Re: How to upgrade openssl from 3.0.2 to 3.0.7

[Shawn Heisey]

On 11/2/22 23:08, Anupam Dutta via openssl-users wrote:
I want to upgrade the openssl version from 3.0.2 to 3.0.7. My OS 
version is Ubuntu 22.04.1 LTS (Jammy Jellyfish). Please help .It is urgent


Ubuntu has already dealt with the new vulnerabilities.  If you do the 
normal package upgrade procedure that you should already be doing 
frequently, that will fix the vulnerability in version 3.0.2-0ubuntu1.7.


https://ubuntu.com/security/notices/USN-5710-1

If you want to see what version your Ubuntu machine has (or any distro 
that derives from Debian), do this command (as any user, sudo is not 
required):


dpkg -l | grep libssl

These commands should pick up that openssl fix as well as any other updates:

sudo apt -y update
sudo apt -y upgrade

Thanks,
Shawn

RE: SSL_read empty -> close?

[Michael Wojcik via openssl-users]

> From: Felipe Gasper 
> Sent: Thursday, 3 November, 2022 10:43
> >
> > And your description looks wrong anyway: shutdown(SHUT_RD) has
> > implementation-defined behavior for TCP sockets (because TCP does not
> > announce the read side of half-close to the peer), and on Linux causes
> > blocked receives and subsequent receives to return 0 (according to 
> > references
> 
> perl -MSocket -MIO::Socket::INET -e'my $s = IO::Socket::INET->new( Server =>
> 1, Listen => 1 ) or die; my $port = $s->sockport(); my $c = IO::Socket::INET-
> >new("localhost:$port") or die; syswrite $c, "hello"; my $sc = $s->accept();
> shutdown($sc, SHUT_RD); sysread $sc, my $buf, 512 or die $!; print $buf'
> 
> ^^ The above, I believe, demonstrates to the contrary: the read buffer is
> populated prior to shutdown and drained afterward.

As I noted, I hadn't tested it. The Linux man page is ambiguous:

   If how is SHUT_RD, further receptions will be disallowed.

It doesn't define "receptions". It's entirely possible that SHUT_RD will cause 
the stack to reject further application data (i.e. packets that increment the 
sequence number for anything other than ACK) from the peer, but permit the 
socket owner to continue to receive already-buffered data. That's arguably a 
poor implementation, and not what the man page appears to imply. And it looks 
to be in conflict with the Single UNIX Specification Issue 7 (not that Linux 
claims to be UNIX-conformant), which states that SHUT_SD "Disables further 
receive operations"; "operations" certainly seems to refer to actions taken by 
the caller, not by the peer.

There is a fair bit of debate about this online, and a number of people opine 
that the Linux behavior is correct, and SUS (they often refer to "POSIX", but 
POSIX has been superseded by SUS) is wrong. Others disagree.

The Linux kernel does take some action for a TCP socket that has SHUT_RD 
requested for it, but the behavior is not simple. (One SO comment mentions it 
causes it to exit the read loop in tcp_splice_read(), for example.) I'd be 
leery about relying on it.

I'm not sure how shutdown(SHUT_RD) is useful in the case of a TCP socket being 
used for TLS, to be perfectly honest. If the application protocol delimits 
messages properly and is half-duplex (request/response), then one side should 
know that no more data is expected and the other can detect incomplete 
messages, so there's likely no issue. If not, there's no way to guarantee you 
haven't encountered an incomplete message in bounded time (FPL Theorem 
applies). SHUT_RD does not signal the peer, so the peer can still get a RST if 
it continues to send. Perhaps I'm missing something, but I don't see what 
failure mode is being avoided by using SHUT_RD.

-- 
Michael Wojcik

Re: SSL_read empty -> close?

