Commit Graph

34411 Commits

Author SHA1 Message Date
Michael Osipov
253c5667a9 Fix detection on HP-UX (IA64)
HPE has a weird preference to prefix letters and zero-padding. Properly trim
them before processing.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22891)
2023-12-04 09:42:56 +01:00
James Muir
8da20b30da doc: improve display of KECCAK-KMAC128, KECCAK-KMAC256 defs
Do not allow mid-expression line breaks.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22814)
2023-12-04 09:33:25 +01:00
Richard Levitte
dd5fe94a61 exporters/cmake/OpenSSLConfig.cmake.in: Detect missing platform->sharedlib_import
Some platform implementations are without `sharedlib_import()`, so we need
to check that it exists before using it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22789)
2023-12-02 14:15:25 +01:00
Richard Levitte
c08b21a2c9 Remove the source directory .num targets
$(SRCDIR)/util/libcrypto.num and $(SRCDIR)/util/libssl.num were made their
own targets to have 'make ordinals' reproduce them (run mknum.pl) only if
needed.

Unfortunately, because the shared library linker scripts depend on these
.num files, we suddenly have mknum.pl run at random times when building.
Furthermore, this created a diamond dependency, which disturbs parallell
building because multiple mknum.pl on the same file could run at the same
time.

This reverts commit 0e55c3ab8d.

Fixes #21999
Partially fixes #22841

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22890)
2023-12-02 11:45:10 +01:00
Neil Horman
c8ca810da9 Don't free aliased pointers in ctx cmp_ctx tests
Coverity recorded issues 1551739 and 1551737, a potential double free in the
tests.  It occurs when the DUP operation fails in such a way val3_read is
returned as the same pointer as val2_read.  Ideally it should never
happen, but resetting val3_read to 0 should satisfy coverity that there
is no issue here

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22800)
2023-12-01 10:52:01 -05:00
Neil Horman
7eae6ee0e5 Add locking to CRYPTO_secure_used
Coverity issue 1551719 noted CRYPTO_secure_used referenced a shared
variable without taking the appropriate read lock.  Add that.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22802)
2023-12-01 09:03:04 -05:00
James Muir
ff181969e2 evp-cmac: do not seg-fault when getting mac-size before init
Add null check to cmac_size().  This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.

Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).

Fixes #22842

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
2023-12-01 11:54:51 +01:00
Bernd Edlinger
bed7a87810 Fix a possible memory leak in make_receipt_request
When the CMS_ReceiptRequest cannot be created,
the rct_to and rct_from may be leaked.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22742)
2023-12-01 11:05:42 +01:00
Bernd Edlinger
49e9436af3 Fix a possible use after free in X509v3_asid_add_id_or_range
And clean up partially created choice objects, which have
still the default type = -1 from ASIdentifierChoice_new().

Fixes #22700

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22745)
2023-12-01 11:03:24 +01:00
James Muir
c89b553bdc rsa-doc: fix typo
"d_i in RFC8017" -> "d_i" in RFC8017

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22868)
2023-12-01 10:31:37 +01:00
Sean Bright
db04cf25f3 doc: Minor typo in SSL_CTX_set_tmp_dh_callback docs.
well know -> well known

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22778)
2023-11-30 18:46:48 +01:00
lan1120
f95e3a0917 Initialize dstctx->mgf1_md to NULL in rsa_dupctx function
Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22795)
2023-11-30 18:45:15 +01:00
Xi Ruoyao
990d9ff508 bn_nist: Fix strict-aliasing violations in little-endian optimizations
The little-endian optimization is doing some type-punning in a way
violating the C standard aliasing rule by loading or storing through a
lvalue with type "unsigned int" but the memory location has effective
type "unsigned long" or "unsigned long long" (BN_ULONG).  Convert these
accesses to use memcpy instead, as memcpy is defined as-is "accessing
through the lvalues with type char" and char is aliasing with all types.

GCC does a good job to optimize away the temporary copies introduced
with the change.  Ideally copying to a temporary unsigned int array,
doing the calculation, and then copying back to `r_d` will make the code
look better, but unfortunately GCC would fail to optimize away this
temporary array then.

I've not touched the LE optimization in BN_nist_mod_224 because it's
guarded by BN_BITS2!=64, then BN_BITS2 must be 32 and BN_ULONG must be
unsigned int, thus there is no aliasing issue in BN_nist_mod_224.

