEM_R_PROBLEMS_GETTING_PASSWORD}, ++ #else ++ {"PROBLEMS_GETTING_PASSWORD", 9, 109}, ++ #endif ++ #ifdef PEM_R_PVK_DATA_TOO_SHORT ++ {"PVK_DATA_TOO_SHORT", ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT}, ++ #else ++ {"PVK_DATA_TOO_SHORT", 9, 124}, ++ #endif ++ #ifdef PEM_R_PVK_TOO_SHORT ++ {"PVK_TOO_SHORT", ERR_LIB_PEM, PEM_R_PVK_TOO_SHORT}, ++ #else ++ {"PVK_TOO_SHORT", 9, 125}, ++ #endif ++ #ifdef PEM_R_READ_KEY ++ {"READ_KEY", ERR_LIB_PEM, PEM_R_READ_KEY}, ++ #else ++ {"READ_KEY", 9, 111}, ++ #endif ++ #ifdef PEM_R_SHORT_HEADER ++ {"SHORT_HEADER", ERR_LIB_PEM, PEM_R_SHORT_HEADER}, ++ #else ++ {"SHORT_HEADER", 9, 112}, ++ #endif ++ #ifdef PEM_R_UNEXPECTED_DEK_IV ++ {"UNEXPECTED_DEK_IV", ERR_LIB_PEM, PEM_R_UNEXPECTED_DEK_IV}, ++ #else ++ {"UNEXPECTED_DEK_IV", 9, 130}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_CIPHER ++ {"UNSUPPORTED_CIPHER", ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER}, ++ #else ++ {"UNSUPPORTED_CIPHER", 9, 113}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_ENCRYPTION ++ {"UNSUPPORTED_ENCRYPTION", ERR_LIB_PEM, PEM_R_UNSUPPORTED_ENCRYPTION}, ++ #else ++ {"UNSUPPORTED_ENCRYPTION", 9, 114}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_KEY_COMPONENTS ++ {"UNSUPPORTED_KEY_COMPONENTS", ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS}, ++ #else ++ {"UNSUPPORTED_KEY_COMPONENTS", 9, 126}, ++ #endif ++ #ifdef PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE}, ++ #else ++ {"UNSUPPORTED_PUBLIC_KEY_TYPE", 9, 110}, ++ #endif ++ #ifdef PKCS12_R_CANT_PACK_STRUCTURE ++ {"CANT_PACK_STRUCTURE", ERR_LIB_PKCS12, PKCS12_R_CANT_PACK_STRUCTURE}, ++ #else ++ {"CANT_PACK_STRUCTURE", 35, 100}, ++ #endif ++ #ifdef PKCS12_R_CONTENT_TYPE_NOT_DATA ++ {"CONTENT_TYPE_NOT_DATA", ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA}, ++ #else ++ {"CONTENT_TYPE_NOT_DATA", 35, 121}, ++ #endif ++ #ifdef PKCS12_R_DECODE_ERROR ++ {"DECODE_ERROR", ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR}, ++ #else ++ {"DECODE_ERROR", 35, 101}, ++ #endif ++ #ifdef PKCS12_R_ENCODE_ERROR ++ {"ENCODE_ERROR", ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR}, ++ #else ++ {"ENCODE_ERROR", 35, 102}, ++ #endif ++ #ifdef PKCS12_R_ENCRYPT_ERROR ++ {"ENCRYPT_ERROR", ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR}, ++ #else ++ {"ENCRYPT_ERROR", 35, 103}, ++ #endif ++ #ifdef PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE ++ {"ERROR_SETTING_ENCRYPTED_DATA_TYPE", ERR_LIB_PKCS12, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE}, ++ #else ++ {"ERROR_SETTING_ENCRYPTED_DATA_TYPE", 35, 120}, ++ #endif ++ #ifdef PKCS12_R_INVALID_NULL_ARGUMENT ++ {"INVALID_NULL_ARGUMENT", ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_ARGUMENT}, ++ #else ++ {"INVALID_NULL_ARGUMENT", 35, 104}, ++ #endif ++ #ifdef PKCS12_R_INVALID_NULL_PKCS12_POINTER ++ {"INVALID_NULL_PKCS12_POINTER", ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_PKCS12_POINTER}, ++ #else ++ {"INVALID_NULL_PKCS12_POINTER", 35, 105}, ++ #endif ++ #ifdef PKCS12_R_INVALID_TYPE ++ {"INVALID_TYPE", ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE}, ++ #else ++ {"INVALID_TYPE", 35, 112}, ++ #endif ++ #ifdef PKCS12_R_IV_GEN_ERROR ++ {"IV_GEN_ERROR", ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR}, ++ #else ++ {"IV_GEN_ERROR", 35, 106}, ++ #endif ++ #ifdef PKCS12_R_KEY_GEN_ERROR ++ {"KEY_GEN_ERROR", ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR}, ++ #else ++ {"KEY_GEN_ERROR", 35, 107}, ++ #endif ++ #ifdef PKCS12_R_MAC_ABSENT ++ {"MAC_ABSENT", ERR_LIB_PKCS12, PKCS12_R_MAC_ABSENT}, ++ #else ++ {"MAC_ABSENT", 35, 108}, ++ #endif ++ #ifdef PKCS12_R_MAC_GENERATION_ERROR ++ {"MAC_GENERATION_ERROR", ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR}, ++ #else ++ {"MAC_GENERATION_ERROR", 35, 109}, ++ #endif ++ #ifdef PKCS12_R_MAC_SETUP_ERROR ++ {"MAC_SETUP_ERROR", ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR}, ++ #else ++ {"MAC_SETUP_ERROR", 35, 110}, ++ #endif ++ #ifdef PKCS12_R_MAC_STRING_SET_ERROR ++ {"MAC_STRING_SET_ERROR", ERR_LIB_PKCS12, PKCS12_R_MAC_STRING_SET_ERROR}, ++ #else ++ {"MAC_STRING_SET_ERROR", 35, 111}, ++ #endif ++ #ifdef PKCS12_R_MAC_VERIFY_FAILURE ++ {"MAC_VERIFY_FAILURE", ERR_LIB_PKCS12, PKCS12_R_MAC_VERIFY_FAILURE}, ++ #else ++ {"MAC_VERIFY_FAILURE", 35, 113}, ++ #endif ++ #ifdef PKCS12_R_PARSE_ERROR ++ {"PARSE_ERROR", ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR}, ++ #else ++ {"PARSE_ERROR", 35, 114}, ++ #endif ++ #ifdef PKCS12_R_PKCS12_CIPHERFINAL_ERROR ++ {"PKCS12_CIPHERFINAL_ERROR", ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR}, ++ #else ++ {"PKCS12_CIPHERFINAL_ERROR", 35, 116}, ++ #endif ++ #ifdef PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ++ {"UNKNOWN_DIGEST_ALGORITHM", ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM}, ++ #else ++ {"UNKNOWN_DIGEST_ALGORITHM", 35, 118}, ++ #endif ++ #ifdef PKCS12_R_UNSUPPORTED_PKCS12_MODE ++ {"UNSUPPORTED_PKCS12_MODE", ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE}, ++ #else ++ {"UNSUPPORTED_PKCS12_MODE", 35, 119}, ++ #endif ++ #ifdef PKCS7_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 33, 117}, ++ #endif ++ #ifdef PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", ERR_LIB_PKCS7, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER}, ++ #else ++ {"CIPHER_HAS_NO_OBJECT_IDENTIFIER", 33, 144}, ++ #endif ++ #ifdef PKCS7_R_CIPHER_NOT_INITIALIZED ++ {"CIPHER_NOT_INITIALIZED", ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED}, ++ #else ++ {"CIPHER_NOT_INITIALIZED", 33, 116}, ++ #endif ++ #ifdef PKCS7_R_CONTENT_AND_DATA_PRESENT ++ {"CONTENT_AND_DATA_PRESENT", ERR_LIB_PKCS7, PKCS7_R_CONTENT_AND_DATA_PRESENT}, ++ #else ++ {"CONTENT_AND_DATA_PRESENT", 33, 118}, ++ #endif ++ #ifdef PKCS7_R_CTRL_ERROR ++ {"CTRL_ERROR", ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR}, ++ #else ++ {"CTRL_ERROR", 33, 152}, ++ #endif ++ #ifdef PKCS7_R_DECRYPT_ERROR ++ {"DECRYPT_ERROR", ERR_LIB_PKCS7, PKCS7_R_DECRYPT_ERROR}, ++ #else ++ {"DECRYPT_ERROR", 33, 119}, ++ #endif ++ #ifdef PKCS7_R_DIGEST_FAILURE ++ {"DIGEST_FAILURE", ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE}, ++ #else ++ {"DIGEST_FAILURE", 33, 101}, ++ #endif ++ #ifdef PKCS7_R_ENCRYPTION_CTRL_FAILURE ++ {"ENCRYPTION_CTRL_FAILURE", ERR_LIB_PKCS7, PKCS7_R_ENCRYPTION_CTRL_FAILURE}, ++ #else ++ {"ENCRYPTION_CTRL_FAILURE", 33, 149}, ++ #endif ++ #ifdef PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE ++ {"ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", ERR_LIB_PKCS7, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE}, ++ #else ++ {"ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", 33, 150}, ++ #endif ++ #ifdef PKCS7_R_ERROR_ADDING_RECIPIENT ++ {"ERROR_ADDING_RECIPIENT", ERR_LIB_PKCS7, PKCS7_R_ERROR_ADDING_RECIPIENT}, ++ #else ++ {"ERROR_ADDING_RECIPIENT", 33, 120}, ++ #endif ++ #ifdef PKCS7_R_ERROR_SETTING_CIPHER ++ {"ERROR_SETTING_CIPHER", ERR_LIB_PKCS7, PKCS7_R_ERROR_SETTING_CIPHER}, ++ #else ++ {"ERROR_SETTING_CIPHER", 33, 121}, ++ #endif ++ #ifdef PKCS7_R_INVALID_NULL_POINTER ++ {"INVALID_NULL_POINTER", ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER}, ++ #else ++ {"INVALID_NULL_POINTER", 33, 143}, ++ #endif ++ #ifdef PKCS7_R_INVALID_SIGNED_DATA_TYPE ++ {"INVALID_SIGNED_DATA_TYPE", ERR_LIB_PKCS7, PKCS7_R_INVALID_SIGNED_DATA_TYPE}, ++ #else ++ {"INVALID_SIGNED_DATA_TYPE", 33, 155}, ++ #endif ++ #ifdef PKCS7_R_NO_CONTENT ++ {"NO_CONTENT", ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT}, ++ #else ++ {"NO_CONTENT", 33, 122}, ++ #endif ++ #ifdef PKCS7_R_NO_DEFAULT_DIGEST ++ {"NO_DEFAULT_DIGEST", ERR_LIB_PKCS7, PKCS7_R_NO_DEFAULT_DIGEST}, ++ #else ++ {"NO_DEFAULT_DIGEST", 33, 151}, ++ #endif ++ #ifdef PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND ++ {"NO_MATCHING_DIGEST_TYPE_FOUND", ERR_LIB_PKCS7, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND}, ++ #else ++ {"NO_MATCHING_DIGEST_TYPE_FOUND", 33, 154}, ++ #endif ++ #ifdef PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE ++ {"NO_RECIPIENT_MATCHES_CERTIFICATE", ERR_LIB_PKCS7, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE}, ++ #else ++ {"NO_RECIPIENT_MATCHES_CERTIFICATE", 33, 115}, ++ #endif ++ #ifdef PKCS7_R_NO_SIGNATURES_ON_DATA ++ {"NO_SIGNATURES_ON_DATA", ERR_LIB_PKCS7, PKCS7_R_NO_SIGNATURES_ON_DATA}, ++ #else ++ {"NO_SIGNATURES_ON_DATA", 33, 123}, ++ #endif ++ #ifdef PKCS7_R_NO_SIGNERS ++ {"NO_SIGNERS", ERR_LIB_PKCS7, PKCS7_R_NO_SIGNERS}, ++ #else ++ {"NO_SIGNERS", 33, 142}, ++ #endif ++ #ifdef PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE ++ {"OPERATION_NOT_SUPPORTED_ON_THIS_TYPE", ERR_LIB_PKCS7, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_ON_THIS_TYPE", 33, 104}, ++ #endif ++ #ifdef PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ++ {"PKCS7_ADD_SIGNATURE_ERROR", ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNATURE_ERROR", 33, 124}, ++ #endif ++ #ifdef PKCS7_R_PKCS7_ADD_SIGNER_ERROR ++ {"PKCS7_ADD_SIGNER_ERROR", ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNER_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNER_ERROR", 33, 153}, ++ #endif ++ #ifdef PKCS7_R_PKCS7_DATASIGN ++ {"PKCS7_DATASIGN", ERR_LIB_PKCS7, PKCS7_R_PKCS7_DATASIGN}, ++ #else ++ {"PKCS7_DATASIGN", 33, 145}, ++ #endif ++ #ifdef PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_PKCS7, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 33, 127}, ++ #endif ++ #ifdef PKCS7_R_SIGNATURE_FAILURE ++ {"SIGNATURE_FAILURE", ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE}, ++ #else ++ {"SIGNATURE_FAILURE", 33, 105}, ++ #endif ++ #ifdef PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ++ {"SIGNER_CERTIFICATE_NOT_FOUND", ERR_LIB_PKCS7, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND}, ++ #else ++ {"SIGNER_CERTIFICATE_NOT_FOUND", 33, 128}, ++ #endif ++ #ifdef PKCS7_R_SIGNING_CTRL_FAILURE ++ {"SIGNING_CTRL_FAILURE", ERR_LIB_PKCS7, PKCS7_R_SIGNING_CTRL_FAILURE}, ++ #else ++ {"SIGNING_CTRL_FAILURE", 33, 147}, ++ #endif ++ #ifdef PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE ++ {"SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", ERR_LIB_PKCS7, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE}, ++ #else ++ {"SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE", 33, 148}, ++ #endif ++ #ifdef PKCS7_R_SMIME_TEXT_ERROR ++ {"SMIME_TEXT_ERROR", ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR}, ++ #else ++ {"SMIME_TEXT_ERROR", 33, 129}, ++ #endif ++ #ifdef PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ++ {"UNABLE_TO_FIND_CERTIFICATE", ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE}, ++ #else ++ {"UNABLE_TO_FIND_CERTIFICATE", 33, 106}, ++ #endif ++ #ifdef PKCS7_R_UNABLE_TO_FIND_MEM_BIO ++ {"UNABLE_TO_FIND_MEM_BIO", ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MEM_BIO}, ++ #else ++ {"UNABLE_TO_FIND_MEM_BIO", 33, 107}, ++ #endif ++ #ifdef PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ++ {"UNABLE_TO_FIND_MESSAGE_DIGEST", ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST}, ++ #else ++ {"UNABLE_TO_FIND_MESSAGE_DIGEST", 33, 108}, ++ #endif ++ #ifdef PKCS7_R_UNKNOWN_DIGEST_TYPE ++ {"UNKNOWN_DIGEST_TYPE", ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE}, ++ #else ++ {"UNKNOWN_DIGEST_TYPE", 33, 109}, ++ #endif ++ #ifdef PKCS7_R_UNKNOWN_OPERATION ++ {"UNKNOWN_OPERATION", ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_OPERATION}, ++ #else ++ {"UNKNOWN_OPERATION", 33, 110}, ++ #endif ++ #ifdef PKCS7_R_UNSUPPORTED_CIPHER_TYPE ++ {"UNSUPPORTED_CIPHER_TYPE", ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE}, ++ #else ++ {"UNSUPPORTED_CIPHER_TYPE", 33, 111}, ++ #endif ++ #ifdef PKCS7_R_UNSUPPORTED_CONTENT_TYPE ++ {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE}, ++ #else ++ {"UNSUPPORTED_CONTENT_TYPE", 33, 112}, ++ #endif ++ #ifdef PKCS7_R_WRONG_CONTENT_TYPE ++ {"WRONG_CONTENT_TYPE", ERR_LIB_PKCS7, PKCS7_R_WRONG_CONTENT_TYPE}, ++ #else ++ {"WRONG_CONTENT_TYPE", 33, 113}, ++ #endif ++ #ifdef PKCS7_R_WRONG_PKCS7_TYPE ++ {"WRONG_PKCS7_TYPE", ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE}, ++ #else ++ {"WRONG_PKCS7_TYPE", 33, 114}, ++ #endif ++ #ifdef PROP_R_NAME_TOO_LONG ++ {"NAME_TOO_LONG", ERR_LIB_PROP, PROP_R_NAME_TOO_LONG}, ++ #else ++ {"NAME_TOO_LONG", 55, 100}, ++ #endif ++ #ifdef PROP_R_NOT_AN_ASCII_CHARACTER ++ {"NOT_AN_ASCII_CHARACTER", ERR_LIB_PROP, PROP_R_NOT_AN_ASCII_CHARACTER}, ++ #else ++ {"NOT_AN_ASCII_CHARACTER", 55, 101}, ++ #endif ++ #ifdef PROP_R_NOT_AN_HEXADECIMAL_DIGIT ++ {"NOT_AN_HEXADECIMAL_DIGIT", ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT}, ++ #else ++ {"NOT_AN_HEXADECIMAL_DIGIT", 55, 102}, ++ #endif ++ #ifdef PROP_R_NOT_AN_IDENTIFIER ++ {"NOT_AN_IDENTIFIER", ERR_LIB_PROP, PROP_R_NOT_AN_IDENTIFIER}, ++ #else ++ {"NOT_AN_IDENTIFIER", 55, 103}, ++ #endif ++ #ifdef PROP_R_NOT_AN_OCTAL_DIGIT ++ {"NOT_AN_OCTAL_DIGIT", ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT}, ++ #else ++ {"NOT_AN_OCTAL_DIGIT", 55, 104}, ++ #endif ++ #ifdef PROP_R_NOT_A_DECIMAL_DIGIT ++ {"NOT_A_DECIMAL_DIGIT", ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT}, ++ #else ++ {"NOT_A_DECIMAL_DIGIT", 55, 105}, ++ #endif ++ #ifdef PROP_R_NO_MATCHING_STRING_DELIMITER ++ {"NO_MATCHING_STRING_DELIMITER", ERR_LIB_PROP, PROP_R_NO_MATCHING_STRING_DELIMITER}, ++ #else ++ {"NO_MATCHING_STRING_DELIMITER", 55, 106}, ++ #endif ++ #ifdef PROP_R_NO_VALUE ++ {"NO_VALUE", ERR_LIB_PROP, PROP_R_NO_VALUE}, ++ #else ++ {"NO_VALUE", 55, 107}, ++ #endif ++ #ifdef PROP_R_PARSE_FAILED ++ {"PARSE_FAILED", ERR_LIB_PROP, PROP_R_PARSE_FAILED}, ++ #else ++ {"PARSE_FAILED", 55, 108}, ++ #endif ++ #ifdef PROP_R_STRING_TOO_LONG ++ {"STRING_TOO_LONG", ERR_LIB_PROP, PROP_R_STRING_TOO_LONG}, ++ #else ++ {"STRING_TOO_LONG", 55, 109}, ++ #endif ++ #ifdef PROP_R_TRAILING_CHARACTERS ++ {"TRAILING_CHARACTERS", ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS}, ++ #else ++ {"TRAILING_CHARACTERS", 55, 110}, ++ #endif ++ #ifdef PROV_R_ADDITIONAL_INPUT_TOO_LONG ++ {"ADDITIONAL_INPUT_TOO_LONG", ERR_LIB_PROV, PROV_R_ADDITIONAL_INPUT_TOO_LONG}, ++ #else ++ {"ADDITIONAL_INPUT_TOO_LONG", 57, 184}, ++ #endif ++ #ifdef PROV_R_ALGORITHM_MISMATCH ++ {"ALGORITHM_MISMATCH", ERR_LIB_PROV, PROV_R_ALGORITHM_MISMATCH}, ++ #else ++ {"ALGORITHM_MISMATCH", 57, 173}, ++ #endif ++ #ifdef PROV_R_ALREADY_INSTANTIATED ++ {"ALREADY_INSTANTIATED", ERR_LIB_PROV, PROV_R_ALREADY_INSTANTIATED}, ++ #else ++ {"ALREADY_INSTANTIATED", 57, 185}, ++ #endif ++ #ifdef PROV_R_BAD_DECRYPT ++ {"BAD_DECRYPT", ERR_LIB_PROV, PROV_R_BAD_DECRYPT}, ++ #else ++ {"BAD_DECRYPT", 57, 100}, ++ #endif ++ #ifdef PROV_R_BAD_ENCODING ++ {"BAD_ENCODING", ERR_LIB_PROV, PROV_R_BAD_ENCODING}, ++ #else ++ {"BAD_ENCODING", 57, 141}, ++ #endif ++ #ifdef PROV_R_BAD_LENGTH ++ {"BAD_LENGTH", ERR_LIB_PROV, PROV_R_BAD_LENGTH}, ++ #else ++ {"BAD_LENGTH", 57, 142}, ++ #endif ++ #ifdef PROV_R_BAD_TLS_CLIENT_VERSION ++ {"BAD_TLS_CLIENT_VERSION", ERR_LIB_PROV, PROV_R_BAD_TLS_CLIENT_VERSION}, ++ #else ++ {"BAD_TLS_CLIENT_VERSION", 57, 161}, ++ #endif ++ #ifdef PROV_R_BN_ERROR ++ {"BN_ERROR", ERR_LIB_PROV, PROV_R_BN_ERROR}, ++ #else ++ {"BN_ERROR", 57, 160}, ++ #endif ++ #ifdef PROV_R_CIPHER_OPERATION_FAILED ++ {"CIPHER_OPERATION_FAILED", ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED}, ++ #else ++ {"CIPHER_OPERATION_FAILED", 57, 102}, ++ #endif ++ #ifdef PROV_R_DERIVATION_FUNCTION_INIT_FAILED ++ {"DERIVATION_FUNCTION_INIT_FAILED", ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED}, ++ #else ++ {"DERIVATION_FUNCTION_INIT_FAILED", 57, 205}, ++ #endif ++ #ifdef PROV_R_DIGEST_NOT_ALLOWED ++ {"DIGEST_NOT_ALLOWED", ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED}, ++ #else ++ {"DIGEST_NOT_ALLOWED", 57, 174}, ++ #endif ++ #ifdef PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK ++ {"ENTROPY_SOURCE_STRENGTH_TOO_WEAK", ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK}, ++ #else ++ {"ENTROPY_SOURCE_STRENGTH_TOO_WEAK", 57, 186}, ++ #endif ++ #ifdef PROV_R_ERROR_INSTANTIATING_DRBG ++ {"ERROR_INSTANTIATING_DRBG", ERR_LIB_PROV, PROV_R_ERROR_INSTANTIATING_DRBG}, ++ #else ++ {"ERROR_INSTANTIATING_DRBG", 57, 188}, ++ #endif ++ #ifdef PROV_R_ERROR_RETRIEVING_ENTROPY ++ {"ERROR_RETRIEVING_ENTROPY", ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_ENTROPY}, ++ #else ++ {"ERROR_RETRIEVING_ENTROPY", 57, 189}, ++ #endif ++ #ifdef PROV_R_ERROR_RETRIEVING_NONCE ++ {"ERROR_RETRIEVING_NONCE", ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE}, ++ #else ++ {"ERROR_RETRIEVING_NONCE", 57, 190}, ++ #endif ++ #ifdef PROV_R_FAILED_DURING_DERIVATION ++ {"FAILED_DURING_DERIVATION", ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION}, ++ #else ++ {"FAILED_DURING_DERIVATION", 57, 164}, ++ #endif ++ #ifdef PROV_R_FAILED_TO_CREATE_LOCK ++ {"FAILED_TO_CREATE_LOCK", ERR_LIB_PROV, PROV_R_FAILED_TO_CREATE_LOCK}, ++ #else ++ {"FAILED_TO_CREATE_LOCK", 57, 180}, ++ #endif ++ #ifdef PROV_R_FAILED_TO_DECRYPT ++ {"FAILED_TO_DECRYPT", ERR_LIB_PROV, PROV_R_FAILED_TO_DECRYPT}, ++ #else ++ {"FAILED_TO_DECRYPT", 57, 162}, ++ #endif ++ #ifdef PROV_R_FAILED_TO_GENERATE_KEY ++ {"FAILED_TO_GENERATE_KEY", ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY}, ++ #else ++ {"FAILED_TO_GENERATE_KEY", 57, 121}, ++ #endif ++ #ifdef PROV_R_FAILED_TO_GET_PARAMETER ++ {"FAILED_TO_GET_PARAMETER", ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER}, ++ #else ++ {"FAILED_TO_GET_PARAMETER", 57, 103}, ++ #endif ++ #ifdef PROV_R_FAILED_TO_SET_PARAMETER ++ {"FAILED_TO_SET_PARAMETER", ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER}, ++ #else ++ {"FAILED_TO_SET_PARAMETER", 57, 104}, ++ #endif ++ #ifdef PROV_R_FAILED_TO_SIGN ++ {"FAILED_TO_SIGN", ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN}, ++ #else ++ {"FAILED_TO_SIGN", 57, 175}, ++ #endif ++ #ifdef PROV_R_FIPS_MODULE_CONDITIONAL_ERROR ++ {"FIPS_MODULE_CONDITIONAL_ERROR", ERR_LIB_PROV, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR}, ++ #else ++ {"FIPS_MODULE_CONDITIONAL_ERROR", 57, 227}, ++ #endif ++ #ifdef PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE ++ {"FIPS_MODULE_ENTERING_ERROR_STATE", ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE}, ++ #else ++ {"FIPS_MODULE_ENTERING_ERROR_STATE", 57, 224}, ++ #endif ++ #ifdef PROV_R_FIPS_MODULE_IN_ERROR_STATE ++ {"FIPS_MODULE_IN_ERROR_STATE", ERR_LIB_PROV, PROV_R_FIPS_MODULE_IN_ERROR_STATE}, ++ #else ++ {"FIPS_MODULE_IN_ERROR_STATE", 57, 225}, ++ #endif ++ #ifdef PROV_R_GENERATE_ERROR ++ {"GENERATE_ERROR", ERR_LIB_PROV, PROV_R_GENERATE_ERROR}, ++ #else ++ {"GENERATE_ERROR", 57, 191}, ++ #endif ++ #ifdef PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE ++ {"ILLEGAL_OR_UNSUPPORTED_PADDING_MODE", ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE}, ++ #else ++ {"ILLEGAL_OR_UNSUPPORTED_PADDING_MODE", 57, 165}, ++ #endif ++ #ifdef PROV_R_INDICATOR_INTEGRITY_FAILURE ++ {"INDICATOR_INTEGRITY_FAILURE", ERR_LIB_PROV, PROV_R_INDICATOR_INTEGRITY_FAILURE}, ++ #else ++ {"INDICATOR_INTEGRITY_FAILURE", 57, 210}, ++ #endif ++ #ifdef PROV_R_INSUFFICIENT_DRBG_STRENGTH ++ {"INSUFFICIENT_DRBG_STRENGTH", ERR_LIB_PROV, PROV_R_INSUFFICIENT_DRBG_STRENGTH}, ++ #else ++ {"INSUFFICIENT_DRBG_STRENGTH", 57, 181}, ++ #endif ++ #ifdef PROV_R_INVALID_AAD ++ {"INVALID_AAD", ERR_LIB_PROV, PROV_R_INVALID_AAD}, ++ #else ++ {"INVALID_AAD", 57, 108}, ++ #endif ++ #ifdef PROV_R_INVALID_CONFIG_DATA ++ {"INVALID_CONFIG_DATA", ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA}, ++ #else ++ {"INVALID_CONFIG_DATA", 57, 211}, ++ #endif ++ #ifdef PROV_R_INVALID_CONSTANT_LENGTH ++ {"INVALID_CONSTANT_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_CONSTANT_LENGTH}, ++ #else ++ {"INVALID_CONSTANT_LENGTH", 57, 157}, ++ #endif ++ #ifdef PROV_R_INVALID_CURVE ++ {"INVALID_CURVE", ERR_LIB_PROV, PROV_R_INVALID_CURVE}, ++ #else ++ {"INVALID_CURVE", 57, 176}, ++ #endif ++ #ifdef PROV_R_INVALID_CUSTOM_LENGTH ++ {"INVALID_CUSTOM_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH}, ++ #else ++ {"INVALID_CUSTOM_LENGTH", 57, 111}, ++ #endif ++ #ifdef PROV_R_INVALID_DATA ++ {"INVALID_DATA", ERR_LIB_PROV, PROV_R_INVALID_DATA}, ++ #else ++ {"INVALID_DATA", 57, 115}, ++ #endif ++ #ifdef PROV_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_PROV, PROV_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 57, 122}, ++ #endif ++ #ifdef PROV_R_INVALID_DIGEST_LENGTH ++ {"INVALID_DIGEST_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH}, ++ #else ++ {"INVALID_DIGEST_LENGTH", 57, 166}, ++ #endif ++ #ifdef PROV_R_INVALID_DIGEST_SIZE ++ {"INVALID_DIGEST_SIZE", ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE}, ++ #else ++ {"INVALID_DIGEST_SIZE", 57, 218}, ++ #endif ++ #ifdef PROV_R_INVALID_ITERATION_COUNT ++ {"INVALID_ITERATION_COUNT", ERR_LIB_PROV, PROV_R_INVALID_ITERATION_COUNT}, ++ #else ++ {"INVALID_ITERATION_COUNT", 57, 123}, ++ #endif ++ #ifdef PROV_R_INVALID_IV_LENGTH ++ {"INVALID_IV_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH}, ++ #else ++ {"INVALID_IV_LENGTH", 57, 109}, ++ #endif ++ #ifdef PROV_R_INVALID_KEY ++ {"INVALID_KEY", ERR_LIB_PROV, PROV_R_INVALID_KEY}, ++ #else ++ {"INVALID_KEY", 57, 158}, ++ #endif ++ #ifdef PROV_R_INVALID_KEY_LENGTH ++ {"INVALID_KEY_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH}, ++ #else ++ {"INVALID_KEY_LENGTH", 57, 105}, ++ #endif ++ #ifdef PROV_R_INVALID_MAC ++ {"INVALID_MAC", ERR_LIB_PROV, PROV_R_INVALID_MAC}, ++ #else ++ {"INVALID_MAC", 57, 151}, ++ #endif ++ #ifdef PROV_R_INVALID_MGF1_MD ++ {"INVALID_MGF1_MD", ERR_LIB_PROV, PROV_R_INVALID_MGF1_MD}, ++ #else ++ {"INVALID_MGF1_MD", 57, 167}, ++ #endif ++ #ifdef PROV_R_INVALID_MODE ++ {"INVALID_MODE", ERR_LIB_PROV, PROV_R_INVALID_MODE}, ++ #else ++ {"INVALID_MODE", 57, 125}, ++ #endif ++ #ifdef PROV_R_INVALID_PADDING_MODE ++ {"INVALID_PADDING_MODE", ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE}, ++ #else ++ {"INVALID_PADDING_MODE", 57, 168}, ++ #endif ++ #ifdef PROV_R_INVALID_PUBINFO ++ {"INVALID_PUBINFO", ERR_LIB_PROV, PROV_R_INVALID_PUBINFO}, ++ #else ++ {"INVALID_PUBINFO", 57, 198}, ++ #endif ++ #ifdef PROV_R_INVALID_SALT_LENGTH ++ {"INVALID_SALT_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH}, ++ #else ++ {"INVALID_SALT_LENGTH", 57, 112}, ++ #endif ++ #ifdef PROV_R_INVALID_SEED_LENGTH ++ {"INVALID_SEED_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH}, ++ #else ++ {"INVALID_SEED_LENGTH", 57, 154}, ++ #endif ++ #ifdef PROV_R_INVALID_SIGNATURE_SIZE ++ {"INVALID_SIGNATURE_SIZE", ERR_LIB_PROV, PROV_R_INVALID_SIGNATURE_SIZE}, ++ #else ++ {"INVALID_SIGNATURE_SIZE", 57, 179}, ++ #endif ++ #ifdef PROV_R_INVALID_STATE ++ {"INVALID_STATE", ERR_LIB_PROV, PROV_R_INVALID_STATE}, ++ #else ++ {"INVALID_STATE", 57, 212}, ++ #endif ++ #ifdef PROV_R_INVALID_TAG ++ {"INVALID_TAG", ERR_LIB_PROV, PROV_R_INVALID_TAG}, ++ #else ++ {"INVALID_TAG", 57, 110}, ++ #endif ++ #ifdef PROV_R_INVALID_TAG_LENGTH ++ {"INVALID_TAG_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH}, ++ #else ++ {"INVALID_TAG_LENGTH", 57, 118}, ++ #endif ++ #ifdef PROV_R_INVALID_UKM_LENGTH ++ {"INVALID_UKM_LENGTH", ERR_LIB_PROV, PROV_R_INVALID_UKM_LENGTH}, ++ #else ++ {"INVALID_UKM_LENGTH", 57, 200}, ++ #endif ++ #ifdef PROV_R_INVALID_X931_DIGEST ++ {"INVALID_X931_DIGEST", ERR_LIB_PROV, PROV_R_INVALID_X931_DIGEST}, ++ #else ++ {"INVALID_X931_DIGEST", 57, 170}, ++ #endif ++ #ifdef PROV_R_IN_ERROR_STATE ++ {"IN_ERROR_STATE", ERR_LIB_PROV, PROV_R_IN_ERROR_STATE}, ++ #else ++ {"IN_ERROR_STATE", 57, 192}, ++ #endif ++ #ifdef PROV_R_KEY_SETUP_FAILED ++ {"KEY_SETUP_FAILED", ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED}, ++ #else ++ {"KEY_SETUP_FAILED", 57, 101}, ++ #endif ++ #ifdef PROV_R_KEY_SIZE_TOO_SMALL ++ {"KEY_SIZE_TOO_SMALL", ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL}, ++ #else ++ {"KEY_SIZE_TOO_SMALL", 57, 171}, ++ #endif ++ #ifdef PROV_R_MISSING_CEK_ALG ++ {"MISSING_CEK_ALG", ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG}, ++ #else ++ {"MISSING_CEK_ALG", 57, 144}, ++ #endif ++ #ifdef PROV_R_MISSING_CIPHER ++ {"MISSING_CIPHER", ERR_LIB_PROV, PROV_R_MISSING_CIPHER}, ++ #else ++ {"MISSING_CIPHER", 57, 155}, ++ #endif ++ #ifdef PROV_R_MISSING_CONFIG_DATA ++ {"MISSING_CONFIG_DATA", ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA}, ++ #else ++ {"MISSING_CONFIG_DATA", 57, 213}, ++ #endif ++ #ifdef PROV_R_MISSING_CONSTANT ++ {"MISSING_CONSTANT", ERR_LIB_PROV, PROV_R_MISSING_CONSTANT}, ++ #else ++ {"MISSING_CONSTANT", 57, 156}, ++ #endif ++ #ifdef PROV_R_MISSING_KEY ++ {"MISSING_KEY", ERR_LIB_PROV, PROV_R_MISSING_KEY}, ++ #else ++ {"MISSING_KEY", 57, 128}, ++ #endif ++ #ifdef PROV_R_MISSING_MAC ++ {"MISSING_MAC", ERR_LIB_PROV, PROV_R_MISSING_MAC}, ++ #else ++ {"MISSING_MAC", 57, 150}, ++ #endif ++ #ifdef PROV_R_MISSING_MESSAGE_DIGEST ++ {"MISSING_MESSAGE_DIGEST", ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST}, ++ #else ++ {"MISSING_MESSAGE_DIGEST", 57, 129}, ++ #endif ++ #ifdef PROV_R_MISSING_OID ++ {"MISSING_OID", ERR_LIB_PROV, PROV_R_MISSING_OID}, ++ #else ++ {"MISSING_OID", 57, 209}, ++ #endif ++ #ifdef PROV_R_MISSING_PASS ++ {"MISSING_PASS", ERR_LIB_PROV, PROV_R_MISSING_PASS}, ++ #else ++ {"MISSING_PASS", 57, 130}, ++ #endif ++ #ifdef PROV_R_MISSING_SALT ++ {"MISSING_SALT", ERR_LIB_PROV, PROV_R_MISSING_SALT}, ++ #else ++ {"MISSING_SALT", 57, 131}, ++ #endif ++ #ifdef PROV_R_MISSING_SECRET ++ {"MISSING_SECRET", ERR_LIB_PROV, PROV_R_MISSING_SECRET}, ++ #else ++ {"MISSING_SECRET", 57, 132}, ++ #endif ++ #ifdef PROV_R_MISSING_SEED ++ {"MISSING_SEED", ERR_LIB_PROV, PROV_R_MISSING_SEED}, ++ #else ++ {"MISSING_SEED", 57, 140}, ++ #endif ++ #ifdef PROV_R_MISSING_SESSION_ID ++ {"MISSING_SESSION_ID", ERR_LIB_PROV, PROV_R_MISSING_SESSION_ID}, ++ #else ++ {"MISSING_SESSION_ID", 57, 133}, ++ #endif ++ #ifdef PROV_R_MISSING_TYPE ++ {"MISSING_TYPE", ERR_LIB_PROV, PROV_R_MISSING_TYPE}, ++ #else ++ {"MISSING_TYPE", 57, 134}, ++ #endif ++ #ifdef PROV_R_MISSING_XCGHASH ++ {"MISSING_XCGHASH", ERR_LIB_PROV, PROV_R_MISSING_XCGHASH}, ++ #else ++ {"MISSING_XCGHASH", 57, 135}, ++ #endif ++ #ifdef PROV_R_MODULE_INTEGRITY_FAILURE ++ {"MODULE_INTEGRITY_FAILURE", ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE}, ++ #else ++ {"MODULE_INTEGRITY_FAILURE", 57, 214}, ++ #endif ++ #ifdef PROV_R_NOT_A_PRIVATE_KEY ++ {"NOT_A_PRIVATE_KEY", ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY}, ++ #else ++ {"NOT_A_PRIVATE_KEY", 57, 221}, ++ #endif ++ #ifdef PROV_R_NOT_A_PUBLIC_KEY ++ {"NOT_A_PUBLIC_KEY", ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY}, ++ #else ++ {"NOT_A_PUBLIC_KEY", 57, 220}, ++ #endif ++ #ifdef PROV_R_NOT_INSTANTIATED ++ {"NOT_INSTANTIATED", ERR_LIB_PROV, PROV_R_NOT_INSTANTIATED}, ++ #else ++ {"NOT_INSTANTIATED", 57, 193}, ++ #endif ++ #ifdef PROV_R_NOT_PARAMETERS ++ {"NOT_PARAMETERS", ERR_LIB_PROV, PROV_R_NOT_PARAMETERS}, ++ #else ++ {"NOT_PARAMETERS", 57, 226}, ++ #endif ++ #ifdef PROV_R_NOT_SUPPORTED ++ {"NOT_SUPPORTED", ERR_LIB_PROV, PROV_R_NOT_SUPPORTED}, ++ #else ++ {"NOT_SUPPORTED", 57, 136}, ++ #endif ++ #ifdef PROV_R_NOT_XOF_OR_INVALID_LENGTH ++ {"NOT_XOF_OR_INVALID_LENGTH", ERR_LIB_PROV, PROV_R_NOT_XOF_OR_INVALID_LENGTH}, ++ #else ++ {"NOT_XOF_OR_INVALID_LENGTH", 57, 113}, ++ #endif ++ #ifdef PROV_R_NO_KEY_SET ++ {"NO_KEY_SET", ERR_LIB_PROV, PROV_R_NO_KEY_SET}, ++ #else ++ {"NO_KEY_SET", 57, 114}, ++ #endif ++ #ifdef PROV_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 57, 177}, ++ #endif ++ #ifdef PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", 57, 178}, ++ #endif ++ #ifdef PROV_R_OUTPUT_BUFFER_TOO_SMALL ++ {"OUTPUT_BUFFER_TOO_SMALL", ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL}, ++ #else ++ {"OUTPUT_BUFFER_TOO_SMALL", 57, 106}, ++ #endif ++ #ifdef PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS ++ {"PARENT_CANNOT_GENERATE_RANDOM_NUMBERS", ERR_LIB_PROV, PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS}, ++ #else ++ {"PARENT_CANNOT_GENERATE_RANDOM_NUMBERS", 57, 228}, ++ #endif ++ #ifdef PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED ++ {"PARENT_CANNOT_SUPPLY_ENTROPY_SEED", ERR_LIB_PROV, PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED}, ++ #else ++ {"PARENT_CANNOT_SUPPLY_ENTROPY_SEED", 57, 187}, ++ #endif ++ #ifdef PROV_R_PARENT_LOCKING_NOT_ENABLED ++ {"PARENT_LOCKING_NOT_ENABLED", ERR_LIB_PROV, PROV_R_PARENT_LOCKING_NOT_ENABLED}, ++ #else ++ {"PARENT_LOCKING_NOT_ENABLED", 57, 182}, ++ #endif ++ #ifdef PROV_R_PARENT_STRENGTH_TOO_WEAK ++ {"PARENT_STRENGTH_TOO_WEAK", ERR_LIB_PROV, PROV_R_PARENT_STRENGTH_TOO_WEAK}, ++ #else ++ {"PARENT_STRENGTH_TOO_WEAK", 57, 194}, ++ #endif ++ #ifdef PROV_R_PATH_MUST_BE_ABSOLUTE ++ {"PATH_MUST_BE_ABSOLUTE", ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE}, ++ #else ++ {"PATH_MUST_BE_ABSOLUTE", 57, 219}, ++ #endif ++ #ifdef PROV_R_PERSONALISATION_STRING_TOO_LONG ++ {"PERSONALISATION_STRING_TOO_LONG", ERR_LIB_PROV, PROV_R_PERSONALISATION_STRING_TOO_LONG}, ++ #else ++ {"PERSONALISATION_STRING_TOO_LONG", 57, 195}, ++ #endif ++ #ifdef PROV_R_PSS_SALTLEN_TOO_SMALL ++ {"PSS_SALTLEN_TOO_SMALL", ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL}, ++ #else ++ {"PSS_SALTLEN_TOO_SMALL", 57, 172}, ++ #endif ++ #ifdef PROV_R_REQUEST_TOO_LARGE_FOR_DRBG ++ {"REQUEST_TOO_LARGE_FOR_DRBG", ERR_LIB_PROV, PROV_R_REQUEST_TOO_LARGE_FOR_DRBG}, ++ #else ++ {"REQUEST_TOO_LARGE_FOR_DRBG", 57, 196}, ++ #endif ++ #ifdef PROV_R_REQUIRE_CTR_MODE_CIPHER ++ {"REQUIRE_CTR_MODE_CIPHER", ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER}, ++ #else ++ {"REQUIRE_CTR_MODE_CIPHER", 57, 206}, ++ #endif ++ #ifdef PROV_R_RESEED_ERROR ++ {"RESEED_ERROR", ERR_LIB_PROV, PROV_R_RESEED_ERROR}, ++ #else ++ {"RESEED_ERROR", 57, 197}, ++ #endif ++ #ifdef PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES ++ {"SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES", ERR_LIB_PROV, PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES}, ++ #else ++ {"SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES", 57, 222}, ++ #endif ++ #ifdef PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT ++ {"SEED_SOURCES_MUST_NOT_HAVE_A_PARENT", ERR_LIB_PROV, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT}, ++ #else ++ {"SEED_SOURCES_MUST_NOT_HAVE_A_PARENT", 57, 229}, ++ #endif ++ #ifdef PROV_R_SELF_TEST_KAT_FAILURE ++ {"SELF_TEST_KAT_FAILURE", ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE}, ++ #else ++ {"SELF_TEST_KAT_FAILURE", 57, 215}, ++ #endif ++ #ifdef PROV_R_SELF_TEST_POST_FAILURE ++ {"SELF_TEST_POST_FAILURE", ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE}, ++ #else ++ {"SELF_TEST_POST_FAILURE", 57, 216}, ++ #endif ++ #ifdef PROV_R_TAG_NOT_NEEDED ++ {"TAG_NOT_NEEDED", ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED}, ++ #else ++ {"TAG_NOT_NEEDED", 57, 120}, ++ #endif ++ #ifdef PROV_R_TAG_NOT_SET ++ {"TAG_NOT_SET", ERR_LIB_PROV, PROV_R_TAG_NOT_SET}, ++ #else ++ {"TAG_NOT_SET", 57, 119}, ++ #endif ++ #ifdef PROV_R_TOO_MANY_RECORDS ++ {"TOO_MANY_RECORDS", ERR_LIB_PROV, PROV_R_TOO_MANY_RECORDS}, ++ #else ++ {"TOO_MANY_RECORDS", 57, 126}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_FIND_CIPHERS ++ {"UNABLE_TO_FIND_CIPHERS", ERR_LIB_PROV, PROV_R_UNABLE_TO_FIND_CIPHERS}, ++ #else ++ {"UNABLE_TO_FIND_CIPHERS", 57, 207}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_GET_PARENT_STRENGTH ++ {"UNABLE_TO_GET_PARENT_STRENGTH", ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH}, ++ #else ++ {"UNABLE_TO_GET_PARENT_STRENGTH", 57, 199}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_GET_PASSPHRASE ++ {"UNABLE_TO_GET_PASSPHRASE", ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE}, ++ #else ++ {"UNABLE_TO_GET_PASSPHRASE", 57, 159}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_INITIALISE_CIPHERS ++ {"UNABLE_TO_INITIALISE_CIPHERS", ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS}, ++ #else ++ {"UNABLE_TO_INITIALISE_CIPHERS", 57, 208}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_LOAD_SHA256 ++ {"UNABLE_TO_LOAD_SHA256", ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA256}, ++ #else ++ {"UNABLE_TO_LOAD_SHA256", 57, 147}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_LOCK_PARENT ++ {"UNABLE_TO_LOCK_PARENT", ERR_LIB_PROV, PROV_R_UNABLE_TO_LOCK_PARENT}, ++ #else ++ {"UNABLE_TO_LOCK_PARENT", 57, 201}, ++ #endif ++ #ifdef PROV_R_UNABLE_TO_RESEED ++ {"UNABLE_TO_RESEED", ERR_LIB_PROV, PROV_R_UNABLE_TO_RESEED}, ++ #else ++ {"UNABLE_TO_RESEED", 57, 204}, ++ #endif ++ #ifdef PROV_R_UNSUPPORTED_CEK_ALG ++ {"UNSUPPORTED_CEK_ALG", ERR_LIB_PROV, PROV_R_UNSUPPORTED_CEK_ALG}, ++ #else ++ {"UNSUPPORTED_CEK_ALG", 57, 145}, ++ #endif ++ #ifdef PROV_R_UNSUPPORTED_KEY_SIZE ++ {"UNSUPPORTED_KEY_SIZE", ERR_LIB_PROV, PROV_R_UNSUPPORTED_KEY_SIZE}, ++ #else ++ {"UNSUPPORTED_KEY_SIZE", 57, 153}, ++ #endif ++ #ifdef PROV_R_UNSUPPORTED_MAC_TYPE ++ {"UNSUPPORTED_MAC_TYPE", ERR_LIB_PROV, PROV_R_UNSUPPORTED_MAC_TYPE}, ++ #else ++ {"UNSUPPORTED_MAC_TYPE", 57, 137}, ++ #endif ++ #ifdef PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS ++ {"UNSUPPORTED_NUMBER_OF_ROUNDS", ERR_LIB_PROV, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS}, ++ #else ++ {"UNSUPPORTED_NUMBER_OF_ROUNDS", 57, 152}, ++ #endif ++ #ifdef PROV_R_URI_AUTHORITY_UNSUPPORTED ++ {"URI_AUTHORITY_UNSUPPORTED", ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED}, ++ #else ++ {"URI_AUTHORITY_UNSUPPORTED", 57, 223}, ++ #endif ++ #ifdef PROV_R_VALUE_ERROR ++ {"VALUE_ERROR", ERR_LIB_PROV, PROV_R_VALUE_ERROR}, ++ #else ++ {"VALUE_ERROR", 57, 138}, ++ #endif ++ #ifdef PROV_R_WRONG_FINAL_BLOCK_LENGTH ++ {"WRONG_FINAL_BLOCK_LENGTH", ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH}, ++ #else ++ {"WRONG_FINAL_BLOCK_LENGTH", 57, 107}, ++ #endif ++ #ifdef PROV_R_WRONG_OUTPUT_BUFFER_SIZE ++ {"WRONG_OUTPUT_BUFFER_SIZE", ERR_LIB_PROV, PROV_R_WRONG_OUTPUT_BUFFER_SIZE}, ++ #else ++ {"WRONG_OUTPUT_BUFFER_SIZE", 57, 139}, ++ #endif ++ #ifdef PROV_R_XOF_DIGESTS_NOT_ALLOWED ++ {"XOF_DIGESTS_NOT_ALLOWED", ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED}, ++ #else ++ {"XOF_DIGESTS_NOT_ALLOWED", 57, 183}, ++ #endif ++ #ifdef PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE ++ {"XTS_DATA_UNIT_IS_TOO_LARGE", ERR_LIB_PROV, PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE}, ++ #else ++ {"XTS_DATA_UNIT_IS_TOO_LARGE", 57, 148}, ++ #endif ++ #ifdef PROV_R_XTS_DUPLICATED_KEYS ++ {"XTS_DUPLICATED_KEYS", ERR_LIB_PROV, PROV_R_XTS_DUPLICATED_KEYS}, ++ #else ++ {"XTS_DUPLICATED_KEYS", 57, 149}, ++ #endif ++ #ifdef RAND_R_ADDITIONAL_INPUT_TOO_LONG ++ {"ADDITIONAL_INPUT_TOO_LONG", ERR_LIB_RAND, RAND_R_ADDITIONAL_INPUT_TOO_LONG}, ++ #else ++ {"ADDITIONAL_INPUT_TOO_LONG", 36, 102}, ++ #endif ++ #ifdef RAND_R_ALREADY_INSTANTIATED ++ {"ALREADY_INSTANTIATED", ERR_LIB_RAND, RAND_R_ALREADY_INSTANTIATED}, ++ #else ++ {"ALREADY_INSTANTIATED", 36, 103}, ++ #endif ++ #ifdef RAND_R_ARGUMENT_OUT_OF_RANGE ++ {"ARGUMENT_OUT_OF_RANGE", ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE}, ++ #else ++ {"ARGUMENT_OUT_OF_RANGE", 36, 105}, ++ #endif ++ #ifdef RAND_R_CANNOT_OPEN_FILE ++ {"CANNOT_OPEN_FILE", ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE}, ++ #else ++ {"CANNOT_OPEN_FILE", 36, 121}, ++ #endif ++ #ifdef RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS ++ {"DERIVATION_FUNCTION_MANDATORY_FOR_FIPS", ERR_LIB_RAND, RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS}, ++ #else ++ {"DERIVATION_FUNCTION_MANDATORY_FOR_FIPS", 36, 137}, ++ #endif ++ #ifdef RAND_R_DRBG_ALREADY_INITIALIZED ++ {"DRBG_ALREADY_INITIALIZED", ERR_LIB_RAND, RAND_R_DRBG_ALREADY_INITIALIZED}, ++ #else ++ {"DRBG_ALREADY_INITIALIZED", 36, 129}, ++ #endif ++ #ifdef RAND_R_DRBG_NOT_INITIALISED ++ {"DRBG_NOT_INITIALISED", ERR_LIB_RAND, RAND_R_DRBG_NOT_INITIALISED}, ++ #else ++ {"DRBG_NOT_INITIALISED", 36, 104}, ++ #endif ++ #ifdef RAND_R_ENTROPY_INPUT_TOO_LONG ++ {"ENTROPY_INPUT_TOO_LONG", ERR_LIB_RAND, RAND_R_ENTROPY_INPUT_TOO_LONG}, ++ #else ++ {"ENTROPY_INPUT_TOO_LONG", 36, 106}, ++ #endif ++ #ifdef RAND_R_ENTROPY_OUT_OF_RANGE ++ {"ENTROPY_OUT_OF_RANGE", ERR_LIB_RAND, RAND_R_ENTROPY_OUT_OF_RANGE}, ++ #else ++ {"ENTROPY_OUT_OF_RANGE", 36, 124}, ++ #endif ++ #ifdef RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED ++ {"ERROR_ENTROPY_POOL_WAS_IGNORED", ERR_LIB_RAND, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED}, ++ #else ++ {"ERROR_ENTROPY_POOL_WAS_IGNORED", 36, 127}, ++ #endif ++ #ifdef RAND_R_ERROR_INITIALISING_DRBG ++ {"ERROR_INITIALISING_DRBG", ERR_LIB_RAND, RAND_R_ERROR_INITIALISING_DRBG}, ++ #else ++ {"ERROR_INITIALISING_DRBG", 36, 107}, ++ #endif ++ #ifdef RAND_R_ERROR_INSTANTIATING_DRBG ++ {"ERROR_INSTANTIATING_DRBG", ERR_LIB_RAND, RAND_R_ERROR_INSTANTIATING_DRBG}, ++ #else ++ {"ERROR_INSTANTIATING_DRBG", 36, 108}, ++ #endif ++ #ifdef RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT ++ {"ERROR_RETRIEVING_ADDITIONAL_INPUT", ERR_LIB_RAND, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT}, ++ #else ++ {"ERROR_RETRIEVING_ADDITIONAL_INPUT", 36, 109}, ++ #endif ++ #ifdef RAND_R_ERROR_RETRIEVING_ENTROPY ++ {"ERROR_RETRIEVING_ENTROPY", ERR_LIB_RAND, RAND_R_ERROR_RETRIEVING_ENTROPY}, ++ #else ++ {"ERROR_RETRIEVING_ENTROPY", 36, 110}, ++ #endif ++ #ifdef RAND_R_ERROR_RETRIEVING_NONCE ++ {"ERROR_RETRIEVING_NONCE", ERR_LIB_RAND, RAND_R_ERROR_RETRIEVING_NONCE}, ++ #else ++ {"ERROR_RETRIEVING_NONCE", 36, 111}, ++ #endif ++ #ifdef RAND_R_FAILED_TO_CREATE_LOCK ++ {"FAILED_TO_CREATE_LOCK", ERR_LIB_RAND, RAND_R_FAILED_TO_CREATE_LOCK}, ++ #else ++ {"FAILED_TO_CREATE_LOCK", 36, 126}, ++ #endif ++ #ifdef RAND_R_FUNC_NOT_IMPLEMENTED ++ {"FUNC_NOT_IMPLEMENTED", ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED}, ++ #else ++ {"FUNC_NOT_IMPLEMENTED", 36, 101}, ++ #endif ++ #ifdef RAND_R_FWRITE_ERROR ++ {"FWRITE_ERROR", ERR_LIB_RAND, RAND_R_FWRITE_ERROR}, ++ #else ++ {"FWRITE_ERROR", 36, 123}, ++ #endif ++ #ifdef RAND_R_GENERATE_ERROR ++ {"GENERATE_ERROR", ERR_LIB_RAND, RAND_R_GENERATE_ERROR}, ++ #else ++ {"GENERATE_ERROR", 36, 112}, ++ #endif ++ #ifdef RAND_R_INSUFFICIENT_DRBG_STRENGTH ++ {"INSUFFICIENT_DRBG_STRENGTH", ERR_LIB_RAND, RAND_R_INSUFFICIENT_DRBG_STRENGTH}, ++ #else ++ {"INSUFFICIENT_DRBG_STRENGTH", 36, 139}, ++ #endif ++ #ifdef RAND_R_INTERNAL_ERROR ++ {"INTERNAL_ERROR", ERR_LIB_RAND, RAND_R_INTERNAL_ERROR}, ++ #else ++ {"INTERNAL_ERROR", 36, 113}, ++ #endif ++ #ifdef RAND_R_IN_ERROR_STATE ++ {"IN_ERROR_STATE", ERR_LIB_RAND, RAND_R_IN_ERROR_STATE}, ++ #else ++ {"IN_ERROR_STATE", 36, 114}, ++ #endif ++ #ifdef RAND_R_NOT_A_REGULAR_FILE ++ {"NOT_A_REGULAR_FILE", ERR_LIB_RAND, RAND_R_NOT_A_REGULAR_FILE}, ++ #else ++ {"NOT_A_REGULAR_FILE", 36, 122}, ++ #endif ++ #ifdef RAND_R_NOT_INSTANTIATED ++ {"NOT_INSTANTIATED", ERR_LIB_RAND, RAND_R_NOT_INSTANTIATED}, ++ #else ++ {"NOT_INSTANTIATED", 36, 115}, ++ #endif ++ #ifdef RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED ++ {"NO_DRBG_IMPLEMENTATION_SELECTED", ERR_LIB_RAND, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED}, ++ #else ++ {"NO_DRBG_IMPLEMENTATION_SELECTED", 36, 128}, ++ #endif ++ #ifdef RAND_R_PARENT_LOCKING_NOT_ENABLED ++ {"PARENT_LOCKING_NOT_ENABLED", ERR_LIB_RAND, RAND_R_PARENT_LOCKING_NOT_ENABLED}, ++ #else ++ {"PARENT_LOCKING_NOT_ENABLED", 36, 130}, ++ #endif ++ #ifdef RAND_R_PARENT_STRENGTH_TOO_WEAK ++ {"PARENT_STRENGTH_TOO_WEAK", ERR_LIB_RAND, RAND_R_PARENT_STRENGTH_TOO_WEAK}, ++ #else ++ {"PARENT_STRENGTH_TOO_WEAK", 36, 131}, ++ #endif ++ #ifdef RAND_R_PERSONALISATION_STRING_TOO_LONG ++ {"PERSONALISATION_STRING_TOO_LONG", ERR_LIB_RAND, RAND_R_PERSONALISATION_STRING_TOO_LONG}, ++ #else ++ {"PERSONALISATION_STRING_TOO_LONG", 36, 116}, ++ #endif ++ #ifdef RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED ++ {"PREDICTION_RESISTANCE_NOT_SUPPORTED", ERR_LIB_RAND, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED}, ++ #else ++ {"PREDICTION_RESISTANCE_NOT_SUPPORTED", 36, 133}, ++ #endif ++ #ifdef RAND_R_PRNG_NOT_SEEDED ++ {"PRNG_NOT_SEEDED", ERR_LIB_RAND, RAND_R_PRNG_NOT_SEEDED}, ++ #else ++ {"PRNG_NOT_SEEDED", 36, 100}, ++ #endif ++ #ifdef RAND_R_RANDOM_POOL_OVERFLOW ++ {"RANDOM_POOL_OVERFLOW", ERR_LIB_RAND, RAND_R_RANDOM_POOL_OVERFLOW}, ++ #else ++ {"RANDOM_POOL_OVERFLOW", 36, 125}, ++ #endif ++ #ifdef RAND_R_RANDOM_POOL_UNDERFLOW ++ {"RANDOM_POOL_UNDERFLOW", ERR_LIB_RAND, RAND_R_RANDOM_POOL_UNDERFLOW}, ++ #else ++ {"RANDOM_POOL_UNDERFLOW", 36, 134}, ++ #endif ++ #ifdef RAND_R_REQUEST_TOO_LARGE_FOR_DRBG ++ {"REQUEST_TOO_LARGE_FOR_DRBG", ERR_LIB_RAND, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG}, ++ #else ++ {"REQUEST_TOO_LARGE_FOR_DRBG", 36, 117}, ++ #endif ++ #ifdef RAND_R_RESEED_ERROR ++ {"RESEED_ERROR", ERR_LIB_RAND, RAND_R_RESEED_ERROR}, ++ #else ++ {"RESEED_ERROR", 36, 118}, ++ #endif ++ #ifdef RAND_R_SELFTEST_FAILURE ++ {"SELFTEST_FAILURE", ERR_LIB_RAND, RAND_R_SELFTEST_FAILURE}, ++ #else ++ {"SELFTEST_FAILURE", 36, 119}, ++ #endif ++ #ifdef RAND_R_TOO_LITTLE_NONCE_REQUESTED ++ {"TOO_LITTLE_NONCE_REQUESTED", ERR_LIB_RAND, RAND_R_TOO_LITTLE_NONCE_REQUESTED}, ++ #else ++ {"TOO_LITTLE_NONCE_REQUESTED", 36, 135}, ++ #endif ++ #ifdef RAND_R_TOO_MUCH_NONCE_REQUESTED ++ {"TOO_MUCH_NONCE_REQUESTED", ERR_LIB_RAND, RAND_R_TOO_MUCH_NONCE_REQUESTED}, ++ #else ++ {"TOO_MUCH_NONCE_REQUESTED", 36, 136}, ++ #endif ++ #ifdef RAND_R_UNABLE_TO_CREATE_DRBG ++ {"UNABLE_TO_CREATE_DRBG", ERR_LIB_RAND, RAND_R_UNABLE_TO_CREATE_DRBG}, ++ #else ++ {"UNABLE_TO_CREATE_DRBG", 36, 143}, ++ #endif ++ #ifdef RAND_R_UNABLE_TO_FETCH_DRBG ++ {"UNABLE_TO_FETCH_DRBG", ERR_LIB_RAND, RAND_R_UNABLE_TO_FETCH_DRBG}, ++ #else ++ {"UNABLE_TO_FETCH_DRBG", 36, 144}, ++ #endif ++ #ifdef RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER ++ {"UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER", ERR_LIB_RAND, RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER}, ++ #else ++ {"UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER", 36, 141}, ++ #endif ++ #ifdef RAND_R_UNABLE_TO_GET_PARENT_STRENGTH ++ {"UNABLE_TO_GET_PARENT_STRENGTH", ERR_LIB_RAND, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH}, ++ #else ++ {"UNABLE_TO_GET_PARENT_STRENGTH", 36, 138}, ++ #endif ++ #ifdef RAND_R_UNABLE_TO_LOCK_PARENT ++ {"UNABLE_TO_LOCK_PARENT", ERR_LIB_RAND, RAND_R_UNABLE_TO_LOCK_PARENT}, ++ #else ++ {"UNABLE_TO_LOCK_PARENT", 36, 140}, ++ #endif ++ #ifdef RAND_R_UNSUPPORTED_DRBG_FLAGS ++ {"UNSUPPORTED_DRBG_FLAGS", ERR_LIB_RAND, RAND_R_UNSUPPORTED_DRBG_FLAGS}, ++ #else ++ {"UNSUPPORTED_DRBG_FLAGS", 36, 132}, ++ #endif ++ #ifdef RAND_R_UNSUPPORTED_DRBG_TYPE ++ {"UNSUPPORTED_DRBG_TYPE", ERR_LIB_RAND, RAND_R_UNSUPPORTED_DRBG_TYPE}, ++ #else ++ {"UNSUPPORTED_DRBG_TYPE", 36, 120}, ++ #endif ++ #ifdef RSA_R_ALGORITHM_MISMATCH ++ {"ALGORITHM_MISMATCH", ERR_LIB_RSA, RSA_R_ALGORITHM_MISMATCH}, ++ #else ++ {"ALGORITHM_MISMATCH", 4, 100}, ++ #endif ++ #ifdef RSA_R_BAD_E_VALUE ++ {"BAD_E_VALUE", ERR_LIB_RSA, RSA_R_BAD_E_VALUE}, ++ #else ++ {"BAD_E_VALUE", 4, 101}, ++ #endif ++ #ifdef RSA_R_BAD_FIXED_HEADER_DECRYPT ++ {"BAD_FIXED_HEADER_DECRYPT", ERR_LIB_RSA, RSA_R_BAD_FIXED_HEADER_DECRYPT}, ++ #else ++ {"BAD_FIXED_HEADER_DECRYPT", 4, 102}, ++ #endif ++ #ifdef RSA_R_BAD_PAD_BYTE_COUNT ++ {"BAD_PAD_BYTE_COUNT", ERR_LIB_RSA, RSA_R_BAD_PAD_BYTE_COUNT}, ++ #else ++ {"BAD_PAD_BYTE_COUNT", 4, 103}, ++ #endif ++ #ifdef RSA_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_RSA, RSA_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 4, 104}, ++ #endif ++ #ifdef RSA_R_BLOCK_TYPE_IS_NOT_01 ++ {"BLOCK_TYPE_IS_NOT_01", ERR_LIB_RSA, RSA_R_BLOCK_TYPE_IS_NOT_01}, ++ #else ++ {"BLOCK_TYPE_IS_NOT_01", 4, 106}, ++ #endif ++ #ifdef RSA_R_BLOCK_TYPE_IS_NOT_02 ++ {"BLOCK_TYPE_IS_NOT_02", ERR_LIB_RSA, RSA_R_BLOCK_TYPE_IS_NOT_02}, ++ #else ++ {"BLOCK_TYPE_IS_NOT_02", 4, 107}, ++ #endif ++ #ifdef RSA_R_DATA_GREATER_THAN_MOD_LEN ++ {"DATA_GREATER_THAN_MOD_LEN", ERR_LIB_RSA, RSA_R_DATA_GREATER_THAN_MOD_LEN}, ++ #else ++ {"DATA_GREATER_THAN_MOD_LEN", 4, 108}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_LARGE ++ {"DATA_TOO_LARGE", ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE}, ++ #else ++ {"DATA_TOO_LARGE", 4, 109}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ++ {"DATA_TOO_LARGE_FOR_KEY_SIZE", ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE}, ++ #else ++ {"DATA_TOO_LARGE_FOR_KEY_SIZE", 4, 110}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_LARGE_FOR_MODULUS ++ {"DATA_TOO_LARGE_FOR_MODULUS", ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS}, ++ #else ++ {"DATA_TOO_LARGE_FOR_MODULUS", 4, 132}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_SMALL ++ {"DATA_TOO_SMALL", ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL}, ++ #else ++ {"DATA_TOO_SMALL", 4, 111}, ++ #endif ++ #ifdef RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ++ {"DATA_TOO_SMALL_FOR_KEY_SIZE", ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE}, ++ #else ++ {"DATA_TOO_SMALL_FOR_KEY_SIZE", 4, 122}, ++ #endif ++ #ifdef RSA_R_DIGEST_DOES_NOT_MATCH ++ {"DIGEST_DOES_NOT_MATCH", ERR_LIB_RSA, RSA_R_DIGEST_DOES_NOT_MATCH}, ++ #else ++ {"DIGEST_DOES_NOT_MATCH", 4, 158}, ++ #endif ++ #ifdef RSA_R_DIGEST_NOT_ALLOWED ++ {"DIGEST_NOT_ALLOWED", ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED}, ++ #else ++ {"DIGEST_NOT_ALLOWED", 4, 145}, ++ #endif ++ #ifdef RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ++ {"DIGEST_TOO_BIG_FOR_RSA_KEY", ERR_LIB_RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY}, ++ #else ++ {"DIGEST_TOO_BIG_FOR_RSA_KEY", 4, 112}, ++ #endif ++ #ifdef RSA_R_DMP1_NOT_CONGRUENT_TO_D ++ {"DMP1_NOT_CONGRUENT_TO_D", ERR_LIB_RSA, RSA_R_DMP1_NOT_CONGRUENT_TO_D}, ++ #else ++ {"DMP1_NOT_CONGRUENT_TO_D", 4, 124}, ++ #endif ++ #ifdef RSA_R_DMQ1_NOT_CONGRUENT_TO_D ++ {"DMQ1_NOT_CONGRUENT_TO_D", ERR_LIB_RSA, RSA_R_DMQ1_NOT_CONGRUENT_TO_D}, ++ #else ++ {"DMQ1_NOT_CONGRUENT_TO_D", 4, 125}, ++ #endif ++ #ifdef RSA_R_D_E_NOT_CONGRUENT_TO_1 ++ {"D_E_NOT_CONGRUENT_TO_1", ERR_LIB_RSA, RSA_R_D_E_NOT_CONGRUENT_TO_1}, ++ #else ++ {"D_E_NOT_CONGRUENT_TO_1", 4, 123}, ++ #endif ++ #ifdef RSA_R_FIRST_OCTET_INVALID ++ {"FIRST_OCTET_INVALID", ERR_LIB_RSA, RSA_R_FIRST_OCTET_INVALID}, ++ #else ++ {"FIRST_OCTET_INVALID", 4, 133}, ++ #endif ++ #ifdef RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE ++ {"ILLEGAL_OR_UNSUPPORTED_PADDING_MODE", ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE}, ++ #else ++ {"ILLEGAL_OR_UNSUPPORTED_PADDING_MODE", 4, 144}, ++ #endif ++ #ifdef RSA_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_RSA, RSA_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 4, 157}, ++ #endif ++ #ifdef RSA_R_INVALID_DIGEST_LENGTH ++ {"INVALID_DIGEST_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH}, ++ #else ++ {"INVALID_DIGEST_LENGTH", 4, 143}, ++ #endif ++ #ifdef RSA_R_INVALID_HEADER ++ {"INVALID_HEADER", ERR_LIB_RSA, RSA_R_INVALID_HEADER}, ++ #else ++ {"INVALID_HEADER", 4, 137}, ++ #endif ++ #ifdef RSA_R_INVALID_KEYPAIR ++ {"INVALID_KEYPAIR", ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR}, ++ #else ++ {"INVALID_KEYPAIR", 4, 171}, ++ #endif ++ #ifdef RSA_R_INVALID_KEY_LENGTH ++ {"INVALID_KEY_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_KEY_LENGTH}, ++ #else ++ {"INVALID_KEY_LENGTH", 4, 173}, ++ #endif ++ #ifdef RSA_R_INVALID_LABEL ++ {"INVALID_LABEL", ERR_LIB_RSA, RSA_R_INVALID_LABEL}, ++ #else ++ {"INVALID_LABEL", 4, 160}, ++ #endif ++ #ifdef RSA_R_INVALID_MESSAGE_LENGTH ++ {"INVALID_MESSAGE_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH}, ++ #else ++ {"INVALID_MESSAGE_LENGTH", 4, 131}, ++ #endif ++ #ifdef RSA_R_INVALID_MGF1_MD ++ {"INVALID_MGF1_MD", ERR_LIB_RSA, RSA_R_INVALID_MGF1_MD}, ++ #else ++ {"INVALID_MGF1_MD", 