[Felipe Gasper]

> On Nov 3, 2022, at 11:37, Michael Wojcik via openssl-users 
>  wrote:
> 
>> It’s a rare
>> issue, but when it does it’s a head-scratcher. To avoid that, it’s necessary
>> to shutdown(SHUT_RD) then drain the read buffer before close().
> 
> Well, it's not *necessary* to do a half-close. Applications often know when 
> they've received all the data the peer intends to send, thanks to 
> record-delimiting mechanisms in the application protocol.
> 
> And your description looks wrong anyway: shutdown(SHUT_RD) has 
> implementation-defined behavior for TCP sockets (because TCP does not 
> announce the read side of half-close to the peer), and on Linux causes 
> blocked receives and subsequent receives to return 0 (according to references 
> -- I have't tested it), which means after shutdown(SHUT_RD) you *can't* drain 
> the receive buffer. shutdown(SHUT_WR) would work, since it sends a FIN, 
> telling the peer you won't be sending any more data, and still allows you to 
> receive.

perl -MSocket -MIO::Socket::INET -e'my $s = IO::Socket::INET->new( Server => 1, 
Listen => 1 ) or die; my $port = $s->sockport(); my $c = 
IO::Socket::INET->new("localhost:$port") or die; syswrite $c, "hello"; my $sc = 
$s->accept(); shutdown($sc, SHUT_RD); sysread $sc, my $buf, 512 or die $!; 
print $buf'

^^ The above, I believe, demonstrates to the contrary: the read buffer is 
populated prior to shutdown and drained afterward.

>> I would guess that many don’t and just don’t see the
>> RST thing frequently enough to worry about it. Regardless, the documentation
>> is already pretty voluminous, so if this doesn’t bite many folks, then hey.
> 
> Yes, but wiki articles are always appreciated.

I’ll see if I can whip something up.

-FG

RSA padding scheme for EVP_SealInit() ?

[Norm Green]

Hi

In OpenSSL 3.x, what RSA padding scheme does EVP_SealInit() use? PKCS1 
or OAEP ?


In 1.1, I wrote my own version of this code that forced the padding to 
be OAEP and am wondering if I still need that in 3.x.


Norm Green

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

[Phillip Susi]

Michael Wojcik via openssl-users  writes:

> I'm inclined to agree. While there's an argument for backward
> compatibility, C99 was standardized nearly a quarter of a century
> ago. OpenSSL 1.x is younger than C99. It doesn't seem like an
> unreasonable requirement.

That and there is no substitute for it.

RE: SSL_read empty -> close?

[Michael Wojcik via openssl-users]

> From: Felipe Gasper 
> Sent: Thursday, 3 November, 2022 08:51
> 
> You probably know this, but: On Linux, at least, if a TCP socket close()s
> with a non-empty read buffer, the kernel sends TCP RST to the peer.

Yes, that's a conditional-compliance (SHOULD) requirement from the Host 
Requirements RFC. See RFC 1122, 4.2.2.13.

> Some
> applications “panic” when they receive the RST and discard data.

Well, applications do a lot of things. Receiving an RST informs the peer that 
some of the data they sent was not successfully processed by the local 
application, so treating that as an error condition is not inappropriate.

But generally it's better if the application protocol imposes its own record 
structure and control information on top of TCP's very basic stream.

> It’s a rare
> issue, but when it does it’s a head-scratcher. To avoid that, it’s necessary
> to shutdown(SHUT_RD) then drain the read buffer before close().

Well, it's not *necessary* to do a half-close. Applications often know when 
they've received all the data the peer intends to send, thanks to 
record-delimiting mechanisms in the application protocol.

And your description looks wrong anyway: shutdown(SHUT_RD) has 
implementation-defined behavior for TCP sockets (because TCP does not announce 
the read side of half-close to the peer), and on Linux causes blocked receives 
and subsequent receives to return 0 (according to references -- I have't tested 
it), which means after shutdown(SHUT_RD) you *can't* drain the receive buffer. 
shutdown(SHUT_WR) would work, since it sends a FIN, telling the peer you won't 
be sending any more data, and still allows you to receive.

> So it seems like this *shouldn’t* be obscure, if applications do the
> shutdown/drain thing.

It's obscure in the sense that a great many people trying to use TLS get much 
more basic things wrong.

More generally, the OpenSSL documentation mostly covers the OpenSSL APIs, and 
leaves networking up to the OpenSSL consumer to figure out. The OpenSSL wiki 
covers topics that people have written, and those are going to focus on common 
questions and areas of particular interest for someone. If the interactions 
among the OpenSSL API, the TLS protocol (in its various versions), and the 
shutdown system call haven't historically been a problem for many people, then 
it's "obscure" in the literal sense of not having 
attracted much notice.

