Commit Graph

33409 Commits

Author SHA1 Message Date
Tomas Mraz
1e398bec53 Add CHANGES.md and NEWS.md entries for CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 13:01:05 +02:00
Tomas Mraz
3993bb0c0c Add testcases for empty associated data entries with AES-SIV
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 12:59:02 +02:00
Tomas Mraz
c426c281cf Do not ignore empty associated data with AES-SIV mode
The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.

The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.

Fixes CVE-2023-2975

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 12:59:02 +02:00
Randall S. Becker
ba189e0a4b Modified OSSL_parse_url to initialize pport_num to 0.
This change is intended to provide some safety for uninitialized stack failures
that have appeared in 80-test_cmp_http on NonStop x86 when run in a complex
CI/CD Jenkins environment. This change also adds init_pint() to handle the
initialization of a pointer to int value.

Fixes: #21083

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21109)

(cherry picked from commit 45cd2554ef)
2023-07-14 12:04:38 +02:00
Tomas Mraz
b6bf1cbf1d quicapitest: Fix SSL_trace() test on big endian platforms
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
2023-07-14 11:51:48 +02:00
Tomas Mraz
69aef72264 ossl_quic_wire_encode_pkt_hdr(): Assign ptrs only on static buf wpkt
Pointers can be invalidated when the underlying BUF_MEM grows.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
2023-07-14 11:51:48 +02:00
dependabot[bot]
bdff325831 Bump coverallsapp/github-action from 2.2.0 to 2.2.1
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21454)
2023-07-14 10:12:21 +02:00
dependabot[bot]
dbe36351dc Bump actions/setup-python from 4.6.1 to 4.7.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21455)
2023-07-14 10:08:01 +02:00
slontis
2b42290f08 Add FIPS build instructions
If you are building the latest release source code with enable-fips configured
then the FIPS provider you are using is not likely to be FIPS compliant.

This update demonstrates how to build a FIPS provider that is compliant
and use it with the latest source code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20907)
2023-07-14 11:35:23 +10:00
Amir Ayupov
2fd82c2283 Move Keccak rhotates tables to rodata
rhotates tables are placed to .text section which confuses tools such as BOLT.
Move them to rodata to unbreak and avoid polluting icache/iTLB with data.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21440)
2023-07-14 11:15:45 +10:00
Pauli
7a3d32ae46 Add a NEWS entry covering the FIPS related changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)

(cherry picked from commit dfc4b6c93b)
2023-07-14 09:53:42 +10:00
Pankul94
15e041b751 Changes to resolve symbol conflict due to gf_mul
CLA: trivial

Changed names of internal functions to resolve symbol conflict when Openssl is used with intel/ISA-L.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21421)
2023-07-14 08:44:26 +10:00
Liu-ErMeng
ed6dfd1e36 use '__builtin_expect' to improve EVP_EncryptUpdate performance for gcc/clang.
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21425)
2023-07-13 22:54:14 +10:00
Dr. David von Oheimb
5be8233d2b EVP_PKEY_{en,de}capsulate.pod: fix glitches and add some detail and hints
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21397)
2023-07-13 11:24:04 +02:00
Marcin Kolny
66f61ece72 Add more fixes for WebAssembly/WASI build
* force use timegm - WASI does not have timezone tables
* use basic implementation for `OPENSSL_issetugid()` - WASI doesn't support forking processes

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21389)
2023-07-12 10:50:09 +10:00
Matt Caswell
0a3733babb Add an SSL BIO test for QUIC
We create an SSL BIO using a QUIC based SSL_CTX and then use that BIO
to create a connection and read/write data from streams.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21367)
2023-07-11 17:51:34 +02:00
Tomas Mraz
9f3cd808b3 Fix no-srtp build failure
SRTP related functions aren't available when built with no-srtp.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21412)
2023-07-10 22:06:18 -04:00
Matt Caswell
ff9728c6d5 Fix test_quic_write_read()
Fix the "test 2" case of test_quic_write_read(). It is intended to be run
in blocking mode.