4, 156}, ++ #endif ++ #ifdef RSA_R_INVALID_MODULUS ++ {"INVALID_MODULUS", ERR_LIB_RSA, RSA_R_INVALID_MODULUS}, ++ #else ++ {"INVALID_MODULUS", 4, 174}, ++ #endif ++ #ifdef RSA_R_INVALID_MULTI_PRIME_KEY ++ {"INVALID_MULTI_PRIME_KEY", ERR_LIB_RSA, RSA_R_INVALID_MULTI_PRIME_KEY}, ++ #else ++ {"INVALID_MULTI_PRIME_KEY", 4, 167}, ++ #endif ++ #ifdef RSA_R_INVALID_OAEP_PARAMETERS ++ {"INVALID_OAEP_PARAMETERS", ERR_LIB_RSA, RSA_R_INVALID_OAEP_PARAMETERS}, ++ #else ++ {"INVALID_OAEP_PARAMETERS", 4, 161}, ++ #endif ++ #ifdef RSA_R_INVALID_PADDING ++ {"INVALID_PADDING", ERR_LIB_RSA, RSA_R_INVALID_PADDING}, ++ #else ++ {"INVALID_PADDING", 4, 138}, ++ #endif ++ #ifdef RSA_R_INVALID_PADDING_MODE ++ {"INVALID_PADDING_MODE", ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE}, ++ #else ++ {"INVALID_PADDING_MODE", 4, 141}, ++ #endif ++ #ifdef RSA_R_INVALID_PSS_PARAMETERS ++ {"INVALID_PSS_PARAMETERS", ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS}, ++ #else ++ {"INVALID_PSS_PARAMETERS", 4, 149}, ++ #endif ++ #ifdef RSA_R_INVALID_PSS_SALTLEN ++ {"INVALID_PSS_SALTLEN", ERR_LIB_RSA, RSA_R_INVALID_PSS_SALTLEN}, ++ #else ++ {"INVALID_PSS_SALTLEN", 4, 146}, ++ #endif ++ #ifdef RSA_R_INVALID_REQUEST ++ {"INVALID_REQUEST", ERR_LIB_RSA, RSA_R_INVALID_REQUEST}, ++ #else ++ {"INVALID_REQUEST", 4, 175}, ++ #endif ++ #ifdef RSA_R_INVALID_SALT_LENGTH ++ {"INVALID_SALT_LENGTH", ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH}, ++ #else ++ {"INVALID_SALT_LENGTH", 4, 150}, ++ #endif ++ #ifdef RSA_R_INVALID_STRENGTH ++ {"INVALID_STRENGTH", ERR_LIB_RSA, RSA_R_INVALID_STRENGTH}, ++ #else ++ {"INVALID_STRENGTH", 4, 176}, ++ #endif ++ #ifdef RSA_R_INVALID_TRAILER ++ {"INVALID_TRAILER", ERR_LIB_RSA, RSA_R_INVALID_TRAILER}, ++ #else ++ {"INVALID_TRAILER", 4, 139}, ++ #endif ++ #ifdef RSA_R_INVALID_X931_DIGEST ++ {"INVALID_X931_DIGEST", ERR_LIB_RSA, RSA_R_INVALID_X931_DIGEST}, ++ #else ++ {"INVALID_X931_DIGEST", 4, 142}, ++ #endif ++ #ifdef RSA_R_IQMP_NOT_INVERSE_OF_Q ++ {"IQMP_NOT_INVERSE_OF_Q", ERR_LIB_RSA, RSA_R_IQMP_NOT_INVERSE_OF_Q}, ++ #else ++ {"IQMP_NOT_INVERSE_OF_Q", 4, 126}, ++ #endif ++ #ifdef RSA_R_KEY_PRIME_NUM_INVALID ++ {"KEY_PRIME_NUM_INVALID", ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID}, ++ #else ++ {"KEY_PRIME_NUM_INVALID", 4, 165}, ++ #endif ++ #ifdef RSA_R_KEY_SIZE_TOO_SMALL ++ {"KEY_SIZE_TOO_SMALL", ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL}, ++ #else ++ {"KEY_SIZE_TOO_SMALL", 4, 120}, ++ #endif ++ #ifdef RSA_R_LAST_OCTET_INVALID ++ {"LAST_OCTET_INVALID", ERR_LIB_RSA, RSA_R_LAST_OCTET_INVALID}, ++ #else ++ {"LAST_OCTET_INVALID", 4, 134}, ++ #endif ++ #ifdef RSA_R_MGF1_DIGEST_NOT_ALLOWED ++ {"MGF1_DIGEST_NOT_ALLOWED", ERR_LIB_RSA, RSA_R_MGF1_DIGEST_NOT_ALLOWED}, ++ #else ++ {"MGF1_DIGEST_NOT_ALLOWED", 4, 152}, ++ #endif ++ #ifdef RSA_R_MISSING_PRIVATE_KEY ++ {"MISSING_PRIVATE_KEY", ERR_LIB_RSA, RSA_R_MISSING_PRIVATE_KEY}, ++ #else ++ {"MISSING_PRIVATE_KEY", 4, 179}, ++ #endif ++ #ifdef RSA_R_MODULUS_TOO_LARGE ++ {"MODULUS_TOO_LARGE", ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE}, ++ #else ++ {"MODULUS_TOO_LARGE", 4, 105}, ++ #endif ++ #ifdef RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R ++ {"MP_COEFFICIENT_NOT_INVERSE_OF_R", ERR_LIB_RSA, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R}, ++ #else ++ {"MP_COEFFICIENT_NOT_INVERSE_OF_R", 4, 168}, ++ #endif ++ #ifdef RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D ++ {"MP_EXPONENT_NOT_CONGRUENT_TO_D", ERR_LIB_RSA, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D}, ++ #else ++ {"MP_EXPONENT_NOT_CONGRUENT_TO_D", 4, 169}, ++ #endif ++ #ifdef RSA_R_MP_R_NOT_PRIME ++ {"MP_R_NOT_PRIME", ERR_LIB_RSA, RSA_R_MP_R_NOT_PRIME}, ++ #else ++ {"MP_R_NOT_PRIME", 4, 170}, ++ #endif ++ #ifdef RSA_R_NO_PUBLIC_EXPONENT ++ {"NO_PUBLIC_EXPONENT", ERR_LIB_RSA, RSA_R_NO_PUBLIC_EXPONENT}, ++ #else ++ {"NO_PUBLIC_EXPONENT", 4, 140}, ++ #endif ++ #ifdef RSA_R_NULL_BEFORE_BLOCK_MISSING ++ {"NULL_BEFORE_BLOCK_MISSING", ERR_LIB_RSA, RSA_R_NULL_BEFORE_BLOCK_MISSING}, ++ #else ++ {"NULL_BEFORE_BLOCK_MISSING", 4, 113}, ++ #endif ++ #ifdef RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES ++ {"N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES", ERR_LIB_RSA, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES}, ++ #else ++ {"N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES", 4, 172}, ++ #endif ++ #ifdef RSA_R_N_DOES_NOT_EQUAL_P_Q ++ {"N_DOES_NOT_EQUAL_P_Q", ERR_LIB_RSA, RSA_R_N_DOES_NOT_EQUAL_P_Q}, ++ #else ++ {"N_DOES_NOT_EQUAL_P_Q", 4, 127}, ++ #endif ++ #ifdef RSA_R_OAEP_DECODING_ERROR ++ {"OAEP_DECODING_ERROR", ERR_LIB_RSA, RSA_R_OAEP_DECODING_ERROR}, ++ #else ++ {"OAEP_DECODING_ERROR", 4, 121}, ++ #endif ++ #ifdef RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", ERR_LIB_RSA, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE}, ++ #else ++ {"OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE", 4, 148}, ++ #endif ++ #ifdef RSA_R_PADDING_CHECK_FAILED ++ {"PADDING_CHECK_FAILED", ERR_LIB_RSA, RSA_R_PADDING_CHECK_FAILED}, ++ #else ++ {"PADDING_CHECK_FAILED", 4, 114}, ++ #endif ++ #ifdef RSA_R_PAIRWISE_TEST_FAILURE ++ {"PAIRWISE_TEST_FAILURE", ERR_LIB_RSA, RSA_R_PAIRWISE_TEST_FAILURE}, ++ #else ++ {"PAIRWISE_TEST_FAILURE", 4, 177}, ++ #endif ++ #ifdef RSA_R_PKCS_DECODING_ERROR ++ {"PKCS_DECODING_ERROR", ERR_LIB_RSA, RSA_R_PKCS_DECODING_ERROR}, ++ #else ++ {"PKCS_DECODING_ERROR", 4, 159}, ++ #endif ++ #ifdef RSA_R_PSS_SALTLEN_TOO_SMALL ++ {"PSS_SALTLEN_TOO_SMALL", ERR_LIB_RSA, RSA_R_PSS_SALTLEN_TOO_SMALL}, ++ #else ++ {"PSS_SALTLEN_TOO_SMALL", 4, 164}, ++ #endif ++ #ifdef RSA_R_PUB_EXPONENT_OUT_OF_RANGE ++ {"PUB_EXPONENT_OUT_OF_RANGE", ERR_LIB_RSA, RSA_R_PUB_EXPONENT_OUT_OF_RANGE}, ++ #else ++ {"PUB_EXPONENT_OUT_OF_RANGE", 4, 178}, ++ #endif ++ #ifdef RSA_R_P_NOT_PRIME ++ {"P_NOT_PRIME", ERR_LIB_RSA, RSA_R_P_NOT_PRIME}, ++ #else ++ {"P_NOT_PRIME", 4, 128}, ++ #endif ++ #ifdef RSA_R_Q_NOT_PRIME ++ {"Q_NOT_PRIME", ERR_LIB_RSA, RSA_R_Q_NOT_PRIME}, ++ #else ++ {"Q_NOT_PRIME", 4, 129}, ++ #endif ++ #ifdef RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ++ {"RSA_OPERATIONS_NOT_SUPPORTED", ERR_LIB_RSA, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED}, ++ #else ++ {"RSA_OPERATIONS_NOT_SUPPORTED", 4, 130}, ++ #endif ++ #ifdef RSA_R_SLEN_CHECK_FAILED ++ {"SLEN_CHECK_FAILED", ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED}, ++ #else ++ {"SLEN_CHECK_FAILED", 4, 136}, ++ #endif ++ #ifdef RSA_R_SLEN_RECOVERY_FAILED ++ {"SLEN_RECOVERY_FAILED", ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED}, ++ #else ++ {"SLEN_RECOVERY_FAILED", 4, 135}, ++ #endif ++ #ifdef RSA_R_SSLV3_ROLLBACK_ATTACK ++ {"SSLV3_ROLLBACK_ATTACK", ERR_LIB_RSA, RSA_R_SSLV3_ROLLBACK_ATTACK}, ++ #else ++ {"SSLV3_ROLLBACK_ATTACK", 4, 115}, ++ #endif ++ #ifdef RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", ERR_LIB_RSA, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD}, ++ #else ++ {"THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD", 4, 116}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_ALGORITHM_TYPE ++ {"UNKNOWN_ALGORITHM_TYPE", ERR_LIB_RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE}, ++ #else ++ {"UNKNOWN_ALGORITHM_TYPE", 4, 117}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_RSA, RSA_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 4, 166}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_MASK_DIGEST ++ {"UNKNOWN_MASK_DIGEST", ERR_LIB_RSA, RSA_R_UNKNOWN_MASK_DIGEST}, ++ #else ++ {"UNKNOWN_MASK_DIGEST", 4, 151}, ++ #endif ++ #ifdef RSA_R_UNKNOWN_PADDING_TYPE ++ {"UNKNOWN_PADDING_TYPE", ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE}, ++ #else ++ {"UNKNOWN_PADDING_TYPE", 4, 118}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_ENCRYPTION_TYPE ++ {"UNSUPPORTED_ENCRYPTION_TYPE", ERR_LIB_RSA, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE}, ++ #else ++ {"UNSUPPORTED_ENCRYPTION_TYPE", 4, 162}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_LABEL_SOURCE ++ {"UNSUPPORTED_LABEL_SOURCE", ERR_LIB_RSA, RSA_R_UNSUPPORTED_LABEL_SOURCE}, ++ #else ++ {"UNSUPPORTED_LABEL_SOURCE", 4, 163}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_MASK_ALGORITHM ++ {"UNSUPPORTED_MASK_ALGORITHM", ERR_LIB_RSA, RSA_R_UNSUPPORTED_MASK_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_MASK_ALGORITHM", 4, 153}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_MASK_PARAMETER ++ {"UNSUPPORTED_MASK_PARAMETER", ERR_LIB_RSA, RSA_R_UNSUPPORTED_MASK_PARAMETER}, ++ #else ++ {"UNSUPPORTED_MASK_PARAMETER", 4, 154}, ++ #endif ++ #ifdef RSA_R_UNSUPPORTED_SIGNATURE_TYPE ++ {"UNSUPPORTED_SIGNATURE_TYPE", ERR_LIB_RSA, RSA_R_UNSUPPORTED_SIGNATURE_TYPE}, ++ #else ++ {"UNSUPPORTED_SIGNATURE_TYPE", 4, 155}, ++ #endif ++ #ifdef RSA_R_VALUE_MISSING ++ {"VALUE_MISSING", ERR_LIB_RSA, RSA_R_VALUE_MISSING}, ++ #else ++ {"VALUE_MISSING", 4, 147}, ++ #endif ++ #ifdef RSA_R_WRONG_SIGNATURE_LENGTH ++ {"WRONG_SIGNATURE_LENGTH", ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH}, ++ #else ++ {"WRONG_SIGNATURE_LENGTH", 4, 119}, ++ #endif ++ #ifdef SM2_R_ASN1_ERROR ++ {"ASN1_ERROR", ERR_LIB_SM2, SM2_R_ASN1_ERROR}, ++ #else ++ {"ASN1_ERROR", 53, 100}, ++ #endif ++ #ifdef SM2_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_SM2, SM2_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 53, 101}, ++ #endif ++ #ifdef SM2_R_BUFFER_TOO_SMALL ++ {"BUFFER_TOO_SMALL", ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL}, ++ #else ++ {"BUFFER_TOO_SMALL", 53, 107}, ++ #endif ++ #ifdef SM2_R_DIST_ID_TOO_LARGE ++ {"DIST_ID_TOO_LARGE", ERR_LIB_SM2, SM2_R_DIST_ID_TOO_LARGE}, ++ #else ++ {"DIST_ID_TOO_LARGE", 53, 110}, ++ #endif ++ #ifdef SM2_R_ID_NOT_SET ++ {"ID_NOT_SET", ERR_LIB_SM2, SM2_R_ID_NOT_SET}, ++ #else ++ {"ID_NOT_SET", 53, 112}, ++ #endif ++ #ifdef SM2_R_ID_TOO_LARGE ++ {"ID_TOO_LARGE", ERR_LIB_SM2, SM2_R_ID_TOO_LARGE}, ++ #else ++ {"ID_TOO_LARGE", 53, 111}, ++ #endif ++ #ifdef SM2_R_INVALID_CURVE ++ {"INVALID_CURVE", ERR_LIB_SM2, SM2_R_INVALID_CURVE}, ++ #else ++ {"INVALID_CURVE", 53, 108}, ++ #endif ++ #ifdef SM2_R_INVALID_DIGEST ++ {"INVALID_DIGEST", ERR_LIB_SM2, SM2_R_INVALID_DIGEST}, ++ #else ++ {"INVALID_DIGEST", 53, 102}, ++ #endif ++ #ifdef SM2_R_INVALID_DIGEST_TYPE ++ {"INVALID_DIGEST_TYPE", ERR_LIB_SM2, SM2_R_INVALID_DIGEST_TYPE}, ++ #else ++ {"INVALID_DIGEST_TYPE", 53, 103}, ++ #endif ++ #ifdef SM2_R_INVALID_ENCODING ++ {"INVALID_ENCODING", ERR_LIB_SM2, SM2_R_INVALID_ENCODING}, ++ #else ++ {"INVALID_ENCODING", 53, 104}, ++ #endif ++ #ifdef SM2_R_INVALID_FIELD ++ {"INVALID_FIELD", ERR_LIB_SM2, SM2_R_INVALID_FIELD}, ++ #else ++ {"INVALID_FIELD", 53, 105}, ++ #endif ++ #ifdef SM2_R_INVALID_PRIVATE_KEY ++ {"INVALID_PRIVATE_KEY", ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY}, ++ #else ++ {"INVALID_PRIVATE_KEY", 53, 113}, ++ #endif ++ #ifdef SM2_R_NO_PARAMETERS_SET ++ {"NO_PARAMETERS_SET", ERR_LIB_SM2, SM2_R_NO_PARAMETERS_SET}, ++ #else ++ {"NO_PARAMETERS_SET", 53, 109}, ++ #endif ++ #ifdef SM2_R_USER_ID_TOO_LARGE ++ {"USER_ID_TOO_LARGE", ERR_LIB_SM2, SM2_R_USER_ID_TOO_LARGE}, ++ #else ++ {"USER_ID_TOO_LARGE", 53, 106}, ++ #endif ++ #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY ++ {"APPLICATION_DATA_AFTER_CLOSE_NOTIFY", ERR_LIB_SSL, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY}, ++ #else ++ {"APPLICATION_DATA_AFTER_CLOSE_NOTIFY", 20, 291}, ++ #endif ++ #ifdef SSL_R_APP_DATA_IN_HANDSHAKE ++ {"APP_DATA_IN_HANDSHAKE", ERR_LIB_SSL, SSL_R_APP_DATA_IN_HANDSHAKE}, ++ #else ++ {"APP_DATA_IN_HANDSHAKE", 20, 100}, ++ #endif ++ #ifdef SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT ++ {"ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT", ERR_LIB_SSL, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT}, ++ #else ++ {"ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT", 20, 272}, ++ #endif ++ #ifdef SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE ++ {"AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE", ERR_LIB_SSL, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE}, ++ #else ++ {"AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE", 20, 143}, ++ #endif ++ #ifdef SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE ++ {"AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE", ERR_LIB_SSL, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE}, ++ #else ++ {"AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE", 20, 158}, ++ #endif ++ #ifdef SSL_R_BAD_CHANGE_CIPHER_SPEC ++ {"BAD_CHANGE_CIPHER_SPEC", ERR_LIB_SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC}, ++ #else ++ {"BAD_CHANGE_CIPHER_SPEC", 20, 103}, ++ #endif ++ #ifdef SSL_R_BAD_CIPHER ++ {"BAD_CIPHER", ERR_LIB_SSL, SSL_R_BAD_CIPHER}, ++ #else ++ {"BAD_CIPHER", 20, 186}, ++ #endif ++ #ifdef SSL_R_BAD_DATA ++ {"BAD_DATA", ERR_LIB_SSL, SSL_R_BAD_DATA}, ++ #else ++ {"BAD_DATA", 20, 390}, ++ #endif ++ #ifdef SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ++ {"BAD_DATA_RETURNED_BY_CALLBACK", ERR_LIB_SSL, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK}, ++ #else ++ {"BAD_DATA_RETURNED_BY_CALLBACK", 20, 106}, ++ #endif ++ #ifdef SSL_R_BAD_DECOMPRESSION ++ {"BAD_DECOMPRESSION", ERR_LIB_SSL, SSL_R_BAD_DECOMPRESSION}, ++ #else ++ {"BAD_DECOMPRESSION", 20, 107}, ++ #endif ++ #ifdef SSL_R_BAD_DH_VALUE ++ {"BAD_DH_VALUE", ERR_LIB_SSL, SSL_R_BAD_DH_VALUE}, ++ #else ++ {"BAD_DH_VALUE", 20, 102}, ++ #endif ++ #ifdef SSL_R_BAD_DIGEST_LENGTH ++ {"BAD_DIGEST_LENGTH", ERR_LIB_SSL, SSL_R_BAD_DIGEST_LENGTH}, ++ #else ++ {"BAD_DIGEST_LENGTH", 20, 111}, ++ #endif ++ #ifdef SSL_R_BAD_EARLY_DATA ++ {"BAD_EARLY_DATA", ERR_LIB_SSL, SSL_R_BAD_EARLY_DATA}, ++ #else ++ {"BAD_EARLY_DATA", 20, 233}, ++ #endif ++ #ifdef SSL_R_BAD_ECC_CERT ++ {"BAD_ECC_CERT", ERR_LIB_SSL, SSL_R_BAD_ECC_CERT}, ++ #else ++ {"BAD_ECC_CERT", 20, 304}, ++ #endif ++ #ifdef SSL_R_BAD_ECPOINT ++ {"BAD_ECPOINT", ERR_LIB_SSL, SSL_R_BAD_ECPOINT}, ++ #else ++ {"BAD_ECPOINT", 20, 306}, ++ #endif ++ #ifdef SSL_R_BAD_EXTENSION ++ {"BAD_EXTENSION", ERR_LIB_SSL, SSL_R_BAD_EXTENSION}, ++ #else ++ {"BAD_EXTENSION", 20, 110}, ++ #endif ++ #ifdef SSL_R_BAD_HANDSHAKE_LENGTH ++ {"BAD_HANDSHAKE_LENGTH", ERR_LIB_SSL, SSL_R_BAD_HANDSHAKE_LENGTH}, ++ #else ++ {"BAD_HANDSHAKE_LENGTH", 20, 332}, ++ #endif ++ #ifdef SSL_R_BAD_HANDSHAKE_STATE ++ {"BAD_HANDSHAKE_STATE", ERR_LIB_SSL, SSL_R_BAD_HANDSHAKE_STATE}, ++ #else ++ {"BAD_HANDSHAKE_STATE", 20, 236}, ++ #endif ++ #ifdef SSL_R_BAD_HELLO_REQUEST ++ {"BAD_HELLO_REQUEST", ERR_LIB_SSL, SSL_R_BAD_HELLO_REQUEST}, ++ #else ++ {"BAD_HELLO_REQUEST", 20, 105}, ++ #endif ++ #ifdef SSL_R_BAD_HRR_VERSION ++ {"BAD_HRR_VERSION", ERR_LIB_SSL, SSL_R_BAD_HRR_VERSION}, ++ #else ++ {"BAD_HRR_VERSION", 20, 263}, ++ #endif ++ #ifdef SSL_R_BAD_KEY_SHARE ++ {"BAD_KEY_SHARE", ERR_LIB_SSL, SSL_R_BAD_KEY_SHARE}, ++ #else ++ {"BAD_KEY_SHARE", 20, 108}, ++ #endif ++ #ifdef SSL_R_BAD_KEY_UPDATE ++ {"BAD_KEY_UPDATE", ERR_LIB_SSL, SSL_R_BAD_KEY_UPDATE}, ++ #else ++ {"BAD_KEY_UPDATE", 20, 122}, ++ #endif ++ #ifdef SSL_R_BAD_LEGACY_VERSION ++ {"BAD_LEGACY_VERSION", ERR_LIB_SSL, SSL_R_BAD_LEGACY_VERSION}, ++ #else ++ {"BAD_LEGACY_VERSION", 20, 292}, ++ #endif ++ #ifdef SSL_R_BAD_LENGTH ++ {"BAD_LENGTH", ERR_LIB_SSL, SSL_R_BAD_LENGTH}, ++ #else ++ {"BAD_LENGTH", 20, 271}, ++ #endif ++ #ifdef SSL_R_BAD_PACKET ++ {"BAD_PACKET", ERR_LIB_SSL, SSL_R_BAD_PACKET}, ++ #else ++ {"BAD_PACKET", 20, 240}, ++ #endif ++ #ifdef SSL_R_BAD_PACKET_LENGTH ++ {"BAD_PACKET_LENGTH", ERR_LIB_SSL, SSL_R_BAD_PACKET_LENGTH}, ++ #else ++ {"BAD_PACKET_LENGTH", 20, 115}, ++ #endif ++ #ifdef SSL_R_BAD_PROTOCOL_VERSION_NUMBER ++ {"BAD_PROTOCOL_VERSION_NUMBER", ERR_LIB_SSL, SSL_R_BAD_PROTOCOL_VERSION_NUMBER}, ++ #else ++ {"BAD_PROTOCOL_VERSION_NUMBER", 20, 116}, ++ #endif ++ #ifdef SSL_R_BAD_PSK ++ {"BAD_PSK", ERR_LIB_SSL, SSL_R_BAD_PSK}, ++ #else ++ {"BAD_PSK", 20, 219}, ++ #endif ++ #ifdef SSL_R_BAD_PSK_IDENTITY ++ {"BAD_PSK_IDENTITY", ERR_LIB_SSL, SSL_R_BAD_PSK_IDENTITY}, ++ #else ++ {"BAD_PSK_IDENTITY", 20, 114}, ++ #endif ++ #ifdef SSL_R_BAD_RECORD_TYPE ++ {"BAD_RECORD_TYPE", ERR_LIB_SSL, SSL_R_BAD_RECORD_TYPE}, ++ #else ++ {"BAD_RECORD_TYPE", 20, 443}, ++ #endif ++ #ifdef SSL_R_BAD_RSA_ENCRYPT ++ {"BAD_RSA_ENCRYPT", ERR_LIB_SSL, SSL_R_BAD_RSA_ENCRYPT}, ++ #else ++ {"BAD_RSA_ENCRYPT", 20, 119}, ++ #endif ++ #ifdef SSL_R_BAD_SIGNATURE ++ {"BAD_SIGNATURE", ERR_LIB_SSL, SSL_R_BAD_SIGNATURE}, ++ #else ++ {"BAD_SIGNATURE", 20, 123}, ++ #endif ++ #ifdef SSL_R_BAD_SRP_A_LENGTH ++ {"BAD_SRP_A_LENGTH", ERR_LIB_SSL, SSL_R_BAD_SRP_A_LENGTH}, ++ #else ++ {"BAD_SRP_A_LENGTH", 20, 347}, ++ #endif ++ #ifdef SSL_R_BAD_SRP_PARAMETERS ++ {"BAD_SRP_PARAMETERS", ERR_LIB_SSL, SSL_R_BAD_SRP_PARAMETERS}, ++ #else ++ {"BAD_SRP_PARAMETERS", 20, 371}, ++ #endif ++ #ifdef SSL_R_BAD_SRTP_MKI_VALUE ++ {"BAD_SRTP_MKI_VALUE", ERR_LIB_SSL, SSL_R_BAD_SRTP_MKI_VALUE}, ++ #else ++ {"BAD_SRTP_MKI_VALUE", 20, 352}, ++ #endif ++ #ifdef SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST ++ {"BAD_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST}, ++ #else ++ {"BAD_SRTP_PROTECTION_PROFILE_LIST", 20, 353}, ++ #endif ++ #ifdef SSL_R_BAD_SSL_FILETYPE ++ {"BAD_SSL_FILETYPE", ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE}, ++ #else ++ {"BAD_SSL_FILETYPE", 20, 124}, ++ #endif ++ #ifdef SSL_R_BAD_VALUE ++ {"BAD_VALUE", ERR_LIB_SSL, SSL_R_BAD_VALUE}, ++ #else ++ {"BAD_VALUE", 20, 384}, ++ #endif ++ #ifdef SSL_R_BAD_WRITE_RETRY ++ {"BAD_WRITE_RETRY", ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY}, ++ #else ++ {"BAD_WRITE_RETRY", 20, 127}, ++ #endif ++ #ifdef SSL_R_BINDER_DOES_NOT_VERIFY ++ {"BINDER_DOES_NOT_VERIFY", ERR_LIB_SSL, SSL_R_BINDER_DOES_NOT_VERIFY}, ++ #else ++ {"BINDER_DOES_NOT_VERIFY", 20, 253}, ++ #endif ++ #ifdef SSL_R_BIO_NOT_SET ++ {"BIO_NOT_SET", ERR_LIB_SSL, SSL_R_BIO_NOT_SET}, ++ #else ++ {"BIO_NOT_SET", 20, 128}, ++ #endif ++ #ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ++ {"BLOCK_CIPHER_PAD_IS_WRONG", ERR_LIB_SSL, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG}, ++ #else ++ {"BLOCK_CIPHER_PAD_IS_WRONG", 20, 129}, ++ #endif ++ #ifdef SSL_R_BN_LIB ++ {"BN_LIB", ERR_LIB_SSL, SSL_R_BN_LIB}, ++ #else ++ {"BN_LIB", 20, 130}, ++ #endif ++ #ifdef SSL_R_CALLBACK_FAILED ++ {"CALLBACK_FAILED", ERR_LIB_SSL, SSL_R_CALLBACK_FAILED}, ++ #else ++ {"CALLBACK_FAILED", 20, 234}, ++ #endif ++ #ifdef SSL_R_CANNOT_CHANGE_CIPHER ++ {"CANNOT_CHANGE_CIPHER", ERR_LIB_SSL, SSL_R_CANNOT_CHANGE_CIPHER}, ++ #else ++ {"CANNOT_CHANGE_CIPHER", 20, 109}, ++ #endif ++ #ifdef SSL_R_CANNOT_GET_GROUP_NAME ++ {"CANNOT_GET_GROUP_NAME", ERR_LIB_SSL, SSL_R_CANNOT_GET_GROUP_NAME}, ++ #else ++ {"CANNOT_GET_GROUP_NAME", 20, 299}, ++ #endif ++ #ifdef SSL_R_CA_DN_LENGTH_MISMATCH ++ {"CA_DN_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_CA_DN_LENGTH_MISMATCH}, ++ #else ++ {"CA_DN_LENGTH_MISMATCH", 20, 131}, ++ #endif ++ #ifdef SSL_R_CA_KEY_TOO_SMALL ++ {"CA_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_CA_KEY_TOO_SMALL}, ++ #else ++ {"CA_KEY_TOO_SMALL", 20, 397}, ++ #endif ++ #ifdef SSL_R_CA_MD_TOO_WEAK ++ {"CA_MD_TOO_WEAK", ERR_LIB_SSL, SSL_R_CA_MD_TOO_WEAK}, ++ #else ++ {"CA_MD_TOO_WEAK", 20, 398}, ++ #endif ++ #ifdef SSL_R_CCS_RECEIVED_EARLY ++ {"CCS_RECEIVED_EARLY", ERR_LIB_SSL, SSL_R_CCS_RECEIVED_EARLY}, ++ #else ++ {"CCS_RECEIVED_EARLY", 20, 133}, ++ #endif ++ #ifdef SSL_R_CERTIFICATE_VERIFY_FAILED ++ {"CERTIFICATE_VERIFY_FAILED", ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED}, ++ #else ++ {"CERTIFICATE_VERIFY_FAILED", 20, 134}, ++ #endif ++ #ifdef SSL_R_CERT_CB_ERROR ++ {"CERT_CB_ERROR", ERR_LIB_SSL, SSL_R_CERT_CB_ERROR}, ++ #else ++ {"CERT_CB_ERROR", 20, 377}, ++ #endif ++ #ifdef SSL_R_CERT_LENGTH_MISMATCH ++ {"CERT_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_CERT_LENGTH_MISMATCH}, ++ #else ++ {"CERT_LENGTH_MISMATCH", 20, 135}, ++ #endif ++ #ifdef SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED ++ {"CIPHERSUITE_DIGEST_HAS_CHANGED", ERR_LIB_SSL, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED}, ++ #else ++ {"CIPHERSUITE_DIGEST_HAS_CHANGED", 20, 218}, ++ #endif ++ #ifdef SSL_R_CIPHER_CODE_WRONG_LENGTH ++ {"CIPHER_CODE_WRONG_LENGTH", ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH}, ++ #else ++ {"CIPHER_CODE_WRONG_LENGTH", 20, 137}, ++ #endif ++ #ifdef SSL_R_CLIENTHELLO_TLSEXT ++ {"CLIENTHELLO_TLSEXT", ERR_LIB_SSL, SSL_R_CLIENTHELLO_TLSEXT}, ++ #else ++ {"CLIENTHELLO_TLSEXT", 20, 226}, ++ #endif ++ #ifdef SSL_R_COMPRESSED_LENGTH_TOO_LONG ++ {"COMPRESSED_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_COMPRESSED_LENGTH_TOO_LONG}, ++ #else ++ {"COMPRESSED_LENGTH_TOO_LONG", 20, 140}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_DISABLED ++ {"COMPRESSION_DISABLED", ERR_LIB_SSL, SSL_R_COMPRESSION_DISABLED}, ++ #else ++ {"COMPRESSION_DISABLED", 20, 343}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_FAILURE ++ {"COMPRESSION_FAILURE", ERR_LIB_SSL, SSL_R_COMPRESSION_FAILURE}, ++ #else ++ {"COMPRESSION_FAILURE", 20, 141}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE ++ {"COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE", ERR_LIB_SSL, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE}, ++ #else ++ {"COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE", 20, 307}, ++ #endif ++ #ifdef SSL_R_COMPRESSION_LIBRARY_ERROR ++ {"COMPRESSION_LIBRARY_ERROR", ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR}, ++ #else ++ {"COMPRESSION_LIBRARY_ERROR", 20, 142}, ++ #endif ++ #ifdef SSL_R_CONNECTION_TYPE_NOT_SET ++ {"CONNECTION_TYPE_NOT_SET", ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET}, ++ #else ++ {"CONNECTION_TYPE_NOT_SET", 20, 144}, ++ #endif ++ #ifdef SSL_R_CONTEXT_NOT_DANE_ENABLED ++ {"CONTEXT_NOT_DANE_ENABLED", ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED}, ++ #else ++ {"CONTEXT_NOT_DANE_ENABLED", 20, 167}, ++ #endif ++ #ifdef SSL_R_COOKIE_GEN_CALLBACK_FAILURE ++ {"COOKIE_GEN_CALLBACK_FAILURE", ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE}, ++ #else ++ {"COOKIE_GEN_CALLBACK_FAILURE", 20, 400}, ++ #endif ++ #ifdef SSL_R_COOKIE_MISMATCH ++ {"COOKIE_MISMATCH", ERR_LIB_SSL, SSL_R_COOKIE_MISMATCH}, ++ #else ++ {"COOKIE_MISMATCH", 20, 308}, ++ #endif ++ #ifdef SSL_R_COPY_PARAMETERS_FAILED ++ {"COPY_PARAMETERS_FAILED", ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED}, ++ #else ++ {"COPY_PARAMETERS_FAILED", 20, 296}, ++ #endif ++ #ifdef SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED ++ {"CUSTOM_EXT_HANDLER_ALREADY_INSTALLED", ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED}, ++ #else ++ {"CUSTOM_EXT_HANDLER_ALREADY_INSTALLED", 20, 206}, ++ #endif ++ #ifdef SSL_R_DANE_ALREADY_ENABLED ++ {"DANE_ALREADY_ENABLED", ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED}, ++ #else ++ {"DANE_ALREADY_ENABLED", 20, 172}, ++ #endif ++ #ifdef SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL ++ {"DANE_CANNOT_OVERRIDE_MTYPE_FULL", ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL}, ++ #else ++ {"DANE_CANNOT_OVERRIDE_MTYPE_FULL", 20, 173}, ++ #endif ++ #ifdef SSL_R_DANE_NOT_ENABLED ++ {"DANE_NOT_ENABLED", ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED}, ++ #else ++ {"DANE_NOT_ENABLED", 20, 175}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_CERTIFICATE ++ {"DANE_TLSA_BAD_CERTIFICATE", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE}, ++ #else ++ {"DANE_TLSA_BAD_CERTIFICATE", 20, 180}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE ++ {"DANE_TLSA_BAD_CERTIFICATE_USAGE", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE}, ++ #else ++ {"DANE_TLSA_BAD_CERTIFICATE_USAGE", 20, 184}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_DATA_LENGTH ++ {"DANE_TLSA_BAD_DATA_LENGTH", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH}, ++ #else ++ {"DANE_TLSA_BAD_DATA_LENGTH", 20, 189}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH ++ {"DANE_TLSA_BAD_DIGEST_LENGTH", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH}, ++ #else ++ {"DANE_TLSA_BAD_DIGEST_LENGTH", 20, 192}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_MATCHING_TYPE ++ {"DANE_TLSA_BAD_MATCHING_TYPE", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE}, ++ #else ++ {"DANE_TLSA_BAD_MATCHING_TYPE", 20, 200}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_PUBLIC_KEY ++ {"DANE_TLSA_BAD_PUBLIC_KEY", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY}, ++ #else ++ {"DANE_TLSA_BAD_PUBLIC_KEY", 20, 201}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_BAD_SELECTOR ++ {"DANE_TLSA_BAD_SELECTOR", ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR}, ++ #else ++ {"DANE_TLSA_BAD_SELECTOR", 20, 202}, ++ #endif ++ #ifdef SSL_R_DANE_TLSA_NULL_DATA ++ {"DANE_TLSA_NULL_DATA", ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA}, ++ #else ++ {"DANE_TLSA_NULL_DATA", 20, 203}, ++ #endif ++ #ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ++ {"DATA_BETWEEN_CCS_AND_FINISHED", ERR_LIB_SSL, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED}, ++ #else ++ {"DATA_BETWEEN_CCS_AND_FINISHED", 20, 145}, ++ #endif ++ #ifdef SSL_R_DATA_LENGTH_TOO_LONG ++ {"DATA_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG}, ++ #else ++ {"DATA_LENGTH_TOO_LONG", 20, 146}, ++ #endif ++ #ifdef SSL_R_DECRYPTION_FAILED ++ {"DECRYPTION_FAILED", ERR_LIB_SSL, SSL_R_DECRYPTION_FAILED}, ++ #else ++ {"DECRYPTION_FAILED", 20, 147}, ++ #endif ++ #ifdef SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ++ {"DECRYPTION_FAILED_OR_BAD_RECORD_MAC", ERR_LIB_SSL, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC}, ++ #else ++ {"DECRYPTION_FAILED_OR_BAD_RECORD_MAC", 20, 281}, ++ #endif ++ #ifdef SSL_R_DH_KEY_TOO_SMALL ++ {"DH_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL}, ++ #else ++ {"DH_KEY_TOO_SMALL", 20, 394}, ++ #endif ++ #ifdef SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ++ {"DH_PUBLIC_VALUE_LENGTH_IS_WRONG", ERR_LIB_SSL, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG}, ++ #else ++ {"DH_PUBLIC_VALUE_LENGTH_IS_WRONG", 20, 148}, ++ #endif ++ #ifdef SSL_R_DIGEST_CHECK_FAILED ++ {"DIGEST_CHECK_FAILED", ERR_LIB_SSL, SSL_R_DIGEST_CHECK_FAILED}, ++ #else ++ {"DIGEST_CHECK_FAILED", 20, 149}, ++ #endif ++ #ifdef SSL_R_DTLS_MESSAGE_TOO_BIG ++ {"DTLS_MESSAGE_TOO_BIG", ERR_LIB_SSL, SSL_R_DTLS_MESSAGE_TOO_BIG}, ++ #else ++ {"DTLS_MESSAGE_TOO_BIG", 20, 334}, ++ #endif ++ #ifdef SSL_R_DUPLICATE_COMPRESSION_ID ++ {"DUPLICATE_COMPRESSION_ID", ERR_LIB_SSL, SSL_R_DUPLICATE_COMPRESSION_ID}, ++ #else ++ {"DUPLICATE_COMPRESSION_ID", 20, 309}, ++ #endif ++ #ifdef SSL_R_ECC_CERT_NOT_FOR_SIGNING ++ {"ECC_CERT_NOT_FOR_SIGNING", ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING}, ++ #else ++ {"ECC_CERT_NOT_FOR_SIGNING", 20, 318}, ++ #endif ++ #ifdef SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE ++ {"ECDH_REQUIRED_FOR_SUITEB_MODE", ERR_LIB_SSL, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE}, ++ #else ++ {"ECDH_REQUIRED_FOR_SUITEB_MODE", 20, 374}, ++ #endif ++ #ifdef SSL_R_EE_KEY_TOO_SMALL ++ {"EE_KEY_TOO_SMALL", ERR_LIB_SSL, SSL_R_EE_KEY_TOO_SMALL}, ++ #else ++ {"EE_KEY_TOO_SMALL", 20, 399}, ++ #endif ++ #ifdef SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST ++ {"EMPTY_SRTP_PROTECTION_PROFILE_LIST", ERR_LIB_SSL, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST}, ++ #else ++ {"EMPTY_SRTP_PROTECTION_PROFILE_LIST", 20, 354}, ++ #endif ++ #ifdef SSL_R_ENCRYPTED_LENGTH_TOO_LONG ++ {"ENCRYPTED_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_ENCRYPTED_LENGTH_TOO_LONG}, ++ #else ++ {"ENCRYPTED_LENGTH_TOO_LONG", 20, 150}, ++ #endif ++ #ifdef SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ++ {"ERROR_IN_RECEIVED_CIPHER_LIST", ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST}, ++ #else ++ {"ERROR_IN_RECEIVED_CIPHER_LIST", 20, 151}, ++ #endif ++ #ifdef SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN ++ {"ERROR_SETTING_TLSA_BASE_DOMAIN", ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN}, ++ #else ++ {"ERROR_SETTING_TLSA_BASE_DOMAIN", 20, 204}, ++ #endif ++ #ifdef SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE ++ {"EXCEEDS_MAX_FRAGMENT_SIZE", ERR_LIB_SSL, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE}, ++ #else ++ {"EXCEEDS_MAX_FRAGMENT_SIZE", 20, 194}, ++ #endif ++ #ifdef SSL_R_EXCESSIVE_MESSAGE_SIZE ++ {"EXCESSIVE_MESSAGE_SIZE", ERR_LIB_SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE}, ++ #else ++ {"EXCESSIVE_MESSAGE_SIZE", 20, 152}, ++ #endif ++ #ifdef SSL_R_EXTENSION_NOT_RECEIVED ++ {"EXTENSION_NOT_RECEIVED", ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED}, ++ #else ++ {"EXTENSION_NOT_RECEIVED", 20, 279}, ++ #endif ++ #ifdef SSL_R_EXTRA_DATA_IN_MESSAGE ++ {"EXTRA_DATA_IN_MESSAGE", ERR_LIB_SSL, SSL_R_EXTRA_DATA_IN_MESSAGE}, ++ #else ++ {"EXTRA_DATA_IN_MESSAGE", 20, 153}, ++ #endif ++ #ifdef SSL_R_EXT_LENGTH_MISMATCH ++ {"EXT_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_EXT_LENGTH_MISMATCH}, ++ #else ++ {"EXT_LENGTH_MISMATCH", 20, 163}, ++ #endif ++ #ifdef SSL_R_FAILED_TO_INIT_ASYNC ++ {"FAILED_TO_INIT_ASYNC", ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC}, ++ #else ++ {"FAILED_TO_INIT_ASYNC", 20, 405}, ++ #endif ++ #ifdef SSL_R_FRAGMENTED_CLIENT_HELLO ++ {"FRAGMENTED_CLIENT_HELLO", ERR_LIB_SSL, SSL_R_FRAGMENTED_CLIENT_HELLO}, ++ #else ++ {"FRAGMENTED_CLIENT_HELLO", 20, 401}, ++ #endif ++ #ifdef SSL_R_GOT_A_FIN_BEFORE_A_CCS ++ {"GOT_A_FIN_BEFORE_A_CCS", ERR_LIB_SSL, SSL_R_GOT_A_FIN_BEFORE_A_CCS}, ++ #else ++ {"GOT_A_FIN_BEFORE_A_CCS", 20, 154}, ++ #endif ++ #ifdef SSL_R_HTTPS_PROXY_REQUEST ++ {"HTTPS_PROXY_REQUEST", ERR_LIB_SSL, SSL_R_HTTPS_PROXY_REQUEST}, ++ #else ++ {"HTTPS_PROXY_REQUEST", 20, 155}, ++ #endif ++ #ifdef SSL_R_HTTP_REQUEST ++ {"HTTP_REQUEST", ERR_LIB_SSL, SSL_R_HTTP_REQUEST}, ++ #else ++ {"HTTP_REQUEST", 20, 156}, ++ #endif ++ #ifdef SSL_R_ILLEGAL_POINT_COMPRESSION ++ {"ILLEGAL_POINT_COMPRESSION", ERR_LIB_SSL, SSL_R_ILLEGAL_POINT_COMPRESSION}, ++ #else ++ {"ILLEGAL_POINT_COMPRESSION", 20, 162}, ++ #endif ++ #ifdef SSL_R_ILLEGAL_SUITEB_DIGEST ++ {"ILLEGAL_SUITEB_DIGEST", ERR_LIB_SSL, SSL_R_ILLEGAL_SUITEB_DIGEST}, ++ #else ++ {"ILLEGAL_SUITEB_DIGEST", 20, 380}, ++ #endif ++ #ifdef SSL_R_INAPPROPRIATE_FALLBACK ++ {"INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, SSL_R_INAPPROPRIATE_FALLBACK}, ++ #else ++ {"INAPPROPRIATE_FALLBACK", 20, 373}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_COMPRESSION ++ {"INCONSISTENT_COMPRESSION", ERR_LIB_SSL, SSL_R_INCONSISTENT_COMPRESSION}, ++ #else ++ {"INCONSISTENT_COMPRESSION", 20, 340}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_EARLY_DATA_ALPN ++ {"INCONSISTENT_EARLY_DATA_ALPN", ERR_LIB_SSL, SSL_R_INCONSISTENT_EARLY_DATA_ALPN}, ++ #else ++ {"INCONSISTENT_EARLY_DATA_ALPN", 20, 222}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_EARLY_DATA_SNI ++ {"INCONSISTENT_EARLY_DATA_SNI", ERR_LIB_SSL, SSL_R_INCONSISTENT_EARLY_DATA_SNI}, ++ #else ++ {"INCONSISTENT_EARLY_DATA_SNI", 20, 231}, ++ #endif ++ #ifdef SSL_R_INCONSISTENT_EXTMS ++ {"INCONSISTENT_EXTMS", ERR_LIB_SSL, SSL_R_INCONSISTENT_EXTMS}, ++ #else ++ {"INCONSISTENT_EXTMS", 20, 104}, ++ #endif ++ #ifdef SSL_R_INSUFFICIENT_SECURITY ++ {"INSUFFICIENT_SECURITY", ERR_LIB_SSL, SSL_R_INSUFFICIENT_SECURITY}, ++ #else ++ {"INSUFFICIENT_SECURITY", 20, 241}, ++ #endif ++ #ifdef SSL_R_INVALID_ALERT ++ {"INVALID_ALERT", ERR_LIB_SSL, SSL_R_INVALID_ALERT}, ++ #else ++ {"INVALID_ALERT", 20, 205}, ++ #endif ++ #ifdef SSL_R_INVALID_CCS_MESSAGE ++ {"INVALID_CCS_MESSAGE", ERR_LIB_SSL, SSL_R_INVALID_CCS_MESSAGE}, ++ #else ++ {"INVALID_CCS_MESSAGE", 20, 260}, ++ #endif ++ #ifdef SSL_R_INVALID_CERTIFICATE_OR_ALG ++ {"INVALID_CERTIFICATE_OR_ALG", ERR_LIB_SSL, SSL_R_INVALID_CERTIFICATE_OR_ALG}, ++ #else ++ {"INVALID_CERTIFICATE_OR_ALG", 20, 238}, ++ #endif ++ #ifdef SSL_R_INVALID_COMMAND ++ {"INVALID_COMMAND", ERR_LIB_SSL, SSL_R_INVALID_COMMAND}, ++ #else ++ {"INVALID_COMMAND", 20, 280}, ++ #endif ++ #ifdef SSL_R_INVALID_COMPRESSION_ALGORITHM ++ {"INVALID_COMPRESSION_ALGORITHM", ERR_LIB_SSL, SSL_R_INVALID_COMPRESSION_ALGORITHM}, ++ #else ++ {"INVALID_COMPRESSION_ALGORITHM", 20, 341}, ++ #endif ++ #ifdef SSL_R_INVALID_CONFIG ++ {"INVALID_CONFIG", ERR_LIB_SSL, SSL_R_INVALID_CONFIG}, ++ #else ++ {"INVALID_CONFIG", 20, 283}, ++ #endif ++ #ifdef SSL_R_INVALID_CONFIGURATION_NAME ++ {"INVALID_CONFIGURATION_NAME", ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME}, ++ #else ++ {"INVALID_CONFIGURATION_NAME", 20, 113}, ++ #endif ++ #ifdef SSL_R_INVALID_CONTEXT ++ {"INVALID_CONTEXT", ERR_LIB_SSL, SSL_R_INVALID_CONTEXT}, ++ #else ++ {"INVALID_CONTEXT", 20, 282}, ++ #endif ++ #ifdef SSL_R_INVALID_CT_VALIDATION_TYPE ++ {"INVALID_CT_VALIDATION_TYPE", ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE}, ++ #else ++ {"INVALID_CT_VALIDATION_TYPE", 20, 212}, ++ #endif ++ #ifdef SSL_R_INVALID_KEY_UPDATE_TYPE ++ {"INVALID_KEY_UPDATE_TYPE", ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE}, ++ #else ++ {"INVALID_KEY_UPDATE_TYPE", 20, 120}, ++ #endif ++ #ifdef SSL_R_INVALID_MAX_EARLY_DATA ++ {"INVALID_MAX_EARLY_DATA", ERR_LIB_SSL, SSL_R_INVALID_MAX_EARLY_DATA}, ++ #else ++ {"INVALID_MAX_EARLY_DATA", 20, 174}, ++ #endif ++ #ifdef SSL_R_INVALID_NULL_CMD_NAME ++ {"INVALID_NULL_CMD_NAME", ERR_LIB_SSL, SSL_R_INVALID_NULL_CMD_NAME}, ++ #else ++ {"INVALID_NULL_CMD_NAME", 20, 385}, ++ #endif ++ #ifdef SSL_R_INVALID_SEQUENCE_NUMBER ++ {"INVALID_SEQUENCE_NUMBER", ERR_LIB_SSL, SSL_R_INVALID_SEQUENCE_NUMBER}, ++ #else ++ {"INVALID_SEQUENCE_NUMBER", 20, 402}, ++ #endif ++ #ifdef SSL_R_INVALID_SERVERINFO_DATA ++ {"INVALID_SERVERINFO_DATA", ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA}, ++ #else ++ {"INVALID_SERVERINFO_DATA", 20, 388}, ++ #endif ++ #ifdef SSL_R_INVALID_SESSION_ID ++ {"INVALID_SESSION_ID", ERR_LIB_SSL, SSL_R_INVALID_SESSION_ID}, ++ #else ++ {"INVALID_SESSION_ID", 20, 999}, ++ #endif ++ #ifdef SSL_R_INVALID_SRP_USERNAME ++ {"INVALID_SRP_USERNAME", ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME}, ++ #else ++ {"INVALID_SRP_USERNAME", 20, 357}, ++ #endif ++ #ifdef SSL_R_INVALID_STATUS_RESPONSE ++ {"INVALID_STATUS_RESPONSE", ERR_LIB_SSL, SSL_R_INVALID_STATUS_RESPONSE}, ++ #else ++ {"INVALID_STATUS_RESPONSE", 20, 328}, ++ #endif ++ #ifdef SSL_R_INVALID_TICKET_KEYS_LENGTH ++ {"INVALID_TICKET_KEYS_LENGTH", ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH}, ++ #else ++ {"INVALID_TICKET_KEYS_LENGTH", 20, 325}, ++ #endif ++ #ifdef SSL_R_LENGTH_MISMATCH ++ {"LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH}, ++ #else ++ {"LENGTH_MISMATCH", 20, 159}, ++ #endif ++ #ifdef SSL_R_LENGTH_TOO_LONG ++ {"LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_LENGTH_TOO_LONG}, ++ #else ++ {"LENGTH_TOO_LONG", 20, 404}, ++ #endif ++ #ifdef SSL_R_LENGTH_TOO_SHORT ++ {"LENGTH_TOO_SHORT", ERR_LIB_SSL, SSL_R_LENGTH_TOO_SHORT}, ++ #else ++ {"LENGTH_TOO_SHORT", 20, 160}, ++ #endif ++ #ifdef SSL_R_LIBRARY_BUG ++ {"LIBRARY_BUG", ERR_LIB_SSL, SSL_R_LIBRARY_BUG}, ++ #else ++ {"LIBRARY_BUG", 20, 274}, ++ #endif ++ #ifdef SSL_R_LIBRARY_HAS_NO_CIPHERS ++ {"LIBRARY_HAS_NO_CIPHERS", ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS}, ++ #else ++ {"LIBRARY_HAS_NO_CIPHERS", 20, 161}, ++ #endif ++ #ifdef SSL_R_MISSING_DSA_SIGNING_CERT ++ {"MISSING_DSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_DSA_SIGNING_CERT}, ++ #else ++ {"MISSING_DSA_SIGNING_CERT", 20, 165}, ++ #endif ++ #ifdef SSL_R_MISSING_ECDSA_SIGNING_CERT ++ {"MISSING_ECDSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_ECDSA_SIGNING_CERT}, ++ #else ++ {"MISSING_ECDSA_SIGNING_CERT", 20, 381}, ++ #endif ++ #ifdef SSL_R_MISSING_FATAL ++ {"MISSING_FATAL", ERR_LIB_SSL, SSL_R_MISSING_FATAL}, ++ #else ++ {"MISSING_FATAL", 20, 256}, ++ #endif ++ #ifdef SSL_R_MISSING_PARAMETERS ++ {"MISSING_PARAMETERS", ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS}, ++ #else ++ {"MISSING_PARAMETERS", 20, 290}, ++ #endif ++ #ifdef SSL_R_MISSING_RSA_CERTIFICATE ++ {"MISSING_RSA_CERTIFICATE", ERR_LIB_SSL, SSL_R_MISSING_RSA_CERTIFICATE}, ++ #else ++ {"MISSING_RSA_CERTIFICATE", 20, 168}, ++ #endif ++ #ifdef SSL_R_MISSING_RSA_ENCRYPTING_CERT ++ {"MISSING_RSA_ENCRYPTING_CERT", ERR_LIB_SSL, SSL_R_MISSING_RSA_ENCRYPTING_CERT}, ++ #else ++ {"MISSING_RSA_ENCRYPTING_CERT", 20, 169}, ++ #endif ++ #ifdef SSL_R_MISSING_RSA_SIGNING_CERT ++ {"MISSING_RSA_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_RSA_SIGNING_CERT}, ++ #else ++ {"MISSING_RSA_SIGNING_CERT", 20, 170}, ++ #endif ++ #ifdef SSL_R_MISSING_SIGALGS_EXTENSION ++ {"MISSING_SIGALGS_EXTENSION", ERR_LIB_SSL, SSL_R_MISSING_SIGALGS_EXTENSION}, ++ #else ++ {"MISSING_SIGALGS_EXTENSION", 20, 112}, ++ #endif ++ #ifdef SSL_R_MISSING_SIGNING_CERT ++ {"MISSING_SIGNING_CERT", ERR_LIB_SSL, SSL_R_MISSING_SIGNING_CERT}, ++ #else ++ {"MISSING_SIGNING_CERT", 20, 221}, ++ #endif ++ #ifdef SSL_R_MISSING_SRP_PARAM ++ {"MISSING_SRP_PARAM", ERR_LIB_SSL, SSL_R_MISSING_SRP_PARAM}, ++ #else ++ {"MISSING_SRP_PARAM", 20, 358}, ++ #endif ++ #ifdef SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION ++ {"MISSING_SUPPORTED_GROUPS_EXTENSION", ERR_LIB_SSL, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION}, ++ #else ++ {"MISSING_SUPPORTED_GROUPS_EXTENSION", 20, 209}, ++ #endif ++ #ifdef SSL_R_MISSING_TMP_DH_KEY ++ {"MISSING_TMP_DH_KEY", ERR_LIB_SSL, SSL_R_MISSING_TMP_DH_KEY}, ++ #else ++ {"MISSING_TMP_DH_KEY", 20, 171}, ++ #endif ++ #ifdef SSL_R_MISSING_TMP_ECDH_KEY ++ {"MISSING_TMP_ECDH_KEY", ERR_LIB_SSL, SSL_R_MISSING_TMP_ECDH_KEY}, ++ #else ++ {"MISSING_TMP_ECDH_KEY", 20, 311}, ++ #endif ++ #ifdef SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ++ {"MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA", ERR_LIB_SSL, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA}, ++ #else ++ {"MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA", 20, 293}, ++ #endif ++ #ifdef SSL_R_NOT_ON_RECORD_BOUNDARY ++ {"NOT_ON_RECORD_BOUNDARY", ERR_LIB_SSL, SSL_R_NOT_ON_RECORD_BOUNDARY}, ++ #else ++ {"NOT_ON_RECORD_BOUNDARY", 20, 182}, ++ #endif ++ #ifdef SSL_R_NOT_REPLACING_CERTIFICATE ++ {"NOT_REPLACING_CERTIFICATE", ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE}, ++ #else ++ {"NOT_REPLACING_CERTIFICATE", 20, 289}, ++ #endif ++ #ifdef SSL_R_NOT_SERVER ++ {"NOT_SERVER", ERR_LIB_SSL, SSL_R_NOT_SERVER}, ++ #else ++ {"NOT_SERVER", 20, 284}, ++ #endif ++ #ifdef SSL_R_NO_APPLICATION_PROTOCOL ++ {"NO_APPLICATION_PROTOCOL", ERR_LIB_SSL, SSL_R_NO_APPLICATION_PROTOCOL}, ++ #else ++ {"NO_APPLICATION_PROTOCOL", 20, 235}, ++ #endif ++ #ifdef SSL_R_NO_CERTIFICATES_RETURNED ++ {"NO_CERTIFICATES_RETURNED", ERR_LIB_SSL, SSL_R_NO_CERTIFICATES_RETURNED}, ++ #else ++ {"NO_CERTIFICATES_RETURNED", 20, 176}, ++ #endif ++ #ifdef SSL_R_NO_CERTIFICATE_ASSIGNED ++ {"NO_CERTIFICATE_ASSIGNED", ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED}, ++ #else ++ {"NO_CERTIFICATE_ASSIGNED", 20, 177}, ++ #endif ++ #ifdef SSL_R_NO_CERTIFICATE_SET ++ {"NO_CERTIFICATE_SET", ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET}, ++ #else ++ {"NO_CERTIFICATE_SET", 20, 179}, ++ #endif ++ #ifdef SSL_R_NO_CHANGE_FOLLOWING_HRR ++ {"NO_CHANGE_FOLLOWING_HRR", ERR_LIB_SSL, SSL_R_NO_CHANGE_FOLLOWING_HRR}, ++ #else ++ {"NO_CHANGE_FOLLOWING_HRR", 20, 214}, ++ #endif ++ #ifdef SSL_R_NO_CIPHERS_AVAILABLE ++ {"NO_CIPHERS_AVAILABLE", ERR_LIB_SSL, SSL_R_NO_CIPHERS_AVAILABLE}, ++ #else ++ {"NO_CIPHERS_AVAILABLE", 20, 181}, ++ #endif ++ #ifdef SSL_R_NO_CIPHERS_SPECIFIED ++ {"NO_CIPHERS_SPECIFIED", ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED}, ++ #else ++ {"NO_CIPHERS_SPECIFIED", 20, 183}, ++ #endif ++ #ifdef SSL_R_NO_CIPHER_MATCH ++ {"NO_CIPHER_MATCH", ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH}, ++ #else ++ {"NO_CIPHER_MATCH", 20, 185}, ++ #endif ++ #ifdef SSL_R_NO_CLIENT_CERT_METHOD ++ {"NO_CLIENT_CERT_METHOD", ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD}, ++ #else ++ {"NO_CLIENT_CERT_METHOD", 20, 331}, ++ #endif ++ #ifdef SSL_R_NO_COMPRESSION_SPECIFIED ++ {"NO_COMPRESSION_SPECIFIED", ERR_LIB_SSL, SSL_R_NO_COMPRESSION_SPECIFIED}, ++ #else ++ {"NO_COMPRESSION_SPECIFIED", 20, 187}, ++ #endif ++ #ifdef SSL_R_NO_COOKIE_CALLBACK_SET ++ {"NO_COOKIE_CALLBACK_SET", ERR_LIB_SSL, SSL_R_NO_COOKIE_CALLBACK_SET}, ++ #else ++ {"NO_COOKIE_CALLBACK_SET", 20, 287}, ++ #endif ++ #ifdef SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER ++ {"NO_GOST_CERTIFICATE_SENT_BY_PEER", ERR_LIB_SSL, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER}, ++ #else ++ {"NO_GOST_CERTIFICATE_SENT_BY_PEER", 20, 330}, ++ #endif ++ #ifdef SSL_R_NO_METHOD_SPECIFIED ++ {"NO_METHOD_SPECIFIED", ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED}, ++ #else ++ {"NO_METHOD_SPECIFIED", 20, 188}, ++ #endif ++ #ifdef SSL_R_NO_PEM_EXTENSIONS ++ {"NO_PEM_EXTENSIONS", ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS}, ++ #else ++ {"NO_PEM_EXTENSIONS", 20, 389}, ++ #endif ++ #ifdef SSL_R_NO_PRIVATE_KEY_ASSIGNED ++ {"NO_PRIVATE_KEY_ASSIGNED", ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED}, ++ #else ++ {"NO_PRIVATE_KEY_ASSIGNED", 20, 190}, ++ #endif ++ #ifdef SSL_R_NO_PROTOCOLS_AVAILABLE ++ {"NO_PROTOCOLS_AVAILABLE", ERR_LIB_SSL, SSL_R_NO_PROTOCOLS_AVAILABLE}, ++ #else ++ {"NO_PROTOCOLS_AVAILABLE", 20, 191}, ++ #endif ++ #ifdef SSL_R_NO_RENEGOTIATION ++ {"NO_RENEGOTIATION", ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION}, ++ #else ++ {"NO_RENEGOTIATION", 20, 339}, ++ #endif ++ #ifdef SSL_R_NO_REQUIRED_DIGEST ++ {"NO_REQUIRED_DIGEST", ERR_LIB_SSL, SSL_R_NO_REQUIRED_DIGEST}, ++ #else ++ {"NO_REQUIRED_DIGEST", 20, 324}, ++ #endif ++ #ifdef SSL_R_NO_SHARED_CIPHER ++ {"NO_SHARED_CIPHER", ERR_LIB_SSL, SSL_R_NO_SHARED_CIPHER}, ++ #else ++ {"NO_SHARED_CIPHER", 20, 193}, ++ #endif ++ #ifdef SSL_R_NO_SHARED_GROUPS ++ {"NO_SHARED_GROUPS", ERR_LIB_SSL, SSL_R_NO_SHARED_GROUPS}, ++ #else ++ {"NO_SHARED_GROUPS", 20, 410}, ++ #endif ++ #ifdef SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS ++ {"NO_SHARED_SIGNATURE_ALGORITHMS", ERR_LIB_SSL, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS}, ++ #else ++ {"NO_SHARED_SIGNATURE_ALGORITHMS", 20, 376}, ++ #endif ++ #ifdef SSL_R_NO_SRTP_PROFILES ++ {"NO_SRTP_PROFILES", ERR_LIB_SSL, SSL_R_NO_SRTP_PROFILES}, ++ #else ++ {"NO_SRTP_PROFILES", 20, 359}, ++ #endif ++ #ifdef SSL_R_NO_SUITABLE_DIGEST_ALGORITHM ++ {"NO_SUITABLE_DIGEST_ALGORITHM", ERR_LIB_SSL, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM}, ++ #else ++ {"NO_SUITABLE_DIGEST_ALGORITHM", 20, 297}, ++ #endif ++ #ifdef SSL_R_NO_SUITABLE_GROUPS ++ {"NO_SUITABLE_GROUPS", ERR_LIB_SSL, SSL_R_NO_SUITABLE_GROUPS}, ++ #else ++ {"NO_SUITABLE_GROUPS", 20, 295}, ++ #endif ++ #ifdef SSL_R_NO_SUITABLE_KEY_SHARE ++ {"NO_SUITABLE_KEY_SHARE", ERR_LIB_SSL, SSL_R_NO_SUITABLE_KEY_SHARE}, ++ #else ++ {"NO_SUITABLE_KEY_SHARE", 20, 101}, ++ #endif ++ #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM ++ {"NO_SUITABLE_SIGNATURE_ALGORITHM", ERR_LIB_SSL, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM}, ++ #else ++ {"NO_SUITABLE_SIGNATURE_ALGORITHM", 20, 118}, ++ #endif ++ #ifdef SSL_R_NO_VALID_SCTS ++ {"NO_VALID_SCTS", ERR_LIB_SSL, SSL_R_NO_VALID_SCTS}, ++ #else ++ {"NO_VALID_SCTS", 20, 216}, ++ #endif ++ #ifdef SSL_R_NO_VERIFY_COOKIE_CALLBACK ++ {"NO_VERIFY_COOKIE_CALLBACK", ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK}, ++ #else ++ {"NO_VERIFY_COOKIE_CALLBACK", 20, 403}, ++ #endif ++ #ifdef SSL_R_NULL_SSL_CTX ++ {"NULL_SSL_CTX", ERR_LIB_SSL, SSL_R_NULL_SSL_CTX}, ++ #else ++ {"NULL_SSL_CTX", 20, 195}, ++ #endif ++ #ifdef SSL_R_NULL_SSL_METHOD_PASSED ++ {"NULL_SSL_METHOD_PASSED", ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED}, ++ #else ++ {"NULL_SSL_METHOD_PASSED", 20, 196}, ++ #endif ++ #ifdef SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ++ {"OLD_SESSION_CIPHER_NOT_RETURNED", ERR_LIB_SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED}, ++ #else ++ {"OLD_SESSION_CIPHER_NOT_RETURNED", 20, 197}, ++ #endif ++ #ifdef SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED ++ {"OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED", ERR_LIB_SSL, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED}, ++ #else ++ {"OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED", 20, 344}, ++ #endif ++ #ifdef SSL_R_OVERFLOW_ERROR ++ {"OVERFLOW_ERROR", ERR_LIB_SSL, SSL_R_OVERFLOW_ERROR}, ++ #else ++ {"OVERFLOW_ERROR", 20, 237}, ++ #endif ++ #ifdef SSL_R_PACKET_LENGTH_TOO_LONG ++ {"PACKET_LENGTH_TOO_LONG", ERR_LIB_SSL, SSL_R_PACKET_LENGTH_TOO_LONG}, ++ #else ++ {"PACKET_LENGTH_TOO_LONG", 20, 198}, ++ #endif ++ #ifdef SSL_R_PARSE_TLSEXT ++ {"PARSE_TLSEXT", ERR_LIB_SSL, SSL_R_PARSE_TLSEXT}, ++ #else ++ {"PARSE_TLSEXT", 20, 227}, ++ #endif ++ #ifdef SSL_R_PATH_TOO_LONG ++ {"PATH_TOO_LONG", ERR_LIB_SSL, SSL_R_PATH_TOO_LONG}, ++ #else ++ {"PATH_TOO_LONG", 20, 270}, ++ #endif ++ #ifdef SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ++ {"PEER_DID_NOT_RETURN_A_CERTIFICATE", ERR_LIB_SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE}, ++ #else ++ {"PEER_DID_NOT_RETURN_A_CERTIFICATE", 20, 199}, ++ #endif ++ #ifdef SSL_R_PEM_NAME_BAD_PREFIX ++ {"PEM_NAME_BAD_PREFIX", ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX}, ++ #else ++ {"PEM_NAME_BAD_PREFIX", 20, 391}, ++ #endif ++ #ifdef SSL_R_PEM_NAME_TOO_SHORT ++ {"PEM_NAME_TOO_SHORT", ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT}, ++ #else ++ {"PEM_NAME_TOO_SHORT", 20, 392}, ++ #endif ++ #ifdef SSL_R_PIPELINE_FAILURE ++ {"PIPELINE_FAILURE", ERR_LIB_SSL, SSL_R_PIPELINE_FAILURE}, ++ #else ++ {"PIPELINE_FAILURE", 20, 406}, ++ #endif ++ #ifdef SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR ++ {"POST_HANDSHAKE_AUTH_ENCODING_ERR", ERR_LIB_SSL, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR}, ++ #else ++ {"POST_HANDSHAKE_AUTH_ENCODING_ERR", 20, 278}, ++ #endif ++ #ifdef SSL_R_PRIVATE_KEY_MISMATCH ++ {"PRIVATE_KEY_MISMATCH", ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH}, ++ #else ++ {"PRIVATE_KEY_MISMATCH", 20, 288}, ++ #endif ++ #ifdef SSL_R_PROTOCOL_IS_SHUTDOWN ++ {"PROTOCOL_IS_SHUTDOWN", ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN}, ++ #else ++ {"PROTOCOL_IS_SHUTDOWN", 20, 207}, ++ #endif ++ #ifdef SSL_R_PSK_IDENTITY_NOT_FOUND ++ {"PSK_IDENTITY_NOT_FOUND", ERR_LIB_SSL, SSL_R_PSK_IDENTITY_NOT_FOUND}, ++ #else ++ {"PSK_IDENTITY_NOT_FOUND", 20, 223}, ++ #endif ++ #ifdef SSL_R_PSK_NO_CLIENT_CB ++ {"PSK_NO_CLIENT_CB", ERR_LIB_SSL, SSL_R_PSK_NO_CLIENT_CB}, ++ #else ++ {"PSK_NO_CLIENT_CB", 20, 224}, ++ #endif ++ #ifdef SSL_R_PSK_NO_SERVER_CB ++ {"PSK_NO_SERVER_CB", ERR_LIB_SSL, SSL_R_PSK_NO_SERVER_CB}, ++ #else ++ {"PSK_NO_SERVER_CB", 20, 225}, ++ #endif ++ #ifdef SSL_R_READ_BIO_NOT_SET ++ {"READ_BIO_NOT_SET", ERR_LIB_SSL, SSL_R_READ_BIO_NOT_SET}, ++ #else ++ {"READ_BIO_NOT_SET", 20, 211}, ++ #endif ++ #ifdef SSL_R_READ_TIMEOUT_EXPIRED ++ {"READ_TIMEOUT_EXPIRED", ERR_LIB_SSL, SSL_R_READ_TIMEOUT_EXPIRED}, ++ #else ++ {"READ_TIMEOUT_EXPIRED", 20, 312}, ++ #endif ++ #ifdef SSL_R_RECORD_LENGTH_MISMATCH ++ {"RECORD_LENGTH_MISMATCH", ERR_LIB_SSL, SSL_R_RECORD_LENGTH_MISMATCH}, ++ #else ++ {"RECORD_LENGTH_MISMATCH", 20, 213}, ++ #endif ++ #ifdef SSL_R_RECORD_TOO_SMALL ++ {"RECORD_TOO_SMALL", ERR_LIB_SSL, SSL_R_RECORD_TOO_SMALL}, ++ #else ++ {"RECORD_TOO_SMALL", 20, 298}, ++ #endif ++ #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG ++ {"RENEGOTIATE_EXT_TOO_LONG", ERR_LIB_SSL, SSL_R_RENEGOTIATE_EXT_TOO_LONG}, ++ #else ++ {"RENEGOTIATE_EXT_TOO_LONG", 20, 335}, ++ #endif ++ #ifdef SSL_R_RENEGOTIATION_ENCODING_ERR ++ {"RENEGOTIATION_ENCODING_ERR", ERR_LIB_SSL, SSL_R_RENEGOTIATION_ENCODING_ERR}, ++ #else ++ {"RENEGOTIATION_ENCODING_ERR", 20, 336}, ++ #endif ++ #ifdef