Fixes #12247.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22816)
2023-11-30 18:42:51 +01:00
Markus Minichmayr
f290663148 Fix implementation of PreferNoDHEKEX option.
`tls_parse_ctos_key_share()` didn't properly handle the option.
Avoid the need to deal with the option in multiple places by properly
handling it in `tls_parse_ctos_psk_kex_modes()`.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22844)
2023-11-30 18:40:44 +01:00
Jamie Cui
58d926213f Fix EVP_RAND-SEED-SRC documentation example
Fixes #22810

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22857)
2023-11-30 12:33:17 +01:00
Dmitry Misharov
6b7a11d8aa Add self-hosted runners
Added self-hosted runners for freebsd-x86_64 and ubuntu-aarch64.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22804)
2023-11-30 08:48:58 +01:00
fisher.yu
cc82b09cbd Optimize AES-CTR for ARM Neoverse V1 and V2.
Unroll AES-CTR loops to a maximum 12 blocks for ARM Neoverse V1 and
    V2, to fully utilize their AES pipeline resources.

    Improvement on ARM Neoverse V1.

    Package Size(Bytes)	16	32	64	128	256	1024
    Improvement(%)	3.93	-0.45	11.30	4.31	12.48	37.66
    Package Size(Bytes)	1500	8192	16384	61440	65536
    Improvement(%)	37.16	38.90	39.89	40.55	40.41

Change-Id: Ifb8fad9af22476259b9ba75132bc3d8010a7fdbd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22733)
2023-11-29 18:10:31 +01:00
Viktor Dukhovni
c8fe4b5948 Add last missing TLSA usage/selector/mtype test case
There were no PKIX-TA(0) SPKI(1) Full(0) (i.e. "0 1 0") test cases in
"danetest.in".

There is now at least a success case, which will exercise freeing the public
key after it is sanity checked, since with PKIX-TA(0) there's nothing we can do
with just the raw public key, a full chain to a local trust anchor is in any
case required.

The failure (to match) code path is already well oiled, but failure to decode
while adding malfored TLSA records could still use some additional tests...

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
2023-11-29 10:31:42 +01:00
Viktor Dukhovni
f636e7e6bd Fix freshly introduced double-free.
We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.

Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0

Reported by Claus Assmann.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
2023-11-29 10:31:42 +01:00
Hugo Landau
870f26e66a Remove mention of NEWS.md in CONTRIBUTING.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
2023-11-29 08:35:17 +00:00
Hugo Landau
4f41334b4a Add known issues section
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
2023-11-29 08:35:17 +00:00
Hugo Landau
036de8d4fa Add proposed editorial conventions for NEWS.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22774)
2023-11-29 08:35:17 +00:00
Bernd Edlinger
a435d78604 Fix a possible memory leak in ct_move_scts
Instead of trying to move the doomed sct back
to the src stack, which may fail as well, simply
free the sct object, as the src list will be
deleted anyway.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22762)
2023-11-28 19:42:32 +01:00
Xi Ruoyao
d7c0fc5b1a Do not define L_ENDIAN (for now) when we guessed linux64-loongarch64
In 160f48941d I made L_ENDIAN defined when the system is guessed to be
linux64-loongarch64.  Unfortunately now I found it problematic:

1. This should be added into Configurations/10-main.conf, not here.
   Having it here causes a different configuration when
   linux64-loongarch64 is explicitly specified than guessed.
2. With LTO enabled, this causes many test failures on
   linux64-loongarch64 due to #12247.

So I think we should remove it for now (master and 3.2 branch), and
reintroduce it to Configurations/10-main.conf when we finally sort
out #12247.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22812)
2023-11-28 15:27:43 +01:00
Hugo Landau
eadebcc863 QUIC TSERVER: Fix erroneously static variable
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:57:32 +00:00
Hugo Landau
c30aee71f9 Make scsv read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:55:55 +00:00
Hugo Landau
3392a5690b Make nid_to_group read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:52:54 +00:00
Hugo Landau
a87b6d1377 Make bitmask table read only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:52:24 +00:00
Hugo Landau
5fb4433606 Make ssl_cert_info read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:51:33 +00:00
Hugo Landau
b0e9d03702
Only include winsock2.h for struct timeval if needed
Fixes #22811

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/22813)

(cherry picked from commit ba58e9f1e2)
2023-11-27 07:33:19 +00:00
Hugo Landau
e64ad80c72 QUIC SRT GEN: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
2023-11-25 09:14:05 +00:00
Hugo Landau
2db3fdb457 QUIC SRT GEN: Add SRT generator
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
2023-11-25 09:14:05 +00:00
Tomas Mraz
1da7c09f79 x86_64-xlate.pl: Fix build with icx and nvc compilers
Fixes #22594