And in practice, the majority of TLS use is with HTTP, and HTTP does a fairly 
good job of determining when more data is expected, and handling cases where it 
isn't. An HTTP client that receives a complete response and then attempts to 
use the conversation for its next request, and gets an RST on that, for 
example, will just open a new conversation; it doesn't care that the old one 
was terminated. HTTP servers are simliarly tolerant because interactive user 
agents in particular cancel requests by closing (or, unfortunately, aborting) 
the connection all the time.

> I would guess that many don’t and just don’t see the
> RST thing frequently enough to worry about it. Regardless, the documentation
> is already pretty voluminous, so if this doesn’t bite many folks, then hey.

Yes, but wiki articles are always appreciated.

-- 
Michael Wojcik

Re: Output buffer length in EVP_EncryptUpdate for ECB mode

[Matt Caswell]

On 03/11/2022 14:21, Wiktor Kwapisiewicz via openssl-users wrote:

Hello,

I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate
[0] that is the length of the output buffer that should be passed to
that function ("out" parameter). (Actually I'm using EVP_CipherUpdate 
but the docs are more comprehensive for EVP_EncryptUpdate).


[0]: https://www.openssl.org/docs/manmaster/man3/EVP_EncryptUpdate.html

For the record I'm using AES-128 cipher in ECB mode and the docs say:


For most ciphers and modes, the amount of data written can be
anything from zero bytes to (inl + cipher_block_size - 1) bytes. For
wrap cipher modes, the amount of data written can be anything from
zero bytes to (inl + cipher_block_size) bytes. For stream ciphers,
the amount of data written can be anything from zero bytes to inl
bytes.


AES-128-ECB doesn't appear to be a stream cipher (since the "block size" 
returns 16 not the magical value of 1) and I'm unable to find any 
mentions of "wrap cipher modes" in search engines. Apparently ECB is a 
block cipher mode.


Does that mean that "wrap cipher modes" == "block cipher modes"?


No.

The term "block cipher" is a feature of the underlying primitive - so 
AES-128 is a block cipher. It encrypts in blocks of 16 bytes. ECB is a 
particular mode for using a block cipher. "Wrap" modes are specialist 
modes used for encrypting key material.




Is there any documentation I could read on the reasoning of why a space 
for additional block is needed in this case ("(inl + cipher_block_size) 
bytes")? I'm trying to understand the differences between OpenSSL and 
other cryptographic backends in an OpenPGP library [1].



EVP_EncryptUpdate() can be called repeatedly, incrementally feeding in 
the data to be encrypted. The ECB mode (when used with AES-128) will 
encrypt input data 16 bytes at a time, and the output size will also be 
16 bytes per input block. If the data that you feed in to 
EVP_EncryptUpdate() is not a multiple of 16 bytes then the amount of 
data that is over a multiple of 16 bytes will be cached until a 
subsequent call where it does have 16 bytes.


Let's say you call EVP_EncryptUpdate() with 15 bytes of data. In that 
case all 15 bytes will be cached and 0 bytes will be output.


If you then call it again with 17 bytes of data, then added to the 15 
bytes already cached we have a total of 32 bytes. This is a multiple of 
16, so 2 blocks (32 bytes) will be output, so:


(inl + cipher_block_size - 1) = (17 + 16 - 1) = 32


Matt




Thank you for your time and help!

Kind regards,
Wiktor

[1]: 
https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/1361#note_1150958453

Re: SSL_read empty -> close?

[Felipe Gasper]

> On Nov 3, 2022, at 10:17, Michael Wojcik via openssl-users 
>  wrote:
> 
>> Does OpenSSL’s documentation mention that? (I’m not exhaustively
>> familiar with it, but I don’t remember having seen such.)
> 
> I doubt it. I don't see anything on the wiki, and this is a pretty obscure 
> issue, all things considered.

You probably know this, but: On Linux, at least, if a TCP socket close()s with 
a non-empty read buffer, the kernel sends TCP RST to the peer. Some 
applications “panic” when they receive the RST and discard data. It’s a rare 
issue, but when it does it’s a head-scratcher. To avoid that, it’s necessary to 
shutdown(SHUT_RD) then drain the read buffer before close().

So it seems like this *shouldn’t* be obscure, if applications do the 
shutdown/drain thing. I would guess that many don’t and just don’t see the RST 
thing frequently enough to worry about it. Regardless, the documentation is 
already pretty voluminous, so if this doesn’t bite many folks, then hey.

Thank you!