SSL_R_RENEGOTIATION_MISMATCH ++ {"RENEGOTIATION_MISMATCH", ERR_LIB_SSL, SSL_R_RENEGOTIATION_MISMATCH}, ++ #else ++ {"RENEGOTIATION_MISMATCH", 20, 337}, ++ #endif ++ #ifdef SSL_R_REQUEST_PENDING ++ {"REQUEST_PENDING", ERR_LIB_SSL, SSL_R_REQUEST_PENDING}, ++ #else ++ {"REQUEST_PENDING", 20, 285}, ++ #endif ++ #ifdef SSL_R_REQUEST_SENT ++ {"REQUEST_SENT", ERR_LIB_SSL, SSL_R_REQUEST_SENT}, ++ #else ++ {"REQUEST_SENT", 20, 286}, ++ #endif ++ #ifdef SSL_R_REQUIRED_CIPHER_MISSING ++ {"REQUIRED_CIPHER_MISSING", ERR_LIB_SSL, SSL_R_REQUIRED_CIPHER_MISSING}, ++ #else ++ {"REQUIRED_CIPHER_MISSING", 20, 215}, ++ #endif ++ #ifdef SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING ++ {"REQUIRED_COMPRESSION_ALGORITHM_MISSING", ERR_LIB_SSL, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING}, ++ #else ++ {"REQUIRED_COMPRESSION_ALGORITHM_MISSING", 20, 342}, ++ #endif ++ #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING ++ {"SCSV_RECEIVED_WHEN_RENEGOTIATING", ERR_LIB_SSL, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING}, ++ #else ++ {"SCSV_RECEIVED_WHEN_RENEGOTIATING", 20, 345}, ++ #endif ++ #ifdef SSL_R_SCT_VERIFICATION_FAILED ++ {"SCT_VERIFICATION_FAILED", ERR_LIB_SSL, SSL_R_SCT_VERIFICATION_FAILED}, ++ #else ++ {"SCT_VERIFICATION_FAILED", 20, 208}, ++ #endif ++ #ifdef SSL_R_SERVERHELLO_TLSEXT ++ {"SERVERHELLO_TLSEXT", ERR_LIB_SSL, SSL_R_SERVERHELLO_TLSEXT}, ++ #else ++ {"SERVERHELLO_TLSEXT", 20, 275}, ++ #endif ++ #ifdef SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ++ {"SESSION_ID_CONTEXT_UNINITIALIZED", ERR_LIB_SSL, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED}, ++ #else ++ {"SESSION_ID_CONTEXT_UNINITIALIZED", 20, 277}, ++ #endif ++ #ifdef SSL_R_SHUTDOWN_WHILE_IN_INIT ++ {"SHUTDOWN_WHILE_IN_INIT", ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT}, ++ #else ++ {"SHUTDOWN_WHILE_IN_INIT", 20, 407}, ++ #endif ++ #ifdef SSL_R_SIGNATURE_ALGORITHMS_ERROR ++ {"SIGNATURE_ALGORITHMS_ERROR", ERR_LIB_SSL, SSL_R_SIGNATURE_ALGORITHMS_ERROR}, ++ #else ++ {"SIGNATURE_ALGORITHMS_ERROR", 20, 360}, ++ #endif ++ #ifdef SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE ++ {"SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", ERR_LIB_SSL, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE}, ++ #else ++ {"SIGNATURE_FOR_NON_SIGNING_CERTIFICATE", 20, 220}, ++ #endif ++ #ifdef SSL_R_SRP_A_CALC ++ {"SRP_A_CALC", ERR_LIB_SSL, SSL_R_SRP_A_CALC}, ++ #else ++ {"SRP_A_CALC", 20, 361}, ++ #endif ++ #ifdef SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES ++ {"SRTP_COULD_NOT_ALLOCATE_PROFILES", ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES}, ++ #else ++ {"SRTP_COULD_NOT_ALLOCATE_PROFILES", 20, 362}, ++ #endif ++ #ifdef SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG ++ {"SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", ERR_LIB_SSL, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG}, ++ #else ++ {"SRTP_PROTECTION_PROFILE_LIST_TOO_LONG", 20, 363}, ++ #endif ++ #ifdef SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE ++ {"SRTP_UNKNOWN_PROTECTION_PROFILE", ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE}, ++ #else ++ {"SRTP_UNKNOWN_PROTECTION_PROFILE", 20, 364}, ++ #endif ++ #ifdef SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH ++ {"SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH", ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH}, ++ #else ++ {"SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH", 20, 232}, ++ #endif ++ #ifdef SSL_R_SSL3_EXT_INVALID_SERVERNAME ++ {"SSL3_EXT_INVALID_SERVERNAME", ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME}, ++ #else ++ {"SSL3_EXT_INVALID_SERVERNAME", 20, 319}, ++ #endif ++ #ifdef SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE ++ {"SSL3_EXT_INVALID_SERVERNAME_TYPE", ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE}, ++ #else ++ {"SSL3_EXT_INVALID_SERVERNAME_TYPE", 20, 320}, ++ #endif ++ #ifdef SSL_R_SSL3_SESSION_ID_TOO_LONG ++ {"SSL3_SESSION_ID_TOO_LONG", ERR_LIB_SSL, SSL_R_SSL3_SESSION_ID_TOO_LONG}, ++ #else ++ {"SSL3_SESSION_ID_TOO_LONG", 20, 300}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ++ {"SSLV3_ALERT_BAD_CERTIFICATE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE}, ++ #else ++ {"SSLV3_ALERT_BAD_CERTIFICATE", 20, 1042}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ++ {"SSLV3_ALERT_BAD_RECORD_MAC", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC}, ++ #else ++ {"SSLV3_ALERT_BAD_RECORD_MAC", 20, 1020}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ++ {"SSLV3_ALERT_CERTIFICATE_EXPIRED", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED}, ++ #else ++ {"SSLV3_ALERT_CERTIFICATE_EXPIRED", 20, 1045}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ++ {"SSLV3_ALERT_CERTIFICATE_REVOKED", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED}, ++ #else ++ {"SSLV3_ALERT_CERTIFICATE_REVOKED", 20, 1044}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ++ {"SSLV3_ALERT_CERTIFICATE_UNKNOWN", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN}, ++ #else ++ {"SSLV3_ALERT_CERTIFICATE_UNKNOWN", 20, 1046}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ++ {"SSLV3_ALERT_DECOMPRESSION_FAILURE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE}, ++ #else ++ {"SSLV3_ALERT_DECOMPRESSION_FAILURE", 20, 1030}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ++ {"SSLV3_ALERT_HANDSHAKE_FAILURE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE}, ++ #else ++ {"SSLV3_ALERT_HANDSHAKE_FAILURE", 20, 1040}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ++ {"SSLV3_ALERT_ILLEGAL_PARAMETER", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER}, ++ #else ++ {"SSLV3_ALERT_ILLEGAL_PARAMETER", 20, 1047}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_NO_CERTIFICATE ++ {"SSLV3_ALERT_NO_CERTIFICATE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_NO_CERTIFICATE}, ++ #else ++ {"SSLV3_ALERT_NO_CERTIFICATE", 20, 1041}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ++ {"SSLV3_ALERT_UNEXPECTED_MESSAGE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE}, ++ #else ++ {"SSLV3_ALERT_UNEXPECTED_MESSAGE", 20, 1010}, ++ #endif ++ #ifdef SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE ++ {"SSLV3_ALERT_UNSUPPORTED_CERTIFICATE", ERR_LIB_SSL, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE}, ++ #else ++ {"SSLV3_ALERT_UNSUPPORTED_CERTIFICATE", 20, 1043}, ++ #endif ++ #ifdef SSL_R_SSL_COMMAND_SECTION_EMPTY ++ {"SSL_COMMAND_SECTION_EMPTY", ERR_LIB_SSL, SSL_R_SSL_COMMAND_SECTION_EMPTY}, ++ #else ++ {"SSL_COMMAND_SECTION_EMPTY", 20, 117}, ++ #endif ++ #ifdef SSL_R_SSL_COMMAND_SECTION_NOT_FOUND ++ {"SSL_COMMAND_SECTION_NOT_FOUND", ERR_LIB_SSL, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_COMMAND_SECTION_NOT_FOUND", 20, 125}, ++ #endif ++ #ifdef SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION ++ {"SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION", ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION}, ++ #else ++ {"SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION", 20, 228}, ++ #endif ++ #ifdef SSL_R_SSL_HANDSHAKE_FAILURE ++ {"SSL_HANDSHAKE_FAILURE", ERR_LIB_SSL, SSL_R_SSL_HANDSHAKE_FAILURE}, ++ #else ++ {"SSL_HANDSHAKE_FAILURE", 20, 229}, ++ #endif ++ #ifdef SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ++ {"SSL_LIBRARY_HAS_NO_CIPHERS", ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS}, ++ #else ++ {"SSL_LIBRARY_HAS_NO_CIPHERS", 20, 230}, ++ #endif ++ #ifdef SSL_R_SSL_NEGATIVE_LENGTH ++ {"SSL_NEGATIVE_LENGTH", ERR_LIB_SSL, SSL_R_SSL_NEGATIVE_LENGTH}, ++ #else ++ {"SSL_NEGATIVE_LENGTH", 20, 372}, ++ #endif ++ #ifdef SSL_R_SSL_SECTION_EMPTY ++ {"SSL_SECTION_EMPTY", ERR_LIB_SSL, SSL_R_SSL_SECTION_EMPTY}, ++ #else ++ {"SSL_SECTION_EMPTY", 20, 126}, ++ #endif ++ #ifdef SSL_R_SSL_SECTION_NOT_FOUND ++ {"SSL_SECTION_NOT_FOUND", ERR_LIB_SSL, SSL_R_SSL_SECTION_NOT_FOUND}, ++ #else ++ {"SSL_SECTION_NOT_FOUND", 20, 136}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ++ {"SSL_SESSION_ID_CALLBACK_FAILED", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED}, ++ #else ++ {"SSL_SESSION_ID_CALLBACK_FAILED", 20, 301}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_CONFLICT ++ {"SSL_SESSION_ID_CONFLICT", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONFLICT}, ++ #else ++ {"SSL_SESSION_ID_CONFLICT", 20, 302}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ++ {"SSL_SESSION_ID_CONTEXT_TOO_LONG", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG}, ++ #else ++ {"SSL_SESSION_ID_CONTEXT_TOO_LONG", 20, 273}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ++ {"SSL_SESSION_ID_HAS_BAD_LENGTH", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH}, ++ #else ++ {"SSL_SESSION_ID_HAS_BAD_LENGTH", 20, 303}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_ID_TOO_LONG ++ {"SSL_SESSION_ID_TOO_LONG", ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG}, ++ #else ++ {"SSL_SESSION_ID_TOO_LONG", 20, 408}, ++ #endif ++ #ifdef SSL_R_SSL_SESSION_VERSION_MISMATCH ++ {"SSL_SESSION_VERSION_MISMATCH", ERR_LIB_SSL, SSL_R_SSL_SESSION_VERSION_MISMATCH}, ++ #else ++ {"SSL_SESSION_VERSION_MISMATCH", 20, 210}, ++ #endif ++ #ifdef SSL_R_STILL_IN_INIT ++ {"STILL_IN_INIT", ERR_LIB_SSL, SSL_R_STILL_IN_INIT}, ++ #else ++ {"STILL_IN_INIT", 20, 121}, ++ #endif ++ #ifdef SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED ++ {"TLSV13_ALERT_CERTIFICATE_REQUIRED", ERR_LIB_SSL, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED}, ++ #else ++ {"TLSV13_ALERT_CERTIFICATE_REQUIRED", 20, 1116}, ++ #endif ++ #ifdef SSL_R_TLSV13_ALERT_MISSING_EXTENSION ++ {"TLSV13_ALERT_MISSING_EXTENSION", ERR_LIB_SSL, SSL_R_TLSV13_ALERT_MISSING_EXTENSION}, ++ #else ++ {"TLSV13_ALERT_MISSING_EXTENSION", 20, 1109}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_ACCESS_DENIED ++ {"TLSV1_ALERT_ACCESS_DENIED", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_ACCESS_DENIED}, ++ #else ++ {"TLSV1_ALERT_ACCESS_DENIED", 20, 1049}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_DECODE_ERROR ++ {"TLSV1_ALERT_DECODE_ERROR", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_DECODE_ERROR}, ++ #else ++ {"TLSV1_ALERT_DECODE_ERROR", 20, 1050}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ++ {"TLSV1_ALERT_DECRYPTION_FAILED", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED}, ++ #else ++ {"TLSV1_ALERT_DECRYPTION_FAILED", 20, 1021}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_DECRYPT_ERROR ++ {"TLSV1_ALERT_DECRYPT_ERROR", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_DECRYPT_ERROR}, ++ #else ++ {"TLSV1_ALERT_DECRYPT_ERROR", 20, 1051}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ++ {"TLSV1_ALERT_EXPORT_RESTRICTION", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION}, ++ #else ++ {"TLSV1_ALERT_EXPORT_RESTRICTION", 20, 1060}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK ++ {"TLSV1_ALERT_INAPPROPRIATE_FALLBACK", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK}, ++ #else ++ {"TLSV1_ALERT_INAPPROPRIATE_FALLBACK", 20, 1086}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ++ {"TLSV1_ALERT_INSUFFICIENT_SECURITY", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY}, ++ #else ++ {"TLSV1_ALERT_INSUFFICIENT_SECURITY", 20, 1071}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_INTERNAL_ERROR ++ {"TLSV1_ALERT_INTERNAL_ERROR", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_INTERNAL_ERROR}, ++ #else ++ {"TLSV1_ALERT_INTERNAL_ERROR", 20, 1080}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ++ {"TLSV1_ALERT_NO_RENEGOTIATION", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION}, ++ #else ++ {"TLSV1_ALERT_NO_RENEGOTIATION", 20, 1100}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ++ {"TLSV1_ALERT_PROTOCOL_VERSION", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION}, ++ #else ++ {"TLSV1_ALERT_PROTOCOL_VERSION", 20, 1070}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ++ {"TLSV1_ALERT_RECORD_OVERFLOW", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW}, ++ #else ++ {"TLSV1_ALERT_RECORD_OVERFLOW", 20, 1022}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_UNKNOWN_CA ++ {"TLSV1_ALERT_UNKNOWN_CA", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_UNKNOWN_CA}, ++ #else ++ {"TLSV1_ALERT_UNKNOWN_CA", 20, 1048}, ++ #endif ++ #ifdef SSL_R_TLSV1_ALERT_USER_CANCELLED ++ {"TLSV1_ALERT_USER_CANCELLED", ERR_LIB_SSL, SSL_R_TLSV1_ALERT_USER_CANCELLED}, ++ #else ++ {"TLSV1_ALERT_USER_CANCELLED", 20, 1090}, ++ #endif ++ #ifdef SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE ++ {"TLSV1_BAD_CERTIFICATE_HASH_VALUE", ERR_LIB_SSL, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE}, ++ #else ++ {"TLSV1_BAD_CERTIFICATE_HASH_VALUE", 20, 1114}, ++ #endif ++ #ifdef SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE ++ {"TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE", ERR_LIB_SSL, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE}, ++ #else ++ {"TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE", 20, 1113}, ++ #endif ++ #ifdef SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE ++ {"TLSV1_CERTIFICATE_UNOBTAINABLE", ERR_LIB_SSL, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE}, ++ #else ++ {"TLSV1_CERTIFICATE_UNOBTAINABLE", 20, 1111}, ++ #endif ++ #ifdef SSL_R_TLSV1_UNRECOGNIZED_NAME ++ {"TLSV1_UNRECOGNIZED_NAME", ERR_LIB_SSL, SSL_R_TLSV1_UNRECOGNIZED_NAME}, ++ #else ++ {"TLSV1_UNRECOGNIZED_NAME", 20, 1112}, ++ #endif ++ #ifdef SSL_R_TLSV1_UNSUPPORTED_EXTENSION ++ {"TLSV1_UNSUPPORTED_EXTENSION", ERR_LIB_SSL, SSL_R_TLSV1_UNSUPPORTED_EXTENSION}, ++ #else ++ {"TLSV1_UNSUPPORTED_EXTENSION", 20, 1110}, ++ #endif ++ #ifdef SSL_R_TLS_ILLEGAL_EXPORTER_LABEL ++ {"TLS_ILLEGAL_EXPORTER_LABEL", ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL}, ++ #else ++ {"TLS_ILLEGAL_EXPORTER_LABEL", 20, 367}, ++ #endif ++ #ifdef SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST ++ {"TLS_INVALID_ECPOINTFORMAT_LIST", ERR_LIB_SSL, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST}, ++ #else ++ {"TLS_INVALID_ECPOINTFORMAT_LIST", 20, 157}, ++ #endif ++ #ifdef SSL_R_TOO_MANY_KEY_UPDATES ++ {"TOO_MANY_KEY_UPDATES", ERR_LIB_SSL, SSL_R_TOO_MANY_KEY_UPDATES}, ++ #else ++ {"TOO_MANY_KEY_UPDATES", 20, 132}, ++ #endif ++ #ifdef SSL_R_TOO_MANY_WARN_ALERTS ++ {"TOO_MANY_WARN_ALERTS", ERR_LIB_SSL, SSL_R_TOO_MANY_WARN_ALERTS}, ++ #else ++ {"TOO_MANY_WARN_ALERTS", 20, 409}, ++ #endif ++ #ifdef SSL_R_TOO_MUCH_EARLY_DATA ++ {"TOO_MUCH_EARLY_DATA", ERR_LIB_SSL, SSL_R_TOO_MUCH_EARLY_DATA}, ++ #else ++ {"TOO_MUCH_EARLY_DATA", 20, 164}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS ++ {"UNABLE_TO_FIND_ECDH_PARAMETERS", ERR_LIB_SSL, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS}, ++ #else ++ {"UNABLE_TO_FIND_ECDH_PARAMETERS", 20, 314}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS ++ {"UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS", ERR_LIB_SSL, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS}, ++ #else ++ {"UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS", 20, 239}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ++ {"UNABLE_TO_LOAD_SSL3_MD5_ROUTINES", ERR_LIB_SSL, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES}, ++ #else ++ {"UNABLE_TO_LOAD_SSL3_MD5_ROUTINES", 20, 242}, ++ #endif ++ #ifdef SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ++ {"UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES", ERR_LIB_SSL, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES}, ++ #else ++ {"UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES", 20, 243}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_CCS_MESSAGE ++ {"UNEXPECTED_CCS_MESSAGE", ERR_LIB_SSL, SSL_R_UNEXPECTED_CCS_MESSAGE}, ++ #else ++ {"UNEXPECTED_CCS_MESSAGE", 20, 262}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_END_OF_EARLY_DATA ++ {"UNEXPECTED_END_OF_EARLY_DATA", ERR_LIB_SSL, SSL_R_UNEXPECTED_END_OF_EARLY_DATA}, ++ #else ++ {"UNEXPECTED_END_OF_EARLY_DATA", 20, 178}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING ++ {"UNEXPECTED_EOF_WHILE_READING", ERR_LIB_SSL, SSL_R_UNEXPECTED_EOF_WHILE_READING}, ++ #else ++ {"UNEXPECTED_EOF_WHILE_READING", 20, 294}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_MESSAGE ++ {"UNEXPECTED_MESSAGE", ERR_LIB_SSL, SSL_R_UNEXPECTED_MESSAGE}, ++ #else ++ {"UNEXPECTED_MESSAGE", 20, 244}, ++ #endif ++ #ifdef SSL_R_UNEXPECTED_RECORD ++ {"UNEXPECTED_RECORD", ERR_LIB_SSL, SSL_R_UNEXPECTED_RECORD}, ++ #else ++ {"UNEXPECTED_RECORD", 20, 245}, ++ #endif ++ #ifdef SSL_R_UNINITIALIZED ++ {"UNINITIALIZED", ERR_LIB_SSL, SSL_R_UNINITIALIZED}, ++ #else ++ {"UNINITIALIZED", 20, 276}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_ALERT_TYPE ++ {"UNKNOWN_ALERT_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_ALERT_TYPE}, ++ #else ++ {"UNKNOWN_ALERT_TYPE", 20, 246}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CERTIFICATE_TYPE ++ {"UNKNOWN_CERTIFICATE_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE}, ++ #else ++ {"UNKNOWN_CERTIFICATE_TYPE", 20, 247}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CIPHER_RETURNED ++ {"UNKNOWN_CIPHER_RETURNED", ERR_LIB_SSL, SSL_R_UNKNOWN_CIPHER_RETURNED}, ++ #else ++ {"UNKNOWN_CIPHER_RETURNED", 20, 248}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CIPHER_TYPE ++ {"UNKNOWN_CIPHER_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_CIPHER_TYPE}, ++ #else ++ {"UNKNOWN_CIPHER_TYPE", 20, 249}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_CMD_NAME ++ {"UNKNOWN_CMD_NAME", ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME}, ++ #else ++ {"UNKNOWN_CMD_NAME", 20, 386}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_COMMAND ++ {"UNKNOWN_COMMAND", ERR_LIB_SSL, SSL_R_UNKNOWN_COMMAND}, ++ #else ++ {"UNKNOWN_COMMAND", 20, 139}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_DIGEST ++ {"UNKNOWN_DIGEST", ERR_LIB_SSL, SSL_R_UNKNOWN_DIGEST}, ++ #else ++ {"UNKNOWN_DIGEST", 20, 368}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ++ {"UNKNOWN_KEY_EXCHANGE_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE}, ++ #else ++ {"UNKNOWN_KEY_EXCHANGE_TYPE", 20, 250}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_PKEY_TYPE ++ {"UNKNOWN_PKEY_TYPE", ERR_LIB_SSL, SSL_R_UNKNOWN_PKEY_TYPE}, ++ #else ++ {"UNKNOWN_PKEY_TYPE", 20, 251}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_PROTOCOL ++ {"UNKNOWN_PROTOCOL", ERR_LIB_SSL, SSL_R_UNKNOWN_PROTOCOL}, ++ #else ++ {"UNKNOWN_PROTOCOL", 20, 252}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_SSL_VERSION ++ {"UNKNOWN_SSL_VERSION", ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION}, ++ #else ++ {"UNKNOWN_SSL_VERSION", 20, 254}, ++ #endif ++ #ifdef SSL_R_UNKNOWN_STATE ++ {"UNKNOWN_STATE", ERR_LIB_SSL, SSL_R_UNKNOWN_STATE}, ++ #else ++ {"UNKNOWN_STATE", 20, 255}, ++ #endif ++ #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED ++ {"UNSAFE_LEGACY_RENEGOTIATION_DISABLED", ERR_LIB_SSL, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED}, ++ #else ++ {"UNSAFE_LEGACY_RENEGOTIATION_DISABLED", 20, 338}, ++ #endif ++ #ifdef SSL_R_UNSOLICITED_EXTENSION ++ {"UNSOLICITED_EXTENSION", ERR_LIB_SSL, SSL_R_UNSOLICITED_EXTENSION}, ++ #else ++ {"UNSOLICITED_EXTENSION", 20, 217}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", ERR_LIB_SSL, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_COMPRESSION_ALGORITHM", 20, 257}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_ELLIPTIC_CURVE ++ {"UNSUPPORTED_ELLIPTIC_CURVE", ERR_LIB_SSL, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE}, ++ #else ++ {"UNSUPPORTED_ELLIPTIC_CURVE", 20, 315}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_PROTOCOL ++ {"UNSUPPORTED_PROTOCOL", ERR_LIB_SSL, SSL_R_UNSUPPORTED_PROTOCOL}, ++ #else ++ {"UNSUPPORTED_PROTOCOL", 20, 258}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_SSL_VERSION ++ {"UNSUPPORTED_SSL_VERSION", ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION}, ++ #else ++ {"UNSUPPORTED_SSL_VERSION", 20, 259}, ++ #endif ++ #ifdef SSL_R_UNSUPPORTED_STATUS_TYPE ++ {"UNSUPPORTED_STATUS_TYPE", ERR_LIB_SSL, SSL_R_UNSUPPORTED_STATUS_TYPE}, ++ #else ++ {"UNSUPPORTED_STATUS_TYPE", 20, 329}, ++ #endif ++ #ifdef SSL_R_USE_SRTP_NOT_NEGOTIATED ++ {"USE_SRTP_NOT_NEGOTIATED", ERR_LIB_SSL, SSL_R_USE_SRTP_NOT_NEGOTIATED}, ++ #else ++ {"USE_SRTP_NOT_NEGOTIATED", 20, 369}, ++ #endif ++ #ifdef SSL_R_VERSION_TOO_HIGH ++ {"VERSION_TOO_HIGH", ERR_LIB_SSL, SSL_R_VERSION_TOO_HIGH}, ++ #else ++ {"VERSION_TOO_HIGH", 20, 166}, ++ #endif ++ #ifdef SSL_R_VERSION_TOO_LOW ++ {"VERSION_TOO_LOW", ERR_LIB_SSL, SSL_R_VERSION_TOO_LOW}, ++ #else ++ {"VERSION_TOO_LOW", 20, 396}, ++ #endif ++ #ifdef SSL_R_WRONG_CERTIFICATE_TYPE ++ {"WRONG_CERTIFICATE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_CERTIFICATE_TYPE}, ++ #else ++ {"WRONG_CERTIFICATE_TYPE", 20, 383}, ++ #endif ++ #ifdef SSL_R_WRONG_CIPHER_RETURNED ++ {"WRONG_CIPHER_RETURNED", ERR_LIB_SSL, SSL_R_WRONG_CIPHER_RETURNED}, ++ #else ++ {"WRONG_CIPHER_RETURNED", 20, 261}, ++ #endif ++ #ifdef SSL_R_WRONG_CURVE ++ {"WRONG_CURVE", ERR_LIB_SSL, SSL_R_WRONG_CURVE}, ++ #else ++ {"WRONG_CURVE", 20, 378}, ++ #endif ++ #ifdef SSL_R_WRONG_SIGNATURE_LENGTH ++ {"WRONG_SIGNATURE_LENGTH", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_LENGTH}, ++ #else ++ {"WRONG_SIGNATURE_LENGTH", 20, 264}, ++ #endif ++ #ifdef SSL_R_WRONG_SIGNATURE_SIZE ++ {"WRONG_SIGNATURE_SIZE", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_SIZE}, ++ #else ++ {"WRONG_SIGNATURE_SIZE", 20, 265}, ++ #endif ++ #ifdef SSL_R_WRONG_SIGNATURE_TYPE ++ {"WRONG_SIGNATURE_TYPE", ERR_LIB_SSL, SSL_R_WRONG_SIGNATURE_TYPE}, ++ #else ++ {"WRONG_SIGNATURE_TYPE", 20, 370}, ++ #endif ++ #ifdef SSL_R_WRONG_SSL_VERSION ++ {"WRONG_SSL_VERSION", ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION}, ++ #else ++ {"WRONG_SSL_VERSION", 20, 266}, ++ #endif ++ #ifdef SSL_R_WRONG_VERSION_NUMBER ++ {"WRONG_VERSION_NUMBER", ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER}, ++ #else ++ {"WRONG_VERSION_NUMBER", 20, 267}, ++ #endif ++ #ifdef SSL_R_X509_LIB ++ {"X509_LIB", ERR_LIB_SSL, SSL_R_X509_LIB}, ++ #else ++ {"X509_LIB", 20, 268}, ++ #endif ++ #ifdef SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ++ {"X509_VERIFICATION_SETUP_PROBLEMS", ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS}, ++ #else ++ {"X509_VERIFICATION_SETUP_PROBLEMS", 20, 269}, ++ #endif ++ #ifdef TS_R_BAD_PKCS7_TYPE ++ {"BAD_PKCS7_TYPE", ERR_LIB_TS, TS_R_BAD_PKCS7_TYPE}, ++ #else ++ {"BAD_PKCS7_TYPE", 47, 132}, ++ #endif ++ #ifdef TS_R_BAD_TYPE ++ {"BAD_TYPE", ERR_LIB_TS, TS_R_BAD_TYPE}, ++ #else ++ {"BAD_TYPE", 47, 133}, ++ #endif ++ #ifdef TS_R_CANNOT_LOAD_CERT ++ {"CANNOT_LOAD_CERT", ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT}, ++ #else ++ {"CANNOT_LOAD_CERT", 47, 137}, ++ #endif ++ #ifdef TS_R_CANNOT_LOAD_KEY ++ {"CANNOT_LOAD_KEY", ERR_LIB_TS, TS_R_CANNOT_LOAD_KEY}, ++ #else ++ {"CANNOT_LOAD_KEY", 47, 138}, ++ #endif ++ #ifdef TS_R_CERTIFICATE_VERIFY_ERROR ++ {"CERTIFICATE_VERIFY_ERROR", ERR_LIB_TS, TS_R_CERTIFICATE_VERIFY_ERROR}, ++ #else ++ {"CERTIFICATE_VERIFY_ERROR", 47, 100}, ++ #endif ++ #ifdef TS_R_COULD_NOT_SET_ENGINE ++ {"COULD_NOT_SET_ENGINE", ERR_LIB_TS, TS_R_COULD_NOT_SET_ENGINE}, ++ #else ++ {"COULD_NOT_SET_ENGINE", 47, 127}, ++ #endif ++ #ifdef TS_R_COULD_NOT_SET_TIME ++ {"COULD_NOT_SET_TIME", ERR_LIB_TS, TS_R_COULD_NOT_SET_TIME}, ++ #else ++ {"COULD_NOT_SET_TIME", 47, 115}, ++ #endif ++ #ifdef TS_R_DETACHED_CONTENT ++ {"DETACHED_CONTENT", ERR_LIB_TS, TS_R_DETACHED_CONTENT}, ++ #else ++ {"DETACHED_CONTENT", 47, 134}, ++ #endif ++ #ifdef TS_R_ESS_ADD_SIGNING_CERT_ERROR ++ {"ESS_ADD_SIGNING_CERT_ERROR", ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR}, ++ #else ++ {"ESS_ADD_SIGNING_CERT_ERROR", 47, 116}, ++ #endif ++ #ifdef TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR ++ {"ESS_ADD_SIGNING_CERT_V2_ERROR", ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR}, ++ #else ++ {"ESS_ADD_SIGNING_CERT_V2_ERROR", 47, 139}, ++ #endif ++ #ifdef TS_R_ESS_SIGNING_CERTIFICATE_ERROR ++ {"ESS_SIGNING_CERTIFICATE_ERROR", ERR_LIB_TS, TS_R_ESS_SIGNING_CERTIFICATE_ERROR}, ++ #else ++ {"ESS_SIGNING_CERTIFICATE_ERROR", 47, 101}, ++ #endif ++ #ifdef TS_R_INVALID_NULL_POINTER ++ {"INVALID_NULL_POINTER", ERR_LIB_TS, TS_R_INVALID_NULL_POINTER}, ++ #else ++ {"INVALID_NULL_POINTER", 47, 102}, ++ #endif ++ #ifdef TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE ++ {"INVALID_SIGNER_CERTIFICATE_PURPOSE", ERR_LIB_TS, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE}, ++ #else ++ {"INVALID_SIGNER_CERTIFICATE_PURPOSE", 47, 117}, ++ #endif ++ #ifdef TS_R_MESSAGE_IMPRINT_MISMATCH ++ {"MESSAGE_IMPRINT_MISMATCH", ERR_LIB_TS, TS_R_MESSAGE_IMPRINT_MISMATCH}, ++ #else ++ {"MESSAGE_IMPRINT_MISMATCH", 47, 103}, ++ #endif ++ #ifdef TS_R_NONCE_MISMATCH ++ {"NONCE_MISMATCH", ERR_LIB_TS, TS_R_NONCE_MISMATCH}, ++ #else ++ {"NONCE_MISMATCH", 47, 104}, ++ #endif ++ #ifdef TS_R_NONCE_NOT_RETURNED ++ {"NONCE_NOT_RETURNED", ERR_LIB_TS, TS_R_NONCE_NOT_RETURNED}, ++ #else ++ {"NONCE_NOT_RETURNED", 47, 105}, ++ #endif ++ #ifdef TS_R_NO_CONTENT ++ {"NO_CONTENT", ERR_LIB_TS, TS_R_NO_CONTENT}, ++ #else ++ {"NO_CONTENT", 47, 106}, ++ #endif ++ #ifdef TS_R_NO_TIME_STAMP_TOKEN ++ {"NO_TIME_STAMP_TOKEN", ERR_LIB_TS, TS_R_NO_TIME_STAMP_TOKEN}, ++ #else ++ {"NO_TIME_STAMP_TOKEN", 47, 107}, ++ #endif ++ #ifdef TS_R_PKCS7_ADD_SIGNATURE_ERROR ++ {"PKCS7_ADD_SIGNATURE_ERROR", ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNATURE_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNATURE_ERROR", 47, 118}, ++ #endif ++ #ifdef TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR ++ {"PKCS7_ADD_SIGNED_ATTR_ERROR", ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR}, ++ #else ++ {"PKCS7_ADD_SIGNED_ATTR_ERROR", 47, 119}, ++ #endif ++ #ifdef TS_R_PKCS7_TO_TS_TST_INFO_FAILED ++ {"PKCS7_TO_TS_TST_INFO_FAILED", ERR_LIB_TS, TS_R_PKCS7_TO_TS_TST_INFO_FAILED}, ++ #else ++ {"PKCS7_TO_TS_TST_INFO_FAILED", 47, 129}, ++ #endif ++ #ifdef TS_R_POLICY_MISMATCH ++ {"POLICY_MISMATCH", ERR_LIB_TS, TS_R_POLICY_MISMATCH}, ++ #else ++ {"POLICY_MISMATCH", 47, 108}, ++ #endif ++ #ifdef TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", ERR_LIB_TS, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE}, ++ #else ++ {"PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE", 47, 120}, ++ #endif ++ #ifdef TS_R_RESPONSE_SETUP_ERROR ++ {"RESPONSE_SETUP_ERROR", ERR_LIB_TS, TS_R_RESPONSE_SETUP_ERROR}, ++ #else ++ {"RESPONSE_SETUP_ERROR", 47, 121}, ++ #endif ++ #ifdef TS_R_SIGNATURE_FAILURE ++ {"SIGNATURE_FAILURE", ERR_LIB_TS, TS_R_SIGNATURE_FAILURE}, ++ #else ++ {"SIGNATURE_FAILURE", 47, 109}, ++ #endif ++ #ifdef TS_R_THERE_MUST_BE_ONE_SIGNER ++ {"THERE_MUST_BE_ONE_SIGNER", ERR_LIB_TS, TS_R_THERE_MUST_BE_ONE_SIGNER}, ++ #else ++ {"THERE_MUST_BE_ONE_SIGNER", 47, 110}, ++ #endif ++ #ifdef TS_R_TIME_SYSCALL_ERROR ++ {"TIME_SYSCALL_ERROR", ERR_LIB_TS, TS_R_TIME_SYSCALL_ERROR}, ++ #else ++ {"TIME_SYSCALL_ERROR", 47, 122}, ++ #endif ++ #ifdef TS_R_TOKEN_NOT_PRESENT ++ {"TOKEN_NOT_PRESENT", ERR_LIB_TS, TS_R_TOKEN_NOT_PRESENT}, ++ #else ++ {"TOKEN_NOT_PRESENT", 47, 130}, ++ #endif ++ #ifdef TS_R_TOKEN_PRESENT ++ {"TOKEN_PRESENT", ERR_LIB_TS, TS_R_TOKEN_PRESENT}, ++ #else ++ {"TOKEN_PRESENT", 47, 131}, ++ #endif ++ #ifdef TS_R_TSA_NAME_MISMATCH ++ {"TSA_NAME_MISMATCH", ERR_LIB_TS, TS_R_TSA_NAME_MISMATCH}, ++ #else ++ {"TSA_NAME_MISMATCH", 47, 111}, ++ #endif ++ #ifdef TS_R_TSA_UNTRUSTED ++ {"TSA_UNTRUSTED", ERR_LIB_TS, TS_R_TSA_UNTRUSTED}, ++ #else ++ {"TSA_UNTRUSTED", 47, 112}, ++ #endif ++ #ifdef TS_R_TST_INFO_SETUP_ERROR ++ {"TST_INFO_SETUP_ERROR", ERR_LIB_TS, TS_R_TST_INFO_SETUP_ERROR}, ++ #else ++ {"TST_INFO_SETUP_ERROR", 47, 123}, ++ #endif ++ #ifdef TS_R_TS_DATASIGN ++ {"TS_DATASIGN", ERR_LIB_TS, TS_R_TS_DATASIGN}, ++ #else ++ {"TS_DATASIGN", 47, 124}, ++ #endif ++ #ifdef TS_R_UNACCEPTABLE_POLICY ++ {"UNACCEPTABLE_POLICY", ERR_LIB_TS, TS_R_UNACCEPTABLE_POLICY}, ++ #else ++ {"UNACCEPTABLE_POLICY", 47, 125}, ++ #endif ++ #ifdef TS_R_UNSUPPORTED_MD_ALGORITHM ++ {"UNSUPPORTED_MD_ALGORITHM", ERR_LIB_TS, TS_R_UNSUPPORTED_MD_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_MD_ALGORITHM", 47, 126}, ++ #endif ++ #ifdef TS_R_UNSUPPORTED_VERSION ++ {"UNSUPPORTED_VERSION", ERR_LIB_TS, TS_R_UNSUPPORTED_VERSION}, ++ #else ++ {"UNSUPPORTED_VERSION", 47, 113}, ++ #endif ++ #ifdef TS_R_VAR_BAD_VALUE ++ {"VAR_BAD_VALUE", ERR_LIB_TS, TS_R_VAR_BAD_VALUE}, ++ #else ++ {"VAR_BAD_VALUE", 47, 135}, ++ #endif ++ #ifdef TS_R_VAR_LOOKUP_FAILURE ++ {"VAR_LOOKUP_FAILURE", ERR_LIB_TS, TS_R_VAR_LOOKUP_FAILURE}, ++ #else ++ {"VAR_LOOKUP_FAILURE", 47, 136}, ++ #endif ++ #ifdef TS_R_WRONG_CONTENT_TYPE ++ {"WRONG_CONTENT_TYPE", ERR_LIB_TS, TS_R_WRONG_CONTENT_TYPE}, ++ #else ++ {"WRONG_CONTENT_TYPE", 47, 114}, ++ #endif ++ #ifdef UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ++ {"COMMON_OK_AND_CANCEL_CHARACTERS", ERR_LIB_UI, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS}, ++ #else ++ {"COMMON_OK_AND_CANCEL_CHARACTERS", 40, 104}, ++ #endif ++ #ifdef UI_R_INDEX_TOO_LARGE ++ {"INDEX_TOO_LARGE", ERR_LIB_UI, UI_R_INDEX_TOO_LARGE}, ++ #else ++ {"INDEX_TOO_LARGE", 40, 102}, ++ #endif ++ #ifdef UI_R_INDEX_TOO_SMALL ++ {"INDEX_TOO_SMALL", ERR_LIB_UI, UI_R_INDEX_TOO_SMALL}, ++ #else ++ {"INDEX_TOO_SMALL", 40, 103}, ++ #endif ++ #ifdef UI_R_NO_RESULT_BUFFER ++ {"NO_RESULT_BUFFER", ERR_LIB_UI, UI_R_NO_RESULT_BUFFER}, ++ #else ++ {"NO_RESULT_BUFFER", 40, 105}, ++ #endif ++ #ifdef UI_R_PROCESSING_ERROR ++ {"PROCESSING_ERROR", ERR_LIB_UI, UI_R_PROCESSING_ERROR}, ++ #else ++ {"PROCESSING_ERROR", 40, 107}, ++ #endif ++ #ifdef UI_R_RESULT_TOO_LARGE ++ {"RESULT_TOO_LARGE", ERR_LIB_UI, UI_R_RESULT_TOO_LARGE}, ++ #else ++ {"RESULT_TOO_LARGE", 40, 100}, ++ #endif ++ #ifdef UI_R_RESULT_TOO_SMALL ++ {"RESULT_TOO_SMALL", ERR_LIB_UI, UI_R_RESULT_TOO_SMALL}, ++ #else ++ {"RESULT_TOO_SMALL", 40, 101}, ++ #endif ++ #ifdef UI_R_SYSASSIGN_ERROR ++ {"SYSASSIGN_ERROR", ERR_LIB_UI, UI_R_SYSASSIGN_ERROR}, ++ #else ++ {"SYSASSIGN_ERROR", 40, 109}, ++ #endif ++ #ifdef UI_R_SYSDASSGN_ERROR ++ {"SYSDASSGN_ERROR", ERR_LIB_UI, UI_R_SYSDASSGN_ERROR}, ++ #else ++ {"SYSDASSGN_ERROR", 40, 110}, ++ #endif ++ #ifdef UI_R_SYSQIOW_ERROR ++ {"SYSQIOW_ERROR", ERR_LIB_UI, UI_R_SYSQIOW_ERROR}, ++ #else ++ {"SYSQIOW_ERROR", 40, 111}, ++ #endif ++ #ifdef UI_R_UNKNOWN_CONTROL_COMMAND ++ {"UNKNOWN_CONTROL_COMMAND", ERR_LIB_UI, UI_R_UNKNOWN_CONTROL_COMMAND}, ++ #else ++ {"UNKNOWN_CONTROL_COMMAND", 40, 106}, ++ #endif ++ #ifdef UI_R_UNKNOWN_TTYGET_ERRNO_VALUE ++ {"UNKNOWN_TTYGET_ERRNO_VALUE", ERR_LIB_UI, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE}, ++ #else ++ {"UNKNOWN_TTYGET_ERRNO_VALUE", 40, 108}, ++ #endif ++ #ifdef UI_R_USER_DATA_DUPLICATION_UNSUPPORTED ++ {"USER_DATA_DUPLICATION_UNSUPPORTED", ERR_LIB_UI, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED}, ++ #else ++ {"USER_DATA_DUPLICATION_UNSUPPORTED", 40, 112}, ++ #endif ++ #ifdef X509V3_R_BAD_IP_ADDRESS ++ {"BAD_IP_ADDRESS", ERR_LIB_X509V3, X509V3_R_BAD_IP_ADDRESS}, ++ #else ++ {"BAD_IP_ADDRESS", 34, 118}, ++ #endif ++ #ifdef X509V3_R_BAD_OBJECT ++ {"BAD_OBJECT", ERR_LIB_X509V3, X509V3_R_BAD_OBJECT}, ++ #else ++ {"BAD_OBJECT", 34, 119}, ++ #endif ++ #ifdef X509V3_R_BN_DEC2BN_ERROR ++ {"BN_DEC2BN_ERROR", ERR_LIB_X509V3, X509V3_R_BN_DEC2BN_ERROR}, ++ #else ++ {"BN_DEC2BN_ERROR", 34, 100}, ++ #endif ++ #ifdef X509V3_R_BN_TO_ASN1_INTEGER_ERROR ++ {"BN_TO_ASN1_INTEGER_ERROR", ERR_LIB_X509V3, X509V3_R_BN_TO_ASN1_INTEGER_ERROR}, ++ #else ++ {"BN_TO_ASN1_INTEGER_ERROR", 34, 101}, ++ #endif ++ #ifdef X509V3_R_DIRNAME_ERROR ++ {"DIRNAME_ERROR", ERR_LIB_X509V3, X509V3_R_DIRNAME_ERROR}, ++ #else ++ {"DIRNAME_ERROR", 34, 149}, ++ #endif ++ #ifdef X509V3_R_DISTPOINT_ALREADY_SET ++ {"DISTPOINT_ALREADY_SET", ERR_LIB_X509V3, X509V3_R_DISTPOINT_ALREADY_SET}, ++ #else ++ {"DISTPOINT_ALREADY_SET", 34, 160}, ++ #endif ++ #ifdef X509V3_R_DUPLICATE_ZONE_ID ++ {"DUPLICATE_ZONE_ID", ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID}, ++ #else ++ {"DUPLICATE_ZONE_ID", 34, 133}, ++ #endif ++ #ifdef X509V3_R_EMPTY_KEY_USAGE ++ {"EMPTY_KEY_USAGE", ERR_LIB_X509V3, X509V3_R_EMPTY_KEY_USAGE}, ++ #else ++ {"EMPTY_KEY_USAGE", 34, 169}, ++ #endif ++ #ifdef X509V3_R_ERROR_CONVERTING_ZONE ++ {"ERROR_CONVERTING_ZONE", ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE}, ++ #else ++ {"ERROR_CONVERTING_ZONE", 34, 131}, ++ #endif ++ #ifdef X509V3_R_ERROR_CREATING_EXTENSION ++ {"ERROR_CREATING_EXTENSION", ERR_LIB_X509V3, X509V3_R_ERROR_CREATING_EXTENSION}, ++ #else ++ {"ERROR_CREATING_EXTENSION", 34, 144}, ++ #endif ++ #ifdef X509V3_R_ERROR_IN_EXTENSION ++ {"ERROR_IN_EXTENSION", ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION}, ++ #else ++ {"ERROR_IN_EXTENSION", 34, 128}, ++ #endif ++ #ifdef X509V3_R_EXPECTED_A_SECTION_NAME ++ {"EXPECTED_A_SECTION_NAME", ERR_LIB_X509V3, X509V3_R_EXPECTED_A_SECTION_NAME}, ++ #else ++ {"EXPECTED_A_SECTION_NAME", 34, 137}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_EXISTS ++ {"EXTENSION_EXISTS", ERR_LIB_X509V3, X509V3_R_EXTENSION_EXISTS}, ++ #else ++ {"EXTENSION_EXISTS", 34, 145}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_NAME_ERROR ++ {"EXTENSION_NAME_ERROR", ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR}, ++ #else ++ {"EXTENSION_NAME_ERROR", 34, 115}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_NOT_FOUND ++ {"EXTENSION_NOT_FOUND", ERR_LIB_X509V3, X509V3_R_EXTENSION_NOT_FOUND}, ++ #else ++ {"EXTENSION_NOT_FOUND", 34, 102}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED ++ {"EXTENSION_SETTING_NOT_SUPPORTED", ERR_LIB_X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED}, ++ #else ++ {"EXTENSION_SETTING_NOT_SUPPORTED", 34, 103}, ++ #endif ++ #ifdef X509V3_R_EXTENSION_VALUE_ERROR ++ {"EXTENSION_VALUE_ERROR", ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR}, ++ #else ++ {"EXTENSION_VALUE_ERROR", 34, 116}, ++ #endif ++ #ifdef X509V3_R_ILLEGAL_EMPTY_EXTENSION ++ {"ILLEGAL_EMPTY_EXTENSION", ERR_LIB_X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION}, ++ #else ++ {"ILLEGAL_EMPTY_EXTENSION", 34, 151}, ++ #endif ++ #ifdef X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ++ {"INCORRECT_POLICY_SYNTAX_TAG", ERR_LIB_X509V3, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG}, ++ #else ++ {"INCORRECT_POLICY_SYNTAX_TAG", 34, 152}, ++ #endif ++ #ifdef X509V3_R_INVALID_ASNUMBER ++ {"INVALID_ASNUMBER", ERR_LIB_X509V3, X509V3_R_INVALID_ASNUMBER}, ++ #else ++ {"INVALID_ASNUMBER", 34, 162}, ++ #endif ++ #ifdef X509V3_R_INVALID_ASRANGE ++ {"INVALID_ASRANGE", ERR_LIB_X509V3, X509V3_R_INVALID_ASRANGE}, ++ #else ++ {"INVALID_ASRANGE", 34, 163}, ++ #endif ++ #ifdef X509V3_R_INVALID_BOOLEAN_STRING ++ {"INVALID_BOOLEAN_STRING", ERR_LIB_X509V3, X509V3_R_INVALID_BOOLEAN_STRING}, ++ #else ++ {"INVALID_BOOLEAN_STRING", 34, 104}, ++ #endif ++ #ifdef X509V3_R_INVALID_CERTIFICATE ++ {"INVALID_CERTIFICATE", ERR_LIB_X509V3, X509V3_R_INVALID_CERTIFICATE}, ++ #else ++ {"INVALID_CERTIFICATE", 34, 158}, ++ #endif ++ #ifdef X509V3_R_INVALID_EMPTY_NAME ++ {"INVALID_EMPTY_NAME", ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME}, ++ #else ++ {"INVALID_EMPTY_NAME", 34, 108}, ++ #endif ++ #ifdef X509V3_R_INVALID_EXTENSION_STRING ++ {"INVALID_EXTENSION_STRING", ERR_LIB_X509V3, X509V3_R_INVALID_EXTENSION_STRING}, ++ #else ++ {"INVALID_EXTENSION_STRING", 34, 105}, ++ #endif ++ #ifdef X509V3_R_INVALID_INHERITANCE ++ {"INVALID_INHERITANCE", ERR_LIB_X509V3, X509V3_R_INVALID_INHERITANCE}, ++ #else ++ {"INVALID_INHERITANCE", 34, 165}, ++ #endif ++ #ifdef X509V3_R_INVALID_IPADDRESS ++ {"INVALID_IPADDRESS", ERR_LIB_X509V3, X509V3_R_INVALID_IPADDRESS}, ++ #else ++ {"INVALID_IPADDRESS", 34, 166}, ++ #endif ++ #ifdef X509V3_R_INVALID_MULTIPLE_RDNS ++ {"INVALID_MULTIPLE_RDNS", ERR_LIB_X509V3, X509V3_R_INVALID_MULTIPLE_RDNS}, ++ #else ++ {"INVALID_MULTIPLE_RDNS", 34, 161}, ++ #endif ++ #ifdef X509V3_R_INVALID_NAME ++ {"INVALID_NAME", ERR_LIB_X509V3, X509V3_R_INVALID_NAME}, ++ #else ++ {"INVALID_NAME", 34, 106}, ++ #endif ++ #ifdef X509V3_R_INVALID_NULL_ARGUMENT ++ {"INVALID_NULL_ARGUMENT", ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT}, ++ #else ++ {"INVALID_NULL_ARGUMENT", 34, 107}, ++ #endif ++ #ifdef X509V3_R_INVALID_NULL_VALUE ++ {"INVALID_NULL_VALUE", ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE}, ++ #else ++ {"INVALID_NULL_VALUE", 34, 109}, ++ #endif ++ #ifdef X509V3_R_INVALID_NUMBER ++ {"INVALID_NUMBER", ERR_LIB_X509V3, X509V3_R_INVALID_NUMBER}, ++ #else ++ {"INVALID_NUMBER", 34, 140}, ++ #endif ++ #ifdef X509V3_R_INVALID_NUMBERS ++ {"INVALID_NUMBERS", ERR_LIB_X509V3, X509V3_R_INVALID_NUMBERS}, ++ #else ++ {"INVALID_NUMBERS", 34, 141}, ++ #endif ++ #ifdef X509V3_R_INVALID_OBJECT_IDENTIFIER ++ {"INVALID_OBJECT_IDENTIFIER", ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER}, ++ #else ++ {"INVALID_OBJECT_IDENTIFIER", 34, 110}, ++ #endif ++ #ifdef X509V3_R_INVALID_OPTION ++ {"INVALID_OPTION", ERR_LIB_X509V3, X509V3_R_INVALID_OPTION}, ++ #else ++ {"INVALID_OPTION", 34, 138}, ++ #endif ++ #ifdef X509V3_R_INVALID_POLICY_IDENTIFIER ++ {"INVALID_POLICY_IDENTIFIER", ERR_LIB_X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER}, ++ #else ++ {"INVALID_POLICY_IDENTIFIER", 34, 134}, ++ #endif ++ #ifdef X509V3_R_INVALID_PROXY_POLICY_SETTING ++ {"INVALID_PROXY_POLICY_SETTING", ERR_LIB_X509V3, X509V3_R_INVALID_PROXY_POLICY_SETTING}, ++ #else ++ {"INVALID_PROXY_POLICY_SETTING", 34, 153}, ++ #endif ++ #ifdef X509V3_R_INVALID_PURPOSE ++ {"INVALID_PURPOSE", ERR_LIB_X509V3, X509V3_R_INVALID_PURPOSE}, ++ #else ++ {"INVALID_PURPOSE", 34, 146}, ++ #endif ++ #ifdef X509V3_R_INVALID_SAFI ++ {"INVALID_SAFI", ERR_LIB_X509V3, X509V3_R_INVALID_SAFI}, ++ #else ++ {"INVALID_SAFI", 34, 164}, ++ #endif ++ #ifdef X509V3_R_INVALID_SECTION ++ {"INVALID_SECTION", ERR_LIB_X509V3, X509V3_R_INVALID_SECTION}, ++ #else ++ {"INVALID_SECTION", 34, 135}, ++ #endif ++ #ifdef X509V3_R_INVALID_SYNTAX ++ {"INVALID_SYNTAX", ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX}, ++ #else ++ {"INVALID_SYNTAX", 34, 143}, ++ #endif ++ #ifdef X509V3_R_ISSUER_DECODE_ERROR ++ {"ISSUER_DECODE_ERROR", ERR_LIB_X509V3, X509V3_R_ISSUER_DECODE_ERROR}, ++ #else ++ {"ISSUER_DECODE_ERROR", 34, 126}, ++ #endif ++ #ifdef X509V3_R_MISSING_VALUE ++ {"MISSING_VALUE", ERR_LIB_X509V3, X509V3_R_MISSING_VALUE}, ++ #else ++ {"MISSING_VALUE", 34, 124}, ++ #endif ++ #ifdef X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ++ {"NEED_ORGANIZATION_AND_NUMBERS", ERR_LIB_X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS}, ++ #else ++ {"NEED_ORGANIZATION_AND_NUMBERS", 34, 142}, ++ #endif ++ #ifdef X509V3_R_NEGATIVE_PATHLEN ++ {"NEGATIVE_PATHLEN", ERR_LIB_X509V3, X509V3_R_NEGATIVE_PATHLEN}, ++ #else ++ {"NEGATIVE_PATHLEN", 34, 168}, ++ #endif ++ #ifdef X509V3_R_NO_CONFIG_DATABASE ++ {"NO_CONFIG_DATABASE", ERR_LIB_X509V3, X509V3_R_NO_CONFIG_DATABASE}, ++ #else ++ {"NO_CONFIG_DATABASE", 34, 136}, ++ #endif ++ #ifdef X509V3_R_NO_ISSUER_CERTIFICATE ++ {"NO_ISSUER_CERTIFICATE", ERR_LIB_X509V3, X509V3_R_NO_ISSUER_CERTIFICATE}, ++ #else ++ {"NO_ISSUER_CERTIFICATE", 34, 121}, ++ #endif ++ #ifdef X509V3_R_NO_ISSUER_DETAILS ++ {"NO_ISSUER_DETAILS", ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS}, ++ #else ++ {"NO_ISSUER_DETAILS", 34, 127}, ++ #endif ++ #ifdef X509V3_R_NO_POLICY_IDENTIFIER ++ {"NO_POLICY_IDENTIFIER", ERR_LIB_X509V3, X509V3_R_NO_POLICY_IDENTIFIER}, ++ #else ++ {"NO_POLICY_IDENTIFIER", 34, 139}, ++ #endif ++ #ifdef X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED ++ {"NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED", ERR_LIB_X509V3, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED}, ++ #else ++ {"NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED", 34, 154}, ++ #endif ++ #ifdef X509V3_R_NO_PUBLIC_KEY ++ {"NO_PUBLIC_KEY", ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY}, ++ #else ++ {"NO_PUBLIC_KEY", 34, 114}, ++ #endif ++ #ifdef X509V3_R_NO_SUBJECT_DETAILS ++ {"NO_SUBJECT_DETAILS", ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS}, ++ #else ++ {"NO_SUBJECT_DETAILS", 34, 125}, ++ #endif ++ #ifdef X509V3_R_OPERATION_NOT_DEFINED ++ {"OPERATION_NOT_DEFINED", ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED}, ++ #else ++ {"OPERATION_NOT_DEFINED", 34, 148}, ++ #endif ++ #ifdef X509V3_R_OTHERNAME_ERROR ++ {"OTHERNAME_ERROR", ERR_LIB_X509V3, X509V3_R_OTHERNAME_ERROR}, ++ #else ++ {"OTHERNAME_ERROR", 34, 147}, ++ #endif ++ #ifdef X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED ++ {"POLICY_LANGUAGE_ALREADY_DEFINED", ERR_LIB_X509V3, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED}, ++ #else ++ {"POLICY_LANGUAGE_ALREADY_DEFINED", 34, 155}, ++ #endif ++ #ifdef X509V3_R_POLICY_PATH_LENGTH ++ {"POLICY_PATH_LENGTH", ERR_LIB_X509V3, X509V3_R_POLICY_PATH_LENGTH}, ++ #else ++ {"POLICY_PATH_LENGTH", 34, 156}, ++ #endif ++ #ifdef X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED ++ {"POLICY_PATH_LENGTH_ALREADY_DEFINED", ERR_LIB_X509V3, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED}, ++ #else ++ {"POLICY_PATH_LENGTH_ALREADY_DEFINED", 34, 157}, ++ #endif ++ #ifdef X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY ++ {"POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY", ERR_LIB_X509V3, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY}, ++ #else ++ {"POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY", 34, 159}, ++ #endif ++ #ifdef X509V3_R_SECTION_NOT_FOUND ++ {"SECTION_NOT_FOUND", ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND}, ++ #else ++ {"SECTION_NOT_FOUND", 34, 150}, ++ #endif ++ #ifdef X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ++ {"UNABLE_TO_GET_ISSUER_DETAILS", ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS}, ++ #else ++ {"UNABLE_TO_GET_ISSUER_DETAILS", 34, 122}, ++ #endif ++ #ifdef X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ++ {"UNABLE_TO_GET_ISSUER_KEYID", ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID}, ++ #else ++ {"UNABLE_TO_GET_ISSUER_KEYID", 34, 123}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ++ {"UNKNOWN_BIT_STRING_ARGUMENT", ERR_LIB_X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT}, ++ #else ++ {"UNKNOWN_BIT_STRING_ARGUMENT", 34, 111}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_EXTENSION ++ {"UNKNOWN_EXTENSION", ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION}, ++ #else ++ {"UNKNOWN_EXTENSION", 34, 129}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_EXTENSION_NAME ++ {"UNKNOWN_EXTENSION_NAME", ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME}, ++ #else ++ {"UNKNOWN_EXTENSION_NAME", 34, 130}, ++ #endif ++ #ifdef X509V3_R_UNKNOWN_OPTION ++ {"UNKNOWN_OPTION", ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION}, ++ #else ++ {"UNKNOWN_OPTION", 34, 120}, ++ #endif ++ #ifdef X509V3_R_UNSUPPORTED_OPTION ++ {"UNSUPPORTED_OPTION", ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_OPTION}, ++ #else ++ {"UNSUPPORTED_OPTION", 34, 117}, ++ #endif ++ #ifdef X509V3_R_UNSUPPORTED_TYPE ++ {"UNSUPPORTED_TYPE", ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_TYPE}, ++ #else ++ {"UNSUPPORTED_TYPE", 34, 167}, ++ #endif ++ #ifdef X509V3_R_USER_TOO_LONG ++ {"USER_TOO_LONG", ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG}, ++ #else ++ {"USER_TOO_LONG", 34, 132}, ++ #endif ++ #ifdef X509_R_AKID_MISMATCH ++ {"AKID_MISMATCH", ERR_LIB_X509, X509_R_AKID_MISMATCH}, ++ #else ++ {"AKID_MISMATCH", 11, 110}, ++ #endif ++ #ifdef X509_R_BAD_SELECTOR ++ {"BAD_SELECTOR", ERR_LIB_X509, X509_R_BAD_SELECTOR}, ++ #else ++ {"BAD_SELECTOR", 11, 133}, ++ #endif ++ #ifdef X509_R_BAD_X509_FILETYPE ++ {"BAD_X509_FILETYPE", ERR_LIB_X509, X509_R_BAD_X509_FILETYPE}, ++ #else ++ {"BAD_X509_FILETYPE", 11, 100}, ++ #endif ++ #ifdef X509_R_BASE64_DECODE_ERROR ++ {"BASE64_DECODE_ERROR", ERR_LIB_X509, X509_R_BASE64_DECODE_ERROR}, ++ #else ++ {"BASE64_DECODE_ERROR", 11, 118}, ++ #endif ++ #ifdef X509_R_CANT_CHECK_DH_KEY ++ {"CANT_CHECK_DH_KEY", ERR_LIB_X509, X509_R_CANT_CHECK_DH_KEY}, ++ #else ++ {"CANT_CHECK_DH_KEY", 11, 114}, ++ #endif ++ #ifdef X509_R_CERTIFICATE_VERIFICATION_FAILED ++ {"CERTIFICATE_VERIFICATION_FAILED", ERR_LIB_X509, X509_R_CERTIFICATE_VERIFICATION_FAILED}, ++ #else ++ {"CERTIFICATE_VERIFICATION_FAILED", 11, 139}, ++ #endif ++ #ifdef X509_R_CERT_ALREADY_IN_HASH_TABLE ++ {"CERT_ALREADY_IN_HASH_TABLE", ERR_LIB_X509, X509_R_CERT_ALREADY_IN_HASH_TABLE}, ++ #else ++ {"CERT_ALREADY_IN_HASH_TABLE", 11, 101}, ++ #endif ++ #ifdef X509_R_CRL_ALREADY_DELTA ++ {"CRL_ALREADY_DELTA", ERR_LIB_X509, X509_R_CRL_ALREADY_DELTA}, ++ #else ++ {"CRL_ALREADY_DELTA", 11, 127}, ++ #endif ++ #ifdef X509_R_CRL_VERIFY_FAILURE ++ {"CRL_VERIFY_FAILURE", ERR_LIB_X509, X509_R_CRL_VERIFY_FAILURE}, ++ #else ++ {"CRL_VERIFY_FAILURE", 11, 131}, ++ #endif ++ #ifdef X509_R_ERROR_GETTING_MD_BY_NID ++ {"ERROR_GETTING_MD_BY_NID", ERR_LIB_X509, X509_R_ERROR_GETTING_MD_BY_NID}, ++ #else ++ {"ERROR_GETTING_MD_BY_NID", 11, 141}, ++ #endif ++ #ifdef X509_R_ERROR_USING_SIGINF_SET ++ {"ERROR_USING_SIGINF_SET", ERR_LIB_X509, X509_R_ERROR_USING_SIGINF_SET}, ++ #else ++ {"ERROR_USING_SIGINF_SET", 11, 142}, ++ #endif ++ #ifdef X509_R_IDP_MISMATCH ++ {"IDP_MISMATCH", ERR_LIB_X509, X509_R_IDP_MISMATCH}, ++ #else ++ {"IDP_MISMATCH", 11, 128}, ++ #endif ++ #ifdef X509_R_INVALID_ATTRIBUTES ++ {"INVALID_ATTRIBUTES", ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES}, ++ #else ++ {"INVALID_ATTRIBUTES", 11, 138}, ++ #endif ++ #ifdef X509_R_INVALID_DIRECTORY ++ {"INVALID_DIRECTORY", ERR_LIB_X509, X509_R_INVALID_DIRECTORY}, ++ #else ++ {"INVALID_DIRECTORY", 11, 113}, ++ #endif ++ #ifdef X509_R_INVALID_DISTPOINT ++ {"INVALID_DISTPOINT", ERR_LIB_X509, X509_R_INVALID_DISTPOINT}, ++ #else ++ {"INVALID_DISTPOINT", 11, 143}, ++ #endif ++ #ifdef X509_R_INVALID_FIELD_NAME ++ {"INVALID_FIELD_NAME", ERR_LIB_X509, X509_R_INVALID_FIELD_NAME}, ++ #else ++ {"INVALID_FIELD_NAME", 11, 119}, ++ #endif ++ #ifdef X509_R_INVALID_TRUST ++ {"INVALID_TRUST", ERR_LIB_X509, X509_R_INVALID_TRUST}, ++ #else ++ {"INVALID_TRUST", 11, 123}, ++ #endif ++ #ifdef X509_R_ISSUER_MISMATCH ++ {"ISSUER_MISMATCH", ERR_LIB_X509, X509_R_ISSUER_MISMATCH}, ++ #else ++ {"ISSUER_MISMATCH", 11, 129}, ++ #endif ++ #ifdef X509_R_KEY_TYPE_MISMATCH ++ {"KEY_TYPE_MISMATCH", ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH}, ++ #else ++ {"KEY_TYPE_MISMATCH", 11, 115}, ++ #endif ++ #ifdef X509_R_KEY_VALUES_MISMATCH ++ {"KEY_VALUES_MISMATCH", ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH}, ++ #else ++ {"KEY_VALUES_MISMATCH", 11, 116}, ++ #endif ++ #ifdef X509_R_LOADING_CERT_DIR ++ {"LOADING_CERT_DIR", ERR_LIB_X509, X509_R_LOADING_CERT_DIR}, ++ #else ++ {"LOADING_CERT_DIR", 11, 103}, ++ #endif ++ #ifdef X509_R_LOADING_DEFAULTS ++ {"LOADING_DEFAULTS", ERR_LIB_X509, X509_R_LOADING_DEFAULTS}, ++ #else ++ {"LOADING_DEFAULTS", 11, 104}, ++ #endif ++ #ifdef X509_R_METHOD_NOT_SUPPORTED ++ {"METHOD_NOT_SUPPORTED", ERR_LIB_X509, X509_R_METHOD_NOT_SUPPORTED}, ++ #else ++ {"METHOD_NOT_SUPPORTED", 11, 124}, ++ #endif ++ #ifdef X509_R_NAME_TOO_LONG ++ {"NAME_TOO_LONG", ERR_LIB_X509, X509_R_NAME_TOO_LONG}, ++ #else ++ {"NAME_TOO_LONG", 11, 134}, ++ #endif ++ #ifdef X509_R_NEWER_CRL_NOT_NEWER ++ {"NEWER_CRL_NOT_NEWER", ERR_LIB_X509, X509_R_NEWER_CRL_NOT_NEWER}, ++ #else ++ {"NEWER_CRL_NOT_NEWER", 11, 132}, ++ #endif ++ #ifdef X509_R_NO_CERTIFICATE_FOUND ++ {"NO_CERTIFICATE_FOUND", ERR_LIB_X509, X509_R_NO_CERTIFICATE_FOUND}, ++ #else ++ {"NO_CERTIFICATE_FOUND", 11, 135}, ++ #endif ++ #ifdef X509_R_NO_CERTIFICATE_OR_CRL_FOUND ++ {"NO_CERTIFICATE_OR_CRL_FOUND", ERR_LIB_X509, X509_R_NO_CERTIFICATE_OR_CRL_FOUND}, ++ #else ++ {"NO_CERTIFICATE_OR_CRL_FOUND", 11, 136}, ++ #endif ++ #ifdef X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ++ {"NO_CERT_SET_FOR_US_TO_VERIFY", ERR_LIB_X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY}, ++ #else ++ {"NO_CERT_SET_FOR_US_TO_VERIFY", 11, 105}, ++ #endif ++ #ifdef X509_R_NO_CRL_FOUND ++ {"NO_CRL_FOUND", ERR_LIB_X509, X509_R_NO_CRL_FOUND}, ++ #else ++ {"NO_CRL_FOUND", 11, 137}, ++ #endif ++ #ifdef X509_R_NO_CRL_NUMBER ++ {"NO_CRL_NUMBER", ERR_LIB_X509, X509_R_NO_CRL_NUMBER}, ++ #else ++ {"NO_CRL_NUMBER", 11, 130}, ++ #endif ++ #ifdef X509_R_PUBLIC_KEY_DECODE_ERROR ++ {"PUBLIC_KEY_DECODE_ERROR", ERR_LIB_X509, X509_R_PUBLIC_KEY_DECODE_ERROR}, ++ #else ++ {"PUBLIC_KEY_DECODE_ERROR", 11, 125}, ++ #endif ++ #ifdef X509_R_PUBLIC_KEY_ENCODE_ERROR ++ {"PUBLIC_KEY_ENCODE_ERROR", ERR_LIB_X509, X509_R_PUBLIC_KEY_ENCODE_ERROR}, ++ #else ++ {"PUBLIC_KEY_ENCODE_ERROR", 11, 126}, ++ #endif ++ #ifdef X509_R_SHOULD_RETRY ++ {"SHOULD_RETRY", ERR_LIB_X509, X509_R_SHOULD_RETRY}, ++ #else ++ {"SHOULD_RETRY", 11, 106}, ++ #endif ++ #ifdef X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN ++ {"UNABLE_TO_FIND_PARAMETERS_IN_CHAIN", ERR_LIB_X509, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN}, ++ #else ++ {"UNABLE_TO_FIND_PARAMETERS_IN_CHAIN", 11, 107}, ++ #endif ++ #ifdef X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ++ {"UNABLE_TO_GET_CERTS_PUBLIC_KEY", ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY}, ++ #else ++ {"UNABLE_TO_GET_CERTS_PUBLIC_KEY", 11, 108}, ++ #endif ++ #ifdef X509_R_UNKNOWN_KEY_TYPE ++ {"UNKNOWN_KEY_TYPE", ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE}, ++ #else ++ {"UNKNOWN_KEY_TYPE", 11, 117}, ++ #endif ++ #ifdef X509_R_UNKNOWN_NID ++ {"UNKNOWN_NID", ERR_LIB_X509, X509_R_UNKNOWN_NID}, ++ #else ++ {"UNKNOWN_NID", 11, 109}, ++ #endif ++ #ifdef X509_R_UNKNOWN_PURPOSE_ID ++ {"UNKNOWN_PURPOSE_ID", ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID}, ++ #else ++ {"UNKNOWN_PURPOSE_ID", 11, 121}, ++ #endif ++ #ifdef X509_R_UNKNOWN_SIGID_ALGS ++ {"UNKNOWN_SIGID_ALGS", ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS}, ++ #else ++ {"UNKNOWN_SIGID_ALGS", 11, 144}, ++ #endif ++ #ifdef X509_R_UNKNOWN_TRUST_ID ++ {"UNKNOWN_TRUST_ID", ERR_LIB_X509, X509_R_UNKNOWN_TRUST_ID}, ++ #else ++ {"UNKNOWN_TRUST_ID", 11, 120}, ++ #endif ++ #ifdef X509_R_UNSUPPORTED_ALGORITHM ++ {"UNSUPPORTED_ALGORITHM", ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM}, ++ #else ++ {"UNSUPPORTED_ALGORITHM", 11, 111}, ++ #endif ++ #ifdef X509_R_WRONG_LOOKUP_TYPE ++ {"WRONG_LOOKUP_TYPE", ERR_LIB_X509, X509_R_WRONG_LOOKUP_TYPE}, ++ #else ++ {"WRONG_LOOKUP_TYPE", 11, 112}, ++ #endif ++ #ifdef X509_R_WRONG_TYPE ++ {"WRONG_TYPE", ERR_LIB_X509, X509_R_WRONG_TYPE}, ++ #else ++ {"WRONG_TYPE", 11, 122}, ++ #endif ++ { NULL } ++}; ++ +diff --git a/Tools/ssl/make_ssl_data.py b/Tools/ssl/make_ssl_data.py +index 3fb49852f4..ca8ecfb260 100755 +--- a/Tools/ssl/make_ssl_data.py ++++ b/Tools/ssl/make_ssl_data.py +@@ -6,82 +6,129 @@ This script should be called *manually* when we want to upgrade SSLError + + It takes two arguments: + - the path to the OpenSSL source tree (e.g. git checkout) +-- the path to the C file to be generated +- (probably Modules/_ssl_data.h) ++- the path to the header file to be generated Modules/_ssl_data_{version}.h ++- error codes are version specific + """ + ++import argparse + import datetime ++import operator + import os + import re + import sys +-import _ssl + + +-def parse_error_codes(h_file, prefix, libcode): +- pat = re.compile(r"#define\W+(%s([\w]+))\W+(\d+)\b" % re.escape(prefix)) +- codes = [] +- with open(h_file, "r", encoding="latin1") as f: ++parser = argparse.ArgumentParser( ++ description="Generate ssl_data.h from OpenSSL sources" ++) ++parser.add_argument("srcdir", help="OpenSSL source directory") ++parser.add_argument( ++ "output", nargs="?", type=argparse.FileType("w"), default=sys.stdout ++) ++ ++ ++def _file_search(fname, pat): ++ with open(fname, encoding="utf-8") as f: + for line in f: + match = pat.search(line) +- if match: +- code, name, num = match.groups() +- num = int(num) +- # e.g. ("SSL_R_BAD_DATA", ("ERR_LIB_SSL", "BAD_DATA", 390)) +- codes.append((code, (libcode, name, num))) +- return codes ++ if match is not None: ++ yield match ++ ++ ++def parse_err_h(args): ++ """Parse err codes, e.g. ERR_LIB_X509: 11""" ++ pat = re.compile(r"#\s*define\W+ERR_LIB_(\w+)\s+(\d+)") ++ lib2errnum = {} ++ for match in _file_search(args.err_h, pat): ++ libname, num = match.groups() ++ lib2errnum[libname] = int(num) ++ ++ return lib2errnum ++ ++ ++def parse_openssl_error_text(args): ++ """Parse error reasons, X509_R_AKID_MISMATCH""" ++ # ignore backslash line continuation for now ++ pat = re.compile(r"^((\w+?)