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22714)
2023-11-24 17:21:39 +01:00
Markus Minichmayr
dfc836c346 PreferNoDHEKEX changelog and history anticipating inclusion in OpenSSL version 3.3.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
2023-11-24 15:08:04 +00:00
Markus Minichmayr
55d894bbfb Document SSL_OP_PREFER_NO_DHE_KEX option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
2023-11-24 15:08:04 +00:00
Markus Minichmayr
b8590b2f36 Add option SSL_OP_PREFER_NO_DHE_KEX, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option PreferNoDHEKEX, server option prefer_no_dhe_kex).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
2023-11-24 15:08:04 +00:00
Tomas Mraz
40a24c20a8 When abidiff fails print out the XML diff
This can be useful for fixing the CI if needed
without the necessity to run abidw locally.

Also rename the CI job to make its purpose clearer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22689)
2023-11-24 15:14:15 +01:00
James Muir
55ca75dd8f openssl-speed: support KMAC128 & KMAC256, refactor mac setup/teardown
Add ability to measure performance of the two kmac algorithms, and
reduce code duplication in mac testing by introducing mac_setup() and
mac_teardown().  Also, start accepting "cmac" as an algorithm string
(similar to how "hmac" is accepted).

We can now compare the performance of KMAC128, KMAC256 (mac algs) to
KECCAK-KMAC128, KECCAK-KMAC256 (digest/xof algs).

Fixes #22619

Testing:

  $ LD_LIBRARY_PATH=. ./apps/openssl speed kmac cmac hmac

  $ LD_LIBRARY_PATH=. ./apps/openssl speed kmac256
  $ LD_LIBRARY_PATH=. ./apps/openssl speed -evp KECCAK-KMAC256

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22764)
2023-11-24 13:58:14 +01:00
Dmitry Belyavskiy
e9241d16b4 IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22803)
2023-11-24 11:40:36 +01:00
Tomas Mraz
f58d39fb9f SHA3_squeeze(): The next argument is int
Amend the assembler so it uses only 32bit value.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
2023-11-23 15:13:53 +00:00
Tomas Mraz
69d4d5282f keccak1600-armv4.pl: Further fix for the DigestSqueeze() support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
2023-11-23 15:13:53 +00:00
Tomas Mraz
0414f89d5c Cross Compiles CI: Run evp tests on pull requests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22750)
2023-11-23 15:13:53 +00:00
James Muir
cad48c5b0f contributing-doc: give example commit message with "CLA: trivial"
The text "CLA: trivial" should go at the bottom of the commit message.
Also, update the force-push command to include the repository and
branch, which can avoid unexpected force-push results.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22775)
2023-11-23 15:12:51 +00:00
Richard Levitte
df5e72d220 Adapt C compiler detection for VSI C on x86_64
VSI C on OpenVMS for x86_64 has a bit more information than on other
hardware.  This is no doubt because it's based on LLVM which leaves an
opening for cross compilation.

VSI C on Itanium:

    $ CC/VERSION
    VSI C V7.4-001 on OpenVMS IA64 V8.4-2L3

VSI C on x86_64:

    $ CC/VERSION
    VSI C x86-64 X7.4-843 (GEM 50XB9) on OpenVMS x86_64 V9.2-1

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22792)
2023-11-23 15:11:33 +00:00
James Muir
e580f06dec speed: make hmac(sha256) the default hmac
prefer hmac(sha256) rather than hmac(md5).  Also, drop the "skip_hmac"
label.  If we are supposed to do hmac(hash_func) and hash_func cannot
be found, then error out immediately.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22793)
2023-11-23 15:10:57 +00:00
Huiyue Xu
e7d34d7ae3 Fix a possible memory leak in SM2 provider
ctx->propq that strdup from input parameter propq in sm2sig_newctx,
is not released. It should be released in sm2sig_freectx and copied
to dstctx in sm2sig_dupctx. And dstctx->id and dstctx->propq should
be set NULL to avoid releasing id/propq of srcctx when err occurs.

Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22796)
2023-11-23 15:08:21 +00:00
Hugo Landau
7fa47fe5b9 Update fuzz corpora
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22790)
2023-11-23 14:50:03 +00:00
Hugo Landau
4e3d481980 QUIC SRTM: Switch to using AES-128-ECB
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00
Hugo Landau
8fff2e39bc QUIC SRTM: Harden SRTM in event of allocation failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00
Hugo Landau
5c71b7df91 QUIC SRTM: Update fuzz corpora
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00