-F

Output buffer length in EVP_EncryptUpdate for ECB mode

[Wiktor Kwapisiewicz via openssl-users]

Hello,

I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate
[0] that is the length of the output buffer that should be passed to
that function ("out" parameter). (Actually I'm using EVP_CipherUpdate 
but the docs are more comprehensive for EVP_EncryptUpdate).


[0]: https://www.openssl.org/docs/manmaster/man3/EVP_EncryptUpdate.html

For the record I'm using AES-128 cipher in ECB mode and the docs say:


For most ciphers and modes, the amount of data written can be
anything from zero bytes to (inl + cipher_block_size - 1) bytes. For
wrap cipher modes, the amount of data written can be anything from
zero bytes to (inl + cipher_block_size) bytes. For stream ciphers,
the amount of data written can be anything from zero bytes to inl
bytes.


AES-128-ECB doesn't appear to be a stream cipher (since the "block size" 
returns 16 not the magical value of 1) and I'm unable to find any 
mentions of "wrap cipher modes" in search engines. Apparently ECB is a 
block cipher mode.


Does that mean that "wrap cipher modes" == "block cipher modes"?

Is there any documentation I could read on the reasoning of why a space 
for additional block is needed in this case ("(inl + cipher_block_size) 
bytes")? I'm trying to understand the differences between OpenSSL and 
other cryptographic backends in an OpenPGP library [1].


Thank you for your time and help!

Kind regards,
Wiktor

[1]: 
https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/1361#note_1150958453

RE: SSL_read empty -> close?

[Michael Wojcik via openssl-users]

> From: Felipe Gasper 
> Sent: Thursday, 3 November, 2022 07:42
> 
> It sounds, then like shutdown() (i.e., TCP half-close) is a no-no during a
> TLS session.

Um, maybe. Might generally be OK in practice, particularly with TLSv1.3, which 
got rid of some of the less-well-considered ideas of earlier TLS versions. 
Honestly I'd have to spend some time digging through chapter & verse of the 
RFCs to arrive at any reliable opinion on the matter, though. Someone else here 
may have already considered it.

> Does OpenSSL’s documentation mention that? (I’m not exhaustively
> familiar with it, but I don’t remember having seen such.)

I doubt it. I don't see anything on the wiki, and this is a pretty obscure 
issue, all things considered.

> It almost seems like, given that TLS notify-close then TCP close() (i.e.,
> without awaiting the peer’s TLS notify-close) is legitimate, OpenSSL could
> gainfully tolerate/hide the EPIPE that that close() likely produces, and have
> SSL_read() et al just return empty-string.

Well, it could, but OpenSSL generally doesn't try to provide that type of 
abstraction.

Also note this paragraph from the wiki page on TLSv1.3 
(https://wiki.openssl.org/index.php/TLS1.3):

   If a client sends it's [sic] data and directly sends the close
   notify request and closes the connection, the server will still
   try to send tickets if configured to do so. Since the connection
   is already closed by the client, this might result in a write
   error and receiving the SIGPIPE signal. The write error will be
   ignored if it's a session ticket. But server applications can
   still get SIGPIPE they didn't get before.

So session tickets can also be a source of EPIPE when a client closes the 
connection.

> It surprises me that notify-close then close() is considered legitimate use.

There are so many TLS implementations and TLS-using applications out there that 
interoperability would be hugely compromised if we didn't allow a large helping 
of Postel's Interoperability Principle. So most applications try to be 
accommodating. There's even an OpenSSL flag to ignore the case where a peer 
closes without sending a close-notify, in case you run into one of those and 
want to suppress the error.

-- 
Michael Wojcik

Re: SSL_read empty -> close?

[Felipe Gasper]

> On Nov 2, 2022, at 16:36, Michael Wojcik via openssl-users 
>  wrote:
> 
>> From: Felipe Gasper 
>> Sent: Wednesday, 2 November, 2022 12:46
>> 
>> I wouldn’t normally expect EPIPE from a read operation. I get why it happens;
>> it just seems odd. Given that it’s legitimate for a TLS peer to send the
>> close_notify and then immediately do TCP close, it also seems like EPIPE is a
>> “fact of life” here.
> 
> Yeah. That's because an OpenSSL "read" operation can do sends under the 
> covers, and an OpenSSL "send" can do receives, in order to satisfy the 
> requirements of TLS. Depending on the TLS version and cipher suite being 
> used, it might need to do that for renegotiation or the like. Or if the 
> socket is non-blocking you can get WANT_READ from a send and WANT_WRITE from 
> a receive.
> 
> In your example it was actually a sendmsg that produced the EPIPE, but within 
> the logical "read" operation.
> 
> The original idea of SSL was "just be a duplex bytestream service for the 
> application", i.e. be socket-like; but that abstraction proved to be rather 
> leaky. Much as sockets themselves are a leaky abstraction once you try to do 
> anything non-trivial.