The result of a bad interaction between #21087 and #21332

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21409)
2023-07-10 11:40:12 +01:00
Rajeev Ranjan
1d32ec20fe CMP: support specifying certificate to be revoked via issuer and serial number
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21116)
2023-07-10 08:03:38 +02:00
Hugo Landau
780b252747 QUIC APL: Tick on SSL_read failure in non-blocking mode
...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21381)
2023-07-10 09:09:30 +10:00
Tomas Mraz
bd38c6b61b Edit question template to direct users to GH Discussions
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21393)
2023-07-10 09:08:04 +10:00
Pauli
dc6f3b9b8d fips: make installations FIPS compliant by default
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21363)
2023-07-09 16:27:22 +10:00
Tomas Mraz
0345cac6d2 QUIC err handling: Add multi-stream test
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)
2023-07-07 15:13:29 +02:00
Tomas Mraz
ff0de1637b Test OSSL_ERR_STATE_save/restore()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)
2023-07-07 15:13:29 +02:00
Tomas Mraz
9c3ea4e1d7 QUIC err handling: Save and restore error state
We save the error state from the thread that encountered
a permanent error condition caused by system or internal
error to the QUIC_CHANNEL.

Then we restore it whenever we are returning to a user
call when protocol is shutdown.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)
2023-07-07 15:13:29 +02:00
Tomas Mraz
5c3474ea56 QUIC err handling: Properly report network errors
We return SSL_ERROR_SYSCALL when network error is encountered.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)
2023-07-07 15:13:29 +02:00
Hugo Landau
76696a5413 QUIC: Fix multistream script 19 stochastic test failure
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21379)
2023-07-07 09:03:25 +01:00
atishkov
926601dc0f Remove unused internal functions
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21329)
2023-07-07 13:01:50 +10:00
Matt Caswell
61cc84d9f9 Don't build the QUIC ssl trace when DH is disabled
The test assumes certain options are on/off. DH must be on for this test.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21373)
2023-07-06 12:11:11 +01:00
Matt Caswell
47ef3b9fc0 Don't run the ssl trace test if no-ecx
no-ecx causes SSL_trace to give different output. The test compares
the output to a reference sample - so we disable it in the case of no-ecx.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21372)
2023-07-06 11:17:11 +01:00
Matt Caswell
c3832d79db Fix a no-ecx failure in test_tls13hrr
In the case of no-ecx test 3 in test_tls13hrr was failing because it was
setting the server side support groups to on P-256 in order to induce an
HRR. However with no-ecx the client insteads issues an initial key share
using P-256 anyway and so an HRR is not used. We swap to use P-384 instead.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21372)
2023-07-06 11:17:11 +01:00
Matt Caswell
f9fcc7c727 Allow qtestlib to use a "fake_now" implementation
We then use it in test_corrupted_data() to remove an OSSL_sleep() which
may fail in some builds.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
d001006e50 Work around relocation errors in the m68k cross-compilation builds
Errors such as this seen:

libssl.a(libssl-lib-ssl_stat.o): in function `SSL_alert_desc_string_long':
ssl_stat.c:(.text+0xab2): relocation truncated to fit: R_68K_GOT16O against `.LC157'
test/libtestutil.a(libtestutil-lib-opt.o): in function `opt_pair':
opt.c:(.text+0x10b2): relocation truncated to fit: R_68K_GOT16O against `.LC53'
test/libtestutil.a(libtestutil-lib-opt.o): in function `opt_string':
opt.c:(.text+0x113c): relocation truncated to fit: R_68K_GOT16O against `.LC53'
libcrypto.a(libcrypto-lib-decoder_lib.o): in function `OSSL_DECODER_CTX_set_construct_data':
decoder_lib.c:(.text+0x5a4): relocation truncated to fit: R_68K_GOT16O against `__func__.2'
libcrypto.a(libcrypto-lib-decoder_pkey.o): in function `ossl_decoder_ctx_setup_for_pkey':
decoder_pkey.c:(.text+0x6c2): relocation truncated to fit: R_68K_GOT16O against `decoder_construct_pkey'
libcrypto.a(libcrypto-lib-tb_dsa.o): in function `ENGINE_register_DSA':
tb_dsa.c:(.text+0x5e): relocation truncated to fit: R_68K_GOT16O against `dummy_nid'
libcrypto.a(libcrypto-lib-tb_dsa.o): in function `ENGINE_set_default_DSA':
tb_dsa.c:(.text+0xc4): relocation truncated to fit: R_68K_GOT16O against `dummy_nid'
libcrypto.a(libcrypto-lib-asymcipher.o): in function `.L18':
asymcipher.c:(.text+0x168): relocation truncated to fit: R_68K_GOT16O against `__func__.0'
asymcipher.c:(.text+0x2e8): relocation truncated to fit: R_68K_GOT16O against `__func__.0'
asymcipher.c:(.text+0x33e): relocation truncated to fit: R_68K_GOT16O against `__func__.0'
libcrypto.a(libcrypto-lib-digest.o): in function `EVP_MD_CTX_ctrl':
digest.c:(.text+0xa52): additional relocation overflows omitted from the output
collect2: error: ld returned 1 exit status

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
4890f1f752 Fix no-thread-pool building
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
1be2ee683c Skip the QUIC ssltrace test under certain config options
Various options disturb the output expected from the ssl trace test, so we
skip it if necessary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
0cea6df239 Use %llx not %lx for uint64_t
Some compilers don't like %lx

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
1a2a0e1dc8 Don't compile quic_thread_assist.c on OPENSSL_NO_QUIC_THREAD_ASSIST
If OPENSSL_NO_QUIC_THREAD_ASSIST is defined then we don't have the right
support for QUIC thread assisted mode so don't attempt to compile that
code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
0e94bba0df Disable QUIC if TLSv1.3 is disabled
QUIC depends on TLSv1.3, so if the latter is disabled then we must do
the same for QUIC.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Matt Caswell
8a76420238 Enable QUIC by default
Ensure builds enable QUIC without explicitly having to ask for it. To
disable QUIC pass "no-quic" to Configure.

As a result we can remove all use of "enable-quic" from the various CI
runs.

We also add a CHANGES and NEWS entry for QUIC support.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Marcin Kolny
d88a0f5f39 Add limited support for WebAssembly WASI target
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21344)
2023-07-06 12:54:17 +10:00
Heiko Stuebner
3e76b38852 riscv: Clarify dual-licensing wording for GCM and AES
The original text for the Apache + BSD dual licensing for riscv GCM and AES
perlasm was taken from other openSSL users like crypto/crypto/LPdir_unix.c .

Though Eric pointed out that the dual-licensing text could be read in a
way negating the second license [0] and suggested to clarify the text
even more.

So do this here for all of the GCM, AES and shared riscv.pm .

We already had the agreement of all involved developers for the actual
dual licensing in [0] and [1], so this is only a better clarification
for this.

[0] https://github.com/openssl/openssl/pull/20649#issuecomment-1589558790
[1] https://github.com/openssl/openssl/pull/21018

Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21357)
2023-07-06 12:53:27 +10:00
Hugo Landau
db2f98c4eb Rework options handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
9562842b33 Simplify QUIC API masking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
18ca1c8fc0 Update SSL options handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
6e5550a104 Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
9289e59c95 QUIC: Fix multistream test 19
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
5a75ef37e9 make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
3f7b67fb21 Remove unused server code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
d6e7ebba33 Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:03:04 +10:00
Hugo Landau
5f69db396c QUIC SSL: Block SSL_clear
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
2023-07-05 09:02:27 +10:00