_R_(\w+)):(\d+):") ++ for match in _file_search(args.errtxt, pat): ++ reason, libname, errname, num = match.groups() ++ if "_F_" in reason: ++ # ignore function codes ++ continue ++ num = int(num) ++ yield reason, libname, errname, num ++ ++ ++def parse_extra_reasons(args): ++ """Parse extra reasons from openssl.ec""" ++ pat = re.compile(r"^R\s+((\w+)_R_(\w+))\s+(\d+)") ++ for match in _file_search(args.errcodes, pat): ++ reason, libname, errname, num = match.groups() ++ num = int(num) ++ yield reason, libname, errname, num ++ ++ ++def gen_library_codes(args): ++ """Generate table short libname to numeric code""" ++ yield "static struct py_ssl_library_code library_codes[] = {" ++ for libname in sorted(args.lib2errnum): ++ yield f"#ifdef ERR_LIB_{libname}" ++ yield f' {{"{libname}", ERR_LIB_{libname}}},' ++ yield "#endif" ++ yield " { NULL }" ++ yield "};" ++ yield "" ++ ++ ++def gen_error_codes(args): ++ """Generate error code table for error reasons""" ++ yield "static struct py_ssl_error_code error_codes[] = {" ++ for reason, libname, errname, num in args.reasons: ++ yield f" #ifdef {reason}" ++ yield f' {{"{errname}", ERR_LIB_{libname}, {reason}}},' ++ yield " #else" ++ yield f' {{"{errname}", {args.lib2errnum[libname]}, {num}}},' ++ yield " #endif" ++ ++ yield " { NULL }" ++ yield "};" ++ yield "" ++ ++ ++def main(): ++ args = parser.parse_args() ++ ++ args.err_h = os.path.join(args.srcdir, "include", "openssl", "err.h") ++ if not os.path.isfile(args.err_h): ++ # Fall back to infile for OpenSSL 3.0.0 ++ args.err_h += ".in" ++ args.errcodes = os.path.join(args.srcdir, "crypto", "err", "openssl.ec") ++ args.errtxt = os.path.join(args.srcdir, "crypto", "err", "openssl.txt") ++ ++ if not os.path.isfile(args.errtxt): ++ parser.error(f"File {args.errtxt} not found in srcdir\n.") ++ ++ # {X509: 11, ...} ++ args.lib2errnum = parse_err_h(args) ++ ++ # [('X509_R_AKID_MISMATCH', 'X509', 'AKID_MISMATCH', 110), ...] ++ reasons = [] ++ reasons.extend(parse_openssl_error_text(args)) ++ reasons.extend(parse_extra_reasons(args)) ++ # sort by libname, numeric error code ++ args.reasons = sorted(reasons, key=operator.itemgetter(0, 3)) ++ ++ lines = [ ++ "/* File generated by Tools/ssl/make_ssl_data.py */" ++ f"/* Generated on {datetime.datetime.utcnow().isoformat()} */" ++ ] ++ lines.extend(gen_library_codes(args)) ++ lines.append("") ++ lines.extend(gen_error_codes(args)) ++ ++ for line in lines: ++ args.output.write(line + "\n") ++ + + if __name__ == "__main__": +- openssl_inc = sys.argv[1] +- outfile = sys.argv[2] +- use_stdout = outfile == '-' +- f = sys.stdout if use_stdout else open(outfile, "w") +- error_libraries = { +- # mnemonic -> (library code, error prefix, header file) +- 'PEM': ('ERR_LIB_PEM', 'PEM_R_', 'crypto/pem/pem.h'), +- 'SSL': ('ERR_LIB_SSL', 'SSL_R_', 'ssl/ssl.h'), +- 'X509': ('ERR_LIB_X509', 'X509_R_', 'crypto/x509/x509.h'), +- } +- +- # Read codes from libraries +- new_codes = [] +- for libcode, prefix, h_file in sorted(error_libraries.values()): +- new_codes += parse_error_codes(os.path.join(openssl_inc, h_file), +- prefix, libcode) +- new_code_nums = set((libcode, num) +- for (code, (libcode, name, num)) in new_codes) +- +- # Merge with existing codes (in case some old codes disappeared). +- codes = {} +- for errname, (libnum, errnum) in _ssl.err_names_to_codes.items(): +- lib = error_libraries[_ssl.lib_codes_to_names[libnum]] +- libcode = lib[0] # e.g. ERR_LIB_PEM +- errcode = lib[1] + errname # e.g. SSL_R_BAD_SSL_SESSION_ID_LENGTH +- # Only keep it if the numeric codes weren't reused +- if (libcode, errnum) not in new_code_nums: +- codes[errcode] = libcode, errname, errnum +- codes.update(dict(new_codes)) +- +- def w(l): +- f.write(l + "\n") +- w("/* File generated by Tools/ssl/make_ssl_data.py */") +- w("/* Generated on %s */" % datetime.datetime.now().isoformat()) +- w("") +- +- w("static struct py_ssl_library_code library_codes[] = {") +- for mnemo, (libcode, _, _) in sorted(error_libraries.items()): +- w(' {"%s", %s},' % (mnemo, libcode)) +- w(' { NULL }') +- w('};') +- w("") +- +- w("static struct py_ssl_error_code error_codes[] = {") +- for errcode, (libcode, name, num) in sorted(codes.items()): +- w(' #ifdef %s' % (errcode)) +- w(' {"%s", %s, %s},' % (name, libcode, errcode)) +- w(' #else') +- w(' {"%s", %s, %d},' % (name, libcode, num)) +- w(' #endif') +- w(' { NULL }') +- w('};') +- if not use_stdout: +- f.close() ++ main() +diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py +index 2264c93310..c73e2b7842 100755 +--- a/Tools/ssl/multissltests.py ++++ b/Tools/ssl/multissltests.py +@@ -49,7 +49,8 @@ OPENSSL_OLD_VERSIONS = [ + OPENSSL_RECENT_VERSIONS = [ + "1.0.2p", + "1.1.0i", +- "1.1.1", ++ "1.1.1k", ++ "3.0.3", + ] + + LIBRESSL_OLD_VERSIONS = [ +diff --git a/setup.py b/setup.py +index 64d948d79c..4be70f88c1 100644 +--- a/setup.py ++++ b/setup.py +@@ -869,37 +869,17 @@ class PyBuildExt(build_ext): + include_dirs = ssl_incs, + library_dirs = ssl_libs, + libraries = ['ssl', 'crypto'], +- depends = ['socketmodule.h']), ) ++ depends = [ ++ 'socketmodule.h', ++ '_ssl_data.h', ++ '_ssl_data_111.h', ++ '_ssl_data_300.h', ++ ])) + else: + missing.append('_ssl') + +- # find out which version of OpenSSL we have +- openssl_ver = 0 +- openssl_ver_re = re.compile( +- r'^\s*#\s*define\s+OPENSSL_VERSION_NUMBER\s+(0x[0-9a-fA-F]+)' ) +- +- # look for the openssl version header on the compiler search path. +- opensslv_h = find_file('openssl/opensslv.h', [], +- inc_dirs + search_for_ssl_incs_in) +- if opensslv_h: +- name = os.path.join(opensslv_h[0], 'openssl/opensslv.h') +- if host_platform == 'darwin' and is_macosx_sdk_path(name): +- name = os.path.join(macosx_sdk_root(), name[1:]) +- try: +- with open(name, 'r') as incfile: +- for line in incfile: +- m = openssl_ver_re.match(line) +- if m: +- openssl_ver = int(m.group(1), 16) +- break +- except IOError as msg: +- print("IOError while reading opensshv.h:", msg) +- +- #print('openssl_ver = 0x%08x' % openssl_ver) +- min_openssl_ver = 0x00907000 + have_any_openssl = ssl_incs is not None and ssl_libs is not None +- have_usable_openssl = (have_any_openssl and +- openssl_ver >= min_openssl_ver) ++ have_usable_openssl = have_any_openssl + + if have_any_openssl: + if have_usable_openssl: diff --git a/python3.6.spec b/python3.6.spec index bcdaf51..d2aa1f9 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 28%{?dist} +Release: 29%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -275,7 +275,7 @@ BuildRequires: redhat-rpm-config >= 127 BuildRequires: sqlite-devel BuildRequires: gdb -BuildRequires: openssl1.1-devel +BuildRequires: openssl-devel BuildRequires: tar BuildRequires: tcl-devel @@ -498,6 +498,14 @@ Patch353: 00353-architecture-names-upstream-downstream.patch # - 8766cb74e186d3820db0a855ccd780d6d84461f7 Patch358: 00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch +# 00361 # b3dd949b7947b1b44b358e0c30d080e5b16ca8bc +# openssl-3-compatibility +# +# Backported from Python 3.8 +# +# Based on https://github.com/stratakis/cpython/tree/fedora-3.6_openssl3_compat +Patch361: 00361-openssl-3-compatibility.patch + # 00375 # 5488ab84d2447aa8df8b3502e76f151ac2488947 # Fix test_distance to enable build on i686 # @@ -1952,6 +1960,10 @@ CheckPython optimized # ====================================================== %changelog +* Mon Mar 11 2024 Charalampos Stratakis - 3.6.15-29 +- Support OpenSSL 3 +- Fixes: rhbz#2254550 + * Thu Mar 07 2024 Miro Hrončok - 3.6.15-28 - Fix build on riscv64 From c1a44dfbbd71ed7aa912ab75bbb357a2db277300 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 26 Mar 2024 11:06:33 +0100 Subject: [PATCH 34/66] Preserve OpenSSL 3 patch authors --- 00361-openssl-3-compatibility.patch | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/00361-openssl-3-compatibility.patch b/00361-openssl-3-compatibility.patch index 006d228..768d8f1 100644 --- a/00361-openssl-3-compatibility.patch +++ b/00361-openssl-3-compatibility.patch @@ -7,6 +7,10 @@ Subject: [PATCH] 00361: openssl-3-compatibility Backported from Python 3.8 Based on https://github.com/stratakis/cpython/tree/fedora-3.6_openssl3_compat + +Co-authored-by: Christian Heimes +Co-authored-by: Charalampos Stratakis +Co-authored-by: Victor Stinner --- Doc/library/hashlib.rst | 4 +- Doc/library/ssl.rst | 11 + From ce66491a8a0b993a492ba0b206429464e5e67e00 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 24 Apr 2024 22:11:14 +0200 Subject: [PATCH 35/66] Security fix for CVE-2024-0450 and CVE-2023-6597 --- 00426-cve-2023-6597.patch | 295 ++++++++++++++++ ...pextfile-tell-and-seek-cve-2024-0450.patch | 314 ++++++++++++++++++ python3.6.spec | 24 +- 3 files changed, 632 insertions(+), 1 deletion(-) create mode 100644 00426-cve-2023-6597.patch create mode 100644 00427-zipextfile-tell-and-seek-cve-2024-0450.patch diff --git a/00426-cve-2023-6597.patch b/00426-cve-2023-6597.patch new file mode 100644 index 0000000..4900012 --- /dev/null +++ b/00426-cve-2023-6597.patch @@ -0,0 +1,295 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Wed, 24 Apr 2024 00:19:23 +0200 +Subject: [PATCH] 00426: CVE-2023-6597 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Combines Two fixes for tempfile.TemporaryDirectory: +https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c +https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a + +Co-authored-by: Søren Løvborg +Co-authored-by: Serhiy Storchaka +--- + Lib/tempfile.py | 44 +++++++++- + Lib/test/test_tempfile.py | 166 +++++++++++++++++++++++++++++++++++--- + 2 files changed, 199 insertions(+), 11 deletions(-) + +diff --git a/Lib/tempfile.py b/Lib/tempfile.py +index 2cb5434ba7..8e401f548a 100644 +--- a/Lib/tempfile.py ++++ b/Lib/tempfile.py +@@ -276,6 +276,23 @@ def _mkstemp_inner(dir, pre, suf, flags, output_type): + "No usable temporary file name found") + + ++def _dont_follow_symlinks(func, path, *args): ++ # Pass follow_symlinks=False, unless not supported on this platform. ++ if func in _os.supports_follow_symlinks: ++ func(path, *args, follow_symlinks=False) ++ elif _os.name == 'nt' or not _os.path.islink(path): ++ func(path, *args) ++ ++ ++def _resetperms(path): ++ try: ++ chflags = _os.chflags ++ except AttributeError: ++ pass ++ else: ++ _dont_follow_symlinks(chflags, path, 0) ++ _dont_follow_symlinks(_os.chmod, path, 0o700) ++ + # User visible interfaces. + + def gettempprefix(): +@@ -794,9 +811,32 @@ class TemporaryDirectory(object): + self, self._cleanup, self.name, + warn_message="Implicitly cleaning up {!r}".format(self)) + ++ @classmethod ++ def _rmtree(cls, name): ++ def onerror(func, path, exc_info): ++ if issubclass(exc_info[0], PermissionError): ++ try: ++ if path != name: ++ _resetperms(_os.path.dirname(path)) ++ _resetperms(path) ++ ++ try: ++ _os.unlink(path) ++ # PermissionError is raised on FreeBSD for directories ++ except (IsADirectoryError, PermissionError): ++ cls._rmtree(path) ++ except FileNotFoundError: ++ pass ++ elif issubclass(exc_info[0], FileNotFoundError): ++ pass ++ else: ++ raise ++ ++ _shutil.rmtree(name, onerror=onerror) ++ + @classmethod + def _cleanup(cls, name, warn_message): +- _shutil.rmtree(name) ++ cls._rmtree(name) + _warnings.warn(warn_message, ResourceWarning) + + def __repr__(self): +@@ -810,4 +850,4 @@ class TemporaryDirectory(object): + + def cleanup(self): + if self._finalizer.detach(): +- _shutil.rmtree(self.name) ++ self._rmtree(self.name) +diff --git a/Lib/test/test_tempfile.py b/Lib/test/test_tempfile.py +index 710756bde6..c5560e12e7 100644 +--- a/Lib/test/test_tempfile.py ++++ b/Lib/test/test_tempfile.py +@@ -1298,19 +1298,25 @@ class NulledModules: + class TestTemporaryDirectory(BaseTestCase): + """Test TemporaryDirectory().""" + +- def do_create(self, dir=None, pre="", suf="", recurse=1): ++ def do_create(self, dir=None, pre="", suf="", recurse=1, dirs=1, files=1): + if dir is None: + dir = tempfile.gettempdir() + tmp = tempfile.TemporaryDirectory(dir=dir, prefix=pre, suffix=suf) + self.nameCheck(tmp.name, dir, pre, suf) +- # Create a subdirectory and some files +- if recurse: +- d1 = self.do_create(tmp.name, pre, suf, recurse-1) +- d1.name = None +- with open(os.path.join(tmp.name, "test.txt"), "wb") as f: +- f.write(b"Hello world!") ++ self.do_create2(tmp.name, recurse, dirs, files) + return tmp + ++ def do_create2(self, path, recurse=1, dirs=1, files=1): ++ # Create subdirectories and some files ++ if recurse: ++ for i in range(dirs): ++ name = os.path.join(path, "dir%d" % i) ++ os.mkdir(name) ++ self.do_create2(name, recurse-1, dirs, files) ++ for i in range(files): ++ with open(os.path.join(path, "test%d.txt" % i), "wb") as f: ++ f.write(b"Hello world!") ++ + def test_mkdtemp_failure(self): + # Check no additional exception if mkdtemp fails + # Previously would raise AttributeError instead +@@ -1350,11 +1356,108 @@ class TestTemporaryDirectory(BaseTestCase): + "TemporaryDirectory %s exists after cleanup" % d1.name) + self.assertTrue(os.path.exists(d2.name), + "Directory pointed to by a symlink was deleted") +- self.assertEqual(os.listdir(d2.name), ['test.txt'], ++ self.assertEqual(os.listdir(d2.name), ['test0.txt'], + "Contents of the directory pointed to by a symlink " + "were deleted") + d2.cleanup() + ++ @support.skip_unless_symlink ++ def test_cleanup_with_symlink_modes(self): ++ # cleanup() should not follow symlinks when fixing mode bits (#91133) ++ with self.do_create(recurse=0) as d2: ++ file1 = os.path.join(d2, 'file1') ++ open(file1, 'wb').close() ++ dir1 = os.path.join(d2, 'dir1') ++ os.mkdir(dir1) ++ for mode in range(8): ++ mode <<= 6 ++ with self.subTest(mode=format(mode, '03o')): ++ def test(target, target_is_directory): ++ d1 = self.do_create(recurse=0) ++ symlink = os.path.join(d1.name, 'symlink') ++ os.symlink(target, symlink, ++ target_is_directory=target_is_directory) ++ try: ++ os.chmod(symlink, mode, follow_symlinks=False) ++ except NotImplementedError: ++ pass ++ try: ++ os.chmod(symlink, mode) ++ except FileNotFoundError: ++ pass ++ os.chmod(d1.name, mode) ++ d1.cleanup() ++ self.assertFalse(os.path.exists(d1.name)) ++ ++ with self.subTest('nonexisting file'): ++ test('nonexisting', target_is_directory=False) ++ with self.subTest('nonexisting dir'): ++ test('nonexisting', target_is_directory=True) ++ ++ with self.subTest('existing file'): ++ os.chmod(file1, mode) ++ old_mode = os.stat(file1).st_mode ++ test(file1, target_is_directory=False) ++ new_mode = os.stat(file1).st_mode ++ self.assertEqual(new_mode, old_mode, ++ '%03o != %03o' % (new_mode, old_mode)) ++ ++ with self.subTest('existing dir'): ++ os.chmod(dir1, mode) ++ old_mode = os.stat(dir1).st_mode ++ test(dir1, target_is_directory=True) ++ new_mode = os.stat(dir1).st_mode ++ self.assertEqual(new_mode, old_mode, ++ '%03o != %03o' % (new_mode, old_mode)) ++ ++ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags') ++ @support.skip_unless_symlink ++ def test_cleanup_with_symlink_flags(self): ++ # cleanup() should not follow symlinks when fixing flags (#91133) ++ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK ++ self.check_flags(flags) ++ ++ with self.do_create(recurse=0) as d2: ++ file1 = os.path.join(d2, 'file1') ++ open(file1, 'wb').close() ++ dir1 = os.path.join(d2, 'dir1') ++ os.mkdir(dir1) ++ def test(target, target_is_directory): ++ d1 = self.do_create(recurse=0) ++ symlink = os.path.join(d1.name, 'symlink') ++ os.symlink(target, symlink, ++ target_is_directory=target_is_directory) ++ try: ++ os.chflags(symlink, flags, follow_symlinks=False) ++ except NotImplementedError: ++ pass ++ try: ++ os.chflags(symlink, flags) ++ except FileNotFoundError: ++ pass ++ os.chflags(d1.name, flags) ++ d1.cleanup() ++ self.assertFalse(os.path.exists(d1.name)) ++ ++ with self.subTest('nonexisting file'): ++ test('nonexisting', target_is_directory=False) ++ with self.subTest('nonexisting dir'): ++ test('nonexisting', target_is_directory=True) ++ ++ with self.subTest('existing file'): ++ os.chflags(file1, flags) ++ old_flags = os.stat(file1).st_flags ++ test(file1, target_is_directory=False) ++ new_flags = os.stat(file1).st_flags ++ self.assertEqual(new_flags, old_flags) ++ ++ with self.subTest('existing dir'): ++ os.chflags(dir1, flags) ++ old_flags = os.stat(dir1).st_flags ++ test(dir1, target_is_directory=True) ++ new_flags = os.stat(dir1).st_flags ++ self.assertEqual(new_flags, old_flags) ++ + @support.cpython_only + def test_del_on_collection(self): + # A TemporaryDirectory is deleted when garbage collected +@@ -1385,7 +1488,7 @@ class TestTemporaryDirectory(BaseTestCase): + + tmp2 = os.path.join(tmp.name, 'test_dir') + os.mkdir(tmp2) +- with open(os.path.join(tmp2, "test.txt"), "w") as f: ++ with open(os.path.join(tmp2, "test0.txt"), "w") as f: + f.write("Hello world!") + + {mod}.tmp = tmp +@@ -1453,6 +1556,51 @@ class TestTemporaryDirectory(BaseTestCase): + self.assertEqual(name, d.name) + self.assertFalse(os.path.exists(name)) + ++ def test_modes(self): ++ for mode in range(8): ++ mode <<= 6 ++ with self.subTest(mode=format(mode, '03o')): ++ d = self.do_create(recurse=3, dirs=2, files=2) ++ with d: ++ # Change files and directories mode recursively. ++ for root, dirs, files in os.walk(d.name, topdown=False): ++ for name in files: ++ os.chmod(os.path.join(root, name), mode) ++ os.chmod(root, mode) ++ d.cleanup() ++ self.assertFalse(os.path.exists(d.name)) ++ ++ def check_flags(self, flags): ++ # skip the test if these flags are not supported (ex: FreeBSD 13) ++ filename = support.TESTFN ++ try: ++ open(filename, "w").close() ++ try: ++ os.chflags(filename, flags) ++ except OSError as exc: ++ # "OSError: [Errno 45] Operation not supported" ++ self.skipTest(f"chflags() doesn't support flags " ++ f"{flags:#b}: {exc}") ++ else: ++ os.chflags(filename, 0) ++ finally: ++ support.unlink(filename) ++ ++ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.lchflags') ++ def test_flags(self): ++ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK ++ self.check_flags(flags) ++ ++ d = self.do_create(recurse=3, dirs=2, files=2) ++ with d: ++ # Change files and directories flags recursively. ++ for root, dirs, files in os.walk(d.name, topdown=False): ++ for name in files: ++ os.chflags(os.path.join(root, name), flags) ++ os.chflags(root, flags) ++ d.cleanup() ++ self.assertFalse(os.path.exists(d.name)) ++ + + if __name__ == "__main__": + unittest.main() diff --git a/00427-zipextfile-tell-and-seek-cve-2024-0450.patch b/00427-zipextfile-tell-and-seek-cve-2024-0450.patch new file mode 100644 index 0000000..2771a4a --- /dev/null +++ b/00427-zipextfile-tell-and-seek-cve-2024-0450.patch @@ -0,0 +1,314 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: John Jolly +Date: Tue, 30 Jan 2018 01:51:35 -0700 +Subject: [PATCH] 00427: ZipExtFile tell and seek, CVE-2024-0450 + +Backport of seek and tell methods for ZipExtFile makes it +possible to backport the fix for CVE-2024-0450. + +Combines: +https://github.com/python/cpython/commit/066df4fd454d6ff9be66e80b2a65995b10af174f +https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba +--- + Doc/library/zipfile.rst | 6 +- + Lib/test/test_zipfile.py | 94 +++++++++++++++++++ + Lib/zipfile.py | 94 +++++++++++++++++++ + .../2017-12-21-22-00-11.bpo-22908.cVm89I.rst | 2 + + ...-09-28-13-15-51.gh-issue-109858.43e2dg.rst | 3 + + 5 files changed, 196 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2017-12-21-22-00-11.bpo-22908.cVm89I.rst + create mode 100644 Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst + +diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst +index b65b61d8da..5c28ce52c2 100644 +--- a/Doc/library/zipfile.rst ++++ b/Doc/library/zipfile.rst +@@ -230,9 +230,9 @@ ZipFile Objects + With *mode* ``'r'`` the file-like object + (``ZipExtFile``) is read-only and provides the following methods: + :meth:`~io.BufferedIOBase.read`, :meth:`~io.IOBase.readline`, +- :meth:`~io.IOBase.readlines`, :meth:`__iter__`, +- :meth:`~iterator.__next__`. These objects can operate independently of +- the ZipFile. ++ :meth:`~io.IOBase.readlines`, :meth:`~io.IOBase.seek`, ++ :meth:`~io.IOBase.tell`, :meth:`__iter__`, :meth:`~iterator.__next__`. ++ These objects can operate independently of the ZipFile. + + With ``mode='w'``, a writable file handle is returned, which supports the + :meth:`~io.BufferedIOBase.write` method. While a writable file handle is open, +diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py +index e62b82e1d3..03799090b9 100644 +--- a/Lib/test/test_zipfile.py ++++ b/Lib/test/test_zipfile.py +@@ -1610,6 +1610,100 @@ class OtherTests(unittest.TestCase): + self.assertEqual(zipf.read('baz'), msg3) + self.assertEqual(zipf.namelist(), ['foo', 'bar', 'baz']) + ++ def test_seek_tell(self): ++ # Test seek functionality ++ txt = b"Where's Bruce?" ++ bloc = txt.find(b"Bruce") ++ # Check seek on a file ++ with zipfile.ZipFile(TESTFN, "w") as zipf: ++ zipf.writestr("foo.txt", txt) ++ with zipfile.ZipFile(TESTFN, "r") as zipf: ++ with zipf.open("foo.txt", "r") as fp: ++ fp.seek(bloc, os.SEEK_SET) ++ self.assertEqual(fp.tell(), bloc) ++ fp.seek(-bloc, os.SEEK_CUR) ++ self.assertEqual(fp.tell(), 0) ++ fp.seek(bloc, os.SEEK_CUR) ++ self.assertEqual(fp.tell(), bloc) ++ self.assertEqual(fp.read(5), txt[bloc:bloc+5]) ++ fp.seek(0, os.SEEK_END) ++ self.assertEqual(fp.tell(), len(txt)) ++ # Check seek on memory file ++ data = io.BytesIO() ++ with zipfile.ZipFile(data, mode="w") as zipf: ++ zipf.writestr("foo.txt", txt) ++ with zipfile.ZipFile(data, mode="r") as zipf: ++ with zipf.open("foo.txt", "r") as fp: ++ fp.seek(bloc, os.SEEK_SET) ++ self.assertEqual(fp.tell(), bloc) ++ fp.seek(-bloc, os.SEEK_CUR) ++ self.assertEqual(fp.tell(), 0) ++ fp.seek(bloc, os.SEEK_CUR) ++ self.assertEqual(fp.tell(), bloc) ++ self.assertEqual(fp.read(5), txt[bloc:bloc+5]) ++ fp.seek(0, os.SEEK_END) ++ self.assertEqual(fp.tell(), len(txt)) ++ ++ @requires_zlib ++ def test_full_overlap(self): ++ data = ( ++ b'PK\x03\x04\x14\x00\x00\x00\x08\x00\xa0lH\x05\xe2\x1e' ++ b'8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00\x00\x00a\xed' ++ b'\xc0\x81\x08\x00\x00\x00\xc00\xd6\xfbK\\d\x0b`P' ++ b'K\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0lH\x05\xe2' ++ b'\x1e8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00\x00\x00\x00' ++ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00aPK' ++ b'\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0lH\x05\xe2\x1e' ++ b'8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00\x00\x00\x00\x00' ++ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00bPK\x05' ++ b'\x06\x00\x00\x00\x00\x02\x00\x02\x00^\x00\x00\x00/\x00\x00' ++ b'\x00\x00\x00' ++ ) ++ with zipfile.ZipFile(io.BytesIO(data), 'r') as zipf: ++ self.assertEqual(zipf.namelist(), ['a', 'b']) ++ zi = zipf.getinfo('a') ++ self.assertEqual(zi.header_offset, 0) ++ self.assertEqual(zi.compress_size, 16) ++ self.assertEqual(zi.file_size, 1033) ++ zi = zipf.getinfo('b') ++ self.assertEqual(zi.header_offset, 0) ++ self.assertEqual(zi.compress_size, 16) ++ self.assertEqual(zi.file_size, 1033) ++ self.assertEqual(len(zipf.read('a')), 1033) ++ with self.assertRaisesRegex(zipfile.BadZipFile, 'File name.*differ'): ++ zipf.read('b') ++ ++ @requires_zlib ++ def test_quoted_overlap(self): ++ data = ( ++ b'PK\x03\x04\x14\x00\x00\x00\x08\x00\xa0lH\x05Y\xfc' ++ b'8\x044\x00\x00\x00(\x04\x00\x00\x01\x00\x00\x00a\x00' ++ b'\x1f\x00\xe0\xffPK\x03\x04\x14\x00\x00\x00\x08\x00\xa0l' ++ b'H\x05\xe2\x1e8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00' ++ b'\x00\x00b\xed\xc0\x81\x08\x00\x00\x00\xc00\xd6\xfbK\\' ++ b'd\x0b`PK\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0' ++ b'lH\x05Y\xfc8\x044\x00\x00\x00(\x04\x00\x00\x01' ++ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ++ b'\x00aPK\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0l' ++ b'H\x05\xe2\x1e8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00' ++ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x00\x00' ++ b'bPK\x05\x06\x00\x00\x00\x00\x02\x00\x02\x00^\x00\x00' ++ b'\x00S\x00\x00\x00\x00\x00' ++ ) ++ with zipfile.ZipFile(io.BytesIO(data), 'r') as zipf: ++ self.assertEqual(zipf.namelist(), ['a', 'b']) ++ zi = zipf.getinfo('a') ++ self.assertEqual(zi.header_offset, 0) ++ self.assertEqual(zi.compress_size, 52) ++ self.assertEqual(zi.file_size, 1064) ++ zi = zipf.getinfo('b') ++ self.assertEqual(zi.header_offset, 36) ++ self.assertEqual(zi.compress_size, 16) ++ self.assertEqual(zi.file_size, 1033) ++ with self.assertRaisesRegex(zipfile.BadZipFile, 'Overlapped entries'): ++ zipf.read('a') ++ self.assertEqual(len(zipf.read('b')), 1033) ++ + def tearDown(self): + unlink(TESTFN) + unlink(TESTFN2) +diff --git a/Lib/zipfile.py b/Lib/zipfile.py +index edde0c5fd4..e6d7676079 100644 +--- a/Lib/zipfile.py ++++ b/Lib/zipfile.py +@@ -338,6 +338,7 @@ class ZipInfo (object): + 'compress_size', + 'file_size', + '_raw_time', ++ '_end_offset', + ) + + def __init__(self, filename="NoName", date_time=(1980,1,1,0,0,0)): +@@ -376,6 +377,7 @@ class ZipInfo (object): + self.volume = 0 # Volume number of file header + self.internal_attr = 0 # Internal attributes + self.external_attr = 0 # External file attributes ++ self._end_offset = None # Start of the next local header or central directory + # Other attributes are set by class ZipFile: + # header_offset Byte offset to the file header + # CRC CRC-32 of the uncompressed file +@@ -718,6 +720,18 @@ class _SharedFile: + self._close = close + self._lock = lock + self._writing = writing ++ self.seekable = file.seekable ++ self.tell = file.tell ++ ++ def seek(self, offset, whence=0): ++ with self._lock: ++ if self.writing(): ++ raise ValueError("Can't reposition in the ZIP file while " ++ "there is an open writing handle on it. " ++ "Close the writing handle before trying to read.") ++ self._file.seek(self._pos) ++ self._pos = self._file.tell() ++ return self._pos + + def read(self, n=-1): + with self._lock: +@@ -768,6 +782,9 @@ class ZipExtFile(io.BufferedIOBase): + # Read from compressed files in 4k blocks. + MIN_READ_SIZE = 4096 + ++ # Chunk size to read during seek ++ MAX_SEEK_READ = 1 << 24 ++ + def __init__(self, fileobj, mode, zipinfo, decrypter=None, + close_fileobj=False): + self._fileobj = fileobj +@@ -800,6 +817,17 @@ class ZipExtFile(io.BufferedIOBase): + else: + self._expected_crc = None + ++ self._seekable = False ++ try: ++ if fileobj.seekable(): ++ self._orig_compress_start = fileobj.tell() ++ self._orig_compress_size = zipinfo.compress_size ++ self._orig_file_size = zipinfo.file_size ++ self._orig_start_crc = self._running_crc ++ self._seekable = True ++ except AttributeError: ++ pass ++ + def __repr__(self): + result = ['<%s.%s' % (self.__class__.__module__, + self.__class__.__qualname__)] +@@ -985,6 +1013,62 @@ class ZipExtFile(io.BufferedIOBase): + finally: + super().close() + ++ def seekable(self): ++ return self._seekable ++ ++ def seek(self, offset, whence=0): ++ if not self._seekable: ++ raise io.UnsupportedOperation("underlying stream is not seekable") ++ curr_pos = self.tell() ++ if whence == 0: # Seek from start of file ++ new_pos = offset ++ elif whence == 1: # Seek from current position ++ new_pos = curr_pos + offset ++ elif whence == 2: # Seek from EOF ++ new_pos = self._orig_file_size + offset ++ else: ++ raise ValueError("whence must be os.SEEK_SET (0), " ++ "os.SEEK_CUR (1), or os.SEEK_END (2)") ++ ++ if new_pos > self._orig_file_size: ++ new_pos = self._orig_file_size ++ ++ if new_pos < 0: ++ new_pos = 0 ++ ++ read_offset = new_pos - curr_pos ++ buff_offset = read_offset + self._offset ++ ++ if buff_offset >= 0 and buff_offset < len(self._readbuffer): ++ # Just move the _offset index if the new position is in the _readbuffer ++ self._offset = buff_offset ++ read_offset = 0 ++ elif read_offset < 0: ++ # Position is before the current position. Reset the ZipExtFile ++ ++ self._fileobj.seek(self._orig_compress_start) ++ self._running_crc = self._orig_start_crc ++ self._compress_left = self._orig_compress_size ++ self._left = self._orig_file_size ++ self._readbuffer = b'' ++ self._offset = 0 ++ self._decompressor = zipfile._get_decompressor(self._compress_type) ++ self._eof = False ++ read_offset = new_pos ++ ++ while read_offset > 0: ++ read_len = min(self.MAX_SEEK_READ, read_offset) ++ self.read(read_len) ++ read_offset -= read_len ++ ++ return self.tell() ++ ++ def tell(self): ++ if not self._seekable: ++ raise io.UnsupportedOperation("underlying stream is not seekable") ++ filepos = self._orig_file_size - self._left - len(self._readbuffer) + self._offset ++ return filepos ++ + + class _ZipWriteFile(io.BufferedIOBase): + def __init__(self, zf, zinfo, zip64): +@@ -1264,6 +1348,12 @@ class ZipFile: + if self.debug > 2: + print("total", total) + ++ end_offset = self.start_dir ++ for zinfo in sorted(self.filelist, ++ key=lambda zinfo: zinfo.header_offset, ++ reverse=True): ++ zinfo._end_offset = end_offset ++ end_offset = zinfo.header_offset + + def namelist(self): + """Return a list of file names in the archive.""" +@@ -1418,6 +1508,10 @@ class ZipFile: + 'File name in directory %r and header %r differ.' + % (zinfo.orig_filename, fname)) + ++ if (zinfo._end_offset is not None and ++ zef_file.tell() + zinfo.compress_size > zinfo._end_offset): ++ raise BadZipFile(f"Overlapped entries: {zinfo.orig_filename!r} (possible zip bomb)") ++ + # check for encrypted flag & handle password + is_encrypted = zinfo.flag_bits & 0x1 + zd = None +diff --git a/Misc/NEWS.d/next/Library/2017-12-21-22-00-11.bpo-22908.cVm89I.rst b/Misc/NEWS.d/next/Library/2017-12-21-22-00-11.bpo-22908.cVm89I.rst +new file mode 100644 +index 0000000000..4f3cc01660 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2017-12-21-22-00-11.bpo-22908.cVm89I.rst +@@ -0,0 +1,2 @@ ++Added seek and tell to the ZipExtFile class. This only works if the file ++object used to open the zipfile is seekable. +diff --git a/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst b/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst +new file mode 100644 +index 0000000000..be279caffc +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst +@@ -0,0 +1,3 @@ ++Protect :mod:`zipfile` from "quoted-overlap" zipbomb. It now raises ++BadZipFile when try to read an entry that overlaps with other entry or ++central directory. diff --git a/python3.6.spec b/python3.6.spec index d2aa1f9..27f0603 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 29%{?dist} +Release: 30%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -697,6 +697,25 @@ Patch422: 00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch # bpo-33377: Add triplets for mips-r6 and riscv Patch423: 00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch +# 00426 # 05ddec93394a09199c3bbb2d71a4a2566fd50332 +# CVE-2023-6597 +# +# Combines Two fixes for tempfile.TemporaryDirectory: +# https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c +# https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a +Patch426: 00426-cve-2023-6597.patch + +# 00427 # 37c3b42b8931ed4eca0272bf53086eb28ca8544e +# ZipExtFile tell and seek, CVE-2024-0450 +# +# Backport of seek and tell methods for ZipExtFile makes it +# possible to backport the fix for CVE-2024-0450. +# +# Combines: +# https://github.com/python/cpython/commit/066df4fd454d6ff9be66e80b2a65995b10af174f +# https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba +Patch427: 00427-zipextfile-tell-and-seek-cve-2024-0450.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1960,6 +1979,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Apr 24 2024 Lumír Balhar - 3.6.15-30 +- Security fix for CVE-2024-0450 and CVE-2023-6597 + * Mon Mar 11 2024 Charalampos Stratakis - 3.6.15-29 - Support OpenSSL 3 - Fixes: rhbz#2254550 From 71a50aaed7a9c9a0cace464e38fa86547f3f5c32 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Tue, 2 Jul 2024 19:46:28 +0200 Subject: [PATCH 36/66] Security fix for CVE-2024-4032 (rhbz#2293394) --- 00431-cve-2024-4032.patch | 356 ++++++++++++++++++++++++++++++++++++++ python3.6.spec | 13 +- 2 files changed, 368 insertions(+), 1 deletion(-) create mode 100644 00431-cve-2024-4032.patch diff --git a/00431-cve-2024-4032.patch b/00431-cve-2024-4032.patch new file mode 100644 index 0000000..52cf4ec --- /dev/null +++ b/00431-cve-2024-4032.patch @@ -0,0 +1,356 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Tue, 7 May 2024 11:58:20 +0200 +Subject: [PATCH] 00431: CVE-2024-4032: incorrect IPv4 and IPv6 private ranges + +Upstream issue: https://github.com/python/cpython/issues/113171 + +Backported from 3.8. +--- + Doc/library/ipaddress.rst | 43 ++++++++- + Doc/tools/susp-ignored.csv | 8 ++ + Lib/ipaddress.py | 95 +++++++++++++++---- + Lib/test/test_ipaddress.py | 52 ++++++++++ + ...-03-14-01-38-44.gh-issue-113171.VFnObz.rst | 9 ++ + 5 files changed, 186 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst + +diff --git a/Doc/library/ipaddress.rst b/Doc/library/ipaddress.rst +index 4ce1ed1ced..18613babc9 100644 +--- a/Doc/library/ipaddress.rst ++++ b/Doc/library/ipaddress.rst +@@ -166,18 +166,53 @@ write code that handles both IP versions correctly. Address objects are + + .. attribute:: is_private + +- ``True`` if the address is allocated for private networks. See ++ ``True`` if the address is defined as not globally reachable by + iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ +- (for IPv6). ++ (for IPv6) with the following exceptions: ++ ++ * ``is_private`` is ``False`` for the shared address space (``100.64.0.0/10``) ++ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_private == address.ipv4_mapped.is_private ++ ++ ``is_private`` has value opposite to :attr:`is_global`, except for the shared address space ++ (``100.64.0.0/10`` range) where they are both ``False``. ++ ++ .. versionchanged:: 3.8.20 ++ ++ Fixed some false positives and false negatives. ++ ++ * ``192.0.0.0/24`` is considered private with the exception of ``192.0.0.9/32`` and ++ ``192.0.0.10/32`` (previously: only the ``192.0.0.0/29`` sub-range was considered private). ++ * ``64:ff9b:1::/48`` is considered private. ++ * ``2002::/16`` is considered private. ++ * There are exceptions within ``2001::/23`` (otherwise considered private): ``2001:1::1/128``, ++ ``2001:1::2/128``, ``2001:3::/32``, ``2001:4:112::/48``, ``2001:20::/28``, ``2001:30::/28``. ++ The exceptions are not considered private. + + .. attribute:: is_global + +- ``True`` if the address is allocated for public networks. See ++ ``True`` if the address is defined as globally reachable by + iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ +- (for IPv6). ++ (for IPv6) with the following exception: ++ ++ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_global == address.ipv4_mapped.is_global ++ ++ ``is_global`` has value opposite to :attr:`is_private`, except for the shared address space ++ (``100.64.0.0/10`` range) where they are both ``False``. + + .. versionadded:: 3.4 + ++ .. versionchanged:: 3.8.20 ++ ++ Fixed some false positives and false negatives, see :attr:`is_private` for details. ++ + .. attribute:: is_unspecified + + ``True`` if the address is unspecified. See :RFC:`5735` (for IPv4) +diff --git a/Doc/tools/susp-ignored.csv b/Doc/tools/susp-ignored.csv +index ed434ce77d..6bc0741b12 100644 +--- a/Doc/tools/susp-ignored.csv ++++ b/Doc/tools/susp-ignored.csv +@@ -160,6 +160,14 @@ library/ipaddress,,:db00,2001:db00::0/24 + library/ipaddress,,::,2001:db00::0/24 + library/ipaddress,,:db00,2001:db00::0/ffff:ff00:: + library/ipaddress,,::,2001:db00::0/ffff:ff00:: ++library/ipaddress,,:ff9b,64:ff9b:1::/48 ++library/ipaddress,,::,64:ff9b:1::/48 ++library/ipaddress,,::,2001:: ++library/ipaddress,,::,2001:1:: ++library/ipaddress,,::,2001:3:: ++library/ipaddress,,::,2001:4:112:: ++library/ipaddress,,::,2001:20:: ++library/ipaddress,,::,2001:30:: + library/itertools,,:step,elements from seq[start:stop:step] + library/itertools,,:stop,elements from seq[start:stop:step] + library/logging.handlers,,:port,host:port +diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py +index 98492136ca..55d4d62d70 100644 +--- a/Lib/ipaddress.py ++++ b/Lib/ipaddress.py +@@ -1302,18 +1302,41 @@ class IPv4Address(_BaseV4, _BaseAddress): + @property + @functools.lru_cache() + def is_private(self): +- """Test if this address is allocated for private networks. ++ """``True`` if the address is defined as not globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exceptions: + +- Returns: +- A boolean, True if the address is reserved per +- iana-ipv4-special-registry. ++ * ``is_private`` is ``False`` for ``100.64.0.0/10`` ++ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: + ++ address.is_private == address.ipv4_mapped.is_private ++ ++ ``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. + """ +- return any(self in net for net in self._constants._private_networks) ++ return ( ++ any(self in net for net in self._constants._private_networks) ++ and all(self not in net for net in self._constants._private_networks_exceptions) ++ ) + + @property + @functools.lru_cache() + def is_global(self): ++ """``True`` if the address is defined as globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exception: ++ ++ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_global == address.ipv4_mapped.is_global ++ ++ ``is_global`` has value opposite to :attr:`is_private`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. ++ """ + return self not in self._constants._public_network and not self.is_private + + @property +@@ -1548,13 +1571,15 @@ class _IPv4Constants: + + _public_network = IPv4Network('100.64.0.0/10') + ++ # Not globally reachable address blocks listed on ++ # https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml + _private_networks = [ + IPv4Network('0.0.0.0/8'), + IPv4Network('10.0.0.0/8'), + IPv4Network('127.0.0.0/8'), + IPv4Network('169.254.0.0/16'), + IPv4Network('172.16.0.0/12'), +- IPv4Network('192.0.0.0/29'), ++ IPv4Network('192.0.0.0/24'), + IPv4Network('192.0.0.170/31'), + IPv4Network('192.0.2.0/24'), + IPv4Network('192.168.0.0/16'), +@@ -1565,6 +1590,11 @@ class _IPv4Constants: + IPv4Network('255.255.255.255/32'), + ] + ++ _private_networks_exceptions = [ ++ IPv4Network('192.0.0.9/32'), ++ IPv4Network('192.0.0.10/32'), ++ ] ++ + _reserved_network = IPv4Network('240.0.0.0/4') + + _unspecified_address = IPv4Address('0.0.0.0') +@@ -1953,23 +1983,42 @@ class IPv6Address(_BaseV6, _BaseAddress): + @property + @functools.lru_cache() + def is_private(self): +- """Test if this address is allocated for private networks. ++ """``True`` if the address is defined as not globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exceptions: + +- Returns: +- A boolean, True if the address is reserved per +- iana-ipv6-special-registry. ++ * ``is_private`` is ``False`` for ``100.64.0.0/10`` ++ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: + ++ address.is_private == address.ipv4_mapped.is_private ++ ++ ``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. + """ +- return any(self in net for net in self._constants._private_networks) ++ ipv4_mapped = self.ipv4_mapped ++ if ipv4_mapped is not None: ++ return ipv4_mapped.is_private ++ return ( ++ any(self in net for net in self._constants._private_networks) ++ and all(self not in net for net in self._constants._private_networks_exceptions) ++ ) + + @property + def is_global(self): +- """Test if this address is allocated for public networks. ++ """``True`` if the address is defined as globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exception: + +- Returns: +- A boolean, true if the address is not reserved per +- iana-ipv6-special-registry. ++ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: + ++ address.is_global == address.ipv4_mapped.is_global ++ ++ ``is_global`` has value opposite to :attr:`is_private`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. + """ + return not self.is_private + +@@ -2236,19 +2285,31 @@ class _IPv6Constants: + + _multicast_network = IPv6Network('ff00::/8') + ++ # Not globally reachable address blocks listed on ++ # https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml + _private_networks = [ + IPv6Network('::1/128'), + IPv6Network('::/128'), + IPv6Network('::ffff:0:0/96'), ++ IPv6Network('64:ff9b:1::/48'), + IPv6Network('100::/64'), + IPv6Network('2001::/23'), +- IPv6Network('2001:2::/48'), + IPv6Network('2001:db8::/32'), +- IPv6Network('2001:10::/28'), ++ # IANA says N/A, let's consider it not globally reachable to be safe ++ IPv6Network('2002::/16'), + IPv6Network('fc00::/7'), + IPv6Network('fe80::/10'), + ] + ++ _private_networks_exceptions = [ ++ IPv6Network('2001:1::1/128'), ++ IPv6Network('2001:1::2/128'), ++ IPv6Network('2001:3::/32'), ++ IPv6Network('2001:4:112::/48'), ++ IPv6Network('2001:20::/28'), ++ IPv6Network('2001:30::/28'), ++ ] ++ + _reserved_networks = [ + IPv6Network('::/8'), IPv6Network('100::/8'), + IPv6Network('200::/7'), IPv6Network('400::/6'), +diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py +index 7de444af4a..716846b2ae 100644 +--- a/Lib/test/test_ipaddress.py ++++ b/Lib/test/test_ipaddress.py +@@ -1665,6 +1665,10 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(True, ipaddress.ip_address( + '172.31.255.255').is_private) + self.assertEqual(False, ipaddress.ip_address('172.32.0.0').is_private) ++ self.assertFalse(ipaddress.ip_address('192.0.0.0').is_global) ++ self.assertTrue(ipaddress.ip_address('192.0.0.9').is_global) ++ self.assertTrue(ipaddress.ip_address('192.0.0.10').is_global) ++ self.assertFalse(ipaddress.ip_address('192.0.0.255').is_global) + + self.assertEqual(True, + ipaddress.ip_address('169.254.100.200').is_link_local) +@@ -1680,6 +1684,40 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(False, ipaddress.ip_address('128.0.0.0').is_loopback) + self.assertEqual(True, ipaddress.ip_network('0.0.0.0').is_unspecified) + ++ def testPrivateNetworks(self): ++ self.assertEqual(True, ipaddress.ip_network("0.0.0.0/0").is_private) ++ self.assertEqual(False, ipaddress.ip_network("1.0.0.0/8").is_private) ++ ++ self.assertEqual(True, ipaddress.ip_network("0.0.0.0/8").is_private) ++ self.assertEqual(True, ipaddress.ip_network("10.0.0.0/8").is_private) ++ self.assertEqual(True, ipaddress.ip_network("127.0.0.0/8").is_private) ++ self.assertEqual(True, ipaddress.ip_network("169.254.0.0/16").is_private) ++ self.assertEqual(True, ipaddress.ip_network("172.16.0.0/12").is_private) ++ self.assertEqual(True, ipaddress.ip_network("192.0.0.0/29").is_private) ++ self.assertEqual(False, ipaddress.ip_network("192.0.0.9/32").is_private) ++ self.assertEqual(True, ipaddress.ip_network("192.0.0.170/31").is_private) ++ self.assertEqual(True, ipaddress.ip_network("192.0.2.0/24").is_private) ++ self.assertEqual(True, ipaddress.ip_network("192.168.0.0/16").is_private) ++ self.assertEqual(True, ipaddress.ip_network("198.18.0.0/15").is_private) ++ self.assertEqual(True, ipaddress.ip_network("198.51.100.0/24").is_private) ++ self.assertEqual(True, ipaddress.ip_network("203.0.113.0/24").is_private) ++ self.assertEqual(True, ipaddress.ip_network("240.0.0.0/4").is_private) ++ self.assertEqual(True, ipaddress.ip_network("255.255.255.255/32").is_private) ++ ++ self.assertEqual(False, ipaddress.ip_network("::/0").is_private) ++ self.assertEqual(False, ipaddress.ip_network("::ff/128").is_private) ++ ++ self.assertEqual(True, ipaddress.ip_network("::1/128").is_private) ++ self.assertEqual(True, ipaddress.ip_network("::/128").is_private) ++ self.assertEqual(True, ipaddress.ip_network("::ffff:0:0/96").is_private) ++ self.assertEqual(True, ipaddress.ip_network("100::/64").is_private) ++ self.assertEqual(True, ipaddress.ip_network("2001:2::/48").is_private) ++ self.assertEqual(False, ipaddress.ip_network("2001:3::/48").is_private) ++ self.assertEqual(True, ipaddress.ip_network("2001:db8::/32").is_private) ++ self.assertEqual(True, ipaddress.ip_network("2001:10::/28").is_private) ++ self.assertEqual(True, ipaddress.ip_network("fc00::/7").is_private) ++ self.assertEqual(True, ipaddress.ip_network("fe80::/10").is_private) ++ + def testReservedIpv6(self): + + self.assertEqual(True, ipaddress.ip_network('ffff::').is_multicast) +@@ -1753,6 +1791,20 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(True, ipaddress.ip_address('0::0').is_unspecified) + self.assertEqual(False, ipaddress.ip_address('::1').is_unspecified) + ++ self.assertFalse(ipaddress.ip_address('64:ff9b:1::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:1::1').