It sounds, then like shutdown() (i.e., TCP half-close) is a no-no during a TLS 
session. Does OpenSSL’s documentation mention that? (I’m not exhaustively 
familiar with it, but I don’t remember having seen such.)

It almost seems like, given that TLS notify-close then TCP close() (i.e., 
without awaiting the peer’s TLS notify-close) is legitimate, OpenSSL could 
gainfully tolerate/hide the EPIPE that that close() likely produces, and have 
SSL_read() et al just return empty-string. I don’t recall having seen it in 1.1 
or earlier OpenSSLs. Then again, maybe some application wants to know it 
shouldn’t send a notify-close.

It surprises me that notify-close then close() is considered legitimate use. 
WebSocket and SCTP both have similar shutdown workflows, but I think they 
expect the peers to await each other’s “farewell” message.

-FG

RE: Worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6.

[Michael Wojcik via openssl-users]

> From: openssl-users  On Behalf Of
> Steven_M.irc via openssl-users
> Sent: Wednesday, 2 November, 2022 17:18
> 
> I'm really worried about the vulnerabilities recently found in OpenSSL
> versions 3.0.0 - 3.0.6.

Why? What's your threat model?

> If I understand things correctly (and please do
> correct me if I'm wrong), it doesn't matter which version of OpenSSL clients
> are running, only which version of OpenSSL *servers* are running. Thus it
> seems like end-users can do very little to protect themselves.

Protect themselves from what?

Take the most recent issues, CVE-2022-3786 and -3602. 3786 is a potential 
4-byte buffer overflow when parsing an email address component of a 
distinguished name in a certificate. (Note, contrary to what you wrote above, 
this could affect both servers and clients, since it would be triggered by 
parsing a malformed certificate.) This is probably not exploitable, per the 
OpenSSL blog post and analyses performed elsewhere, but let's imagine the worst 
case: OpenSSL 3.0.6 running on some platform where it's possible to leverage 
this BOF into an RCE.

If that's a server system, then:
1) If the server doesn't request client certificates, it should reject a 
Certificate message from the client, and not try to parse any, so there's no 
exposure.
2) We'll assume *you* aren't going to send a malicious certificate, so for your 
connection the vulnerability is irrelevant.
3) So the only case we care about is where some other actor sends a malicious 
certificate and chains the RCE with other attacks to pivot and escalate and 
subvert the server. We're on a pretty narrow branch of the attack tree here, 
and more importantly, the same could be true of a vast array of potential 
vulnerabilities in the server site. This is only an issue if an attacker can't 
find any other more useful vulnerability in the site. If you pay attention to 
IT security, you know *that* isn't likely.

If it's a client system, then you only care if it's *your* client, and you 
visit a malicious site. If you're in the habit of using OpenSSL 3.0.6 to 
connect to malicious servers, well, 3786 is not likely to be high on your list 
of problems.

3602 is even less likely to be exploitable.

Vulnerabilities are only meaningful in the context of a threat model. I don't 
see a plausible threat model where these should matter to a client-side end 
user.

-- 
Michael Wojcik

OpenSSL 3.0.7 make test failed on AIX 7100-04

[Zhongyan Wang]

Hi team,

I compile OpenSSL 3.0.5 and 3.0.7 on AIX 7100, make and make install succeed, 
but make test failed at very beginning when doing "00-prep_fipsmodule_cnf.t".
This is my config options: ./Configure -Wl,-R,/.uvlibs1 aix64-cc enable-fips 
enable-acvp-tests no-mdc2 no-idea shared 
--prefix=/disk1/wzhy/openssl_build/install
The strange thing is that if I just add the --debug option in config options, 
make test succeeds.
Then I try openssl fipsinstall, it shows the same error log with make test:
Unable to get MAC of type HMAC
INSTALL FAILED
0001:error:0308010C:digital envelope 
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global 
default library context, Algorithm (HMAC : 0), Properties ()

