Commit Graph

5458 Commits

Author SHA1 Message Date
Michael Baentsch
0c64b1ca03 add new keytype test for EVP_PKEY_Q_keygen
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25972)
2024-11-21 09:09:45 +00:00
wangcheng
4c41aa4b33 Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex.
1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one.

2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers.

3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy.

4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod.

5. Add testcase.

Fixes #25703

Signed-off-by: wangcheng <bangwangnj@163.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25726)
2024-11-20 14:12:53 +01:00
Neil Horman
4fec10eae7 Add QUERY trace points
Adds trace messages for method store add/remove and fetch operations

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
2024-11-19 08:36:25 -05:00
Neil Horman
11539fd734 Add tracing messages to the provider api
Adds tracing messages to the
init/teardown/gettable_params/get_params/query/unquery operations for a
provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
2024-11-19 08:36:19 -05:00
Tomas Mraz
837f05fc30 test_hashtable_multithread(): Stress it more
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25669)
2024-11-13 17:22:37 +01:00
Tomas Mraz
9abd6ca635 Use test_random() in hashtable mt test for reproducibility
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25669)
2024-11-13 17:22:37 +01:00
Neil Horman
15c6580a76 Add test for SSL_stream_reset
Add a test to the quic_multistream test suite to reset a stream after
all data has been received by a given stream, ensuring that we don't
crash in the reset operation

Fixes #25410

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25910)
2024-11-13 10:55:16 -05:00
Jonathan M. Wilbur
80b0a33b38 test: the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
2024-11-13 11:53:34 +01:00
Dr. David von Oheimb
abad748da8 APPS/pkeyutl: add missing high-level check for -verifyrecover being usable only with RSA
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)
2024-11-09 11:43:59 +01:00
Dr. David von Oheimb
fe07cbf9c3 APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input
Fixed #25898

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)
2024-11-09 11:43:59 +01:00
Matt Caswell
b10cfd93fd Add a test for setting TLSv1.2 ciphersuites on a QUIC object
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25886)
2024-11-08 14:36:17 +01:00
Matt Caswell
e54526413d Add a test for the new_session_cb from a QUIC object
Setting a new_session_cb should work for a QUIC object just as it does
with a normal TLS object.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)
2024-11-07 12:05:34 +01:00
ArtSin
ccaa754b5f Fix uses of EVP_PKEY_Q_keygen with size_t variadic argument
Fix cases where `int` argument was passed instead of `size_t`.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25857)
2024-11-05 13:49:08 +01:00
Frederik Wedel-Heinen
357e27342e Support DEFAULT keyword and '-' prefix in SSL_CTX_set1_groups_list()
Fixes #25790

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25813)
2024-11-04 11:49:49 +01:00
Dr. David von Oheimb
c7764dacdf APPS/pkeyutl: improve -rawin usability (implied by Ed25519 and Ed448) and doc
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22910)
2024-11-04 10:18:24 +01:00
Aditya
7e3f7f1dbb test: Add test cases for req -cipher option
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25796)
2024-10-30 11:55:23 +00:00
Tomas Mraz
c60a2b1830 test_speed: Explicitly test the crashing command line on sparc
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/25792)
2024-10-28 15:53:31 -04:00
Michael Baentsch
e1886edf4b work around oqsprovider out-of-source build bug
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25702)
2024-10-23 11:12:33 +11:00
Michael Baentsch
8bcf488011 Updated oqsprovider to v0.7.0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25702)
2024-10-23 11:12:33 +11:00
Tomas Mraz
1f0cb85047 ecdh_cofactor_derive_test(): Skip the test if the curve is not supported
It will not be supported if the fips provider was built with no-ec2m.

Fixes #25729

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25731)
2024-10-21 14:57:20 +01:00
Ondrej Moris
7832374ffb test: clean-up README-external documentation
Signed-off-by: Ondrej Moris <omoris@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25587)
2024-10-21 11:43:03 +01:00
Ondrej Moris
e9af1eaa54 test: Add external test for pkcs11-provider
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25587)
2024-10-21 11:43:03 +01:00
Alicja Kario
144b9ebc3e add test coverage for #25298
Add test coverage for issue #25298, clean up the json file so
it uses consistent indentation

Signed-off-by: Alicja Kario <hkario@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25329)
2024-10-21 11:40:16 +01:00
Neil Horman
5b29c71aa4 updating comments in test recipie
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)
2024-10-21 11:34:35 +01:00
Neil Horman
d381fc54b1 Add test to confirm sslkeylogfile format
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)
2024-10-21 11:34:35 +01:00
olszomal
8cfc26e6c4 Add support for p7->d.sign->contents with the V_ASN1_SEQUENCE type
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22575)
2024-10-21 11:32:04 +01:00
Viktor Dukhovni
8e008cb8b2 Harden BN_GF2m_poly2arr against misuse.
The BN_GF2m_poly2arr() function converts characteristic-2 field
(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask,
to a compact array with just the exponents of the non-zero terms.

These polynomials are then used in BN_GF2m_mod_arr() to perform modular
reduction.  A precondition of calling BN_GF2m_mod_arr() is that the
polynomial must have a non-zero constant term (i.e. the array has `0` as
its final element).

Internally, callers of BN_GF2m_poly2arr() did not verify that
precondition, and binary EC curve parameters with an invalid polynomial
could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().

The precondition is always true for polynomials that arise from the
standard form of EC parameters for characteristic-two fields (X9.62).
See the "Finite Field Identification" section of:

    https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html

The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
basis X9.62 forms.

This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
the constant term is zero (i.e. the input bitmask BIGNUM is not odd).