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:1::2').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:2::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:3::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:4::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:4:112::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:10::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:20::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:30::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:40::').is_global) ++ self.assertFalse(ipaddress.ip_address('2002::').is_global) ++ + # some generic IETF reserved addresses + self.assertEqual(True, ipaddress.ip_address('100::').is_reserved) + self.assertEqual(True, ipaddress.ip_network('4000::1/128').is_reserved) +diff --git a/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst b/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst +new file mode 100644 +index 0000000000..f9a72473be +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst +@@ -0,0 +1,9 @@ ++Fixed various false positives and false negatives in ++ ++* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) ++* :attr:`ipaddress.IPv4Address.is_global` ++* :attr:`ipaddress.IPv6Address.is_private` ++* :attr:`ipaddress.IPv6Address.is_global` ++ ++Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` ++attributes. diff --git a/python3.6.spec b/python3.6.spec index 27f0603..d00d220 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 30%{?dist} +Release: 31%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -716,6 +716,14 @@ Patch426: 00426-cve-2023-6597.patch # https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba Patch427: 00427-zipextfile-tell-and-seek-cve-2024-0450.patch +# 00431 # ee1b513c52ab7663f7d58b07a1df123ea551e7c4 +# CVE-2024-4032: incorrect IPv4 and IPv6 private ranges +# +# Upstream issue: https://github.com/python/cpython/issues/113171 +# +# Backported from 3.8. +Patch431: 00431-cve-2024-4032.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1979,6 +1987,9 @@ CheckPython optimized # ====================================================== %changelog +* Tue Jul 02 2024 Lumír Balhar - 3.6.15-31 +- Security fix for CVE-2024-4032 (rhbz#2293394) + * Wed Apr 24 2024 Lumír Balhar - 3.6.15-30 - Security fix for CVE-2024-0450 and CVE-2023-6597 From 4d20b0aadfd82c306eaac27c69c9186f96ed7944 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jul 2024 17:27:04 +0000 Subject: [PATCH 37/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index d00d220..ef8ed85 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 31%{?dist} +Release: 32%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -1987,6 +1987,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jul 19 2024 Fedora Release Engineering - 3.6.15-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Tue Jul 02 2024 Lumír Balhar - 3.6.15-31 - Security fix for CVE-2024-4032 (rhbz#2293394) From c25545104d5c30f973488656abda298d653d680e Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Tue, 23 Jul 2024 13:16:32 +0200 Subject: [PATCH 38/66] Require systemtap-sdt-devel for sys/sdt.h --- python3.6.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index ef8ed85..4d348bd 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 32%{?dist} +Release: 33%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -289,6 +289,7 @@ BuildRequires: valgrind-devel BuildRequires: xz-devel BuildRequires: zlib-devel +BuildRequires: systemtap-sdt-devel BuildRequires: /usr/bin/dtrace # workaround http://bugs.python.org/issue19804 (test_uuid requires ifconfig) @@ -1987,6 +1988,9 @@ CheckPython optimized # ====================================================== %changelog +* Tue Jul 23 2024 Lumír Balhar - 3.6.15-33 +- Require systemtap-sdt-devel for sys/sdt.h + * Fri Jul 19 2024 Fedora Release Engineering - 3.6.15-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From fd37853159fabb13e89055b53dc51a73ebb7b1de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 1 Aug 2024 18:49:51 +0200 Subject: [PATCH 39/66] Separate patches for wheel from other sources, apply them only --without rpmwheels --- python3.6.spec | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index 4d348bd..007f80d 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -320,8 +320,10 @@ Source10: idle3.desktop # AppData file for idle3 Source11: idle3.appdata.xml +# Patches for bundled wheels + # Patch for the bundled pip wheel for CVE-2007-4559 -Source12: pip-CVE-2007-4559.patch +Source101: pip-CVE-2007-4559.patch # (Patches taken from github.com/fedora-python/cpython) @@ -1068,17 +1070,17 @@ or older Fedora releases. %if %{with rpmwheels} %autopatch 189 rm Lib/ensurepip/_bundled/*.whl +%else +# Patch the bundled pip wheel for CVE-2007-4559 +unzip -qq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl +patch -p1 < %{SOURCE101} +zip -rq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl pip pip-%{pip_version}.dist-info +rm -rf pip/ pip-%{pip_version}.dist-info/ %endif # Apply the remaining patches %autopatch -m 190 -# Patch the bundled pip wheel for CVE-2007-4559 -unzip -qq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl -patch -p1 < %{SOURCE12} -zip -rq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl pip pip-%{pip_version}.dist-info -rm -rf pip/ pip-%{pip_version}.dist-info/ - # Remove bundled libraries to ensure that we're using the system copy. rm -r Modules/expat rm -r Modules/zlib From 9ee03a1d19efd387b72cc6196be8e3bb1449658d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 1 Aug 2024 18:59:48 +0200 Subject: [PATCH 40/66] Security fix for CVE-2024-6345 (in bundled setuptools wheel) --- python3.6.spec | 18 +++++++- setuptools-CVE-2024-6345.patch | 83 ++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+), 1 deletion(-) create mode 100644 setuptools-CVE-2024-6345.patch diff --git a/python3.6.spec b/python3.6.spec index 007f80d..3e25a26 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 33%{?dist} +Release: 34%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -325,6 +325,13 @@ Source11: idle3.appdata.xml # Patch for the bundled pip wheel for CVE-2007-4559 Source101: pip-CVE-2007-4559.patch +# Patch for the bundled setuptools wheel for CVE-2024-6345 +# Remote code execution via download functions in the package_index module +# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2297771 +# Upstream solution: https://github.com/pypa/setuptools/pull/4332 +# Patch simplified because upstream doesn't support SVN anymore. +Source102: setuptools-CVE-2024-6345.patch + # (Patches taken from github.com/fedora-python/cpython) # 00001 # d06a8853cf4bae9e115f45e1d531d2dc152c5cc8 @@ -1076,6 +1083,12 @@ unzip -qq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl patch -p1 < %{SOURCE101} zip -rq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl pip pip-%{pip_version}.dist-info rm -rf pip/ pip-%{pip_version}.dist-info/ + +# Patch the bundled setuptools wheel for CVE-2024-6345 +unzip -qq Lib/ensurepip/_bundled/setuptools-%{setuptools_version}-py2.py3-none-any.whl +patch -p1 < %{SOURCE102} +zip -rq Lib/ensurepip/_bundled/setuptools-%{setuptools_version}-py2.py3-none-any.whl easy_install.py pkg_resources setuptools setuptools-%{setuptools_version}.dist-info +rm -rf easy_install.py pkg_resources/ setuptools/ setuptools-%{setuptools_version}.dist-info/ %endif # Apply the remaining patches @@ -1990,6 +2003,9 @@ CheckPython optimized # ====================================================== %changelog +* Thu Aug 01 2024 Miro Hrončok - 3.6.15-34 +- Security fix for CVE-2024-6345 (in bundled setuptools wheel) + * Tue Jul 23 2024 Lumír Balhar - 3.6.15-33 - Require systemtap-sdt-devel for sys/sdt.h diff --git a/setuptools-CVE-2024-6345.patch b/setuptools-CVE-2024-6345.patch new file mode 100644 index 0000000..54a856e --- /dev/null +++ b/setuptools-CVE-2024-6345.patch @@ -0,0 +1,83 @@ +From 8af1b3e03edc8a38565558aff3bf1689c1ca3545 Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Fri, 26 Jul 2024 13:49:11 +0200 +Subject: [PATCH] CVE-2024-6345 + +--- + setuptools/package_index.py | 23 +++++++++-------------- + 1 file changed, 9 insertions(+), 14 deletions(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index bdcf4a6..1d3e5b4 100755 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -1,4 +1,5 @@ + """PyPI and direct package downloading""" ++import subprocess + import sys + import os + import re +@@ -848,7 +849,7 @@ class PackageIndex(Environment): + + def _download_svn(self, url, filename): + url = url.split('#', 1)[0] # remove any fragment for svn's sake +- creds = '' ++ creds = [] + if url.lower().startswith('svn:') and '@' in url: + scheme, netloc, path, p, q, f = urllib.parse.urlparse(url) + if not netloc and path.startswith('//') and '/' in path[2:]: +@@ -857,14 +858,14 @@ class PackageIndex(Environment): + if auth: + if ':' in auth: + user, pw = auth.split(':', 1) +- creds = " --username=%s --password=%s" % (user, pw) ++ creds = ["--username=" + user, "--password=" + pw] + else: +- creds = " --username=" + auth ++ creds = ["--username=" + auth] + netloc = host + parts = scheme, netloc, url, p, q, f + url = urllib.parse.urlunparse(parts) + self.info("Doing subversion checkout from %s to %s", url, filename) +- os.system("svn checkout%s -q %s %s" % (creds, url, filename)) ++ subprocess.check_call(["svn", "checkout"] + creds + ["-q", url, filename]) + return filename + + @staticmethod +@@ -890,14 +891,11 @@ class PackageIndex(Environment): + url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) + + self.info("Doing git clone from %s to %s", url, filename) +- os.system("git clone --quiet %s %s" % (url, filename)) ++ subprocess.check_call(["git", "clone", "--quiet", url, filename]) + + if rev is not None: + self.info("Checking out %s", rev) +- os.system("(cd %s && git checkout --quiet %s)" % ( +- filename, +- rev, +- )) ++ subprocess.check_call(["git", "-C", filename, "checkout", "--quiet", rev]) + + return filename + +@@ -906,14 +904,11 @@ class PackageIndex(Environment): + url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) + + self.info("Doing hg clone from %s to %s", url, filename) +- os.system("hg clone --quiet %s %s" % (url, filename)) ++ subprocess.check_call(["hg", "clone", "--quiet", url, filename]) + + if rev is not None: + self.info("Updating to %s", rev) +- os.system("(cd %s && hg up -C -r %s -q)" % ( +- filename, +- rev, +- )) ++ subprocess.check_call(["hg", "--cwd", filename, "up", "-C", "-r", rev, "-q"]) + + return filename + +-- +2.45.2 + From b25130dc5d81ace2fd1c9e67f1603d303f654aeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Fri, 16 Aug 2024 15:57:21 +0200 Subject: [PATCH 41/66] Security fix for CVE-2024-6923 (rhbz#2303161) --- ...ncode-newlines-in-headers-and-verify.patch | 381 ++++++++++++++++++ python3.6.spec | 34 +- 2 files changed, 414 insertions(+), 1 deletion(-) create mode 100644 00435-gh-121650-encode-newlines-in-headers-and-verify.patch diff --git a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch new file mode 100644 index 0000000..32af189 --- /dev/null +++ b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch @@ -0,0 +1,381 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= +Date: Fri, 16 Aug 2024 14:12:58 +0200 +Subject: [PATCH] 00435: gh-121650: Encode newlines in headers, and verify + headers are sound (GH-122233) + +Per RFC 2047: + +> [...] these encoding schemes allow the +> encoding of arbitrary octet values, mail readers that implement this +> decoding should also ensure that display of the decoded data on the +> recipient's terminal will not cause unwanted side-effects + +It seems that the "quoted-word" scheme is a valid way to include +a newline character in a header value, just like we already allow +undecodable bytes or control characters. +They do need to be properly quoted when serialized to text, though. + +This should fail for custom fold() implementations that aren't careful +about newlines. + +(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384) + +This patch also contains modified commit cherry picked from +c5bba853d5e7836f6d4340e18721d3fb3a6ee0f7. + +This commit was backported to simplify the backport of the other commit +fixing CVE. The only modification is a removal of one test case which +tests multiple changes in Python 3.7 and it wasn't working properly +with Python 3.6 where we backported only one change. + +Co-authored-by: Petr Viktorin +Co-authored-by: Bas Bloemsaat +Co-authored-by: Serhiy Storchaka +Co-authored-by: bsiem <52461103+bsiem@users.noreply.github.com> +--- + Doc/library/email.errors.rst | 6 ++ + Doc/library/email.policy.rst | 18 ++++++ + Lib/email/_header_value_parser.py | 9 +++ + Lib/email/_policybase.py | 8 +++ + Lib/email/errors.py | 4 ++ + Lib/email/generator.py | 16 ++++- + Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++ + Lib/test/test_email/test_headerregistry.py | 16 +++++ + Lib/test/test_email/test_policy.py | 26 ++++++++ + .../2019-07-09-11-20-21.bpo-37482.auzvev.rst | 1 + + ...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++ + 11 files changed, 170 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Library/2019-07-09-11-20-21.bpo-37482.auzvev.rst + create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst + +diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst +index 511ad16358..7e51f74467 100644 +--- a/Doc/library/email.errors.rst ++++ b/Doc/library/email.errors.rst +@@ -59,6 +59,12 @@ The following exception classes are defined in the :mod:`email.errors` module: + :class:`~email.mime.image.MIMEImage`). + + ++.. exception:: HeaderWriteError() ++ ++ Raised when an error occurs when the :mod:`~email.generator` outputs ++ headers. ++ ++ + Here is the list of the defects that the :class:`~email.parser.FeedParser` + can find while parsing messages. Note that the defects are added to the message + where the problem was found, so for example, if a message nested inside a +diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst +index 8e70762598..8617b2ed5b 100644 +--- a/Doc/library/email.policy.rst ++++ b/Doc/library/email.policy.rst +@@ -229,6 +229,24 @@ added matters. To illustrate:: + + .. versionadded:: 3.6 + ++ ++ .. attribute:: verify_generated_headers ++ ++ If ``True`` (the default), the generator will raise ++ :exc:`~email.errors.HeaderWriteError` instead of writing a header ++ that is improperly folded or delimited, such that it would ++ be parsed as multiple headers or joined with adjacent data. ++ Such headers can be generated by custom header classes or bugs ++ in the ``email`` module. ++ ++ As it's a security feature, this defaults to ``True`` even in the ++ :class:`~email.policy.Compat32` policy. ++ For backwards compatible, but unsafe, behavior, it must be set to ++ ``False`` explicitly. ++ ++ .. versionadded:: 3.8.20 ++ ++ + The following :class:`Policy` method is intended to be called by code using + the email library to create policy instances with custom settings: + +diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py +index bc9c9b6241..04035b2612 100644 +--- a/Lib/email/_header_value_parser.py ++++ b/Lib/email/_header_value_parser.py +@@ -92,6 +92,8 @@ TOKEN_ENDS = TSPECIALS | WSP + ASPECIALS = TSPECIALS | set("*'%") + ATTRIBUTE_ENDS = ASPECIALS | WSP + EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') ++NLSET = {'\n', '\r'} ++SPECIALSNL = SPECIALS | NLSET + + def quote_string(value): + return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' +@@ -2611,6 +2613,13 @@ def _refold_parse_tree(parse_tree, *, policy): + wrap_as_ew_blocked -= 1 + continue + tstr = str(part) ++ if not want_encoding: ++ if part.token_type == 'ptext': ++ # Encode if tstr contains special characters. ++ want_encoding = not SPECIALSNL.isdisjoint(tstr) ++ else: ++ # Encode if tstr contains newlines. ++ want_encoding = not NLSET.isdisjoint(tstr) + try: + tstr.encode(encoding) + charset = encoding +diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py +index c9cbadd2a8..d1f48211f9 100644 +--- a/Lib/email/_policybase.py ++++ b/Lib/email/_policybase.py +@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + message_factory -- the class to use to create new message objects. + If the value is None, the default is Message. + ++ verify_generated_headers ++ -- if true, the generator verifies that each header ++ they are properly folded, so that a parser won't ++ treat it as multiple headers, start-of-body, or ++ part of another header. ++ This is a check against custom Header & fold() ++ implementations. + """ + + raise_on_defect = False +@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + max_line_length = 78 + mangle_from_ = False + message_factory = None ++ verify_generated_headers = True + + def handle_defect(self, obj, defect): + """Based on policy, either raise defect or call register_defect. +diff --git a/Lib/email/errors.py b/Lib/email/errors.py +index d28a680010..1a0d5c63e6 100644 +--- a/Lib/email/errors.py ++++ b/Lib/email/errors.py +@@ -29,6 +29,10 @@ class CharsetError(MessageError): + """An illegal charset was given.""" + + ++class HeaderWriteError(MessageError): ++ """Error while writing headers.""" ++ ++ + # These are parsing defects which the parser was able to work around. + class MessageDefect(ValueError): + """Base class for a message defect.""" +diff --git a/Lib/email/generator.py b/Lib/email/generator.py +index ae670c2353..6deb95ba8a 100644 +--- a/Lib/email/generator.py ++++ b/Lib/email/generator.py +@@ -14,12 +14,14 @@ import random + from copy import deepcopy + from io import StringIO, BytesIO + from email.utils import _has_surrogates ++from email.errors import HeaderWriteError + + UNDERSCORE = '_' + NL = '\n' # XXX: no longer used by the code below. + + NLCRE = re.compile(r'\r\n|\r|\n') + fcre = re.compile(r'^From ', re.MULTILINE) ++NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') + + + +@@ -219,7 +221,19 @@ class Generator: + + def _write_headers(self, msg): + for h, v in msg.raw_items(): +- self.write(self.policy.fold(h, v)) ++ folded = self.policy.fold(h, v) ++ if self.policy.verify_generated_headers: ++ linesep = self.policy.linesep ++ if not folded.endswith(self.policy.linesep): ++ raise HeaderWriteError( ++ f'folded header does not end with {linesep!r}: {folded!r}') ++ folded_no_linesep = folded ++ if folded.endswith(linesep): ++ folded_no_linesep = folded[:-len(linesep)] ++ if NEWLINE_WITHOUT_FWSP.search(folded_no_linesep): ++ raise HeaderWriteError( ++ f'folded header contains newline: {folded!r}') ++ self.write(folded) + # A blank line always separates headers from body + self.write(self._NL) + +diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py +index c1aeaefab7..cdf1075bab 100644 +--- a/Lib/test/test_email/test_generator.py ++++ b/Lib/test/test_email/test_generator.py +@@ -5,6 +5,7 @@ from email import message_from_string, message_from_bytes + from email.message import EmailMessage + from email.generator import Generator, BytesGenerator + from email import policy ++import email.errors + from test.test_email import TestEmailBase, parameterize + + +@@ -215,6 +216,44 @@ class TestGeneratorBase: + g.flatten(msg) + self.assertEqual(s.getvalue(), self.typ(expected)) + ++ def test_keep_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ ++ def test_keep_long_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject =?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject \n\ ++ =?utf-8?q?=0A?=Bcc: ++ injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ + + class TestGenerator(TestGeneratorBase, TestEmailBase): + +@@ -223,6 +262,29 @@ class TestGenerator(TestGeneratorBase, TestEmailBase): + ioclass = io.StringIO + typ = str + ++ def test_verify_generated_headers(self): ++ """gh-121650: by default the generator prevents header injection""" ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ for text in ( ++ 'Value\r\nBad Injection\r\n', ++ 'NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=self.policy, ++ ) ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ with self.assertRaises(email.errors.HeaderWriteError): ++ message.as_string() ++ + + class TestBytesGenerator(TestGeneratorBase, TestEmailBase): + +diff --git a/Lib/test/test_email/test_headerregistry.py b/Lib/test/test_email/test_headerregistry.py +index 08634daa7f..d7c1878940 100644 +--- a/Lib/test/test_email/test_headerregistry.py ++++ b/Lib/test/test_email/test_headerregistry.py +@@ -1546,6 +1546,22 @@ class TestAddressAndGroup(TestEmailBase): + + class TestFolding(TestHeaderBase): + ++ def test_address_display_names(self): ++ """Test the folding and encoding of address headers.""" ++ for name, result in ( ++ ('Foo Bar, France', '"Foo Bar, France"'), ++ ('Foo Bar (France)', '"Foo Bar (France)"'), ++ ('Foo Bar, España', 'Foo =?utf-8?q?Bar=2C_Espa=C3=B1a?='), ++ ('Foo Bar (España)', 'Foo Bar =?utf-8?b?KEVzcGHDsWEp?='), ++ ('Foo, Bar España', '=?utf-8?q?Foo=2C_Bar_Espa=C3=B1a?='), ++ ('Foo, Bar [España]', '=?utf-8?q?Foo=2C_Bar_=5BEspa=C3=B1a=5D?='), ++ ('Foo Bär, France', 'Foo =?utf-8?q?B=C3=A4r=2C?= France'), ++ ('Foo Bär ', 'Foo =?utf-8?q?B=C3=A4r_=3CFrance=3E?='), ++ ): ++ h = self.make_header('To', Address(name, addr_spec='a@b.com')) ++ self.assertEqual(h.fold(policy=policy.default), ++ 'To: %s \n' % result) ++ + def test_short_unstructured(self): + h = self.make_header('subject', 'this is a test') + self.assertEqual(h.fold(policy=policy.default), +diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py +index 6999e4af10..76198392e5 100644 +--- a/Lib/test/test_email/test_policy.py ++++ b/Lib/test/test_email/test_policy.py +@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): + 'raise_on_defect': False, + 'mangle_from_': True, + 'message_factory': None, ++ 'verify_generated_headers': True, + } + # These default values are the ones set on email.policy.default. + # If any of these defaults change, the docs must be updated. +@@ -265,6 +266,31 @@ class PolicyAPITests(unittest.TestCase): + with self.assertRaises(email.errors.HeaderParseError): + policy.fold("Subject", subject) + ++ def test_verify_generated_headers(self): ++ """Turning protection off allows header injection""" ++ policy = email.policy.default.clone(verify_generated_headers=False) ++ for text in ( ++ 'Header: Value\r\nBad: Injection\r\n', ++ 'Header: NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = email.message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=policy, ++ ) ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ self.assertEqual( ++ message.as_string(), ++ f"{text}\nBody", ++ ) ++ + # XXX: Need subclassing tests. + # For adding subclassed objects, make sure the usual rules apply (subclass + # wins), but that the order still works (right overrides left). +diff --git a/Misc/NEWS.d/next/Library/2019-07-09-11-20-21.bpo-37482.auzvev.rst b/Misc/NEWS.d/next/Library/2019-07-09-11-20-21.bpo-37482.auzvev.rst +new file mode 100644 +index 0000000000..e09ff63eed +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2019-07-09-11-20-21.bpo-37482.auzvev.rst +@@ -0,0 +1 @@ ++Fix serialization of display name in originator or destination address fields with both encoded words and special chars. +diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +new file mode 100644 +index 0000000000..83dd28d4ac +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +@@ -0,0 +1,5 @@ ++:mod:`email` headers with embedded newlines are now quoted on output. The ++:mod:`~email.generator` will now refuse to serialize (write) headers that ++are unsafely folded or delimited; see ++:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas ++Bloemsaat and Petr Viktorin in :gh:`121650`.) diff --git a/python3.6.spec b/python3.6.spec index 3e25a26..6a087bb 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 34%{?dist} +Release: 35%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -734,6 +734,35 @@ Patch427: 00427-zipextfile-tell-and-seek-cve-2024-0450.patch # Backported from 3.8. Patch431: 00431-cve-2024-4032.patch +# 00435 # f80b87e6a67eebe0693b895261bad2e9a58a4825 +# gh-121650: Encode newlines in headers, and verify +# headers are sound (GH-122233) +# +# Per RFC 2047: +# +# > [...] these encoding schemes allow the +# > encoding of arbitrary octet values, mail readers that implement this +# > decoding should also ensure that display of the decoded data on the +# > recipient's terminal will not cause unwanted side-effects +# +# It seems that the "quoted-word" scheme is a valid way to include +# a newline character in a header value, just like we already allow +# undecodable bytes or control characters. +# They do need to be properly quoted when serialized to text, though. +# +# This should fail for custom fold() implementations that aren't careful +# about newlines. +# +# +# This patch also contains modified commit cherry picked from +# c5bba853d5e7836f6d4340e18721d3fb3a6ee0f7. +# +# This commit was backported to simplify the backport of the other commit +# fixing CVE. The only modification is a removal of one test case which +# tests multiple changes in Python 3.7 and it wasn't working properly +# with Python 3.6 where we backported only one change. +Patch435: 00435-gh-121650-encode-newlines-in-headers-and-verify.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2003,6 +2032,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Aug 16 2024 Tomáš Hrnčiar - 3.6.15-35 +- Security fix for CVE-2024-6923 (rhbz#2303161) + * Thu Aug 01 2024 Miro Hrončok - 3.6.15-34 - Security fix for CVE-2024-6345 (in bundled setuptools wheel) From d25952110e71ab29a10dced02f41d2b01a02e891 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 4 Sep 2024 21:12:00 +0200 Subject: [PATCH 42/66] convert license to SPDX This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 --- python3.6.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index 6a087bb..2f7b407 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 35%{?dist} +Release: 36%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -48,7 +48,8 @@ Release: 35%{?dist} # pyparsing: MIT # six: MIT # appdirs: MIT -License: Python and MIT and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) +# Automatically converted from old format: Python and MIT and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) - review is highly recommended. +License: LicenseRef-Callaway-Python AND LicenseRef-Callaway-MIT AND Apache-2.0 AND LicenseRef-Callaway-BSD AND ISC AND LicenseRef-Callaway-LGPLv2 AND MPL-2.0 AND (Apache-2.0 OR LicenseRef-Callaway-BSD) # ================================== @@ -2032,6 +2033,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Sep 04 2024 Miroslav Suchý - 3.6.15-36 +- convert license to SPDX + * Fri Aug 16 2024 Tomáš Hrnčiar - 3.6.15-35 - Security fix for CVE-2024-6923 (rhbz#2303161) From d55a5b69cbded7ea7fe011e5dc86c0eee7b9bc61 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Thu, 5 Sep 2024 12:19:31 +0200 Subject: [PATCH 43/66] Security fix for CVE-2024-6232 (rhbz#2310092) --- ...racking-when-parsing-tarfile-headers.patch | 249 ++++++++++++++++++ python3.6.spec | 13 +- 2 files changed, 261 insertions(+), 1 deletion(-) create mode 100644 00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch diff --git a/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch b/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch new file mode 100644 index 0000000..a5f704e --- /dev/null +++ b/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch @@ -0,0 +1,249 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Wed, 4 Sep 2024 10:41:42 -0500 +Subject: [PATCH] 00437: CVE-2024-6232 Remove backtracking when parsing tarfile + headers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* Remove backtracking when parsing tarfile headers +* Rewrite PAX header parsing to be stricter +* Optimize parsing of GNU extended sparse headers v0.0 + +(cherry picked from commit 34ddb64d088dd7ccc321f6103d23153256caa5d4) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Kirill Podoprigora +Co-authored-by: Gregory P. Smith +Co-authored-by: Lumír Balhar +--- + Lib/tarfile.py | 104 +++++++++++------- + Lib/test/test_tarfile.py | 42 +++++++ + ...-07-02-13-39-20.gh-issue-121285.hrl-yI.rst | 2 + + 3 files changed, 111 insertions(+), 37 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index c18590325a..ee1bf37bfd 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -846,6 +846,9 @@ _NAMED_FILTERS = { + # Sentinel for replace() defaults, meaning "don't change the attribute" + _KEEP = object() + ++# Header length is digits followed by a space. ++_header_length_prefix_re = re.compile(br"([0-9]{1,20}) ") ++ + class TarInfo(object): + """Informational class which holds the details about an + archive member given by a tar header block. +@@ -1371,41 +1374,60 @@ class TarInfo(object): + else: + pax_headers = tarfile.pax_headers.copy() + +- # Check if the pax header contains a hdrcharset field. This tells us +- # the encoding of the path, linkpath, uname and gname fields. Normally, +- # these fields are UTF-8 encoded but since POSIX.1-2008 tar +- # implementations are allowed to store them as raw binary strings if +- # the translation to UTF-8 fails. +- match = re.search(br"\d+ hdrcharset=([^\n]+)\n", buf) +- if match is not None: +- pax_headers["hdrcharset"] = match.group(1).decode("utf-8") +- +- # For the time being, we don't care about anything other than "BINARY". +- # The only other value that is currently allowed by the standard is +- # "ISO-IR 10646 2000 UTF-8" in other words UTF-8. +- hdrcharset = pax_headers.get("hdrcharset") +- if hdrcharset == "BINARY": +- encoding = tarfile.encoding +- else: +- encoding = "utf-8" +- + # Parse pax header information. A record looks like that: + # "%d %s=%s\n" % (length, keyword, value). length is the size + # of the complete record including the length field itself and +- # the newline. keyword and value are both UTF-8 encoded strings. +- regex = re.compile(br"(\d+) ([^=]+)=") ++ # the newline. + pos = 0 +- while True: +- match = regex.match(buf, pos) ++ encoding = None ++ raw_headers = [] ++ while len(buf) > pos and buf[pos] != 0x00: ++ match = _header_length_prefix_re.match(buf, pos) + if not match: +- break ++ raise InvalidHeaderError("invalid header") ++ try: ++ length = int(match.group(1)) ++ except ValueError: ++ raise InvalidHeaderError("invalid header") ++ # Headers must be at least 5 bytes, shortest being '5 x=\n'. ++ # Value is allowed to be empty. ++ if length < 5: ++ raise InvalidHeaderError("invalid header") ++ if pos + length > len(buf): ++ raise InvalidHeaderError("invalid header") + +- length, keyword = match.groups() +- length = int(length) +- if length == 0: ++ header_value_end_offset = match.start(1) + length - 1 # Last byte of the header ++ keyword_and_value = buf[match.end(1) + 1:header_value_end_offset] ++ raw_keyword, equals, raw_value = keyword_and_value.partition(b"=") ++ ++ # Check the framing of the header. The last character must be '\n' (0x0A) ++ if not raw_keyword or equals != b"=" or buf[header_value_end_offset] != 0x0A: + raise InvalidHeaderError("invalid header") +- value = buf[match.end(2) + 1:match.start(1) + length - 1] ++ raw_headers.append((length, raw_keyword, raw_value)) ++ ++ # Check if the pax header contains a hdrcharset field. This tells us ++ # the encoding of the path, linkpath, uname and gname fields. Normally, ++ # these fields are UTF-8 encoded but since POSIX.1-2008 tar ++ # implementations are allowed to store them as raw binary strings if ++ # the translation to UTF-8 fails. For the time being, we don't care about ++ # anything other than "BINARY". The only other value that is currently ++ # allowed by the standard is "ISO-IR 10646 2000 UTF-8" in other words UTF-8. ++ # Note that we only follow the initial 'hdrcharset' setting to preserve ++ # the initial behavior of the 'tarfile' module. ++ if raw_keyword == b"hdrcharset" and encoding is None: ++ if raw_value == b"BINARY": ++ encoding = tarfile.encoding ++ else: # This branch ensures only the first 'hdrcharset' header is used. ++ encoding = "utf-8" ++ ++ pos += length ++ ++ # If no explicit hdrcharset is set, we use UTF-8 as a default. ++ if encoding is None: ++ encoding = "utf-8" + ++ # After parsing the raw headers we can decode them to text. ++ for length, raw_keyword, raw_value in raw_headers: + # Normally, we could just use "utf-8" as the encoding and "strict" + # as the error handler, but we better not take the risk. For + # example, GNU tar <= 1.23 is known to store filenames it cannot +@@ -1413,17 +1435,16 @@ class TarInfo(object): + # hdrcharset=BINARY header). + # We first try the strict standard encoding, and if that fails we + # fall back on the user's encoding and error handler. +- keyword = self._decode_pax_field(keyword, "utf-8", "utf-8", ++ keyword = self._decode_pax_field(raw_keyword, "utf-8", "utf-8", + tarfile.errors) + if keyword in PAX_NAME_FIELDS: +- value = self._decode_pax_field(value, encoding, tarfile.encoding, ++ value = self._decode_pax_field(raw_value, encoding, tarfile.encoding, + tarfile.errors) + else: +- value = self._decode_pax_field(value, "utf-8", "utf-8", ++ value = self._decode_pax_field(raw_value, "utf-8", "utf-8", + tarfile.errors) + + pax_headers[keyword] = value +- pos += length + + # Fetch the next header. + try: +@@ -1438,7 +1459,7 @@ class TarInfo(object): + + elif "GNU.sparse.size" in pax_headers: + # GNU extended sparse format version 0.0. +- self._proc_gnusparse_00(next, pax_headers, buf) ++ self._proc_gnusparse_00(next, raw_headers) + + elif pax_headers.get("GNU.sparse.major") == "1" and pax_headers.get("GNU.sparse.minor") == "0": + # GNU extended sparse format version 1.0. +@@ -1460,15 +1481,24 @@ class TarInfo(object): + + return next + +- def _proc_gnusparse_00(self, next, pax_headers, buf): ++ def _proc_gnusparse_00(self, next, raw_headers): + """Process a GNU tar extended sparse header, version 0.0. + """ + offsets = [] +- for match in re.finditer(br"\d+ GNU.sparse.offset=(\d+)\n", buf): +- offsets.append(int(match.group(1))) + numbytes = [] +- for match in re.finditer(br"\d+ GNU.sparse.numbytes=(\d+)\n", buf): +- numbytes.append(int(match.group(1))) ++ for _, keyword, value in raw_headers: ++ if keyword == b"GNU.sparse.offset": ++ try: ++ offsets.append(int(value.decode())) ++ except ValueError: ++ raise InvalidHeaderError("invalid header") ++ ++ elif keyword == b"GNU.sparse.numbytes": ++ try: ++ numbytes.append(int(value.decode())) ++ except ValueError: ++ raise InvalidHeaderError("invalid header") ++ + next.sparse = list(zip(offsets, numbytes)) + + def _proc_gnusparse_01(self, next, pax_headers): +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index f261048615..04ef000e71 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -1046,6 +1046,48 @@ class PaxReadTest(LongnameTest, ReadTest, unittest.TestCase): + finally: + tar.close() + ++ def test_pax_header_bad_formats(self): ++ # The fields from the pax header have priority over the ++ # TarInfo. ++ pax_header_replacements = ( ++ b" foo=bar\n", ++ b"0 \n", ++ b"1 \n", ++ b"2 \n", ++ b"3 =\n", ++ b"4 =a\n", ++ b"1000000 foo=bar\n", ++ b"0 foo=bar\n", ++ b"-12 foo=bar\n", ++ b"000000000000000000000000036 foo=bar\n", ++ ) ++ pax_headers = {"foo": "bar"} ++ ++ for replacement in pax_header_replacements: ++ with self.subTest(header=replacement): ++ tar = tarfile.open(tmpname, "w", format=tarfile.PAX_FORMAT, ++ encoding="iso8859-1") ++ try: ++ t = tarfile.TarInfo() ++ t.name = "pax" # non-ASCII ++ t.uid = 1 ++ t.pax_headers = pax_headers ++ tar.addfile(t) ++ finally: ++ tar.close() ++ ++ with open(tmpname, "rb") as f: ++ data = f.read() ++ self.assertIn(b"11 foo=bar\n", data) ++ data = data.replace(b"11 foo=bar\n", replacement) ++ ++ with open(tmpname, "wb") as f: ++ f.truncate() ++ f.write(data) ++ ++ with self.assertRaisesRegex(tarfile.ReadError, r"file could not be opened successfully"): ++ tarfile.open(tmpname, encoding="iso8859-1") ++ + + class WriteTestBase(TarTest): + # Put all write tests in here that are supposed to be tested +diff --git a/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst b/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst +new file mode 100644 +index 0000000000..81f918bfe2 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst +@@ -0,0 +1,2 @@ ++Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and ++GNU sparse headers. diff --git a/python3.6.spec b/python3.6.spec index 2f7b407..405120d 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 36%{?dist} +Release: 37%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -764,6 +764,14 @@ Patch431: 00431-cve-2024-4032.patch # with Python 3.6 where we backported only one change. Patch435: 00435-gh-121650-encode-newlines-in-headers-and-verify.patch +# 00437 # c1618bd3b415d9df1a2d050332220300d394ac5f +# CVE-2024-6232 Remove backtracking when parsing tarfile headers +# +# * Remove backtracking when parsing tarfile headers +# * Rewrite PAX header parsing to be stricter +# * Optimize parsing of GNU extended sparse headers v0.0 +Patch437: 00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2033,6 +2041,9 @@ CheckPython optimized # ====================================================== %changelog +* Thu Sep 05 2024 Lumír Balhar - 3.6.15-37 +- Security fix for CVE-2024-6232 (rhbz#2310092) + * Wed Sep 04 2024 Miroslav Suchý - 3.6.15-36 - convert license to SPDX From 3a8e45d12c9d6c4c9fe13f66835a37d8d22ec9e6 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Mon, 4 Nov 2024 15:05:21 +0100 Subject: [PATCH 44/66] Security fix for CVE-2024-9287 (rhbz#2321659) --- ...e-strings-in-venv-activation-scripts.patch | 281 ++++++++++++++++++ python3.6.spec | 11 +- 2 files changed, 291 insertions(+), 1 deletion(-) create mode 100644 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch diff --git a/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch b/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch new file mode 100644 index 0000000..aa44096 --- /dev/null +++ b/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch @@ -0,0 +1,281 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 1 Nov 2024 14:11:47 +0100 +Subject: [PATCH] 00443: gh-124651: Quote template strings in `venv` activation + scripts + +(cherry picked from 3.9) +--- + Lib/test/test_venv.py | 82 +++++++++++++++++++ + Lib/venv/__init__.py | 42 ++++++++-- + Lib/venv/scripts/common/activate | 8 +- + Lib/venv/scripts/posix/activate.csh | 8 +- + Lib/venv/scripts/posix/activate.fish | 8 +- + ...-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + + 6 files changed, 132 insertions(+), 17 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +diff --git a/Lib/test/test_venv.py b/Lib/test/test_venv.py +index 842470fef0..67fdcd86bb 100644 +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -13,6 +13,8 @@ import struct + import subprocess + import sys + import tempfile ++import shlex ++import shutil + from test.support import (captured_stdout, captured_stderr, requires_zlib, + can_symlink, EnvironmentVarGuard, rmtree) + import unittest +@@ -80,6 +82,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -293,6 +299,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +diff --git a/Lib/venv/__init__.py b/Lib/venv/__init__.py +index 716129d139..0c44dfd07d 100644 +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -10,6 +10,7 @@ import shutil + import subprocess + import sys + import types ++import shlex + + logger = logging.getLogger(__name__) + +@@ -280,11 +281,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -321,6 +352,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith('.exe'): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +diff --git a/Lib/venv/scripts/common/activate b/Lib/venv/scripts/common/activate +index fff0765af5..c2e2f968fa 100644 +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -37,11 +37,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -54,8 +54,8 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- if [ "x__VENV_PROMPT__" != x ] ; then +- PS1="__VENV_PROMPT__${PS1:-}" ++ if [ "x"__VENV_PROMPT__ != x ] ; then ++ PS1=__VENV_PROMPT__"${PS1:-}" + else + if [ "`basename \"$VIRTUAL_ENV\"`" = "__" ] ; then + # special case for Aspen magic directories +diff --git a/Lib/venv/scripts/posix/activate.csh b/Lib/venv/scripts/posix/activate.csh +index b0c7028a92..0e90d54008 100644 +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PATH != 0 && setenv PATH "$_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- if ("__VENV_NAME__" != "") then +- set env_name = "__VENV_NAME__" ++ if (__VENV_NAME__ != "") then ++ set env_name = __VENV_NAME__ + else + if (`basename "VIRTUAL_ENV"` == "__") then + # special case for Aspen magic directories +diff --git a/Lib/venv/scripts/posix/activate.fish b/Lib/venv/scripts/posix/activate.fish +index 4d4f0bd7a4..0407f9c7be 100644 +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -29,10 +29,10 @@ end + # unset irrelevant variables + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # unset PYTHONHOME if set + if set -q PYTHONHOME +@@ -52,8 +52,8 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Prompt override? +- if test -n "__VENV_PROMPT__" +- printf "%s%s" "__VENV_PROMPT__" (set_color normal) ++ if test -n __VENV_PROMPT__ ++ printf "%s%s" __VENV_PROMPT__ (set_color normal) + else + # ...Otherwise, prepend env + set -l _checkbase (basename "$VIRTUAL_ENV") +diff --git a/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +new file mode 100644 +index 0000000000..17fc917139 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/python3.6.spec b/python3.6.spec index 405120d..3f2592a 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 37%{?dist} +Release: 38%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -772,6 +772,12 @@ Patch435: 00435-gh-121650-encode-newlines-in-headers-and-verify.patch # * Optimize parsing of GNU extended sparse headers v0.0 Patch437: 00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch +# 00443 # 49e939f29e3551ec4e7bdb2cc8b8745e3d1fca35 +# gh-124651: Quote template strings in `venv` activation scripts +# +# (cherry picked from 3.9) +Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2041,6 +2047,9 @@ CheckPython optimized # ====================================================== %changelog +* Mon Nov 04 2024 Lumír Balhar - 3.6.15-38 +- Security fix for CVE-2024-9287 (rhbz#2321659) + * Thu Sep 05 2024 Lumír Balhar - 3.6.15-37 - Security fix for CVE-2024-6232 (rhbz#2310092) From 8bbf00bf463a337bc496a56d9906c8abd6a0009c Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 13 Nov 2024 13:28:34 +0100 Subject: [PATCH 45/66] Security fix for CVE-2024-11168 --- 00444-security-fix-for-cve-2024-11168.patch | 110 ++++++++++++++++++++ python3.6.spec | 13 ++- 2 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 00444-security-fix-for-cve-2024-11168.patch diff --git a/00444-security-fix-for-cve-2024-11168.patch b/00444-security-fix-for-cve-2024-11168.patch new file mode 100644 index 0000000..c9b6b0f --- /dev/null +++ b/00444-security-fix-for-cve-2024-11168.patch @@ -0,0 +1,110 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Tue, 9 May 2023 23:35:24 -0700 +Subject: [PATCH] 00444: Security fix for CVE-2024-11168 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (GH-103849) + +Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. + +(cherry picked from commit 29f348e232e82938ba2165843c448c2b291504c5) + +Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> +Co-authored-by: Gregory P. Smith +Co-authored-by: Lumír Balhar +--- + Lib/test/test_urlparse.py | 26 +++++++++++++++++++ + Lib/urllib/parse.py | 15 +++++++++++ + ...-04-26-09-54-25.gh-issue-103848.aDSnpR.rst | 2 ++ + 3 files changed, 43 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst + +diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py +index 7fd61ffea9..090d2f17bf 100644 +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1076,6 +1076,32 @@ class UrlParseTestCase(unittest.TestCase): + self.assertEqual(p2.scheme, 'tel') + self.assertEqual(p2.path, '+31641044153') + ++ def test_invalid_bracketed_hosts(self): ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[192.0.2.146]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[important.com:8000]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v123r.IP]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v12ae]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v.IP]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v123.]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ ++ def test_splitting_bracketed_hosts(self): ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ self.assertEqual(p1.hostname, 'v6a.ip') ++ self.assertEqual(p1.username, 'user') ++ self.assertEqual(p1.path, '/path') ++ p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7]/path?query') ++ self.assertEqual(p2.hostname, '0439:23af:2309::fae7') ++ self.assertEqual(p2.username, 'user') ++ self.assertEqual(p2.path, '/path') ++ p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146]/path?query') ++ self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146') ++ self.assertEqual(p3.username, 'user') ++ self.assertEqual(p3.path, '/path') ++ + def test_telurl_params(self): + p1 = urllib.parse.urlparse('tel:123-4;phone-context=+1-650-516') + self.assertEqual(p1.scheme, 'tel') +diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py +index 717e990997..bf186b7984 100644 +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -34,6 +34,7 @@ It serves as a useful guide when making changes. + import re + import sys + import collections ++import ipaddress + + __all__ = ["urlparse", "urlunparse", "urljoin", "urldefrag", + "urlsplit", "urlunsplit", "urlencode", "parse_qs", +@@ -425,6 +426,17 @@ def _remove_unsafe_bytes_from_url(url): + url = url.replace(b, "") + return url + ++# Valid bracketed hosts are defined in ++# https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ ++def _check_bracketed_host(hostname): ++ if hostname.startswith('v'): ++ if not re.match(r"\Av[a-fA-F0-9]+\..