I think add -debug should not be a good solution, can you give me some help?
I paste my compile information as follow:
$ pwd
/disk1/wzhy/openssl_build/openssl-3.0.7
$ make test
make depend && make _tests
( SRCTOP=.  BLDTOP=.  PERL="perl"  
FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813"  
EXE_EXT=  perl ./test/run_tests.pl  )
00-prep_fipsmodule_cnf.t ..
Unable to get MAC of type HMAC
INSTALL FAILED
0001:error:0308010C:digital envelope 
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global 
default library context, Algorithm (HMAC : 0), Properties ()
../../util/wrap.pl ../../apps/openssl fipsinstall -module 
../../providers/fips.so -provider_name fips -section_name fips_sect -out 
../../test/fipsmodule.cnf => 1
not ok 1 - fips install
00-prep_fipsmodule_cnf.t .. 1/? 
#   Failed test 'fips install'
#   at test/recipes/00-prep_fipsmodule_cnf.t line 33.
00-prep_fipsmodule_cnf.t .. Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests

Test Summary Report
---
00-prep_fipsmodule_cnf.t (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=1, Tests=1,  0 wallclock secs ( 0.01 usr  0.00 sys +  0.10 cusr  0.01 
csys =  0.12 CPU)
Result: FAIL
make: The error code from the last command is 1.


Stop.
make: 1254-004 The error code from the last command is 2.


Stop.
$ apps/openssl fipsinstall -module providers/fips.so -out fips1.cnf
Unable to get MAC of type HMAC
INSTALL FAILED
0001:error:0308010C:digital envelope 
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global 
default library context, Algorithm (HMAC : 0), Properties ()
$ /disk1/wzhy/openssl_build/install/bin/openssl fipsinstall -module 
/disk1/wzhy/openssl_build/install/lib//ossl-modules/fips.so -out fips1.cnf
Unable to get MAC of type HMAC
INSTALL FAILED
0001:error:0308010C:digital envelope 
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global 
default library context, Algorithm (HMAC : 0), Properties ()
$ /disk1/wzhy/openssl_build/install/bin/openssl version -a
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
built on: Thu Nov  3 05:50:08 2022 UTC
platform: aix64-cc
options:  bn(64,64)
compiler: cc -qpic -q64 -qmaxmem=16384 -qro -qroconst -qthreaded -O -DB_ENDIAN 
-DOPENSSL_PIC -D_THREAD_SAFE -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
OPENSSLDIR: "/disk1/wzhy/openssl_build/install/ssl"
ENGINESDIR: "/disk1/wzhy/openssl_build/install/lib/engines-3"
MODULESDIR: "/disk1/wzhy/openssl_build/install/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: N/A
$ oslevel -r
7100-04
$ perl configdata.pm --dump

Command line (with current working directory = .):

perl ./Configure -Wl,-R,/.uvlibs1 aix64-cc enable-fips enable-acvp-tests 
no-mdc2 no-idea shared --prefix=/disk1/wzhy/openssl_build/install

Perl information:

perl
5.10.1 for aix-thread-multi

Enabled features:

acvp-tests
aria
asm
async
autoalginit
autoerrinit
autoload-config
bf
blake2
bulk
cached-fetch
camellia
capieng
cast
chacha
cmac
cmp
cms
comp
ct
deprecated
des
dgram
dh
dsa
dso
dtls
dynamic-engine
ec
ec2m
ecdh
ecdsa
engine
err
filenames
fips
fips-securitychecks
gost
legacy
loadereng
md4
module
multiblock
nextprotoneg
ocb
ocsp
padlockeng
pic
pinshared
poly1305
posix-io
psk
rc2
rc4
rdrand
rfc3779
rmd160
scrypt
secure-memory
seed
shared
siphash
siv
sm2
sm3
sm4
sock
srp
srtp
sse2
ssl
ssl-trace
static-engine
stdio
tests
threads
tls
ts
ui-console
whirlpool
tls1
tls1-method
tls1_1
tls1_1-method
tls1_2
tls1_2-method
tls1_3
dtls1
dtls1-method
dtls1_2
dtls1_2-method

Disabled features:

afalgeng[not-linux]  OPENSSL_NO_AFALGENG
asan[default]OPENSSL_NO_ASAN
buildtest-c++   [default]
crypto-mdebug   [default]