Additionally, the return value is made unambiguous when there is not
enough space to also pad the array with a final `-1` sentinel value.
The return value is now always the number of elements (including the
final `-1`) that would be filled when the output array is sufficiently
large.  Previously the same count was returned both when the array has
just enough room for the final `-1` and when it had only enough space
for non-sentinel values.

Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
CPU exhausition attacks via excessively large inputs.

The above issues do not arise in processing X.509 certificates.  These
generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
disallows explicit EC parameters.  The TLS code in OpenSSL enforces this
constraint only after the certificate is decoded, but, even if explicit
parameters are specified, they are in X9.62 form, which cannot represent
problem values as noted above.

Initially reported as oss-fuzz issue 71623.

A closely related issue was earlier reported in
<https://github.com/openssl/openssl/issues/19826>.

Severity: Low, CVE-2024-9143

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25639)
2024-10-16 09:21:33 +02:00
Dr. David von Oheimb
2c536c8b15 replace various calls to sprintf() by BiO_snprintf() to avoid compiler warnings, e.g., on MacOS
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25534)
2024-10-12 15:38:07 +02:00
slontis
01244adfc6 fipsinstall: Save the 'status indicator' if the FIPS provider is 3.0.X.
Fixes #23400

The 3.1 FIPS provider no longer writes out the 'status indicator' by
default due to changes related to FIPS 140-3 requirements. For Backwards
compatability if the fipsinstall detects it is loading a 3.0.X FIPS
provider then it will save the 'status indicator' by default.

Disclaimer: Using a fipsinstall command line utility that is not supplied
with the FIPS provider tarball source is not recommended.

This PR deliberately does not attempt to exclude any additional options
that were added after 3.0.X. These additional options will be ignored by older
providers.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/23689)
2024-10-11 14:52:37 +02:00
Dr. David von Oheimb
187952d449 APPS/storeutl: fix case where uri and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25559)
2024-10-09 11:10:19 +02:00
Dr. David von Oheimb
d1a0bbe658 test/recipes/tconversion.pl: add sub test_file_contains
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25559)
2024-10-09 11:10:04 +02:00
Pauli
73e720c3a5 evp_libctx_test: fix provider compat CI regression
The regression was introduced by #25522.

Fixes #25632

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25633)
2024-10-08 09:28:32 +02:00
Olivier Chéron
80a31435e5 Test PBMAC1 with absent PBKDF2 PRF
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25568)
2024-10-07 17:51:54 +02:00
Neil Horman
796b2caa9e Adjust tests to fetch the output len for EVP_PKEY_[en|de]cap
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
2024-10-07 17:47:17 +02:00
Tomas Mraz
5bc13d5d8c cmp_vfy_test.c: Avoid NULL pointer dereference
Fixes Coverity 1619463

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25503)
2024-10-07 17:41:22 +02:00
Neil Horman
76c4f0e8ea Update test/quic-openssl-docker/run_endpoint.sh
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
2024-10-04 17:42:49 +02:00
Neil Horman
c8b050eef1 Update quic interop docker container for chacha20
Need to update the docker interop container to use the quic-hq-interop
client so that the right alpn is negotiated for chacha20 testing

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
2024-10-04 17:42:49 +02:00
Dr. David von Oheimb
a571425492 add test/recipes/15-test_pkey.t
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
d5c4a8aecc APPS/pkcs8: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
421e8d7af8 APPS/ocsp: fix case where reqin and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
1dbb67c4f1 APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
32189981a3 APPS/dsaparam: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
9ae1e6596f APPS/dhparam: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Simo Sorce
5c91f70ba8 Use the correct length value for input salt
In this function the salt can be either a zero buffer of exactly mdlen
length, or an arbitrary salt of prevsecretlen length.
Although in practice OpenSSL will always pass in a salt of mdlen size
bytes in the current TLS 1.3 code, the openssl kdf command can pass in
arbitrary values (I did it for testing), and a future change in the
higher layer code could also result in unmatched lengths.

If prevsecretlen is > mdlen this will cause incorrect salt expansion, if
prevsecretlen < mdlen this could cause a crash or reading random
information. Inboth case the generated output would be incorrect.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25579)
2024-10-02 12:05:39 +02:00
Pauli
12d14de641 test: add FIPS version check for EC cofactor derive tests
These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against later versions.

Also change some skips to use TEST_skip.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25582)
2024-10-01 09:28:27 +10:00
slontis
2f362e99a1 Fix bugs in ECDH cofactor FIPS indicator.
The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.

Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.

This only affects the B & K curves (which have a cofactor that is not 1).

Bug reported by @abkarcher

Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)
2024-09-30 20:07:09 +02:00
Dimitri John Ledkov
fc68cf21b5 kdfs: implement key length check in X9.42
Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25529)
2024-09-30 20:03:49 +02:00
Pauli
0081964805 test: fix unit tests for fips CRNG tests
To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)
2024-09-30 17:58:09 +10:00
Dimitri John Ledkov
ed68623287 fips: Prohibit SHA1 in DH & ECDH exchange
See Section 5 Key Agreement Using Diffie-Hellman and MQV of
[NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).

Strengths less than 112bits is disallowed, thus eliminating SHA1.

Skip cms test case that requires use of SHA1 with X9.42 DH.

Rename ossl_fips_ind_digest_check to ossl_fips_ind_digest_exch_check

Add myself to Changes for fips indicator work

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25517)
2024-09-27 09:13:05 +02:00
David von Oheimb
1ef3032eac 80-test_cmp_http.t: fix handling of IPv6 server host (localhost '::1')
Fixes 22467

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:50 +02:00