+\Z", hostname): ++ raise ValueError(f"IPvFuture address is invalid") ++ else: ++ ip = ipaddress.ip_address(hostname) # Throws Value Error if not IPv6 or IPv4 ++ if isinstance(ip, ipaddress.IPv4Address): ++ raise ValueError(f"An IPv4 address cannot be in brackets") ++ + def urlsplit(url, scheme='', allow_fragments=True): + """Parse a URL into 5 components: + :///?# +@@ -480,6 +492,9 @@ def urlsplit(url, scheme='', allow_fragments=True): + if (('[' in netloc and ']' not in netloc) or + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") ++ if '[' in netloc and ']' in netloc: ++ bracketed_host = netloc.partition('[')[2].partition(']')[0] ++ _check_bracketed_host(bracketed_host) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +diff --git a/Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst b/Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst +new file mode 100644 +index 0000000000..81e5904aa6 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst +@@ -0,0 +1,2 @@ ++Add checks to ensure that ``[`` bracketed ``]`` hosts found by ++:func:`urllib.parse.urlsplit` are of IPv6 or IPvFuture format. diff --git a/python3.6.spec b/python3.6.spec index 3f2592a..8e741c7 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 38%{?dist} +Release: 39%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -778,6 +778,14 @@ Patch437: 00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.p # (cherry picked from 3.9) Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch +# 00444 # fed0071c8c86599091f93967a5fa2cce42ceb840 +# Security fix for CVE-2024-11168 +# +# gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (GH-103849) +# +# Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. +Patch444: 00444-security-fix-for-cve-2024-11168.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2047,6 +2055,9 @@ CheckPython optimized # ====================================================== %changelog +* Thu Nov 14 2024 Lumír Balhar - 3.6.15-39 +- Security fix for CVE-2024-11168 + * Mon Nov 04 2024 Lumír Balhar - 3.6.15-38 - Security fix for CVE-2024-9287 (rhbz#2321659) From 23474a38644fb78ce9b3521d9c6664e04b139db2 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Wed, 18 Dec 2024 14:41:51 +0100 Subject: [PATCH 46/66] Fix compatibility with glibc 2.41 (resolve sinpi name clash) --- ...6-Resolve-sinpi-name-clash-with-libm.patch | 62 +++++++++++++++++++ python3.6.spec | 9 ++- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 00446-Resolve-sinpi-name-clash-with-libm.patch diff --git a/00446-Resolve-sinpi-name-clash-with-libm.patch b/00446-Resolve-sinpi-name-clash-with-libm.patch new file mode 100644 index 0000000..aa64ca9 --- /dev/null +++ b/00446-Resolve-sinpi-name-clash-with-libm.patch @@ -0,0 +1,62 @@ +From f1f8bcec93f3ec6027ddfb523a0faf9ddd9c72d6 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Wed, 18 Dec 2024 14:31:08 +0100 +Subject: [PATCH] 00446: Resolve sinpi name clash with libm + +bpo-36106: Resolve sinpi name clash with libm (IEEE-754 violation). (GH-12027) + +The standard math library (libm) may follow IEEE-754 recommendation to +include an implementation of sinPi(), i.e. sinPi(x):=sin(pi*x). +And this triggers a name clash, found by FreeBSD developer +Steve Kargl, who worken on putting sinpi into libm used on FreeBSD +(it has to be named "sinpi", not "sinPi", cf. e.g. +https://en.cppreference.com/w/c/experimental/fpext4). + +(cherry picked from commit f57cd8288dbe6aba99c057f37ad6d58f8db75350) +--- + Modules/mathmodule.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Modules/mathmodule.c b/Modules/mathmodule.c +index 95ea4f7fef8..670f1a04ad6 100644 +--- a/Modules/mathmodule.c ++++ b/Modules/mathmodule.c +@@ -67,7 +67,7 @@ static const double sqrtpi = 1.772453850905516027298167483341145182798; + static const double logpi = 1.144729885849400174143427351353058711647; + + static double +-sinpi(double x) ++m_sinpi(double x) + { + double y, r; + int n; +@@ -296,7 +296,7 @@ m_tgamma(double x) + integer. */ + if (absx > 200.0) { + if (x < 0.0) { +- return 0.0/sinpi(x); ++ return 0.0/m_sinpi(x); + } + else { + errno = ERANGE; +@@ -320,7 +320,7 @@ m_tgamma(double x) + } + z = z * lanczos_g / y; + if (x < 0.0) { +- r = -pi / sinpi(absx) / absx * exp(y) / lanczos_sum(absx); ++ r = -pi / m_sinpi(absx) / absx * exp(y) / lanczos_sum(absx); + r -= z * r; + if (absx < 140.0) { + r /= pow(y, absx - 0.5); +@@ -390,7 +390,7 @@ m_lgamma(double x) + r += (absx - 0.5) * (log(absx + lanczos_g - 0.5) - 1); + if (x < 0.0) + /* Use reflection formula to get value for negative x. */ +- r = logpi - log(fabs(sinpi(absx))) - log(absx) - r; ++ r = logpi - log(fabs(m_sinpi(absx))) - log(absx) - r; + if (Py_IS_INFINITY(r)) + errno = ERANGE; + return r; +-- +2.47.1 + diff --git a/python3.6.spec b/python3.6.spec index 8e741c7..73b2e92 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 39%{?dist} +Release: 40%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -786,6 +786,10 @@ Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patc # Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. Patch444: 00444-security-fix-for-cve-2024-11168.patch +# 00446 # f1f8bcec93f3ec6027ddfb523a0faf9ddd9c72d6 +# Resolve sinpi name clash with libm +Patch446: 00446-Resolve-sinpi-name-clash-with-libm.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2055,6 +2059,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Dec 18 2024 Victor Stinner - 3.6.15-40 +- Fix compatibility with glibc 2.41 (resolve sinpi name clash). + * Thu Nov 14 2024 Lumír Balhar - 3.6.15-39 - Security fix for CVE-2024-11168 From e3854e3b625c0ae2b91174e9dc8a4c06426bec6d Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 19 Dec 2024 14:18:09 +0100 Subject: [PATCH 47/66] Fix author --- 00446-Resolve-sinpi-name-clash-with-libm.patch | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/00446-Resolve-sinpi-name-clash-with-libm.patch b/00446-Resolve-sinpi-name-clash-with-libm.patch index aa64ca9..6cece53 100644 --- a/00446-Resolve-sinpi-name-clash-with-libm.patch +++ b/00446-Resolve-sinpi-name-clash-with-libm.patch @@ -1,5 +1,5 @@ -From f1f8bcec93f3ec6027ddfb523a0faf9ddd9c72d6 Mon Sep 17 00:00:00 2001 -From: Victor Stinner +From d2e9c370cfd415f72a8fa4fb5a16d05b4420a18b Mon Sep 17 00:00:00 2001 +From: Dima Pasechnik Date: Wed, 18 Dec 2024 14:31:08 +0100 Subject: [PATCH] 00446: Resolve sinpi name clash with libm @@ -13,6 +13,8 @@ Steve Kargl, who worken on putting sinpi into libm used on FreeBSD https://en.cppreference.com/w/c/experimental/fpext4). (cherry picked from commit f57cd8288dbe6aba99c057f37ad6d58f8db75350) + +Co-authored-by: Victor Stinner --- Modules/mathmodule.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) From 19ee6ed27b6e5e544b5a0d64faacae228a11140f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Fri, 3 Jan 2025 11:34:51 +0100 Subject: [PATCH 48/66] Reformat patch 446 --- 00446-Resolve-sinpi-name-clash-with-libm.patch | 7 ++----- python3.6.spec | 11 ++++++++++- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/00446-Resolve-sinpi-name-clash-with-libm.patch b/00446-Resolve-sinpi-name-clash-with-libm.patch index 6cece53..6ff4d00 100644 --- a/00446-Resolve-sinpi-name-clash-with-libm.patch +++ b/00446-Resolve-sinpi-name-clash-with-libm.patch @@ -1,4 +1,4 @@ -From d2e9c370cfd415f72a8fa4fb5a16d05b4420a18b Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Dima Pasechnik Date: Wed, 18 Dec 2024 14:31:08 +0100 Subject: [PATCH] 00446: Resolve sinpi name clash with libm @@ -20,7 +20,7 @@ Co-authored-by: Victor Stinner 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/mathmodule.c b/Modules/mathmodule.c -index 95ea4f7fef8..670f1a04ad6 100644 +index 95ea4f7fef..670f1a04ad 100644 --- a/Modules/mathmodule.c +++ b/Modules/mathmodule.c @@ -67,7 +67,7 @@ static const double sqrtpi = 1.772453850905516027298167483341145182798; @@ -59,6 +59,3 @@ index 95ea4f7fef8..670f1a04ad6 100644 if (Py_IS_INFINITY(r)) errno = ERANGE; return r; --- -2.47.1 - diff --git a/python3.6.spec b/python3.6.spec index 73b2e92..e629350 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -786,8 +786,17 @@ Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patc # Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. Patch444: 00444-security-fix-for-cve-2024-11168.patch -# 00446 # f1f8bcec93f3ec6027ddfb523a0faf9ddd9c72d6 +# 00446 # f5cc2c3be4273be70cdcdf9eb95abf425808f752 # Resolve sinpi name clash with libm +# +# bpo-36106: Resolve sinpi name clash with libm (IEEE-754 violation). (GH-12027) +# +# The standard math library (libm) may follow IEEE-754 recommendation to +# include an implementation of sinPi(), i.e. sinPi(x):=sin(pi*x). +# And this triggers a name clash, found by FreeBSD developer +# Steve Kargl, who worken on putting sinpi into libm used on FreeBSD +# (it has to be named "sinpi", not "sinPi", cf. e.g. +# https://en.cppreference.com/w/c/experimental/fpext4). Patch446: 00446-Resolve-sinpi-name-clash-with-libm.patch # (New patches go here ^^^) From 2e3909264faaec1c22561b3f8e91436a00dbafcd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 18 Jan 2025 21:09:25 +0000 Subject: [PATCH 49/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index e629350..6b485f4 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 40%{?dist} +Release: 41%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -2068,6 +2068,9 @@ CheckPython optimized # ====================================================== %changelog +* Sat Jan 18 2025 Fedora Release Engineering - 3.6.15-41 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Wed Dec 18 2024 Victor Stinner - 3.6.15-40 - Fix compatibility with glibc 2.41 (resolve sinpi name clash). From 227b325880fc0424622da3ad109b840fafeb2ddc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Fri, 31 Jan 2025 15:51:17 +0100 Subject: [PATCH 50/66] Ensure this package is built with Tk 8 - Fixes: rhbz#2337762 --- python3.6.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index 6b485f4..74c21a3 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -279,9 +279,9 @@ BuildRequires: gdb BuildRequires: openssl-devel BuildRequires: tar -BuildRequires: tcl-devel +BuildRequires: tcl-devel < 1:9 BuildRequires: tix-devel -BuildRequires: tk-devel +BuildRequires: tk-devel < 1:9 %if %{with valgrind} BuildRequires: valgrind-devel From c16725b85b60b2b0142e4965aca754df4c3b0e88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Fri, 31 Jan 2025 17:23:09 +0100 Subject: [PATCH 51/66] CI: Test tox provision with this end-of-life Python version https://tox.wiki/en/4.23.0/faq.html#testing-end-of-life-python-versions --- tests/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests.yml b/tests/tests.yml index 4fcdd28..c6263a7 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -10,7 +10,7 @@ tests: - smoke: dir: python/smoke - run: VERSION=3.6 ./venv.sh + run: VERSION=3.6 TOX_REQUIRES="virtualenv<20.22.0" ./venv.sh - marshalparser: dir: python/marshalparser run: VERSION=3.6 SAMPLE=10 test_marshalparser_compatibility.sh From a544fb51c706b984675604afa8875755cb1f84c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 1 Feb 2025 19:57:02 +0100 Subject: [PATCH 52/66] Add explicit BR: libxcrypt-devel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- python3.6.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 74c21a3..79580b4 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 41%{?dist} +Release: 42%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -266,6 +266,7 @@ BuildRequires: libffi-devel BuildRequires: libnsl2-devel BuildRequires: libtirpc-devel BuildRequires: libGL-devel +BuildRequires: libxcrypt-devel BuildRequires: libX11-devel BuildRequires: make BuildRequires: ncurses-devel @@ -2068,6 +2069,9 @@ CheckPython optimized # ====================================================== %changelog +* Sat Feb 01 2025 Björn Esser - 3.6.15-42 +- Add explicit BR: libxcrypt-devel + * Sat Jan 18 2025 Fedora Release Engineering - 3.6.15-41 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 5fcb85d79394b3fca5ae3bec472e94fee8f2c1b2 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 14 Feb 2025 23:47:25 +0100 Subject: [PATCH 53/66] Security fix CVE-2025-0938 Fixes: rhbz#2343277 --- ...-and-in-domain-names-for-parsed-urls.patch | 119 ++++++++++++++++++ python3.6.spec | 10 +- 2 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch diff --git a/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch b/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch new file mode 100644 index 0000000..84d53fd --- /dev/null +++ b/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch @@ -0,0 +1,119 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] 00450: CVE-2025-0938: Disallow square brackets ([ and ]) in + domain names for parsed URLs + +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 ++++++++++++++++++- + Lib/urllib/parse.py | 20 +++++++++- + ...-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 ++ + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py +index 090d2f17bf..8b2f5ca50f 100644 +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1087,16 +1087,51 @@ class UrlParseTestCase(unittest.TestCase): + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146') + self.assertEqual(p3.username, 'user') +diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py +index bf186b7984..af41edf2ca 100644 +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -426,6 +426,23 @@ def _remove_unsafe_bytes_from_url(url): + url = url.replace(b, "") + return url + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -493,8 +510,7 @@ def urlsplit(url, scheme='', allow_fragments=True): + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +diff --git a/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +new file mode 100644 +index 0000000000..bff1bc6b0d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/python3.6.spec b/python3.6.spec index 79580b4..7cee4e5 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 42%{?dist} +Release: 43%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -800,6 +800,10 @@ Patch444: 00444-security-fix-for-cve-2024-11168.patch # https://en.cppreference.com/w/c/experimental/fpext4). Patch446: 00446-Resolve-sinpi-name-clash-with-libm.patch +# 00450 # 31aa7c11975e890489e31d8b293c3f92d3ea1180 +# CVE-2025-0938: Disallow square brackets ([ and ]) in domain names for parsed URLs +Patch450: 00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2069,6 +2073,10 @@ CheckPython optimized # ====================================================== %changelog +* Fri Feb 14 2025 Charalampos Stratakis - 3.6.15-43 +- Security fix CVE-2025-0938 +- Fixes: rhbz#2343277 + * Sat Feb 01 2025 Björn Esser - 3.6.15-42 - Add explicit BR: libxcrypt-devel From 428e86b0107d15c0558e7b65c2d7234439e9cfc3 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Tue, 1 Apr 2025 02:48:38 +0200 Subject: [PATCH 54/66] Properly apply exported CFLAGS for dtrace/systemtap builds Fixes: rhbz#2356306 --- ...d-cflags-for-dtrace-systemtap-builds.patch | 50 +++++++++++++++++++ python3.6.spec | 18 ++++++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch diff --git a/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch new file mode 100644 index 0000000..e8e4636 --- /dev/null +++ b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 31 Mar 2025 20:29:04 +0200 +Subject: [PATCH] 00452: Properly apply exported CFLAGS for dtrace/systemtap + builds + +When using --with-dtrace the resulting object file could be missing +specific CFLAGS exported by the build system due to the systemtap +script using specific defaults. + +Exporting the CC and CFLAGS variables before the dtrace invocation +allows us to properly apply CFLAGS exported by the build system +even when cross-compiling. + +Co-authored-by: stratakis +--- + Makefile.pre.in | 4 ++-- + .../next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst | 2 ++ + 2 files changed, 4 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index b074b26039..825cefafd9 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -892,13 +892,13 @@ Python/frozen.o: $(srcdir)/Python/importlib.h $(srcdir)/Python/importlib_externa + # an include guard, so we can't use a pipeline to transform its output. + Include/pydtrace_probes.h: $(srcdir)/Include/pydtrace.d + $(MKDIR_P) Include +- $(DTRACE) $(DFLAGS) -o $@ -h -s $< ++ CC="$(CC)" CFLAGS="$(CFLAGS)" $(DTRACE) $(DFLAGS) -o $@ -h -s $< + : sed in-place edit with POSIX-only tools + sed 's/PYTHON_/PyDTrace_/' $@ > $@.tmp + mv $@.tmp $@ + + Python/pydtrace.o: $(srcdir)/Include/pydtrace.d $(DTRACE_DEPS) +- $(DTRACE) $(DFLAGS) -o $@ -G -s $< $(DTRACE_DEPS) ++ CC="$(CC)" CFLAGS="$(CFLAGS)" $(DTRACE) $(DFLAGS) -o $@ -G -s $< $(DTRACE_DEPS) + + Objects/typeobject.o: Objects/typeslots.inc + +diff --git a/Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst b/Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst +new file mode 100644 +index 0000000000..a287e0b228 +--- /dev/null ++++ b/Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst +@@ -0,0 +1,2 @@ ++The DTrace build now properly passes the ``CC`` and ``CFLAGS`` variables ++to the ``dtrace`` command when utilizing SystemTap on Linux. diff --git a/python3.6.spec b/python3.6.spec index 7cee4e5..79e9e61 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 43%{?dist} +Release: 44%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -804,6 +804,18 @@ Patch446: 00446-Resolve-sinpi-name-clash-with-libm.patch # CVE-2025-0938: Disallow square brackets ([ and ]) in domain names for parsed URLs Patch450: 00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch +# 00452 # dab1c136301f0beac6ec132a8e5b08206b698bc8 +# Properly apply exported CFLAGS for dtrace/systemtap builds +# +# When using --with-dtrace the resulting object file could be missing +# specific CFLAGS exported by the build system due to the systemtap +# script using specific defaults. +# +# Exporting the CC and CFLAGS variables before the dtrace invocation +# allows us to properly apply CFLAGS exported by the build system +# even when cross-compiling. +Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2073,6 +2085,10 @@ CheckPython optimized # ====================================================== %changelog +* Tue Apr 01 2025 Charalampos Stratakis - 3.6.15-44 +- Properly apply exported CFLAGS for dtrace/systemtap builds +- Fixes: rhbz#2356306 + * Fri Feb 14 2025 Charalampos Stratakis - 3.6.15-43 - Security fix CVE-2025-0938 - Fixes: rhbz#2343277 From 7021a8ec7adea473b3b68d4fec2b922d8e341294 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 16 Apr 2025 05:05:44 +0200 Subject: [PATCH 55/66] Fix the flakiness of test_ftplib --- 00457-ssl-raise-oserror-for-err_lib_sys.patch | 43 +++++++++++++++++++ python3.6.spec | 14 +++++- 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 00457-ssl-raise-oserror-for-err_lib_sys.patch diff --git a/00457-ssl-raise-oserror-for-err_lib_sys.patch b/00457-ssl-raise-oserror-for-err_lib_sys.patch new file mode 100644 index 0000000..0f8c5f4 --- /dev/null +++ b/00457-ssl-raise-oserror-for-err_lib_sys.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Thu, 3 Apr 2025 18:26:17 +0200 +Subject: [PATCH] 00457: ssl: Raise OSError for ERR_LIB_SYS + +The patch resolves the flakiness of test_ftplib + +Backported from upstream 3.10+: +https://github.com/python/cpython/pull/127361 + +Co-authored-by: Petr Viktorin +--- + Modules/_ssl.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/Modules/_ssl.c b/Modules/_ssl.c +index 3375b2bf3f..ab8a327d10 100644 +--- a/Modules/_ssl.c ++++ b/Modules/_ssl.c +@@ -638,6 +638,11 @@ PySSL_SetError(PySSLSocket *obj, int ret, const char *filename, int lineno) + errstr = "Some I/O error occurred"; + } + } else { ++ if (ERR_GET_LIB(e) == ERR_LIB_SYS) { ++ // A system error is being reported; reason is set to errno ++ errno = ERR_GET_REASON(e); ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } + p = PY_SSL_ERROR_SYSCALL; + } + break; +@@ -648,6 +653,11 @@ PySSL_SetError(PySSLSocket *obj, int ret, const char *filename, int lineno) + if (e == 0) + /* possible? */ + errstr = "A failure in the SSL library occurred"; ++ if (ERR_GET_LIB(e) == ERR_LIB_SYS) { ++ // A system error is being reported; reason is set to errno ++ errno = ERR_GET_REASON(e); ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } + break; + } + default: diff --git a/python3.6.spec b/python3.6.spec index 79e9e61..35c5489 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 44%{?dist} +Release: 45%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -816,6 +816,15 @@ Patch450: 00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-p # even when cross-compiling. Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch +# 00457 # da99203f07d380d50ec780323bbebda00f227797 +# ssl: Raise OSError for ERR_LIB_SYS +# +# The patch resolves the flakiness of test_ftplib +# +# Backported from upstream 3.10+: +# https://github.com/python/cpython/pull/127361 +Patch457: 00457-ssl-raise-oserror-for-err_lib_sys.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2085,6 +2094,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Apr 16 2025 Charalampos Stratakis - 3.6.15-45 +- Fix the flakiness of test_ftplib + * Tue Apr 01 2025 Charalampos Stratakis - 3.6.15-44 - Properly apply exported CFLAGS for dtrace/systemtap builds - Fixes: rhbz#2356306 From 552eb34bb57edb545b4811f9903a6317c0d74f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Wed, 23 Apr 2025 13:54:45 +0200 Subject: [PATCH 56/66] Regenerate patches with updated importpatches script --- 00001-rpath.patch | 5 +++-- 00102-lib64.patch | 4 ++-- 00111-no-static-lib.patch | 2 +- 00132-add-rpmbuild-hooks-to-unittest.patch | 2 +- 00155-avoid-ctypes-thunks.patch | 3 +-- 00160-disable-test_fs_holes-in-rpm-build.patch | 2 +- 00163-disable-parts-of-test_socket-in-rpm-build.patch | 2 +- 00170-gc-assertions.patch | 4 ++-- 00189-use-rpm-wheels.patch | 2 +- 00251-change-user-install-location.patch | 2 +- 00262-pep538_coerce_legacy_c_locale.patch | 2 +- 00292-restore-PyExc_RecursionErrorInst-symbol.patch | 2 +- 00294-define-TLS-cipher-suite-on-build-time.patch | 2 +- 00319-test_tarfile_ppc64.patch | 2 +- 00343-faulthandler-gcc10.patch | 2 +- 00353-architecture-names-upstream-downstream.patch | 2 +- ...tions-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch | 2 +- 00361-openssl-3-compatibility.patch | 2 +- 00375-fix-test_distance-to-enable-build-on-i686.patch | 2 +- 00378-support-expat-2-4-5.patch | 2 +- 00382-cve-2015-20107.patch | 2 +- 00386-cve-2021-28861.patch | 2 +- 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch | 2 +- ...cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch | 2 +- ...-cpu-denial-of-service-via-inefficient-idna-decoder.patch | 4 ++-- ...706-cve-2007-4559-filter-api-for-tarfile-extractall.patch | 3 +-- 00399-cve-2023-24329.patch | 2 +- ...warning-in-configure-check-for-pthread_scope_system.patch | 4 ++-- 00409-bpo-13497-fix-broken-nice-configure-test.patch | 2 +- ...598-fix-implicit-function-declarations-in-configure.patch | 3 +-- ...eject-malformed-addresses-in-email-parseaddr-111116.patch | 4 ++-- ...ime_version-with-non-int-suffix-gh-112771-gh-112774.patch | 4 ++-- ...115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch | 3 +-- 00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch | 2 +- 00426-cve-2023-6597.patch | 2 +- 00427-zipextfile-tell-and-seek-cve-2024-0450.patch | 2 +- 00431-cve-2024-4032.patch | 2 +- 00435-gh-121650-encode-newlines-in-headers-and-verify.patch | 4 ++-- ...32-remove-backtracking-when-parsing-tarfile-headers.patch | 3 +-- ...1-quote-template-strings-in-venv-activation-scripts.patch | 3 +-- 00444-security-fix-for-cve-2024-11168.patch | 2 +- 00446-Resolve-sinpi-name-clash-with-libm.patch | 2 +- ...square-brackets-and-in-domain-names-for-parsed-urls.patch | 4 ++-- ...y-apply-exported-cflags-for-dtrace-systemtap-builds.patch | 3 +-- 00457-ssl-raise-oserror-for-err_lib_sys.patch | 2 +- 45 files changed, 55 insertions(+), 61 deletions(-) diff --git a/00001-rpath.patch b/00001-rpath.patch index 5ab70f9..473b240 100644 --- a/00001-rpath.patch +++ b/00001-rpath.patch @@ -1,8 +1,9 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 13 Jan 2010 21:25:18 +0000 -Subject: [PATCH] 00001: Fixup distutils/unixccompiler.py to remove standard - library path from rpath Was Patch0 in ivazquez' python3000 specfile +Subject: =?UTF-8?q?00001:=20Fixup=20distutils/unixccompiler.py=20to=20remo?= + =?UTF-8?q?ve=20standard=20library=20path=20from=20rpath=0AWas=20Patch0=20?= + =?UTF-8?q?in=20ivazquez'=20python3000=20specfile?= --- Lib/distutils/unixccompiler.py | 9 +++++++++ diff --git a/00102-lib64.patch b/00102-lib64.patch index 4567a65..1fcf747 100644 --- a/00102-lib64.patch +++ b/00102-lib64.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 13 Jan 2010 21:25:18 +0000 -Subject: [PATCH] 00102: Change the various install paths to use /usr/lib64/ - instead or /usr/lib/ +Subject: 00102: Change the various install paths to use /usr/lib64/ instead or + /usr/lib/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00111-no-static-lib.patch b/00111-no-static-lib.patch index 630b6db..87ce20f 100644 --- a/00111-no-static-lib.patch +++ b/00111-no-static-lib.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Mon, 18 Jan 2010 17:59:07 +0000 -Subject: [PATCH] 00111: Don't try to build a libpythonMAJOR.MINOR.a +Subject: 00111: Don't try to build a libpythonMAJOR.MINOR.a MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00132-add-rpmbuild-hooks-to-unittest.patch b/00132-add-rpmbuild-hooks-to-unittest.patch index f5db1b1..6c4393b 100644 --- a/00132-add-rpmbuild-hooks-to-unittest.patch +++ b/00132-add-rpmbuild-hooks-to-unittest.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:54:05 +0200 -Subject: [PATCH] 00132: Add rpmbuild hooks to unittest +Subject: 00132: Add rpmbuild hooks to unittest Add non-standard hooks to unittest for use in the "check" phase, when running selftests within the build: diff --git a/00155-avoid-ctypes-thunks.patch b/00155-avoid-ctypes-thunks.patch index c1e06e9..a2824b2 100644 --- a/00155-avoid-ctypes-thunks.patch +++ b/00155-avoid-ctypes-thunks.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:02:24 +0200 -Subject: [PATCH] 00155: avoid allocating thunks in ctypes unless absolutely - necessary +Subject: 00155: avoid allocating thunks in ctypes unless absolutely necessary Avoid allocating thunks in ctypes unless absolutely necessary, to avoid generating SELinux denials on "import ctypes" and "import uuid" when diff --git a/00160-disable-test_fs_holes-in-rpm-build.patch b/00160-disable-test_fs_holes-in-rpm-build.patch index ed979b8..eb3a2db 100644 --- a/00160-disable-test_fs_holes-in-rpm-build.patch +++ b/00160-disable-test_fs_holes-in-rpm-build.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:57:09 +0200 -Subject: [PATCH] 00160: Disable test_fs_holes in RPM build +Subject: 00160: Disable test_fs_holes in RPM build Python 3.3 added os.SEEK_DATA and os.SEEK_HOLE, which may be present in the header files in the build chroot, but may not be supported in the running diff --git a/00163-disable-parts-of-test_socket-in-rpm-build.patch b/00163-disable-parts-of-test_socket-in-rpm-build.patch index 13b7428..f42eac7 100644 --- a/00163-disable-parts-of-test_socket-in-rpm-build.patch +++ b/00163-disable-parts-of-test_socket-in-rpm-build.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:58:24 +0200 -Subject: [PATCH] 00163: Disable parts of test_socket in RPM build +Subject: 00163: Disable parts of test_socket in RPM build Some tests within test_socket fail intermittently when run inside Koji; disable them using unittest._skipInRpmBuild diff --git a/00170-gc-assertions.patch b/00170-gc-assertions.patch index 1ff22b4..1fe7cf3 100644 --- a/00170-gc-assertions.patch +++ b/00170-gc-assertions.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:05:07 +0200 -Subject: [PATCH] 00170: In debug builds, try to print repr() when a C-level - assert fails +Subject: 00170: In debug builds, try to print repr() when a C-level assert + fails In debug builds, try to print repr() when a C-level assert fails in the garbage collector (typically indicating a reference-counting error diff --git a/00189-use-rpm-wheels.patch b/00189-use-rpm-wheels.patch index 5350ea4..6f9690a 100644 --- a/00189-use-rpm-wheels.patch +++ b/00189-use-rpm-wheels.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Wed, 15 Aug 2018 15:36:29 +0200 -Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels +Subject: 00189: Instead of bundled wheels, use our RPM packaged wheels We keep them in /usr/share/python-wheels --- diff --git a/00251-change-user-install-location.patch b/00251-change-user-install-location.patch index 4e18773..bc0c75e 100644 --- a/00251-change-user-install-location.patch +++ b/00251-change-user-install-location.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Michal Cyprian Date: Mon, 26 Jun 2017 16:32:56 +0200 -Subject: [PATCH] 00251: Change user install location +Subject: 00251: Change user install location Set values of prefix and exec_prefix in distutils install command to /usr/local if executable is /usr/bin/python* and RPM build diff --git a/00262-pep538_coerce_legacy_c_locale.patch b/00262-pep538_coerce_legacy_c_locale.patch index de74c31..1acae8d 100644 --- a/00262-pep538_coerce_legacy_c_locale.patch +++ b/00262-pep538_coerce_legacy_c_locale.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Fri, 19 Jun 2020 17:02:52 +0200 -Subject: [PATCH] 00262: PEP538 - Coerce legacy C locale +Subject: 00262: PEP538 - Coerce legacy C locale MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00292-restore-PyExc_RecursionErrorInst-symbol.patch b/00292-restore-PyExc_RecursionErrorInst-symbol.patch index 5ab1bda..297fff8 100644 --- a/00292-restore-PyExc_RecursionErrorInst-symbol.patch +++ b/00292-restore-PyExc_RecursionErrorInst-symbol.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 19 Jun 2020 17:06:08 +0200 -Subject: [PATCH] 00292: Restore PyExc_RecursionErrorInst symbol +Subject: 00292: Restore PyExc_RecursionErrorInst symbol Restore the public PyExc_RecursionErrorInst symbol that was removed from the 3.6.4 release upstream. diff --git a/00294-define-TLS-cipher-suite-on-build-time.patch b/00294-define-TLS-cipher-suite-on-build-time.patch index 04e187d..c11b05f 100644 --- a/00294-define-TLS-cipher-suite-on-build-time.patch +++ b/00294-define-TLS-cipher-suite-on-build-time.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 19 Jun 2020 17:13:03 +0200 -Subject: [PATCH] 00294: Define TLS cipher suite on build time +Subject: 00294: Define TLS cipher suite on build time Define TLS cipher suite on build time depending on the OpenSSL default cipher suite selection. diff --git a/00319-test_tarfile_ppc64.patch b/00319-test_tarfile_ppc64.patch index 37b5be8..4686991 100644 --- a/00319-test_tarfile_ppc64.patch +++ b/00319-test_tarfile_ppc64.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 21 Jan 2019 01:44:30 -0800 -Subject: [PATCH] 00319: test_tarfile_ppc64 +Subject: 00319: test_tarfile_ppc64 Fix sparse file tests of test_tarfile on ppc64le with the tmpfs filesystem. diff --git a/00343-faulthandler-gcc10.patch b/00343-faulthandler-gcc10.patch index 068b117..38c9e56 100644 --- a/00343-faulthandler-gcc10.patch +++ b/00343-faulthandler-gcc10.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 19 Jun 2020 17:16:05 +0200 -Subject: [PATCH] 00343: Fix test_faulthandler on GCC 10 +Subject: 00343: Fix test_faulthandler on GCC 10 bpo-21131: Fix faulthandler.register(chain=True) stack (GH-15276) https://bugs.python.org/issue21131 diff --git a/00353-architecture-names-upstream-downstream.patch b/00353-architecture-names-upstream-downstream.patch index 13f2655..fa166c7 100644 --- a/00353-architecture-names-upstream-downstream.patch +++ b/00353-architecture-names-upstream-downstream.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Tue, 4 Aug 2020 12:04:03 +0200 -Subject: [PATCH] 00353: Original names for architectures with different names +Subject: 00353: Original names for architectures with different names downstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch b/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch index 063eb4c..62ef5f7 100644 --- a/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch +++ b/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Inada Naoki Date: Mon, 3 Jun 2019 10:51:32 +0900 -Subject: [PATCH] 00358: align allocations and PyGC_Head to 16 bytes on 64-bit +Subject: 00358: align allocations and PyGC_Head to 16 bytes on 64-bit platforms Upstream bug: https://bugs.python.org/issue27987 diff --git a/00361-openssl-3-compatibility.patch b/00361-openssl-3-compatibility.patch index 768d8f1..5e3d454 100644 --- a/00361-openssl-3-compatibility.patch +++ b/00361-openssl-3-compatibility.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Sat, 7 Dec 2019 09:20:43 -0800 -Subject: [PATCH] 00361: openssl-3-compatibility +Subject: 00361: openssl-3-compatibility Backported from Python 3.8 diff --git a/00375-fix-test_distance-to-enable-build-on-i686.patch b/00375-fix-test_distance-to-enable-build-on-i686.patch index 0eb47b5..f9bf53a 100644 --- a/00375-fix-test_distance-to-enable-build-on-i686.patch +++ b/00375-fix-test_distance-to-enable-build-on-i686.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Karolina Surma Date: Mon, 24 Jan 2022 09:28:30 +0100 -Subject: [PATCH] 00375: Fix test_distance to enable build on i686 +Subject: 00375: Fix test_distance to enable build on i686 Fix precision in test_distance (test.test_turtle.TestVec2D). See: https://bugzilla.redhat.com/show_bug.cgi?id=2038843 diff --git a/00378-support-expat-2-4-5.patch b/00378-support-expat-2-4-5.patch index 9bbf2a9..29d2fc0 100644 --- a/00378-support-expat-2-4-5.patch +++ b/00378-support-expat-2-4-5.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 21 Feb 2022 15:48:32 +0100 -Subject: [PATCH] 00378: Support expat 2.4.5 +Subject: 00378: Support expat 2.4.5 Curly brackets were never allowed in namespace URIs according to RFC 3986, and so-called namespace-validating diff --git a/00382-cve-2015-20107.patch b/00382-cve-2015-20107.patch index 9e981e2..54ee58b 100644 --- a/00382-cve-2015-20107.patch +++ b/00382-cve-2015-20107.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 3 Jun 2022 11:43:35 +0200 -Subject: [PATCH] 00382: CVE-2015-20107 +Subject: 00382: CVE-2015-20107 Make mailcap refuse to match unsafe filenames/types/params (GH-91993) diff --git a/00386-cve-2021-28861.patch b/00386-cve-2021-28861.patch index 080026b..aee9311 100644 --- a/00386-cve-2021-28861.patch +++ b/00386-cve-2021-28861.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Wed, 22 Jun 2022 15:05:00 -0700 -Subject: [PATCH] 00386: CVE-2021-28861 +Subject: 00386: CVE-2021-28861 Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header diff --git a/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch b/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch index 8ec1957..7b6dfa0 100644 --- a/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch +++ b/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 15 Sep 2022 17:35:24 +0200 -Subject: [PATCH] 00387: CVE-2020-10735: Prevent DoS by very large int() +Subject: 00387: CVE-2020-10735: Prevent DoS by very large int() gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504) diff --git a/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch b/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch index cd71363..7f3e9cf 100644 --- a/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch +++ b/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Fri, 21 Oct 2022 20:37:54 -0700 -Subject: [PATCH] 00392: CVE-2022-37454: Fix buffer overflows in _sha3 module +Subject: 00392: CVE-2022-37454: Fix buffer overflows in _sha3 module This is a port of the applicable part of XKCP's fix [1] for CVE-2022-37454 and avoids the segmentation fault and the infinite diff --git a/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch b/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch index 2eb1aa0..23caf79 100644 --- a/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch +++ b/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch @@ -2,8 +2,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 7 Nov 2022 19:22:14 -0800 -Subject: [PATCH] 00394: CVE-2022-45061: CPU denial of service via inefficient - IDNA decoder +Subject: 00394: CVE-2022-45061: CPU denial of service via inefficient IDNA + decoder gh-98433: Fix quadratic time idna decoding. diff --git a/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch b/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch index b158945..745981a 100644 --- a/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch +++ b/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 7 Jun 2023 14:53:48 +0200 -Subject: [PATCH] 00397: PEP 706, CVE-2007-4559: Filter API for - tarfile.extractall +Subject: 00397: PEP 706, CVE-2007-4559: Filter API for tarfile.extractall Add API for allowing checks on the content of tar files, allowing callers to mitigate directory traversal (CVE-2007-4559) and related issues. diff --git a/00399-cve-2023-24329.patch b/00399-cve-2023-24329.patch index 36bf6e9..503bf7f 100644 --- a/00399-cve-2023-24329.patch +++ b/00399-cve-2023-24329.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 22 May 2023 03:42:37 -0700 -Subject: [PATCH] 00399: CVE-2023-24329 +Subject: 00399: CVE-2023-24329 gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) diff --git a/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch b/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch index 5e83173..084dfb6 100644 --- a/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch +++ b/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Erlend E. Aasland" Date: Sun, 6 Nov 2022 22:39:34 +0100 -Subject: [PATCH] 00407: gh-99086: Fix implicit int compiler warning in - configure check for PTHREAD_SCOPE_SYSTEM +Subject: 00407: gh-99086: Fix implicit int compiler warning in configure check + for PTHREAD_SCOPE_SYSTEM Co-authored-by: Sam James --- diff --git a/00409-bpo-13497-fix-broken-nice-configure-test.patch b/00409-bpo-13497-fix-broken-nice-configure-test.patch index b4a9205..6fba071 100644 --- a/00409-bpo-13497-fix-broken-nice-configure-test.patch +++ b/00409-bpo-13497-fix-broken-nice-configure-test.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: ngie-eign <1574099+ngie-eign@users.noreply.github.com> Date: Mon, 25 Feb 2019 21:34:24 -0800 -Subject: [PATCH] 00409: bpo-13497: Fix `broken nice` configure test +Subject: 00409: bpo-13497: Fix `broken nice` configure test Per POSIX, `nice(3)` requires `unistd.h` and `exit(3)` requires `stdlib.h`. diff --git a/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch b/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch index 89e2a3e..56a60ee 100644 --- a/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch +++ b/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Joshua Root Date: Mon, 14 Dec 2020 07:56:34 +1100 -Subject: [PATCH] 00410: bpo-42598: Fix implicit function declarations in - configure +Subject: 00410: bpo-42598: Fix implicit function declarations in configure This is invalid in C99 and later and is an error with some compilers (e.g. clang in Xcode 12), and can thus cause configure checks to diff --git a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch index 3ae30fa..7ed9e84 100644 --- a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +++ b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 15 Dec 2023 16:10:40 +0100 -Subject: [PATCH] 00415: [CVE-2023-27043] gh-102988: Reject malformed addresses - in email.parseaddr() (#111116) +Subject: 00415: [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) Detect email address parsing errors and return empty tuple to indicate the parsing error (old API). Add an optional 'strict' diff --git a/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch b/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch index 6d68ee9..8406a8a 100644 --- a/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch +++ b/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 5 Dec 2023 21:02:06 +0100 -Subject: [PATCH] 00419: gh-112769: test_zlib: Fix comparison of - ZLIB_RUNTIME_VERSION with non-int suffix (GH-112771) (GH-112774) +Subject: 00419: gh-112769: test_zlib: Fix comparison of ZLIB_RUNTIME_VERSION + with non-int suffix (GH-112771) (GH-112774) zlib-ng defines the version as "1.3.0.zlib-ng". (cherry picked from commit d384813ff18b33280a90b6d2011654528a2b6ad1) diff --git a/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch b/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch index e053302..d9e85f8 100644 --- a/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch +++ b/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Sun, 11 Feb 2024 12:08:39 +0200 -Subject: [PATCH] 00422: gh-115133: Fix tests for XMLPullParser with Expat - 2.6.0 +Subject: 00422: gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. diff --git a/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch b/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch index 401faef..0e4985c 100644 --- a/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch +++ b/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Matthias Klose Date: Mon, 30 Apr 2018 19:22:16 +0200 -Subject: [PATCH] 00423: bpo-33377: Add triplets for mips-r6 and riscv +Subject: 00423: bpo-33377: Add triplets for mips-r6 and riscv --- .../2018-04-30-16-53-00.bpo-33377.QBh6vP.rst | 2 + diff --git a/00426-cve-2023-6597.patch b/00426-cve-2023-6597.patch index 4900012..49975a6 100644 --- a/00426-cve-2023-6597.patch +++ b/00426-cve-2023-6597.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 24 Apr 2024 00:19:23 +0200 -Subject: [PATCH] 00426: CVE-2023-6597 +Subject: 00426: CVE-2023-6597 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00427-zipextfile-tell-and-seek-cve-2024-0450.patch b/00427-zipextfile-tell-and-seek-cve-2024-0450.patch index 2771a4a..dfb5424 100644 --- a/00427-zipextfile-tell-and-seek-cve-2024-0450.patch +++ b/00427-zipextfile-tell-and-seek-cve-2024-0450.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: John Jolly Date: Tue, 30 Jan 2018 01:51:35 -0700 -Subject: [PATCH] 00427: ZipExtFile tell and seek, CVE-2024-0450 +Subject: 00427: ZipExtFile tell and seek, CVE-2024-0450 Backport of seek and tell methods for ZipExtFile makes it possible to backport the fix for CVE-2024-0450. diff --git a/00431-cve-2024-4032.patch b/00431-cve-2024-4032.patch index 52cf4ec..85b343e 100644 --- a/00431-cve-2024-4032.patch +++ b/00431-cve-2024-4032.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 7 May 2024 11:58:20 +0200 -Subject: [PATCH] 00431: CVE-2024-4032: incorrect IPv4 and IPv6 private ranges +Subject: 00431: CVE-2024-4032: incorrect IPv4 and IPv6 private ranges Upstream issue: https://github.com/python/cpython/issues/113171 diff --git a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch index 32af189..e706c63 100644 --- a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch +++ b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Fri, 16 Aug 2024 14:12:58 +0200 -Subject: [PATCH] 00435: gh-121650: Encode newlines in headers, and verify - headers are sound (GH-122233) +Subject: =?UTF-8?q?00435:=20gh-121650:=20Encode=20newlines=20in=20headers,?= + =?UTF-8?q?=20and=20verify=0A=20headers=20are=20sound=20(GH-122233)?= Per RFC 2047: diff --git a/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch b/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch index a5f704e..3798f64 100644 --- a/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch +++ b/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 4 Sep 2024 10:41:42 -0500 -Subject: [PATCH] 00437: CVE-2024-6232 Remove backtracking when parsing tarfile - headers +Subject: 00437: CVE-2024-6232 Remove backtracking when parsing tarfile headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch b/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch index aa44096..2d2369f 100644 --- a/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch +++ b/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 1 Nov 2024 14:11:47 +0100 -Subject: [PATCH] 00443: gh-124651: Quote template strings in `venv` activation - scripts +Subject: 00443: gh-124651: Quote template strings in `venv` activation scripts (cherry picked from 3.9) --- diff --git a/00444-security-fix-for-cve-2024-11168.patch b/00444-security-fix-for-cve-2024-11168.patch index c9b6b0f..02fc8ae 100644 --- a/00444-security-fix-for-cve-2024-11168.patch +++ b/00444-security-fix-for-cve-2024-11168.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Tue, 9 May 2023 23:35:24 -0700 -Subject: [PATCH] 00444: Security fix for CVE-2024-11168 +Subject: 00444: Security fix for CVE-2024-11168 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00446-Resolve-sinpi-name-clash-with-libm.patch b/00446-Resolve-sinpi-name-clash-with-libm.patch index 6ff4d00..65c41c5 100644 --- a/00446-Resolve-sinpi-name-clash-with-libm.patch +++ b/00446-Resolve-sinpi-name-clash-with-libm.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Dima Pasechnik Date: Wed, 18 Dec 2024 14:31:08 +0100 -Subject: [PATCH] 00446: Resolve sinpi name clash with libm +Subject: 00446: Resolve sinpi name clash with libm bpo-36106: Resolve sinpi name clash with libm (IEEE-754 violation). (GH-12027) diff --git a/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch b/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch index 84d53fd..baa4595 100644 --- a/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch +++ b/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Fri, 31 Jan 2025 11:41:34 -0600 -Subject: [PATCH] 00450: CVE-2025-0938: Disallow square brackets ([ and ]) in - domain names for parsed URLs +Subject: 00450: CVE-2025-0938: Disallow square brackets ([ and ]) in domain + names for parsed URLs Co-authored-by: Peter Bierma --- diff --git a/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch index e8e4636..7912134 100644 --- a/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch +++ b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch @@ -2,8 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 31 Mar 2025 20:29:04 +0200 -Subject: [PATCH] 00452: Properly apply exported CFLAGS for dtrace/systemtap - builds +Subject: 00452: Properly apply exported CFLAGS for dtrace/systemtap builds When using --with-dtrace the resulting object file could be missing specific CFLAGS exported by the build system due to the systemtap diff --git a/00457-ssl-raise-oserror-for-err_lib_sys.patch b/00457-ssl-raise-oserror-for-err_lib_sys.patch index 0f8c5f4..9f2143a 100644 --- a/00457-ssl-raise-oserror-for-err_lib_sys.patch +++ b/00457-ssl-raise-oserror-for-err_lib_sys.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 3 Apr 2025 18:26:17 +0200 -Subject: [PATCH] 00457: ssl: Raise OSError for ERR_LIB_SYS +Subject: 00457: ssl: Raise OSError for ERR_LIB_SYS The patch resolves the flakiness of test_ftplib From 6cbf255ebedab9946d9c52affa77a3e0b58e164c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Wed, 23 Apr 2025 11:44:23 +0000 Subject: [PATCH 57/66] Add RPM Provides for python3.6-libs, python3.6-devel, python3.6-idle, python3.6-tkinter, python3.6-test This is a first step to switch the flatpackage bcond in order to maintain the same structure as Python 3.10+. --- python3.6.spec | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index 35c5489..a57ef96 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 45%{?dist} +Release: 46%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -161,6 +161,8 @@ License: LicenseRef-Callaway-Python AND LicenseRef-Callaway-MIT AND Apache-2.0 A # General global macros # ===================== +%global pkgname python%{pybasever} + %global pylibdir %{_libdir}/python%{pybasever} %global dynload_dir %{pylibdir}/lib-dynload @@ -1131,6 +1133,16 @@ Provides: bundled(python3dist(appdirs)) = 1.4.3 Provides: bundled(mpdecimal) = %{libmpdec_version} Provides: bundled(libmpdec) = %{libmpdec_version} +# Provides of the subpackages contained in flatpackage +Provides: %{pkgname}-libs = %{version}-%{release} +Provides: %{pkgname}-devel = %{version}-%{release} +Provides: %{pkgname}-idle = %{version}-%{release} +Provides: %{pkgname}-tkinter = %{version}-%{release} +Provides: %{pkgname}-test = %{version}-%{release} +%if %{with debug_build} +Provides: %{pkgname}-debug = %{version}-%{release} +%endif + # The description for the flat package %description Python %{pybasever} package for developers. @@ -2094,6 +2106,9 @@ CheckPython optimized # ====================================================== %changelog +* Wed Apr 23 2025 Miro Hrončok - 3.6.15-46 +- Add RPM Provides for python3.6-libs, python3.6-devel, python3.6-idle, python3.6-tkinter, python3.6-test + * Wed Apr 16 2025 Charalampos Stratakis - 3.6.15-45 - Fix the flakiness of test_ftplib From 47fdac40696c7c5b89952abffe0203526f49b6b0 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Thu, 26 Jun 2025 21:58:58 +0200 Subject: [PATCH 58/66] Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 --- 00465-tarfile-cves.patch | 1791 ++++++++++++++++++++++++++++++++++++++ python3.6.spec | 26 +- 2 files changed, 1816 insertions(+), 1 deletion(-) create mode 100644 00465-tarfile-cves.patch diff --git a/00465-tarfile-cves.patch b/00465-tarfile-cves.patch new file mode 100644 index 0000000..048f40c --- /dev/null +++ b/00465-tarfile-cves.patch @@ -0,0 +1,1791 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Tue, 22 Aug 2023 20:28:10 +0200 +Subject: 00465: tarfile cves + +Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile + +The backported fixes do not contain changes for ntpath.py and related tests, +because the support for symlinks and junctions were added later in Python 3.9, +and it does not make sense to backport them to 3.6 here. + +The patch is contains the following changes: +- https://github.com/python/cpython/commit/42deeab5b2efc2930d4eb73416e1dde9cf790dd2 + fixes symlink handling for tarfile.data_filter +- https://github.com/python/cpython/commit/9d2c2a8e3b8fe18ee1568bfa4a419847b3e78575 + fixes handling of existing files/symlinks in tarfile +- https://github.com/python/cpython/commit/00af9794dd118f7b835dd844b2b609a503ad951e + adds a new "strict" argument to realpath() +- https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1 + fixes mulriple CVE fixes in the tarfile module +- downstream only fixes that makes the changes work and compatible with Python 3.6 +--- + Doc/library/tarfile.rst | 5 + + Lib/genericpath.py | 12 +- + Lib/pathlib.py | 142 ++---- + Lib/posixpath.py | 35 +- + Lib/tarfile.py | 173 +++++-- + Lib/test/test_ntpath.py | 2 + + Lib/test/test_posixpath.py | 312 ++++++++++-- + Lib/test/test_tarfile.py | 459 +++++++++++++++++- + ...-08-10-17-36-22.gh-issue-107845.dABiMJ.rst | 3 + + 9 files changed, 938 insertions(+), 205 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-08-10-17-36-22.gh-issue-107845.dABiMJ.rst + +diff --git a/Doc/library/tarfile.rst b/Doc/library/tarfile.rst +index f6dc9a7038..d6ef4551b1 100644 +--- a/Doc/library/tarfile.rst ++++ b/Doc/library/tarfile.rst +@@ -716,6 +716,11 @@ A ``TarInfo`` object has the following public data attributes: + Name of the target file name, which is only present in :class:`TarInfo` objects + of type :const:`LNKTYPE` and :const:`SYMTYPE`. + ++ For symbolic links (``SYMTYPE``), the *linkname* is relative to the directory ++ that contains the link. ++ For hard links (``LNKTYPE``), the *linkname* is relative to the root of ++ the archive. ++ + + .. attribute:: TarInfo.uid + +diff --git a/Lib/genericpath.py b/Lib/genericpath.py +index 303b3b349a..4a80461fe7 100644 +--- a/Lib/genericpath.py ++++ b/Lib/genericpath.py +@@ -8,7 +8,7 @@ import stat + + __all__ = ['commonprefix', 'exists', 'getatime', 'getctime', 'getmtime', + 'getsize', 'isdir', 'isfile', 'samefile', 'sameopenfile', +- 'samestat'] ++ 'samestat', 'ALLOW_MISSING'] + + + # Does a path exist? +@@ -149,3 +149,13 @@ def _check_arg_types(funcname, *args): + (funcname, s.__class__.__name__)) from None + if hasstr and hasbytes: + raise TypeError("Can't mix strings and bytes in path components") from None ++ ++ ++# A singleton with a true boolean value. ++@object.__new__ ++class ALLOW_MISSING: ++ """Special value for use in realpath().""" ++ def __repr__(self): ++ return 'os.path.ALLOW_MISSING' ++ def __reduce__(self): ++ return self.__class__.__name__ +diff --git a/Lib/pathlib.py b/Lib/pathlib.py +index 5e130110f2..0f0fc3863a 100644 +--- a/Lib/pathlib.py ++++ b/Lib/pathlib.py +@@ -8,22 +8,13 @@ import re + import sys + from collections import Sequence + from contextlib import contextmanager +-from errno import EINVAL, ENOENT, ENOTDIR ++from errno import EINVAL, ENOENT, ENOTDIR, ELOOP + from operator import attrgetter + from stat import S_ISDIR, S_ISLNK, S_ISREG, S_ISSOCK, S_ISBLK, S_ISCHR, S_ISFIFO + from urllib.parse import quote_from_bytes as urlquote_from_bytes + + + supports_symlinks = True +-if os.name == 'nt': +- import nt +- if sys.getwindowsversion()[:2] >= (6, 0): +- from nt import _getfinalpathname +- else: +- supports_symlinks = False +- _getfinalpathname = None +-else: +- nt = None + + + __all__ = [ +@@ -35,6 +26,11 @@ __all__ = [ + # Internals + # + ++_WINERROR_NOT_READY = 21 # drive exists but is not accessible ++_WINERROR_INVALID_NAME = 123 # fix for bpo-35306 ++_WINERROR_CANT_RESOLVE_FILENAME = 1921 # broken symlink pointing to itself ++ ++ + def _is_wildcard_pattern(pat): + # Whether this pattern needs actual matching using fnmatch, or can + # be looked up directly as a file. +@@ -178,30 +174,6 @@ class _WindowsFlavour(_Flavour): + def casefold_parts(self, parts): + return [p.lower() for p in parts] + +- def resolve(self, path, strict=False): +- s = str(path) +- if not s: +- return os.getcwd() +- previous_s = None +- if _getfinalpathname is not None: +- if strict: +- return self._ext_to_normal(_getfinalpathname(s)) +- else: +- tail_parts = [] # End of the path after the first one not found +- while True: +- try: +- s = self._ext_to_normal(_getfinalpathname(s)) +- except FileNotFoundError: +- previous_s = s +- s, tail = os.path.split(s) +- tail_parts.append(tail) +- if previous_s == s: +- return path +- else: +- return os.path.join(s, *reversed(tail_parts)) +- # Means fallback on absolute +- return None +- + def _split_extended_path(self, s, ext_prefix=ext_namespace_prefix): + prefix = '' + if s.startswith(ext_prefix): +@@ -212,10 +184,6 @@ class _WindowsFlavour(_Flavour): + s = '\\' + s[3:] + return prefix, s + +- def _ext_to_normal(self, s): +- # Turn back an extended path into a normal DOS-like path +- return self._split_extended_path(s)[1] +- + def is_reserved(self, parts): + # NOTE: the rules for reserved names seem somewhat complicated + # (e.g. r"..\NUL" is reserved but not r"foo\NUL"). +@@ -300,51 +268,6 @@ class _PosixFlavour(_Flavour): + def casefold_parts(self, parts): + return parts + +- def resolve(self, path, strict=False): +- sep = self.sep +- accessor = path._accessor +- seen = {} +- def _resolve(path, rest): +- if rest.startswith(sep): +- path = '' +- +- for name in rest.split(sep): +- if not name or name == '.': +- # current dir +- continue +- if name == '..': +- # parent dir +- path, _, _ = path.rpartition(sep) +- continue +- newpath = path + sep + name +- if newpath in seen: +- # Already seen this path +- path = seen[newpath] +- if path is not None: +- # use cached value +- continue +- # The symlink is not resolved, so we must have a symlink loop. +- raise RuntimeError("Symlink loop from %r" % newpath) +- # Resolve the symbolic link +- try: +- target = accessor.readlink(newpath) +- except OSError as e: +- if e.errno != EINVAL and strict: +- raise +- # Not a symlink, or non-strict mode. We just leave the path +- # untouched. +- path = newpath +- else: +- seen[newpath] = None # not resolved symlink +- path = _resolve(path, target) +- seen[newpath] = path # resolved symlink +- +- return path +- # NOTE: according to POSIX, getcwd() cannot contain path components +- # which are symlinks. +- base = '' if path.is_absolute() else os.getcwd() +- return _resolve(base, str(path)) or sep +- + def is_reserved(self, parts): + return False + +@@ -421,17 +344,12 @@ class _NormalAccessor(_Accessor): + + replace = _wrap_binary_strfunc(os.replace) + +- if nt: +- if supports_symlinks: +- symlink = _wrap_binary_strfunc(os.symlink) +- else: +- def symlink(a, b, target_is_directory): +- raise NotImplementedError("symlink() not available on this system") ++ if hasattr(os, "symlink"): ++ symlink = os.symlink + else: +- # Under POSIX, os.symlink() takes two args +- @staticmethod +- def symlink(a, b, target_is_directory): +- return os.symlink(str(a), str(b)) ++ def symlink(self, src, dst, target_is_directory=False): ++ raise NotImplementedError("os.symlink() not available on this system") ++ + + utime = _wrap_strfunc(os.utime) + +@@ -439,6 +357,12 @@ class _NormalAccessor(_Accessor): + def readlink(self, path): + return os.readlink(path) + ++ getcwd = os.getcwd ++ ++ expanduser = staticmethod(os.path.expanduser) ++ ++ realpath = staticmethod(os.path.realpath) ++ + + _normal_accessor = _NormalAccessor() + +@@ -1138,17 +1062,27 @@ class Path(PurePath): + """ + if self._closed: + self._raise_closed() +- s = self._flavour.resolve(self, strict=strict) +- if s is None: +- # No symlink resolution => for consistency, raise an error if +- # the path doesn't exist or is forbidden +- self.stat() +- s = str(self.absolute()) +- # Now we have no symlinks in the path, it's safe to normalize it. +- normed = self._flavour.pathmod.normpath(s) +- obj = self._from_parts((normed,), init=False) +- obj._init(template=self) +- return obj ++ ++ def check_eloop(e): ++ winerror = getattr(e, 'winerror', 0) ++ if e.errno == ELOOP or winerror == _WINERROR_CANT_RESOLVE_FILENAME: ++ raise RuntimeError("Symlink loop from %r" % e.filename) ++ ++ try: ++ s = self._accessor.realpath(self, strict=strict) ++ except OSError as e: ++ check_eloop(e) ++ raise ++ p = self._from_parts((s,)) ++ ++ # In non-strict mode, realpath() doesn't raise on symlink loops. ++ # Ensure we get an exception by calling stat() ++ if not strict: ++ try: ++ p.stat() ++ except OSError as e: ++ check_eloop(e) ++ return p + + def stat(self): + """ +diff --git a/Lib/posixpath.py b/Lib/posixpath.py +index ca578a5df3..bbc6fa4500 100644 +--- a/Lib/posixpath.py ++++ b/Lib/posixpath.py +@@ -35,7 +35,7 @@ __all__ = ["normcase","isabs","join","splitdrive","split","splitext", + "samefile","sameopenfile","samestat", + "curdir","pardir","sep","pathsep","defpath","altsep","extsep", + "devnull","realpath","supports_unicode_filenames","relpath", +- "commonpath"] ++ "commonpath", "ALLOW_MISSING"] + + + def _get_sep(path): +@@ -388,16 +388,16 @@ def abspath(path): + # Return a canonical path (i.e. the absolute location of a file on the + # filesystem). + +-def realpath(filename): ++def realpath(filename, *, strict=False): + """Return the canonical path of the specified filename, eliminating any + symbolic links encountered in the path.""" + filename = os.fspath(filename) +- path, ok = _joinrealpath(filename[:0], filename, {}) ++ path, ok = _joinrealpath(filename[:0], filename, strict, {}) + return abspath(path) + + # Join two paths, normalizing and eliminating any symbolic links + # encountered in the second path. +-def _joinrealpath(path, rest, seen): ++def _joinrealpath(path, rest, strict, seen): + if isinstance(path, bytes): + sep = b'/' + curdir = b'.' +@@ -406,6 +406,15 @@ def _joinrealpath(path, rest, seen): + sep = '/' + curdir = '.' + pardir = '..' ++ getcwd = os.getcwd ++ if strict is ALLOW_MISSING: ++ ignored_error = FileNotFoundError ++ elif strict: ++ ignored_error = () ++ else: ++ ignored_error = OSError ++ ++ maxlinks = None + + if isabs(rest): + rest = rest[1:] +@@ -426,7 +435,13 @@ def _joinrealpath(path, rest, seen): + path = pardir + continue + newpath = join(path, name) +- if not islink(newpath): ++ try: ++ st = os.lstat(newpath) ++ except ignored_error: ++ is_link = False ++ else: ++ is_link = stat.S_ISLNK(st.st_mode) ++ if not is_link: + path = newpath + continue + # Resolve the symbolic link +@@ -437,10 +452,14 @@ def _joinrealpath(path, rest, seen): + # use cached value + continue + # The symlink is not resolved, so we must have a symlink loop. +- # Return already resolved part + rest of the path unchanged. +- return join(newpath, rest), False ++ if strict: ++ # Raise OSError(errno.ELOOP) ++ os.stat(newpath) ++ else: ++ # Return already resolved part + rest of the path unchanged. ++ return join(newpath, rest), False + seen[newpath] = None # not resolved symlink +- path, ok = _joinrealpath(path, os.readlink(newpath), seen) ++ path, ok = _joinrealpath(path, os.readlink(newpath), strict, seen) + if not ok: + return join(path, rest), False + seen[newpath] = path # resolved symlink +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index ee1bf37bfd..1a7d5f772a 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -753,7 +753,7 @@ class SpecialFileError(FilterError): + class AbsoluteLinkError(FilterError): + def __init__(self, tarinfo): + self.tarinfo = tarinfo +- super().__init__(f'{tarinfo.name!r} is a symlink to an absolute path') ++ super().__init__(f'{tarinfo.name!r} is a link to an absolute path') + + class LinkOutsideDestinationError(FilterError): + def __init__(self, tarinfo, path): +@@ -762,10 +762,22 @@ class LinkOutsideDestinationError(FilterError): + super().__init__(f'{tarinfo.name!r} would link to {path!r}, ' + + 'which is outside the destination') + ++class LinkFallbackError(FilterError): ++ def __init__(self, tarinfo, path): ++ self.tarinfo = tarinfo ++ self._path = path ++ super().__init__(f'link {tarinfo.name!r} would be extracted as a ' ++ + f'copy of {path!r}, which was rejected') ++ ++# Errors caused by filters -- both "fatal" and "non-fatal" -- that ++# we consider to be issues with the argument, rather than a bug in the ++# filter function ++_FILTER_ERRORS = (FilterError, OSError, ExtractError) ++ + def _get_filtered_attrs(member, dest_path, for_data=True): + new_attrs = {} + name = member.name +- dest_path = os.path.realpath(dest_path) ++ dest_path = os.path.realpath(dest_path, strict=os.path.ALLOW_MISSING) + # Strip leading / (tar's directory separator) from filenames. + # Include os.sep (target OS directory separator) as well. + if name.startswith(('/', os.sep)): +@@ -775,7 +787,8 @@ def _get_filtered_attrs(member, dest_path, for_data=True): + # For example, 'C:/foo' on Windows. + raise AbsolutePathError(member) + # Ensure we stay in the destination +- target_path = os.path.realpath(os.path.join(dest_path, name)) ++ target_path = os.path.realpath(os.path.join(dest_path, name), ++ strict=os.path.ALLOW_MISSING) + if os.path.commonpath([target_path, dest_path]) != dest_path: + raise OutsideDestinationError(member, target_path) + # Limit permissions (no high bits, and go-w) +@@ -813,7 +826,18 @@ def _get_filtered_attrs(member, dest_path, for_data=True): + if member.islnk() or member.issym(): + if os.path.isabs(member.linkname): + raise AbsoluteLinkError(member) +- target_path = os.path.realpath(os.path.join(dest_path, member.linkname)) ++ normalized = os.path.normpath(member.linkname) ++ if normalized != member.linkname: ++ new_attrs['linkname'] = normalized ++ if member.issym(): ++ target_path = os.path.join(dest_path, ++ os.path.dirname(name), ++ member.linkname) ++ else: ++ target_path = os.path.join(dest_path, ++ member.linkname) ++ target_path = os.path.realpath(target_path, ++ strict=os.path.ALLOW_MISSING) + if os.path.commonpath([target_path, dest_path]) != dest_path: + raise LinkOutsideDestinationError(member, target_path) + return new_attrs +@@ -2236,30 +2260,58 @@ class TarFile(object): + members = self + + for member in members: +- tarinfo = self._get_extract_tarinfo(member, filter_function, path) ++ tarinfo, unfiltered = self._get_extract_tarinfo( ++ member, filter_function, path) + if tarinfo is None: + continue + if tarinfo.isdir(): + # For directories, delay setting attributes until later, + # since permissions can interfere with extraction and + # extracting contents can reset mtime. +- directories.append(tarinfo) ++ directories.append(unfiltered) + self._extract_one(tarinfo, path, set_attrs=not tarinfo.isdir(), +- numeric_owner=numeric_owner) ++ numeric_owner=numeric_owner, ++ filter_function=filter_function) + + # Reverse sort directories. + directories.sort(key=lambda a: a.name, reverse=True) + ++ + # Set correct owner, mtime and filemode on directories. +- for tarinfo in directories: +- dirpath = os.path.join(path, tarinfo.name) ++ for unfiltered in directories: + try: ++ # Need to re-apply any filter, to take the *current* filesystem ++ # state into account. ++ try: ++ tarinfo = filter_function(unfiltered, path) ++ except _FILTER_ERRORS as exc: ++ self._log_no_directory_fixup(unfiltered, repr(exc)) ++ continue ++ if tarinfo is None: ++ self._log_no_directory_fixup(unfiltered, ++ 'excluded by filter') ++ continue ++ dirpath = os.path.join(path, tarinfo.name) ++ try: ++ lstat = os.lstat(dirpath) ++ except FileNotFoundError: ++ self._log_no_directory_fixup(tarinfo, 'missing') ++ continue ++ if not stat.S_ISDIR(lstat.st_mode): ++ # This is no longer a directory; presumably a later ++ # member overwrote the entry. ++ self._log_no_directory_fixup(tarinfo, 'not a directory') ++ continue + self.chown(tarinfo, dirpath, numeric_owner=numeric_owner) + self.utime(tarinfo, dirpath) + self.chmod(tarinfo, dirpath) + except ExtractError as e: + self._handle_nonfatal_error(e) + ++ def _log_no_directory_fixup(self, member, reason): ++ self._dbg(2, "tarfile: Not fixing up directory %r (%s)" % ++ (member.name, reason)) ++ + def extract(self, member, path="", set_attrs=True, *, numeric_owner=False, + filter=None): + """Extract a member from the archive to the current working directory, +@@ -2275,41 +2327,56 @@ class TarFile(object): + String names of common filters are accepted. + """ + filter_function = self._get_filter_function(filter) +- tarinfo = self._get_extract_tarinfo(member, filter_function, path) ++ tarinfo, unfiltered = self._get_extract_tarinfo( ++ member, filter_function, path) + if tarinfo is not None: + self._extract_one(tarinfo, path, set_attrs, numeric_owner) + + def _get_extract_tarinfo(self, member, filter_function, path): +- """Get filtered TarInfo (or None) from member, which might be a str""" ++ """Get (filtered, unfiltered) TarInfos from *member* ++ ++ *member* might be a string. ++ ++ Return (None, None) if not found. ++ """ ++ + if isinstance(member, str): +- tarinfo = self.getmember(member) ++ unfiltered = self.getmember(member) + else: +- tarinfo = member ++ unfiltered = member + +- unfiltered = tarinfo ++ filtered = None + try: +- tarinfo = filter_function(tarinfo, path) ++ filtered = filter_function(unfiltered, path) + except (OSError, FilterError) as e: + self._handle_fatal_error(e) + except ExtractError as e: + self._handle_nonfatal_error(e) +- if tarinfo is None: ++ if filtered is None: + self._dbg(2, "tarfile: Excluded %r" % unfiltered.name) +- return None ++ return None, None ++ + # Prepare the link target for makelink(). +- if tarinfo.islnk(): +- tarinfo = copy.copy(tarinfo) +- tarinfo._link_target = os.path.join(path, tarinfo.linkname) +- return tarinfo ++ if filtered.islnk(): ++ filtered = copy.copy(filtered) ++ filtered._link_target = os.path.join(path, filtered.linkname) ++ return filtered, unfiltered + +- def _extract_one(self, tarinfo, path, set_attrs, numeric_owner): +- """Extract from filtered tarinfo to disk""" ++ def _extract_one(self, tarinfo, path, set_attrs, numeric_owner, ++ filter_function=None): ++ """Extract from filtered tarinfo to disk. ++ ++ filter_function is only used when extracting a *different* ++ member (e.g. as fallback to creating a symlink) ++ """ + self._check("r") + + try: + self._extract_member(tarinfo, os.path.join(path, tarinfo.name), + set_attrs=set_attrs, +- numeric_owner=numeric_owner) ++ numeric_owner=numeric_owner, ++ filter_function=filter_function, ++ extraction_root=path) + except OSError as e: + self._handle_fatal_error(e) + except ExtractError as e: +@@ -2366,9 +2433,13 @@ class TarFile(object): + return None + + def _extract_member(self, tarinfo, targetpath, set_attrs=True, +- numeric_owner=False): +- """Extract the TarInfo object tarinfo to a physical ++ numeric_owner=False, *, filter_function=None, ++ extraction_root=None): ++ """Extract the filtered TarInfo object tarinfo to a physical + file called targetpath. ++ ++ filter_function is only used when extracting a *different* ++ member (e.g. as fallback to creating a symlink) + """ + # Fetch the TarInfo object for the given name + # and build the destination pathname, replacing +@@ -2397,7 +2468,10 @@ class TarFile(object): + elif tarinfo.ischr() or tarinfo.isblk(): + self.makedev(tarinfo, targetpath) + elif tarinfo.islnk() or tarinfo.issym(): +- self.makelink(tarinfo, targetpath) ++ self.makelink_with_filter( ++ tarinfo, targetpath, ++ filter_function=filter_function, ++ extraction_root=extraction_root) + elif tarinfo.type not in SUPPORTED_TYPES: + self.makeunknown(tarinfo, targetpath) + else: +@@ -2479,26 +2553,57 @@ class TarFile(object): + os.makedev(tarinfo.devmajor, tarinfo.devminor)) + + def makelink(self, tarinfo, targetpath): ++ return self.makelink_with_filter(tarinfo, targetpath, None, None) ++ ++ def makelink_with_filter(self, tarinfo, targetpath, ++ filter_function, extraction_root): + """Make a (symbolic) link called targetpath. If it cannot be created + (platform limitation), we try to make a copy of the referenced file + instead of a link. ++ ++ filter_function is only used when extracting a *different* ++ member (e.g. as fallback to creating a link). + """ ++ keyerror_to_extracterror = False + try: + # For systems that support symbolic and hard links. + if tarinfo.issym(): ++ if os.path.lexists(targetpath): ++ # Avoid FileExistsError on following os.symlink. ++ os.unlink(targetpath) + os.symlink(tarinfo.linkname, targetpath) ++ return + else: + if os.path.exists(tarinfo._link_target): + os.link(tarinfo._link_target, targetpath) +- else: +- self._extract_member(self._find_link_target(tarinfo), +- targetpath) ++ return + except symlink_exception: ++ keyerror_to_extracterror = True ++ ++ try: ++ unfiltered = self._find_link_target(tarinfo) ++ except KeyError: ++ if keyerror_to_extracterror: ++ raise ExtractError( ++ "unable to resolve link inside archive") ++ else: ++ raise ++ ++ if filter_function is None: ++ filtered = unfiltered ++ else: ++ if extraction_root is None: ++ raise ExtractError( ++ "makelink_with_filter: if filter_function is not None, " ++ + "extraction_root must also not be None") + try: +- self._extract_member(self._find_link_target(tarinfo), +- targetpath) +- except KeyError: +- raise ExtractError("unable to resolve link inside archive") ++ filtered = filter_function(unfiltered, extraction_root) ++ except _FILTER_ERRORS as cause: ++ raise LinkFallbackError(tarinfo, unfiltered.name) from cause ++ if filtered is not None: ++ self._extract_member(filtered, targetpath, ++ filter_function=filter_function, ++ extraction_root=extraction_root) + + def chown(self, tarinfo, targetpath, numeric_owner): + """Set owner of targetpath according to tarinfo. If numeric_owner +diff --git a/Lib/test/test_ntpath.py b/Lib/test/test_ntpath.py +index bba1712cce..6666cea9f5 100644 +--- a/Lib/test/test_ntpath.py ++++ b/Lib/test/test_ntpath.py +@@ -1,8 +1,10 @@ + import ntpath + import os ++import subprocess + import sys + import unittest + import warnings ++from ntpath import ALLOW_MISSING + from test.support import TestFailed, FakePath + from test import support, test_genericpath + from tempfile import TemporaryFile +diff --git a/Lib/test/test_posixpath.py b/Lib/test/test_posixpath.py +index e73b31cb64..f41d032e26 100644 +--- a/Lib/test/test_posixpath.py ++++ b/Lib/test/test_posixpath.py +@@ -1,8 +1,10 @@ + import os ++import sys + import posixpath + import unittest + import warnings +-from posixpath import realpath, abspath, dirname, basename ++from functools import partial ++from posixpath import realpath, abspath, dirname, basename, ALLOW_MISSING + from test import support, test_genericpath + from test.support import FakePath + from unittest import mock +@@ -33,6 +35,26 @@ def safe_rmdir(dirname): + except OSError: + pass + ++def _parameterize(*parameters): ++ """Simplistic decorator to parametrize a test ++ ++ Runs the decorated test multiple times in subTest, with a value from ++ 'parameters' passed as an extra positional argument. ++ Does *not* call doCleanups() after each run. ++ ++ Not for general use. Intended to avoid indenting for easier backports. ++ ++ See https://discuss.python.org/t/91827 for discussing generalizations. ++ """ ++ def _parametrize_decorator(func): ++ def _parameterized(self, *args, **kwargs): ++ for parameter in parameters: ++ with self.subTest(parameter): ++ func(self, *args, parameter, **kwargs) ++ return _parameterized ++ return _parametrize_decorator ++ ++ + class PosixPathTest(unittest.TestCase): + + def setUp(self): +@@ -308,52 +330,167 @@ class PosixPathTest(unittest.TestCase): + b"/foo/bar") + + @skip_if_ABSTFN_contains_backslash +- def test_realpath_curdir(self): +- self.assertEqual(realpath('.'), os.getcwd()) +- self.assertEqual(realpath('./.'), os.getcwd()) +- self.assertEqual(realpath('/'.join(['.'] * 100)), os.getcwd()) ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_curdir(self, kwargs): ++ self.assertEqual(realpath('.', **kwargs), os.getcwd()) ++ self.assertEqual(realpath('./.', **kwargs), os.getcwd()) ++ self.assertEqual(realpath('/'.join(['.'] * 100), **kwargs), os.getcwd()) + +- self.assertEqual(realpath(b'.'), os.getcwdb()) +- self.assertEqual(realpath(b'./.'), os.getcwdb()) +- self.assertEqual(realpath(b'/'.join([b'.'] * 100)), os.getcwdb()) ++ self.assertEqual(realpath(b'.', **kwargs), os.getcwdb()) ++ self.assertEqual(realpath(b'./.', **kwargs), os.getcwdb()) ++ self.assertEqual(realpath(b'/'.join([b'.'] * 100), **kwargs), os.getcwdb()) + + @skip_if_ABSTFN_contains_backslash +- def test_realpath_pardir(self): +- self.assertEqual(realpath('..'), dirname(os.getcwd())) +- self.assertEqual(realpath('../..'), dirname(dirname(os.getcwd()))) +- self.assertEqual(realpath('/'.join(['..'] * 100)), '/') ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_pardir(self, kwargs): ++ self.assertEqual(realpath('..', **kwargs), dirname(os.getcwd())) ++ self.assertEqual(realpath('../..', **kwargs), dirname(dirname(os.getcwd()))) ++ self.assertEqual(realpath('/'.join(['..'] * 100), **kwargs), '/') + +- self.assertEqual(realpath(b'..'), dirname(os.getcwdb())) +- self.assertEqual(realpath(b'../..'), dirname(dirname(os.getcwdb()))) +- self.assertEqual(realpath(b'/'.join([b'..'] * 100)), b'/') ++ self.assertEqual(realpath(b'..', **kwargs), dirname(os.getcwdb())) ++ self.assertEqual(realpath(b'../..', **kwargs), dirname(dirname(os.getcwdb()))) ++ self.assertEqual(realpath(b'/'.join([b'..'] * 100), **kwargs), b'/') + + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_basic(self): ++ @_parameterize({}, {'strict': ALLOW_MISSING}) ++ def test_realpath_basic(self, kwargs): + # Basic operation. + try: + os.symlink(ABSTFN+"1", ABSTFN) +- self.assertEqual(realpath(ABSTFN), ABSTFN+"1") ++ self.assertEqual(realpath(ABSTFN, **kwargs), ABSTFN+"1") + finally: + support.unlink(ABSTFN) + + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_relative(self): ++ @_parameterize({}, {'strict': ALLOW_MISSING}) ++ def test_realpath_relative(self, kwargs): + try: + os.symlink(posixpath.relpath(ABSTFN+"1"), ABSTFN) +- self.assertEqual(realpath(ABSTFN), ABSTFN+"1") ++ self.assertEqual(realpath(ABSTFN, **kwargs), ABSTFN+"1") + finally: + support.unlink(ABSTFN) + + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash ++ def test_realpath_strict(self): ++ # Bug #43757: raise FileNotFoundError in strict mode if we encounter ++ # a path that does not exist. ++ try: ++ os.symlink(ABSTFN+"1", ABSTFN) ++ self.assertRaises(FileNotFoundError, realpath, ABSTFN, strict=True) ++ self.assertRaises(FileNotFoundError, realpath, ABSTFN + "2", strict=True) ++ finally: ++ support.unlink(ABSTFN) ++ ++ def test_realpath_invalid_paths(self): ++ path = '/\x00' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(ValueError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ path = b'/\x00' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(ValueError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ path = '/nonexistent/x\x00' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ path = b'/nonexistent/x\x00' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ path = '/\x00/..' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(ValueError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ path = b'/\x00/..' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(ValueError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ ++ path = '/nonexistent/x\x00/..' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ path = b'/nonexistent/x\x00/..' ++ self.assertRaises(ValueError, realpath, path, strict=False) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertRaises(ValueError, realpath, path, strict=ALLOW_MISSING) ++ ++ path = '/\udfff' ++ if sys.platform == 'win32': ++ self.assertEqual(realpath(path, strict=False), path) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertEqual(realpath(path, strict=ALLOW_MISSING), path) ++ else: ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=False) ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=True) ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=ALLOW_MISSING) ++ path = '/nonexistent/\udfff' ++ if sys.platform == 'win32': ++ self.assertEqual(realpath(path, strict=False), path) ++ self.assertEqual(realpath(path, strict=ALLOW_MISSING), path) ++ else: ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=False) ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=ALLOW_MISSING) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ path = '/\udfff/..' ++ if sys.platform == 'win32': ++ self.assertEqual(realpath(path, strict=False), '/') ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertEqual(realpath(path, strict=ALLOW_MISSING), '/') ++ else: ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=False) ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=True) ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=ALLOW_MISSING) ++ path = '/nonexistent/\udfff/..' ++ if sys.platform == 'win32': ++ self.assertEqual(realpath(path, strict=False), '/nonexistent') ++ self.assertEqual(realpath(path, strict=ALLOW_MISSING), '/nonexistent') ++ else: ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=False) ++ self.assertRaises(UnicodeEncodeError, realpath, path, strict=ALLOW_MISSING) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ ++ path = b'/\xff' ++ if sys.platform == 'win32': ++ self.assertRaises(UnicodeDecodeError, realpath, path, strict=False) ++ self.assertRaises(UnicodeDecodeError, realpath, path, strict=True) ++ self.assertRaises(UnicodeDecodeError, realpath, path, strict=ALLOW_MISSING) ++ else: ++ self.assertEqual(realpath(path, strict=False), path) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ self.assertEqual(realpath(path, strict=ALLOW_MISSING), path) ++ path = b'/nonexistent/\xff' ++ if sys.platform == 'win32': ++ self.assertRaises(UnicodeDecodeError, realpath, path, strict=False) ++ self.assertRaises(UnicodeDecodeError, realpath, path, strict=ALLOW_MISSING) ++ else: ++ self.assertEqual(realpath(path, strict=False), path) ++ self.assertRaises(FileNotFoundError, realpath, path, strict=True) ++ ++ @unittest.skipUnless(hasattr(os, "symlink"), ++ "Missing symlink implementation") ++ @skip_if_ABSTFN_contains_backslash ++ @_parameterize({}, {'strict': ALLOW_MISSING}) ++ def test_realpath_missing_pardir(self, kwargs): ++ try: ++ os.symlink(support.TESTFN + "1", support.TESTFN) ++ self.assertEqual( ++ realpath("nonexistent/../" + support.TESTFN, **kwargs), ABSTFN + "1") ++ finally: ++ support.unlink(support.TESTFN) ++ ++ @support.skip_unless_symlink ++ @skip_if_ABSTFN_contains_backslash + def test_realpath_symlink_loops(self): + # Bug #930024, return the path unchanged if we get into an infinite +- # symlink loop. ++ # symlink loop in non-strict mode (default). + try: + os.symlink(ABSTFN, ABSTFN) + self.assertEqual(realpath(ABSTFN), ABSTFN) +@@ -393,13 +530,57 @@ class PosixPathTest(unittest.TestCase): + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_repeated_indirect_symlinks(self): ++ @_parameterize({'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_symlink_loops_strict(self, kwargs): ++ # Bug #43757, raise OSError if we get into an infinite symlink loop in ++ # the strict modes. ++ try: ++ os.symlink(ABSTFN, ABSTFN) ++ self.assertRaises(OSError, realpath, ABSTFN, **kwargs) ++ ++ os.symlink(ABSTFN+"1", ABSTFN+"2") ++ os.symlink(ABSTFN+"2", ABSTFN+"1") ++ self.assertRaises(OSError, realpath, ABSTFN+"1", **kwargs) ++ self.assertRaises(OSError, realpath, ABSTFN+"2", **kwargs) ++ ++ self.assertRaises(OSError, realpath, ABSTFN+"1/x", **kwargs) ++ self.assertRaises(OSError, realpath, ABSTFN+"1/..", **kwargs) ++ self.assertRaises(OSError, realpath, ABSTFN+"1/../x", **kwargs) ++ os.symlink(ABSTFN+"x", ABSTFN+"y") ++ self.assertRaises(OSError, realpath, ++ ABSTFN+"1/../" + basename(ABSTFN) + "y", **kwargs) ++ self.assertRaises(OSError, realpath, ++ ABSTFN+"1/../" + basename(ABSTFN) + "1", **kwargs) ++ ++ os.symlink(basename(ABSTFN) + "a/b", ABSTFN+"a") ++ self.assertRaises(OSError, realpath, ABSTFN+"a", **kwargs) ++ ++ os.symlink("../" + basename(dirname(ABSTFN)) + "/" + ++ basename(ABSTFN) + "c", ABSTFN+"c") ++ self.assertRaises(OSError, realpath, ABSTFN+"c", **kwargs) ++ ++ # Test using relative path as well. ++ with support.change_cwd(dirname(ABSTFN)): ++ self.assertRaises(OSError, realpath, basename(ABSTFN), **kwargs) ++ finally: ++ support.unlink(ABSTFN) ++ support.unlink(ABSTFN+"1") ++ support.unlink(ABSTFN+"2") ++ support.unlink(ABSTFN+"y") ++ support.unlink(ABSTFN+"c") ++ support.unlink(ABSTFN+"a") ++ ++ @unittest.skipUnless(hasattr(os, "symlink"), ++ "Missing symlink implementation") ++ @skip_if_ABSTFN_contains_backslash ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_repeated_indirect_symlinks(self, kwargs): + # Issue #6975. + try: + os.mkdir(ABSTFN) + os.symlink('../' + basename(ABSTFN), ABSTFN + '/self') + os.symlink('self/self/self', ABSTFN + '/link') +- self.assertEqual(realpath(ABSTFN + '/link'), ABSTFN) ++ self.assertEqual(realpath(ABSTFN + '/link', **kwargs), ABSTFN) + finally: + support.unlink(ABSTFN + '/self') + support.unlink(ABSTFN + '/link') +@@ -408,14 +589,15 @@ class PosixPathTest(unittest.TestCase): + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_deep_recursion(self): ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_deep_recursion(self, kwargs): + depth = 10 + try: + os.mkdir(ABSTFN) + for i in range(depth): + os.symlink('/'.join(['%d' % i] * 10), ABSTFN + '/%d' % (i + 1)) + os.symlink('.', ABSTFN + '/0') +- self.assertEqual(realpath(ABSTFN + '/%d' % depth), ABSTFN) ++ self.assertEqual(realpath(ABSTFN + '/%d' % depth, **kwargs), ABSTFN) + + # Test using relative path as well. + with support.change_cwd(ABSTFN): +@@ -428,7 +610,8 @@ class PosixPathTest(unittest.TestCase): + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_resolve_parents(self): ++ @_parameterize({}, {'strict': ALLOW_MISSING}) ++ def test_realpath_resolve_parents(self, kwargs): + # We also need to resolve any symlinks in the parents of a relative + # path passed to realpath. E.g.: current working directory is + # /usr/doc with 'doc' being a symlink to /usr/share/doc. We call +@@ -439,7 +622,8 @@ class PosixPathTest(unittest.TestCase): + os.symlink(ABSTFN + "/y", ABSTFN + "/k") + + with support.change_cwd(ABSTFN + "/k"): +- self.assertEqual(realpath("a"), ABSTFN + "/y/a") ++ self.assertEqual(realpath("a", **kwargs), ++ ABSTFN + "/y/a") + finally: + support.unlink(ABSTFN + "/k") + safe_rmdir(ABSTFN + "/y") +@@ -448,7 +632,8 @@ class PosixPathTest(unittest.TestCase): + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_resolve_before_normalizing(self): ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_resolve_before_normalizing(self, kwargs): + # Bug #990669: Symbolic links should be resolved before we + # normalize the path. E.g.: if we have directories 'a', 'k' and 'y' + # in the following hierarchy: +@@ -463,10 +648,10 @@ class PosixPathTest(unittest.TestCase): + os.symlink(ABSTFN + "/k/y", ABSTFN + "/link-y") + + # Absolute path. +- self.assertEqual(realpath(ABSTFN + "/link-y/.."), ABSTFN + "/k") ++ self.assertEqual(realpath(ABSTFN + "/link-y/..", **kwargs), ABSTFN + "/k") + # Relative path. + with support.change_cwd(dirname(ABSTFN)): +- self.assertEqual(realpath(basename(ABSTFN) + "/link-y/.."), ++ self.assertEqual(realpath(basename(ABSTFN) + "/link-y/..", **kwargs), + ABSTFN + "/k") + finally: + support.unlink(ABSTFN + "/link-y") +@@ -477,7 +662,8 @@ class PosixPathTest(unittest.TestCase): + @unittest.skipUnless(hasattr(os, "symlink"), + "Missing symlink implementation") + @skip_if_ABSTFN_contains_backslash +- def test_realpath_resolve_first(self): ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_resolve_first(self, kwargs): + # Bug #1213894: The first component of the path, if not absolute, + # must be resolved too. + +@@ -487,13 +673,70 @@ class PosixPathTest(unittest.TestCase): + os.symlink(ABSTFN, ABSTFN + "link") + with support.change_cwd(dirname(ABSTFN)): + base = basename(ABSTFN) +- self.assertEqual(realpath(base + "link"), ABSTFN) +- self.assertEqual(realpath(base + "link/k"), ABSTFN + "/k") ++ self.assertEqual(realpath(base + "link", **kwargs), ABSTFN) ++ self.assertEqual(realpath(base + "link/k", **kwargs), ABSTFN + "/k") + finally: + support.unlink(ABSTFN + "link") + safe_rmdir(ABSTFN + "/k") + safe_rmdir(ABSTFN) + ++ @support.skip_unless_symlink ++ @skip_if_ABSTFN_contains_backslash ++ @unittest.skipIf(os.chmod not in os.supports_follow_symlinks, "Can't set symlink permissions") ++ @unittest.skipIf(sys.platform != "darwin", "only macOS requires read permission to readlink()") ++ @_parameterize({'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_realpath_unreadable_symlink_strict(self, kwargs): ++ try: ++ os.symlink(ABSTFN+"1", ABSTFN) ++ os.chmod(ABSTFN, 0o000, follow_symlinks=False) ++ with self.assertRaises(PermissionError): ++ realpath(ABSTFN, **kwargs) ++ with self.assertRaises(PermissionError): ++ realpath(ABSTFN + '/foo', **kwargs), ++ with self.assertRaises(PermissionError): ++ realpath(ABSTFN + '/../foo', **kwargs) ++ with self.assertRaises(PermissionError): ++ realpath(ABSTFN + '/foo/..', **kwargs) ++ finally: ++ os.chmod(ABSTFN, 0o755, follow_symlinks=False) ++ os.unlink(ABSTFN) ++ ++ @skip_if_ABSTFN_contains_backslash ++ @support.skip_unless_symlink ++ def test_realpath_unreadable_directory(self): ++ try: ++ os.mkdir(ABSTFN) ++ os.mkdir(ABSTFN + '/k') ++ os.chmod(ABSTFN, 0o000) ++ self.assertEqual(realpath(ABSTFN, strict=False), ABSTFN) ++ self.assertEqual(realpath(ABSTFN, strict=True), ABSTFN) ++ self.assertEqual(realpath(ABSTFN, strict=ALLOW_MISSING), ABSTFN) ++ ++ try: ++ os.stat(ABSTFN) ++ except PermissionError: ++ pass ++ else: ++ self.skipTest('Cannot block permissions') ++ ++ self.assertEqual(realpath(ABSTFN + '/k', strict=False), ++ ABSTFN + '/k') ++ self.assertRaises(PermissionError, realpath, ABSTFN + '/k', ++ strict=True) ++ self.assertRaises(PermissionError, realpath, ABSTFN + '/k', ++ strict=ALLOW_MISSING) ++ ++ self.assertEqual(realpath(ABSTFN + '/missing', strict=False), ++ ABSTFN + '/missing') ++ self.assertRaises(PermissionError, realpath, ABSTFN + '/missing', ++ strict=True) ++ self.assertRaises(PermissionError, realpath, ABSTFN + '/missing', ++ strict=ALLOW_MISSING) ++ finally: ++ os.chmod(ABSTFN, 0o755) ++ safe_rmdir(ABSTFN + '/k') ++ safe_rmdir(ABSTFN) ++ + def test_relpath(self): + (real_getcwd, os.getcwd) = (os.getcwd, lambda: r"/home/user/bar") + try: +@@ -670,9 +913,12 @@ class PathLikeTests(unittest.TestCase): + def test_path_abspath(self): + self.assertPathEqual(self.path.abspath) + +- def test_path_realpath(self): ++ @_parameterize({}, {'strict': True}, {'strict': ALLOW_MISSING}) ++ def test_path_realpath(self, kwargs): + self.assertPathEqual(self.path.realpath) + ++ self.assertPathEqual(partial(self.path.realpath, **kwargs)) ++ + def test_path_relpath(self): + self.assertPathEqual(self.path.relpath) + +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index 04ef000e71..c5d837e716 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -1,3 +1,4 @@ ++import errno + import sys + import os + import io +@@ -1360,11 +1361,11 @@ class WriteTest(WriteTestBase, unittest.TestCase): + f.write('something\n') + os.symlink(source_file, target_file) + tar = tarfile.open(temparchive,'w') +- tar.add(source_file) +- tar.add(target_file) ++ tar.add(source_file, arcname="source") ++ tar.add(target_file, arcname="symlink") + tar.close() + # Let's extract it to the location which contains the symlink +- tar = tarfile.open(temparchive,'r') ++ tar = tarfile.open(temparchive,'r', errorlevel=2) + # this should not raise OSError: [Errno 17] File exists + try: + tar.extractall(path=tempdir) +@@ -2242,9 +2243,35 @@ class MiscTest(unittest.TestCase): + 'tar_filter', 'FilterError', 'AbsoluteLinkError', + 'OutsideDestinationError', 'SpecialFileError', + 'AbsolutePathError', 'LinkOutsideDestinationError', ++ 'LinkFallbackError', + } + support.check__all__(self, tarfile, blacklist=blacklist) + ++ @unittest.skipUnless(support.can_symlink(), 'requires symlink support') ++ @unittest.skipUnless(hasattr(os, 'chmod'), "missing os.chmod") ++ @unittest.mock.patch('os.chmod') ++ def test_deferred_directory_attributes_update(self, mock_chmod): ++ # Regression test for gh-127987: setting attributes on arbitrary files ++ tempdir = os.path.join(TEMPDIR, 'test127987') ++ def mock_chmod_side_effect(path, mode, **kwargs): ++ target_path = os.path.realpath(path) ++ if os.path.commonpath([target_path, tempdir]) != tempdir: ++ raise Exception("should not try to chmod anything outside the destination", target_path) ++ mock_chmod.side_effect = mock_chmod_side_effect ++ ++ outside_tree_dir = os.path.join(TEMPDIR, 'outside_tree_dir') ++ with ArchiveMaker() as arc: ++ arc.add('x', symlink_to='.') ++ arc.add('x', type=tarfile.DIRTYPE, mode='?rwsrwsrwt') ++ arc.add('x', symlink_to=outside_tree_dir) ++ ++ os.makedirs(outside_tree_dir) ++ try: ++ arc.open().extractall(path=tempdir, filter='tar') ++ finally: ++ support.rmtree(outside_tree_dir) ++ support.rmtree(tempdir) ++ + + class CommandLineTest(unittest.TestCase): + +@@ -2777,6 +2804,10 @@ class NoneInfoExtractTests(ReadTest): + got_paths = set( + p.relative_to(directory) + for p in pathlib.Path(directory).glob('**/*')) ++ if self.extraction_filter == 'data': ++ # The 'data' filter is expected to reject special files ++ for path in 'ustar/fifotype', 'ustar/blktype', 'ustar/chrtype': ++ got_paths.discard(pathlib.Path(path)) + self.assertEqual(self.control_paths, got_paths) + + @contextmanager +@@ -3003,10 +3034,28 @@ class ArchiveMaker: + self.bio = None + + def add(self, name, *, type=None, symlink_to=None, hardlink_to=None, +- mode=None, **kwargs): +- """Add a member to the test archive. Call within `with`.""" ++ mode=None, size=None, content=None, **kwargs): ++ """Add a member to the test archive. Call within `with`. ++ ++ Provides many shortcuts: ++ - default `type` is based on symlink_to, hardlink_to, and trailing `/` ++ in name (which is stripped) ++ - size & content defaults are based on each other ++ - content can be str or bytes ++ - mode should be textual ('-rwxrwxrwx') ++ ++ (add more! this is unstable internal test-only API) ++ """ + name = str(name) + tarinfo = tarfile.TarInfo(name).replace(**kwargs) ++ if content is not None: ++ if isinstance(content, str): ++ content = content.encode() ++ size = len(content) ++ if size is not None: ++ tarinfo.size = size ++ if content is None: ++ content = bytes(tarinfo.size) + if mode: + tarinfo.mode = _filemode_to_int(mode) + if symlink_to is not None: +@@ -3020,7 +3069,7 @@ class ArchiveMaker: + if type is not None: + tarinfo.type = type + if tarinfo.isreg(): +- fileobj = io.BytesIO(bytes(tarinfo.size)) ++ fileobj = io.BytesIO(content) + else: + fileobj = None + self.tar_w.addfile(tarinfo, fileobj) +@@ -3042,7 +3091,7 @@ class TestExtractionFilters(unittest.TestCase): + destdir = outerdir / 'dest' + + @contextmanager +- def check_context(self, tar, filter): ++ def check_context(self, tar, filter, *, check_flag=True, ignored_trees=()): + """Extracts `tar` to `self.destdir` and allows checking the result + + If an error occurs, it must be checked using `expect_exception` +@@ -3051,26 +3100,46 @@ class TestExtractionFilters(unittest.TestCase): + except the destination directory itself and parent directories of + other files. + When checking directories, do so before their contents. ++ ++ A file called 'flag' is made in outerdir (i.e. outside destdir) ++ before extraction; it should not be altered nor should its contents ++ be read/copied. ++ ++ *ignored_trees* is a set of directories to remove (including their ++ contents) right after the archive is extracted. It is a workaround ++ for Path.glob() failing to get all files in Python 3.10 and below. + """ + with support.temp_dir(self.outerdir): ++ flag_path = self.outerdir / 'flag' ++ flag_path.write_text('capture me') + try: + tar.extractall(self.destdir, filter=filter) + except Exception as exc: + self.raised_exception = exc ++ self.reraise_exception = True + self.expected_paths = set() + else: ++ for ignored_tree in ignored_trees: ++ support.rmtree((self.destdir / ignored_tree).resolve()) + self.raised_exception = None ++ self.reraise_exception = False + self.expected_paths = set(self.outerdir.glob('**/*')) + self.expected_paths.discard(self.destdir) ++ self.expected_paths.discard(flag_path) + try: +- yield ++ yield self + finally: + tar.close() +- if self.raised_exception: ++ if self.reraise_exception: + raise self.raised_exception + self.assertEqual(self.expected_paths, set()) ++ if check_flag: ++ self.assertEqual(flag_path.read_text(), 'capture me') ++ else: ++ assert filter == 'fully_trusted' + +- def expect_file(self, name, type=None, symlink_to=None, mode=None): ++ def expect_file(self, name, type=None, symlink_to=None, mode=None, ++ size=None, content=None): + """Check a single file. See check_context.""" + if self.raised_exception: + raise self.raised_exception +@@ -3080,7 +3149,7 @@ class TestExtractionFilters(unittest.TestCase): + self.expected_paths.remove(path) + + # When checking mode, ignore Windows (which can only set user read and +- # user write bits). Newer versions of Python use `os_helper.can_chmod()` ++ # user write bits). Newer versions of Python use `support.can_chmod()` + # instead of hardcoding Windows. + if mode is not None and sys.platform != 'win32': + got = stat.filemode(stat.S_IMODE(path.stat().st_mode)) +@@ -3094,24 +3163,47 @@ class TestExtractionFilters(unittest.TestCase): + # The symlink might be the same (textually) as what we expect, + # but some systems change the link to an equivalent path, so + # we fall back to samefile(). +- if expected != got: +- self.assertTrue(got.samefile(expected)) ++ try: ++ if expected != got: ++ self.assertTrue(got.samefile(expected)) ++ except Exception as e: ++ # attach a note, so it's shown even if `samefile` fails ++ # add_note not supported on Python < 3.11 ++ # new style formating with = not supported in 3.6 as well ++ # e.add_note(f'{expected=}, {got=}') ++ raise + elif type == tarfile.REGTYPE or type is None: + self.assertTrue(path.is_file()) + elif type == tarfile.DIRTYPE: + self.assertTrue(path.is_dir()) + elif type == tarfile.FIFOTYPE: + self.assertTrue(path.is_fifo()) ++ elif type == tarfile.SYMTYPE: ++ self.assertTrue(path.is_symlink()) + else: + raise NotImplementedError(type) ++ if size is not None: ++ self.assertEqual(path.stat().st_size, size) ++ if content is not None: ++ self.assertEqual(path.read_text(), content) + for parent in path.parents: + self.expected_paths.discard(parent) + ++ def expect_any_tree(self, name): ++ """Check a directory; forget about its contents.""" ++ tree_path = (self.destdir / name).resolve() ++ self.expect_file(tree_path, type=tarfile.DIRTYPE) ++ self.expected_paths = { ++ p for p in self.expected_paths ++ if tree_path not in p.parents ++ } ++ + def expect_exception(self, exc_type, message_re='.'): + with self.assertRaisesRegex(exc_type, message_re): + if self.raised_exception is not None: + raise self.raised_exception +- self.raised_exception = None ++ self.reraise_exception = False ++ return self.raised_exception + + def test_benign_file(self): + with ArchiveMaker() as arc: +@@ -3149,8 +3241,15 @@ class TestExtractionFilters(unittest.TestCase): + # Test interplaying symlinks + # Inspired by 'dirsymlink2a' in jwilk/traversal-archives + with ArchiveMaker() as arc: ++ ++ # `current` links to `.` which is both: ++ # - the destination directory ++ # - `current` itself + arc.add('current', symlink_to='.') ++ ++ # effectively points to ./../ + arc.add('parent', symlink_to='current/..') ++ + arc.add('parent/evil') + + if support.can_symlink(): +@@ -3188,12 +3287,121 @@ class TestExtractionFilters(unittest.TestCase): + with self.check_context(arc.open(), 'data'): + self.expect_file('parent/evil') + ++ @support.skip_unless_symlink ++ def test_realpath_limit_attack(self): ++ # (CVE-2025-4517) ++ ++ with ArchiveMaker() as arc: ++ # populate the symlinks and dirs that expand in os.path.realpath() ++ # The component length is chosen so that in common cases, the unexpanded ++ # path fits in PATH_MAX, but it overflows when the final symlink ++ # is expanded ++ steps = "abcdefghijklmnop" ++ if sys.platform == 'win32': ++ component = 'd' * 25 ++ elif 'PC_PATH_MAX' in os.pathconf_names: ++ max_path_len = os.pathconf(self.outerdir.parent, "PC_PATH_MAX") ++ path_sep_len = 1 ++ dest_len = len(str(self.destdir)) + path_sep_len ++ component_len = (max_path_len - dest_len) // (len(steps) + path_sep_len) ++ component = 'd' * component_len ++ else: ++ raise NotImplementedError("Need to guess component length for {sys.platform}") ++ path = "" ++ step_path = "" ++ for i in steps: ++ arc.add(os.path.join(path, component), type=tarfile.DIRTYPE, ++ mode='drwxrwxrwx') ++ arc.add(os.path.join(path, i), symlink_to=component) ++ path = os.path.join(path, component) ++ step_path = os.path.join(step_path, i) ++ # create the final symlink that exceeds PATH_MAX and simply points ++ # to the top dir. ++ # this link will never be expanded by ++ # os.path.realpath(strict=False), nor anything after it. ++ linkpath = os.path.join(*steps, "l"*254) ++ parent_segments = [".."] * len(steps) ++ arc.add(linkpath, symlink_to=os.path.join(*parent_segments)) ++ # make a symlink outside to keep the tar command happy ++ arc.add("escape", symlink_to=os.path.join(linkpath, "..")) ++ # use the symlinks above, that are not checked, to create a hardlink ++ # to a file outside of the destination path ++ arc.add("flaglink", hardlink_to=os.path.join("escape", "flag")) ++ # now that we have the hardlink we can overwrite the file ++ arc.add("flaglink", content='overwrite') ++ # we can also create new files as well! ++ arc.add("escape/newfile", content='new') ++ ++ with self.subTest('fully_trusted'), \ ++ self.check_context(arc.open(), filter='fully_trusted', ++ check_flag=False, ignored_trees={component}): ++ if sys.platform == 'win32': ++ self.expect_exception((FileNotFoundError, FileExistsError)) ++ elif self.raised_exception: ++ # Cannot symlink/hardlink: tarfile falls back to getmember() ++ self.expect_exception(KeyError) ++ # Otherwise, this block should never enter. ++ else: ++ self.expect_file('flaglink', content='overwrite') ++ self.expect_file('../newfile', content='new') ++ self.expect_file('escape', type=tarfile.SYMTYPE) ++ self.expect_file('a', symlink_to=component) ++ ++ for filter in 'tar', 'data': ++ with self.subTest(filter), self.check_context(arc.open(), filter=filter): ++ exc = self.expect_exception((OSError, KeyError)) ++ if isinstance(exc, OSError): ++ if sys.platform == 'win32': ++ # 3: ERROR_PATH_NOT_FOUND ++ # 5: ERROR_ACCESS_DENIED ++ # 206: ERROR_FILENAME_EXCED_RANGE ++ self.assertIn(exc.winerror, (3, 5, 206)) ++ else: ++ self.assertEqual(exc.errno, errno.ENAMETOOLONG) ++ + def test_parent_symlink2(self): + # Test interplaying symlinks + # Inspired by 'dirsymlink2b' in jwilk/traversal-archives ++ ++ # Posix and Windows have different pathname resolution: ++ # either symlink or a '..' component resolve first. ++ # Let's see which we are on. ++ if support.can_symlink(): ++ testpath = os.path.join(TEMPDIR, 'resolution_test') ++ os.mkdir(testpath) ++ ++ # testpath/current links to `.` which is all of: ++ # - `testpath` ++ # - `testpath/current` ++ # - `testpath/current/current` ++ # - etc. ++ os.symlink('.', os.path.join(testpath, 'current')) ++ ++ # we'll test where `testpath/current/../file` ends up ++ with open(os.path.join(testpath, 'current', '..', 'file'), 'w'): ++ pass ++ ++ if os.path.exists(os.path.join(testpath, 'file')): ++ # Windows collapses 'current\..' to '.' first, leaving ++ # 'testpath\file' ++ dotdot_resolves_early = True ++ elif os.path.exists(os.path.join(testpath, '..', 'file')): ++ # Posix resolves 'current' to '.' first, leaving ++ # 'testpath/../file' ++ dotdot_resolves_early = False ++ else: ++ raise AssertionError('Could not determine link resolution') ++ + with ArchiveMaker() as arc: ++ ++ # `current` links to `.` which is both the destination directory ++ # and `current` itself + arc.add('current', symlink_to='.') ++ ++ # `current/parent` is also available as `./parent`, ++ # and effectively points to `./../` + arc.add('current/parent', symlink_to='..') ++ + arc.add('parent/evil') + + with self.check_context(arc.open(), 'fully_trusted'): +@@ -3207,6 +3415,7 @@ class TestExtractionFilters(unittest.TestCase): + + with self.check_context(arc.open(), 'tar'): + if support.can_symlink(): ++ # Fail when extracting a file outside destination + self.expect_exception( + tarfile.OutsideDestinationError, + "'parent/evil' would be extracted to " +@@ -3217,10 +3426,24 @@ class TestExtractionFilters(unittest.TestCase): + self.expect_file('parent/evil') + + with self.check_context(arc.open(), 'data'): +- self.expect_exception( +- tarfile.LinkOutsideDestinationError, +- """'current/parent' would link to ['"].*['"], """ +- + "which is outside the destination") ++ if support.can_symlink(): ++ if dotdot_resolves_early: ++ # Fail when extracting a file outside destination ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'parent/evil' would be extracted to " ++ + """['"].*evil['"], which is outside """ ++ + "the destination") ++ else: ++ # Fail as soon as we have a symlink outside the destination ++ self.expect_exception( ++ tarfile.LinkOutsideDestinationError, ++ "'current/parent' would link to " ++ + """['"].*outerdir['"], which is outside """ ++ + "the destination") ++ else: ++ self.expect_file('current/') ++ self.expect_file('parent/evil') + + def test_absolute_symlink(self): + # Test symlink to an absolute path +@@ -3249,11 +3472,29 @@ class TestExtractionFilters(unittest.TestCase): + with self.check_context(arc.open(), 'data'): + self.expect_exception( + tarfile.AbsoluteLinkError, +- "'parent' is a symlink to an absolute path") ++ "'parent' is a link to an absolute path") ++ ++ def test_absolute_hardlink(self): ++ # Test hardlink to an absolute path ++ # Inspired by 'dirsymlink' in https://github.com/jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('parent', hardlink_to=self.outerdir / 'foo') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_exception(KeyError, ".*foo. not found") ++ ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_exception(KeyError, ".*foo. not found") ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.AbsoluteLinkError, ++ "'parent' is a link to an absolute path") + + def test_sly_relative0(self): + # Inspired by 'relative0' in jwilk/traversal-archives + with ArchiveMaker() as arc: ++ # points to `../../tmp/moo` + arc.add('../moo', symlink_to='..//tmp/moo') + + try: +@@ -3303,6 +3544,174 @@ class TestExtractionFilters(unittest.TestCase): + + """['"].*moo['"], which is outside the """ + + "destination") + ++ def test_deep_symlink(self): ++ # Test that symlinks and hardlinks inside a directory ++ # point to the correct file (`target` of size 3). ++ # If links aren't supported we get a copy of the file. ++ with ArchiveMaker() as arc: ++ arc.add('targetdir/target', size=3) ++ # a hardlink's linkname is relative to the archive ++ arc.add('linkdir/hardlink', hardlink_to=os.path.join( ++ 'targetdir', 'target')) ++ # a symlink's linkname is relative to the link's directory ++ arc.add('linkdir/symlink', symlink_to=os.path.join( ++ '..', 'targetdir', 'target')) ++ ++ for filter in 'tar', 'data', 'fully_trusted': ++ with self.check_context(arc.open(), filter): ++ self.expect_file('targetdir/target', size=3) ++ self.expect_file('linkdir/hardlink', size=3) ++ if support.can_symlink(): ++ self.expect_file('linkdir/symlink', size=3, ++ symlink_to='../targetdir/target') ++ else: ++ self.expect_file('linkdir/symlink', size=3) ++ ++ def test_chains(self): ++ # Test chaining of symlinks/hardlinks. ++ # Symlinks are created before the files they point to. ++ with ArchiveMaker() as arc: ++ arc.add('linkdir/symlink', symlink_to='hardlink') ++ arc.add('symlink2', symlink_to=os.path.join( ++ 'linkdir', 'hardlink2')) ++ arc.add('targetdir/target', size=3) ++ arc.add('linkdir/hardlink', hardlink_to='targetdir/target') ++ arc.add('linkdir/hardlink2', hardlink_to='linkdir/symlink') ++ ++ for filter in 'tar', 'data', 'fully_trusted': ++ with self.check_context(arc.open(), filter): ++ self.expect_file('targetdir/target', size=3) ++ self.expect_file('linkdir/hardlink', size=3) ++ self.expect_file('linkdir/hardlink2', size=3) ++ if support.can_symlink(): ++ self.expect_file('linkdir/symlink', size=3, ++ symlink_to='hardlink') ++ self.expect_file('symlink2', size=3, ++ symlink_to='linkdir/hardlink2') ++ else: ++ self.expect_file('linkdir/symlink', size=3) ++ self.expect_file('symlink2', size=3) ++ ++ def test_sneaky_hardlink_fallback(self): ++ # (CVE-2025-4330) ++ # Test that when hardlink extraction falls back to extracting members ++ # from the archive, the extracted member is (re-)filtered. ++ with ArchiveMaker() as arc: ++ # Create a directory structure so the c/escape symlink stays ++ # inside the path ++ arc.add("a/t/dummy") ++ # Create b/ directory ++ arc.add("b/") ++ # Point "c" to the bottom of the tree in "a" ++ arc.add("c", symlink_to=os.path.join("a", "t")) ++ # link to non-existant location under "a" ++ arc.add("c/escape", symlink_to=os.path.join("..", "..", ++ "link_here")) ++ # Move "c" to point to "b" ("c/escape" no longer exists) ++ arc.add("c", symlink_to="b") ++ # Attempt to create a hard link to "c/escape". Since it doesn't ++ # exist it will attempt to extract "cescape" but at "boom". ++ arc.add("boom", hardlink_to=os.path.join("c", "escape")) ++ ++ with self.check_context(arc.open(), 'data'): ++ if not support.can_symlink(): ++ # When 'c/escape' is extracted, 'c' is a regular ++ # directory, and 'c/escape' *would* point outside ++ # the destination if symlinks were allowed. ++ self.expect_exception( ++ tarfile.LinkOutsideDestinationError) ++ elif sys.platform == "win32": ++ # On Windows, 'c/escape' points outside the destination ++ self.expect_exception(tarfile.LinkOutsideDestinationError) ++ else: ++ e = self.expect_exception( ++ tarfile.LinkFallbackError, ++ "link 'boom' would be extracted as a copy of " ++ "'c/escape', which was rejected") ++ self.assertIsInstance(e.__cause__, ++ tarfile.LinkOutsideDestinationError) ++ for filter in 'tar', 'fully_trusted': ++ with self.subTest(filter), self.check_context(arc.open(), filter): ++ if not support.can_symlink(): ++ self.expect_file("a/t/dummy") ++ self.expect_file("b/") ++ self.expect_file("c/") ++ else: ++ self.expect_file("a/t/dummy") ++ self.expect_file("b/") ++ self.expect_file("a/t/escape", symlink_to='../../link_here') ++ self.expect_file("boom", symlink_to='../../link_here') ++ self.expect_file("c", symlink_to='b') ++ ++ def test_exfiltration_via_symlink(self): ++ # (CVE-2025-4138) ++ # Test changing symlinks that result in a symlink pointing outside ++ # the extraction directory, unless prevented by 'data' filter's ++ # normalization. ++ with ArchiveMaker() as arc: ++ arc.add("escape", symlink_to=os.path.join('link', 'link', '..', '..', 'link-here')) ++ arc.add("link", symlink_to='./') ++ ++ for filter in 'tar', 'data', 'fully_trusted': ++ with self.check_context(arc.open(), filter): ++ if support.can_symlink(): ++ self.expect_file("link", symlink_to='./') ++ if filter == 'data': ++ self.expect_file("escape", symlink_to='link-here') ++ else: ++ self.expect_file("escape", ++ symlink_to='link/link/../../link-here') ++ else: ++ # Nothing is extracted. ++ pass ++ ++ def test_chmod_outside_dir(self): ++ # (CVE-2024-12718) ++ # Test that members used for delayed updates of directory metadata ++ # are (re-)filtered. ++ with ArchiveMaker() as arc: ++ # "pwn" is a veeeery innocent symlink: ++ arc.add("a/pwn", symlink_to='.') ++ # But now "pwn" is also a directory, so it's scheduled to have its ++ # metadata updated later: ++ arc.add("a/pwn/", mode='drwxrwxrwx') ++ # Oops, "pwn" is not so innocent any more: ++ arc.add("a/pwn", symlink_to='x/../') ++ # Newly created symlink points to the dest dir, ++ # so it's OK for the "data" filter. ++ arc.add('a/x', symlink_to=('../')) ++ # But now "pwn" points outside the dest dir ++ ++ for filter in 'tar', 'data', 'fully_trusted': ++ with self.check_context(arc.open(), filter) as cc: ++ if not support.can_symlink(): ++ self.expect_file("a/pwn/") ++ elif filter == 'data': ++ self.expect_file("a/x", symlink_to='../') ++ self.expect_file("a/pwn", symlink_to='.') ++ else: ++ self.expect_file("a/x", symlink_to='../') ++ self.expect_file("a/pwn", symlink_to='x/../') ++ if sys.platform != "win32": ++ st_mode = cc.outerdir.stat().st_mode ++ self.assertNotEqual(st_mode & 0o777, 0o777) ++ ++ def test_link_fallback_normalizes(self): ++ # Make sure hardlink fallbacks work for non-normalized paths for all ++ # filters ++ with ArchiveMaker() as arc: ++ arc.add("dir/") ++ arc.add("dir/../afile") ++ arc.add("link1", hardlink_to='dir/../afile') ++ arc.add("link2", hardlink_to='dir/../dir/../afile') ++ ++ for filter in 'tar', 'data', 'fully_trusted': ++ with self.check_context(arc.open(), filter) as cc: ++ self.expect_file("dir/") ++ self.expect_file("afile") ++ self.expect_file("link1") ++ self.expect_file("link2") ++ + def test_modes(self): + # Test how file modes are extracted + # (Note that the modes are ignored on platforms without working chmod) +@@ -3404,7 +3813,7 @@ class TestExtractionFilters(unittest.TestCase): + # The 'tar' filter returns TarInfo objects with the same name/type. + # (It can also fail for particularly "evil" input, but we don't have + # that in the test archive.) +- with tarfile.TarFile.open(tarname) as tar: ++ with tarfile.TarFile.open(tarname, encoding="iso8859-1") as tar: + for tarinfo in tar.getmembers(): + filtered = tarfile.tar_filter(tarinfo, '') + self.assertIs(filtered.name, tarinfo.name) +@@ -3413,7 +3822,7 @@ class TestExtractionFilters(unittest.TestCase): + def test_data_filter(self): + # The 'data' filter either raises, or returns TarInfo with the same + # name/type. +- with tarfile.TarFile.open(tarname) as tar: ++ with tarfile.TarFile.open(tarname, encoding="iso8859-1") as tar: + for tarinfo in tar.getmembers(): + try: + filtered = tarfile.data_filter(tarinfo, '') +@@ -3542,13 +3951,13 @@ class TestExtractionFilters(unittest.TestCase): + # If errorlevel is 0, errors affected by errorlevel are ignored + + with self.check_context(arc.open(errorlevel=0), extracterror_filter): +- self.expect_file('file') ++ pass + + with self.check_context(arc.open(errorlevel=0), filtererror_filter): +- self.expect_file('file') ++ pass + + with self.check_context(arc.open(errorlevel=0), oserror_filter): +- self.expect_file('file') ++ pass + + with self.check_context(arc.open(errorlevel=0), tarerror_filter): + self.expect_exception(tarfile.TarError) +@@ -3559,7 +3968,7 @@ class TestExtractionFilters(unittest.TestCase): + # If 1, all fatal errors are raised + + with self.check_context(arc.open(errorlevel=1), extracterror_filter): +- self.expect_file('file') ++ pass + + with self.check_context(arc.open(errorlevel=1), filtererror_filter): + self.expect_exception(tarfile.FilterError) +diff --git a/Misc/NEWS.d/next/Library/2023-08-10-17-36-22.gh-issue-107845.dABiMJ.rst b/Misc/NEWS.d/next/Library/2023-08-10-17-36-22.gh-issue-107845.dABiMJ.rst +new file mode 100644 +index 0000000000..32c1fb93f4 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-08-10-17-36-22.gh-issue-107845.dABiMJ.rst +@@ -0,0 +1,3 @@ ++:func:`tarfile.data_filter` now takes the location of symlinks into account ++when determining their target, so it will no longer reject some valid ++tarballs with ``LinkOutsideDestinationError``. diff --git a/python3.6.spec b/python3.6.spec index a57ef96..1bae203 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 46%{?dist} +Release: 47%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -827,6 +827,27 @@ Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch # https://github.com/python/cpython/pull/127361 Patch457: 00457-ssl-raise-oserror-for-err_lib_sys.patch +# 00465 # 2224c823bcc1b62b85f516883151459ae51cdb7d +# tarfile cves +# +# Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile +# +# The backported fixes do not contain changes for ntpath.py and related tests, +# because the support for symlinks and junctions were added later in Python 3.9, +# and it does not make sense to backport them to 3.6 here. +# +# The patch is contains the following changes: +# - https://github.com/python/cpython/commit/42deeab5b2efc2930d4eb73416e1dde9cf790dd2 +# fixes symlink handling for tarfile.data_filter +# - https://github.com/python/cpython/commit/9d2c2a8e3b8fe18ee1568bfa4a419847b3e78575 +# fixes handling of existing files/symlinks in tarfile +# - https://github.com/python/cpython/commit/00af9794dd118f7b835dd844b2b609a503ad951e +# adds a new "strict" argument to realpath() +# - https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1 +# fixes mulriple CVE fixes in the tarfile module +# - downstream only fixes that makes the changes work and compatible with Python 3.6 +Patch465: 00465-tarfile-cves.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2106,6 +2127,9 @@ CheckPython optimized # ====================================================== %changelog +* Thu Jun 26 2025 Lumír Balhar - 3.6.15-47 +- Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 + * Wed Apr 23 2025 Miro Hrončok - 3.6.15-46 - Add RPM Provides for python3.6-libs, python3.6-devel, python3.6-idle, python3.6-tkinter, python3.6-test From b9056bf46d942fc9b1034c9f411a65c958620b2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Fri, 4 Jul 2025 12:58:04 +0200 Subject: [PATCH 59/66] Fixup patch 1 and 435 commit messages after the importpatches/exportpatches change This fixes up 552eb34bb57edb545b4811f9903a6317c0d74f8e --- 00001-rpath.patch | 6 +++--- 00435-gh-121650-encode-newlines-in-headers-and-verify.patch | 4 ++-- python3.6.spec | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/00001-rpath.patch b/00001-rpath.patch index 473b240..0194cdf 100644 --- a/00001-rpath.patch +++ b/00001-rpath.patch @@ -1,10 +1,10 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 13 Jan 2010 21:25:18 +0000 -Subject: =?UTF-8?q?00001:=20Fixup=20distutils/unixccompiler.py=20to=20remo?= - =?UTF-8?q?ve=20standard=20library=20path=20from=20rpath=0AWas=20Patch0=20?= - =?UTF-8?q?in=20ivazquez'=20python3000=20specfile?= +Subject: 00001: Fixup distutils/unixccompiler.py to remove standard library + path from rpath +Was Patch0 in ivazquez' python3000 specfile --- Lib/distutils/unixccompiler.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch index e706c63..6c6bebb 100644 --- a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch +++ b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Fri, 16 Aug 2024 14:12:58 +0200 -Subject: =?UTF-8?q?00435:=20gh-121650:=20Encode=20newlines=20in=20headers,?= - =?UTF-8?q?=20and=20verify=0A=20headers=20are=20sound=20(GH-122233)?= +Subject: 00435: gh-121650: Encode newlines in headers, and verify headers are + sound (GH-122233) Per RFC 2047: diff --git a/python3.6.spec b/python3.6.spec index 1bae203..b5bda08 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -340,6 +340,7 @@ Source102: setuptools-CVE-2024-6345.patch # 00001 # d06a8853cf4bae9e115f45e1d531d2dc152c5cc8 # Fixup distutils/unixccompiler.py to remove standard library path from rpath +# # Was Patch0 in ivazquez' python3000 specfile Patch1: 00001-rpath.patch @@ -739,8 +740,7 @@ Patch427: 00427-zipextfile-tell-and-seek-cve-2024-0450.patch Patch431: 00431-cve-2024-4032.patch # 00435 # f80b87e6a67eebe0693b895261bad2e9a58a4825 -# gh-121650: Encode newlines in headers, and verify -# headers are sound (GH-122233) +# gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) # # Per RFC 2047: # From abe83deb5cb84b29aac92e5c4625d285f2d25292 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 11:19:35 +0000 Subject: [PATCH 60/66] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- python3.6.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python3.6.spec b/python3.6.spec index b5bda08..ee142b7 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 47%{?dist} +Release: 48%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -2127,6 +2127,9 @@ CheckPython optimized # ====================================================== %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 3.6.15-48 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Thu Jun 26 2025 Lumír Balhar - 3.6.15-47 - Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 From 78ecfade396d64292930dcac6d6d30a54ca2fd6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zachar?= Date: Mon, 28 Jul 2025 13:20:37 +0200 Subject: [PATCH 61/66] Drop STI and use tmt instead Resolve: rhbz#2383061 --- .fmf/version | 1 + plan.fmf | 32 ++++++++++++++++++++++++++++++++ tests/tests.yml | 22 ---------------------- 3 files changed, 33 insertions(+), 22 deletions(-) create mode 100644 .fmf/version create mode 100644 plan.fmf delete mode 100644 tests/tests.yml diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plan.fmf b/plan.fmf new file mode 100644 index 0000000..38d5410 --- /dev/null +++ b/plan.fmf @@ -0,0 +1,32 @@ +execute: + how: tmt + +discover: + - name: tests_python + how: shell + url: https://src.fedoraproject.org/tests/python.git + tests: + - name: smoke + path: /smoke + test: "VERSION=3.6 TOX_REQUIRES='virtualenv<20.22.0' ./venv.sh" + - name: marshalparser + path: /marshalparser + test: "VERSION=3.6 SAMPLE=10 ./test_marshalparser_compatibility.sh" + +prepare: + - name: Install dependencies + how: install + package: + - gcc + - python3-tox + - python3.6 + - glibc-all-langpacks # for locale tests + - marshalparser # for testing compatibility (magic numbers) with marshalparser + - dnf # for upgrade + - name: Update packages + how: shell + script: dnf upgrade -y + - name: rpm_qa + order: 100 + how: shell + script: rpm -qa | sort | tee $TMT_PLAN_DATA/rpmqa.txt diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index c6263a7..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- hosts: localhost - roles: - - role: standard-test-basic - tags: - - classic - repositories: - - repo: "https://src.fedoraproject.org/tests/python.git" - dest: "python" - tests: - - smoke: - dir: python/smoke - run: VERSION=3.6 TOX_REQUIRES="virtualenv<20.22.0" ./venv.sh - - marshalparser: - dir: python/marshalparser - run: VERSION=3.6 SAMPLE=10 test_marshalparser_compatibility.sh - required_packages: - - gcc - - python3-tox - - python3.6 - - glibc-all-langpacks # for locale tests - - marshalparser # for testing compatibility (magic numbers) with marshalparser From 39181c17666c6838cbbecd0dfa4ec5050f791ca5 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Mon, 11 Aug 2025 13:05:03 +0200 Subject: [PATCH 62/66] Security fix for CVE-2025-8194 --- 00467-tarfile-cve-2025-8194.patch | 212 ++++++++++++++++++++++++++++++ python3.6.spec | 11 +- 2 files changed, 222 insertions(+), 1 deletion(-) create mode 100644 00467-tarfile-cve-2025-8194.patch diff --git a/00467-tarfile-cve-2025-8194.patch b/00467-tarfile-cve-2025-8194.patch new file mode 100644 index 0000000..08cef22 --- /dev/null +++ b/00467-tarfile-cve-2025-8194.patch @@ -0,0 +1,212 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexander Urieles +Date: Mon, 28 Jul 2025 17:37:26 +0200 +Subject: 00467: tarfile CVE-2025-8194 + +tarfile now validates archives to ensure member offsets are non-negative (GH-137027) + +Co-authored-by: Gregory P. Smith +--- + Lib/tarfile.py | 3 + + Lib/test/test_tarfile.py | 156 ++++++++++++++++++ + ...-07-23-00-35-29.gh-issue-130577.c7EITy.rst | 3 + + 3 files changed, 162 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index 1a7d5f772a..4f536cb002 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1582,6 +1582,9 @@ class TarInfo(object): + """Round up a byte count by BLOCKSIZE and return it, + e.g. _block(834) => 1024. + """ ++ # Only non-negative offsets are allowed ++ if count < 0: ++ raise InvalidHeaderError("invalid offset") + blocks, remainder = divmod(count, BLOCKSIZE) + if remainder: + blocks += 1 +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index c5d837e716..484f114180 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -43,6 +43,7 @@ bz2name = os.path.join(TEMPDIR, "testtar.tar.bz2") + xzname = os.path.join(TEMPDIR, "testtar.tar.xz") + tmpname = os.path.join(TEMPDIR, "tmp.tar") + dotlessname = os.path.join(TEMPDIR, "testtar") ++SPACE = b" " + + md5_regtype = "65f477c818ad9e15f7feab0c6d37742f" + md5_sparse = "a54fbc4ca4f4399a90e1b27164012fc6" +@@ -4005,6 +4006,161 @@ class TestExtractionFilters(unittest.TestCase): + self.expect_exception(TypeError) # errorlevel is not int + + ++class OffsetValidationTests(unittest.TestCase): ++ tarname = tmpname ++ invalid_posix_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011407" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 6 bytes, version: 2 bytes ++ + tarfile.POSIX_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # devminor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # prefix: 155 bytes ++ + tarfile.NUL * tarfile.LENGTH_PREFIX ++ # padding: 12 bytes ++ + tarfile.NUL * 12 ++ ) ++ invalid_gnu_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, null terminator: 8 bytes ++ + b"0000755" + tarfile.NUL ++ # uid, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011327" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 8 bytes ++ + tarfile.GNU_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # devminor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # padding: 167 bytes ++ + tarfile.NUL * 167 ++ ) ++ invalid_v7_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0010070" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # padding: 255 bytes ++ + tarfile.NUL * 255 ++ ) ++ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT) ++ data_block = b"\xff" * tarfile.BLOCKSIZE ++ ++ def _write_buffer(self, buffer): ++ with open(self.tarname, "wb") as f: ++ f.write(buffer) ++ ++ def _get_members(self, ignore_zeros=None): ++ with open(self.tarname, "rb") as f: ++ with tarfile.open( ++ mode="r", fileobj=f, ignore_zeros=ignore_zeros ++ ) as tar: ++ return tar.getmembers() ++ ++ def _assert_raises_read_error_exception(self): ++ with self.assertRaisesRegex( ++ tarfile.ReadError, "file could not be opened successfully" ++ ): ++ self._get_members() ++ ++ def test_invalid_offset_header_validations(self): ++ for tar_format, invalid_header in ( ++ ("posix", self.invalid_posix_header), ++ ("gnu", self.invalid_gnu_header), ++ ("v7", self.invalid_v7_header), ++ ): ++ with self.subTest(format=tar_format): ++ self._write_buffer(invalid_header) ++ self._assert_raises_read_error_exception() ++ ++ def test_early_stop_at_invalid_offset_header(self): ++ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header ++ self._write_buffer(buffer) ++ members = self._get_members() ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, 0) ++ ++ def test_ignore_invalid_archive(self): ++ # 3 invalid headers with their respective data ++ buffer = (self.invalid_gnu_header + self.data_block) * 3 ++ self._write_buffer(buffer) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 0) ++ ++ def test_ignore_invalid_offset_headers(self): ++ for first_block, second_block, expected_offset in ( ++ ( ++ (self.valid_gnu_header), ++ (self.invalid_gnu_header + self.data_block), ++ 0, ++ ), ++ ( ++ (self.invalid_gnu_header + self.data_block), ++ (self.valid_gnu_header), ++ 1024, ++ ), ++ ): ++ self._write_buffer(first_block + second_block) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, expected_offset) ++ ++ + def setUpModule(): + support.unlink(TEMPDIR) + os.makedirs(TEMPDIR) +diff --git a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst +new file mode 100644 +index 0000000000..342cabbc86 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst +@@ -0,0 +1,3 @@ ++:mod:`tarfile` now validates archives to ensure member offsets are ++non-negative. (Contributed by Alexander Enrique Urieles Nieto in ++:gh:`130577`.) diff --git a/python3.6.spec b/python3.6.spec index ee142b7..b4ed7e4 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 48%{?dist} +Release: 49%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -848,6 +848,12 @@ Patch457: 00457-ssl-raise-oserror-for-err_lib_sys.patch # - downstream only fixes that makes the changes work and compatible with Python 3.6 Patch465: 00465-tarfile-cves.patch +# 00467 # f0b2819ec35fe1f732f661aea68863a5e4dd829f +# tarfile CVE-2025-8194 +# +# tarfile now validates archives to ensure member offsets are non-negative (GH-137027) +Patch467: 00467-tarfile-cve-2025-8194.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -2127,6 +2133,9 @@ CheckPython optimized # ====================================================== %changelog +* Mon Aug 11 2025 Lumír Balhar - 3.6.15-49 +- Security fix for CVE-2025-8194 + * Fri Jul 25 2025 Fedora Release Engineering - 3.6.15-48 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 5d945b7395f2b3fee800e4596384d7d3caa8262c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 1 Sep 2025 13:10:15 +0200 Subject: [PATCH 63/66] Inject SBOM into the installed wheels --- python3.6.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/python3.6.spec b/python3.6.spec index b4ed7e4..9ef03cf 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -302,6 +302,9 @@ BuildRequires: /usr/sbin/ifconfig %if %{with rpmwheels} BuildRequires: python-setuptools-wheel BuildRequires: python-pip-wheel +%else +# For %%python_wheel_inject_sbom +BuildRequires: python-rpm-macros %endif @@ -1563,6 +1566,11 @@ ln -s \ %{buildroot}%{_bindir}/python3-debug %endif +%if %{without rpmwheels} +# Inject SBOM into the installed wheels (if the macro is available) +%{?python_wheel_inject_sbom:%python_wheel_inject_sbom %{buildroot}%{pylibdir}/ensurepip/_bundled/*.whl} +%endif + %if %{with flatpackage} # Remove stuff that would conflict with python3 package rm %{buildroot}%{_bindir}/python3 From 7b13c3ecf0b5b41619811d3598b9c0a4daa11af0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 6 Nov 2025 13:08:18 +0100 Subject: [PATCH 64/66] On Fedora 44+, split this package into multiple subpackages python3.9 and python3.6 were the only remaining Pythons that are "flatpackaged". As they are likely to stay around for a while, it makes no sense to wait this out (like we did with e.g. 3.7 and 3.8). This (together with similar change in python3.9) will make all the packaged Pythons packaged in the same way. Additionally, this also enables the debug build, which was added to CI. See https://src.fedoraproject.org/rpms/python3.9/c/7a81f94ccc Assisted-By: Cursor 2.0.38 with gpt-5 --- plan.fmf | 12 +++++-- python3.6.spec | 98 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 69 insertions(+), 41 deletions(-) diff --git a/plan.fmf b/plan.fmf index 38d5410..8639a8d 100644 --- a/plan.fmf +++ b/plan.fmf @@ -1,6 +1,9 @@ execute: how: tmt +environment: + pybasever: '3.6' + discover: - name: tests_python how: shell @@ -8,10 +11,13 @@ discover: tests: - name: smoke path: /smoke - test: "VERSION=3.6 TOX_REQUIRES='virtualenv<20.22.0' ./venv.sh" + test: "VERSION=${pybasever} TOX_REQUIRES='virtualenv<20.22.0' ./venv.sh" + - name: debugsmoke + path: /smoke + test: "PYTHON=python${pybasever}dm TOX=false VERSION=${pybasever} INSTALL_OR_SKIP=true ./venv.sh" - name: marshalparser path: /marshalparser - test: "VERSION=3.6 SAMPLE=10 ./test_marshalparser_compatibility.sh" + test: "VERSION=${pybasever} SAMPLE=10 ./test_marshalparser_compatibility.sh" prepare: - name: Install dependencies @@ -19,7 +25,7 @@ prepare: package: - gcc - python3-tox - - python3.6 + - python${pybasever} - glibc-all-langpacks # for locale tests - marshalparser # for testing compatibility (magic numbers) with marshalparser - dnf # for upgrade diff --git a/python3.6.spec b/python3.6.spec index 9ef03cf..4dcb391 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -17,7 +17,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 49%{?dist} +Release: 50%{?dist} # Python is Python # pip MIT is and bundles: # appdirs: MIT @@ -59,12 +59,22 @@ License: LicenseRef-Callaway-Python AND LicenseRef-Callaway-MIT AND Apache-2.0 A # Note that the bcond macros are named for the CLI option they create. # "%%bcond_without" means "ENABLE by default and create a --without option" +# Main Python, i.e. whether this is the main Python version in the distribution +# that owns /usr/bin/python3 and other unique paths +# This also means the built subpackages are called python3 rather than python3X +# WARNING: This also influences the flatpackage bcond below. +# By default, this is disabled. +%bcond_with main_python + # Flat package, i.e. python36, python37, python38 for tox etc. -# warning: changes some other defaults -# in Fedora, never turn this on for the python3 package -# and always keep it on for python36 etc. -# WARNING: This does not change the package name and summary above +# Default (in Fedora >= 44): disabled +# Default (in Fedora < 44): enabled when this is not the main Python +# Not supported: Combination of flatpackage enabled and main_python enabled +%if %{with main_python} || 0%{?fedora} >= 44 +%bcond_with flatpackage +%else %bcond_without flatpackage +%endif # Whether to use RPM build wheels from the python-{pip,setuptools}-wheel package # Uses upstream bundled prebuilt wheels otherwise @@ -875,12 +885,16 @@ Patch467: 00467-tarfile-cve-2025-8194.patch Provides: python%{pyshortver} = %{version}-%{release} Obsoletes: python%{pyshortver} < %{version}-%{release} -%if %{without flatpackage} - # Packages with Python modules in standard locations automatically -# depend on python(abi). Provide that here. +# depend on python(abi). Provide that here only for the main Python. +%if %{with main_python} Provides: python(abi) = %{pybasever} +%else +%global __requires_exclude ^python\\(abi\\) = 3\\..+ +%global __provides_exclude ^python\\(abi\\) = 3\\..+ +%endif +%if %{without flatpackage} Requires: %{name}-libs%{?_isa} = %{version}-%{release} # In order to support multiple Python interpreters for development purposes, @@ -895,18 +909,16 @@ Provides: python%{pyshortver} = %{version}-%{release} # replace python36-3.6.2. Obsoletes: python%{pyshortver} -# Shall be removed in Fedora 31 -# The release is bumped to 20, so we can do f27 platform-python updates -# If the release in f27 ever goes >= 20, raise it here -# If platform-python is ever reintroduced, make it higher version than this: -%global platpyver 3.6.2-20 -Obsoletes: platform-python < %{platpyver} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_one_to_many_replacement +Obsoletes: %{name} < 3.6.15-50 +%if %{with main_python} # Previously, this was required for our rewheel patch to work. # This is technically no longer needed, but we keep it recommended # for the developer experience. Recommends: python3-setuptools Recommends: python3-pip +%endif # This prevents ALL subpackages built from this spec to require # /usr/bin/python3*. Granularity per subpackage is impossible. @@ -989,9 +1001,8 @@ Provides: bundled(libmpdec) = %{libmpdec_version} # See https://bugzilla.redhat.com/show_bug.cgi?id=1547131 Recommends: %{name}%{?_isa} = %{version}-%{release} -# Shall be removed in Fedora 31 -Obsoletes: platform-python-libs < %{platpyver} -Obsoletes: platform-python-libs-devel < %{platpyver} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_one_to_many_replacement +Obsoletes: %{name} < 3.6.15-50 %description libs This package contains runtime libraries for use by Python: @@ -1010,12 +1021,14 @@ Requires: python3-rpm-macros Requires: python3-rpm-generators Provides: %{name}-2to3 = %{version}-%{release} +%if %{with main_python} Provides: 2to3 = %{version}-%{release} +%endif Conflicts: %{name} < %{version}-%{release} -# Shall be removed in Fedora 31 -Obsoletes: platform-python-devel < %{platpyver} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_one_to_many_replacement +Obsoletes: %{name} < 3.6.15-50 %description devel This package contains the header files and configuration needed to compile @@ -1031,14 +1044,16 @@ Summary: A basic graphical development environment for Python Requires: %{name} = %{version}-%{release} Requires: %{name}-tkinter = %{version}-%{release} +%if %{with main_python} Provides: idle3 = %{version}-%{release} +%endif Provides: %{name}-tools = %{version}-%{release} Provides: %{name}-tools%{?_isa} = %{version}-%{release} Obsoletes: %{name}-tools < %{version}-%{release} -# Shall be removed in Fedora 31 -Obsoletes: platform-python-tools < %{platpyver} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_one_to_many_replacement +Obsoletes: %{name} < 3.6.15-50 %description idle IDLE is Python’s Integrated Development and Learning Environment. @@ -1057,8 +1072,8 @@ configuration, browsers, and other dialogs. Summary: A GUI toolkit for Python Requires: %{name} = %{version}-%{release} -# Shall be removed in Fedora 31 -Obsoletes: platform-python-tkinter < %{platpyver} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_one_to_many_replacement +Obsoletes: %{name} < 3.6.15-50 %description tkinter The Tkinter (Tk interface) library is a graphical user interface toolkit for @@ -1069,8 +1084,8 @@ the Python programming language. Summary: The self-test suite for the main python3 package Requires: %{name} = %{version}-%{release} -# Shall be removed in Fedora 31 -Obsoletes: platform-python-test < %{platpyver} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_one_to_many_replacement +Obsoletes: %{name} < 3.6.15-50 %description test The self-test suite for the Python interpreter. @@ -1115,11 +1130,6 @@ so extensions for both versions can co-exist in the same directory. %else # with flatpackage -# We'll not provide this, on purpose -# No package in Fedora shall ever depend on flatpackage via this -%global __requires_exclude ^python\\(abi\\) = 3\\..$ -%global __provides_exclude ^python\\(abi\\) = 3\\..$ - %if %{with rpmwheels} Requires: python-setuptools-wheel Requires: python-pip-wheel @@ -1470,7 +1480,7 @@ install -d -m 0755 %{buildroot}%{pylibdir}/site-packages/__pycache__ install -d -m 0755 %{buildroot}%{_prefix}/lib/python%{pybasever}/site-packages/__pycache__ %endif -%if %{without flatpackage} +%if %{with main_python} # add idle3 to menu install -D -m 0644 Lib/idlelib/Icons/idle_16.png %{buildroot}%{_datadir}/icons/hicolor/16x16/apps/idle3.png install -D -m 0644 Lib/idlelib/Icons/idle_32.png %{buildroot}%{_datadir}/icons/hicolor/32x32/apps/idle3.png @@ -1560,7 +1570,7 @@ find %{buildroot} -perm 555 -exec chmod 755 {} \; # Create "/usr/bin/python3-debug", a symlink to the python3 debug binary, to # avoid the user having to know the precise version and ABI flags. # See e.g. https://bugzilla.redhat.com/show_bug.cgi?id=676748 -%if %{with debug_build} && %{without flatpackage} +%if %{with debug_build} && %{with main_python} ln -s \ %{_bindir}/python%{LDVERSION_debug} \ %{buildroot}%{_bindir}/python3-debug @@ -1571,7 +1581,7 @@ ln -s \ %{?python_wheel_inject_sbom:%python_wheel_inject_sbom %{buildroot}%{pylibdir}/ensurepip/_bundled/*.whl} %endif -%if %{with flatpackage} +%if %{without main_python} # Remove stuff that would conflict with python3 package rm %{buildroot}%{_bindir}/python3 rm %{buildroot}%{_bindir}/pydoc3 @@ -1688,11 +1698,15 @@ CheckPython optimized %doc README.rst %if %{without flatpackage} +%if %{with main_python} %{_bindir}/pydoc* %{_bindir}/python3 %{_bindir}/pyvenv %{_mandir}/*/* -%{_bindir}/pyvenv +%else +%{_bindir}/pydoc%{pybasever} +%{_mandir}/*/python%{pybasever}* +%endif %else %{_bindir}/pydoc%{pybasever} %{_mandir}/*/python%{pybasever}* @@ -1920,27 +1934,29 @@ CheckPython optimized %{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h} %{_libdir}/%{py_INSTSONAME_optimized} -%if %{without flatpackage} +%if %{with main_python} %{_libdir}/libpython3.so %endif %if %{without flatpackage} %files devel +%if %{with main_python} %{_bindir}/2to3 # TODO: Remove 2to3-3.7 once rebased to 3.7 %{_bindir}/2to3-%{pybasever} %endif +%endif %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/* %if %{without flatpackage} %exclude %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/Makefile %exclude %{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h} %endif -%{pylibdir}/distutils/command/wininst-*.exe +%exclude %{pylibdir}/distutils/command/wininst-*.exe %{_includedir}/python%{LDVERSION_optimized}/*.h %doc Misc/README.valgrind Misc/valgrind-python.supp Misc/gdbinit -%if %{without flatpackage} +%if %{with main_python} %{_bindir}/python3-config %{_libdir}/pkgconfig/python3.pc %{_bindir}/pathfix.py @@ -1968,7 +1984,7 @@ CheckPython optimized %{pylibdir}/idlelib -%if %{without flatpackage} +%if %{with main_python} %{_metainfodir}/idle3.appdata.xml %{_datadir}/applications/idle3.desktop %{_datadir}/icons/hicolor/*/apps/idle3.* @@ -2016,8 +2032,10 @@ CheckPython optimized %if %{with debug_build} %if %{without flatpackage} %files debug +%if %{with main_python} %{_bindir}/python3-debug %endif +%endif # Analog of the core subpackage's files: %{_bindir}/python%{LDVERSION_debug} @@ -2141,6 +2159,10 @@ CheckPython optimized # ====================================================== %changelog +* Thu Nov 06 2025 Miro Hrončok - 3.6.15-50 +- On Fedora 44+, split this package into multiple subpackages +- This mimics newer Python versions + * Mon Aug 11 2025 Lumír Balhar - 3.6.15-49 - Security fix for CVE-2025-8194 From c03d34a103ea91e38bf6d7689013c7cd164a6568 Mon Sep 17 00:00:00 2001 From: Tomas Orsava Date: Fri, 29 Apr 2022 10:24:01 +0000 Subject: [PATCH 65/66] Move _sysconfigdata_dm_linux*.py to the debug subpackage (cherry picked from python3.10 commit 55d25b67d6153038b462d312e40c083d965ed5dc) --- python3.6.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/python3.6.spec b/python3.6.spec index 4dcb391..c9217a2 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -1851,6 +1851,10 @@ CheckPython optimized %dir %{pylibdir}/site-packages/ %dir %{pylibdir}/site-packages/__pycache__/ %{pylibdir}/site-packages/README.txt + +%exclude %{pylibdir}/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}.py +%exclude %{pylibdir}/__pycache__/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}%{bytecode_suffixes} + %{pylibdir}/*.py %dir %{pylibdir}/__pycache__/ %{pylibdir}/__pycache__/*%{bytecode_suffixes} @@ -2108,6 +2112,9 @@ CheckPython optimized %{dynload_dir}/unicodedata.%{SOABI_debug}.so %{dynload_dir}/zlib.%{SOABI_debug}.so +%{pylibdir}/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}.py +%{pylibdir}/__pycache__/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}%{bytecode_suffixes} + # No need to split things out the "Makefile" and the config-32/64.h file as we # do for the regular build above (bug 531901), since they're all in one package # now; they're listed below, under "-devel": From b8f7f2f8f17ea27e06ece70132c99d8eca2af2bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Sun, 11 Aug 2019 11:23:07 +0200 Subject: [PATCH 66/66] Conditionalize python3-devel runtime dependencies on RPM packages Installing python3-devel currently brings in many RPM-related packages. For somebody who needs python3-devel to build extension modules, those are all useless, so we conditionalize it on rpm-build. (cherry picked from commit e9ba67b74b9849d00cfc8e332b711db142dfd3e3) --- python3.6.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/python3.6.spec b/python3.6.spec index c9217a2..190964f 100644 --- a/python3.6.spec +++ b/python3.6.spec @@ -1016,9 +1016,11 @@ Summary: Libraries and header files needed for Python development Requires: %{name} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release} BuildRequires: python-rpm-macros -Requires: python-rpm-macros -Requires: python3-rpm-macros -Requires: python3-rpm-generators +# The RPM related dependencies bring nothing to a non-RPM Python developer +# But we want them when packages BuildRequire python3-devel +Requires: (python-rpm-macros if rpm-build) +Requires: (python3-rpm-macros if rpm-build) +Requires: (python3-rpm-generators if rpm-build) Provides: %{name}-2to3 = %{version}-%{release} %if %{with main_python}