Commit Graph

33291 Commits

Author SHA1 Message Date
fisher.yu
fd54fadba6 Update CMAC cipher algorithm list and test cases.
1. Update manual, add SM4-CBC to CMAC cipher algorithm list.
    2. Add test case for SM4-CBC CMAC, add "data length is greater
       than 4 block-length" cases for aes-128-cbc, aes-192-cbc,
       aes-256-cbc and des-ede3-cbc.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21102)
2023-06-09 09:08:27 +10:00
Pauli
247f307f72 Add 3.0.9 to list of FIPS releases
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
2023-06-08 11:43:10 +02:00
Pauli
67fc06a776 Update versions tested to include 3.1.1
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
2023-06-08 11:43:10 +02:00
Pauli
45fefe172a kdf test: restrict the version of the FIPS provider
Concatenation tests are provider version specific, limit them to supporting
versions.

Fixes #21134

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21140)
2023-06-08 11:43:10 +02:00
Antony Polukhin
2c4124a3a1 Workaround false positive warning of MSAN in eng_rdrand.c
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21136)
2023-06-08 11:29:02 +02:00
dependabot[bot]
ac083de651 Bump coverallsapp/github-action from 2.1.2 to 2.2.0
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.1.2...v2.2.0)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21147)
2023-06-08 08:45:07 +02:00
Richard Levitte
b684ee2ce4 build.info: Introduce special syntax for dependencies on script modules
The DEPEND statement, when applied on files generated with GENERATE, may
be used to specify script modules that the template to be generated from
depends on.  In short, this sort of depend:

    DEPEND[generated]=util/perl/OpenSSL/something.pm

... would generate a perl run that has the inclusion directory
'util/perl/OpenSSL' and 'something' as the module to be loaded.  However,
the package name for this module is 'OpenSSL::something', so to load it the
way it's expected, the inclusion directory should be 'util/perl', and the
module to be loaded should be specified as 'OpenSSL/something' (to be
massaged into a proper module name by the build file template).

To allow this, we introduce a file syntax, where a single '|' is used as a
directory separator, to delineate what part should be used as the inclustion
directory, and which part the module name to be loaded should be derived
from:

    DEPEND[generated]=util/perl|OpenSSL/something.pm

Fixes #21112

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21117)
2023-06-08 07:53:10 +02:00
Matt Caswell
b8fa5be550 Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write
ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The only change made is the struct_ref
field which is controlled separately. Therefore we can afford to only take
a read lock. This also impacts EVP_PKEY_asn1_find_str().

This lock ends up being obtained indirectly from numerous public API
functions including EVP_PKEY_key_gen(), EVP_PKEY_new_raw_public_key_ex(),
EVP_PKEY_copy_parameters() etc. This occurs even if no engines are actually
in use.

Some tests showed this lock being obtained 6 times after a "warmed up"
s_server instance with default configuration processed a handshake from a
default s_client. When processing a resumption handshake from s_client it
was obtained 8 times.

Partially fixes #20286

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
2023-06-06 17:09:13 +02:00
Matt Caswell
e568d64f9f Convert the ENGINE struct_ref field to be an atomic
We use atomic primitives to up ref and down the struct_ref field rather
than relying on the global lock for this.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
2023-06-06 17:09:13 +02:00
Alex Bozarth
68668243b1 Add SSL_get0_group_name() to get name of the group used for KEX
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20866)
2023-06-06 17:03:41 +02:00
Michael Baentsch
8229874476 Cast the argument to unsigned char when calling isdigit()
Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)
2023-06-06 15:48:46 +02:00
Tomas Mraz
18f82df5b1 Make link to RFC 1578 in CHANGES.md be a proper link
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21130)
2023-06-06 11:32:15 +02:00
Richard Levitte
d63b3e7959 Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-06-06 10:48:50 +02:00
Vladimír Kotal
3ca28c9e81 allow to disable http
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
2023-06-06 11:05:02 +10:00
Pauli
c69756e7a0 doc: note that out ChaCha20 isn't standard compliant.
Fixes #21095

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21098)
2023-06-06 11:02:57 +10:00
Matt Caswell
80935bf5ad Don't take a write lock to retrieve a value from a stack
ossl_x509_store_ctx_get_by_subject() was taking a write lock for the
store, but was only (usually) retrieving a value from the stack of
objects. We take a read lock instead.

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)
2023-06-05 09:09:32 +10:00
Matt Caswell
50001e0e15 Avoid an unneccessary lock if we didn't add anything to the store
Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)
2023-06-05 09:09:23 +10:00
Dmitry Belyavskiy
4c56539cb3 Remove pointless warning on pkcs12 import
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21107)
2023-06-03 16:15:33 +02:00
Tomas Mraz
26baecb28c Update fuzz/corpora submodule to latest data
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21118)
2023-06-02 16:08:28 +02:00
Darana
4ad2dd43d0 Fix documentation where openssl-genrsa is listed as
deprecated since OpenSSL 3.0

openssl-genrsa is not deprecated however the OpenSSL documentation
states that it is the case from OpenSSL 3.0. This has been fixed in the
documentation, specifically in manpage 1.

Fixes #21055

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21059)
2023-06-02 15:46:34 +02:00
Pauli
b4a1231007 possible workaround
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Pauli
944ee2c30b Update .gitignore
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Pauli
79d702250b gcm: use the new faster param location mechanism.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Pauli
e84b5fcc1b params: provide a faster TRIE based param lookup.
The separate file is a Perl script that generates the appropriate define
directives for inclusion in core_names.h.  By having this separation it
will be possible to prebuild data structures to give faster access when
looking up parameters by name.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20935)
2023-06-02 15:13:20 +10:00
Jairus Christensen
cee0628e0d [feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20248)
2023-06-02 05:46:46 +02:00
Matt Caswell
fc570b2605 Avoid taking a write lock in ossl_provider_doall_activated()
We refactor ossl_provider_doall_activated() so that we only need to take
a read lock instead of a write lock for the flag_lock. This should improve
performance by avoiding the lock contention. We achieve this by protecting
the activatecnt via atomics rather than via a lock and by avoiding the full
provider activation/deactivation procedure where it is not needed.

Partial fix for #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20927)
2023-06-02 09:12:42 +10:00
Matt Caswell
61f11cad7a Enable obtaining certain DRBG params without a lock
Even if a DRBG has locking enabled on it, there are certain parameters
which are still safe to obtain even without a lock. The max_request
value is constant for all our DRBGs. The reseed_counter does not matter
if we get it wrong - so it is safe to avoid the lock. So if all we are
reading are those parameters then we take no lock at all.

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20970)
2023-06-02 07:30:04 +10:00
Matt Caswell
189ad3ab20 Refactor the DRBG implementations to manage locking themselves
Previously the EVP layer would call lock and unlock functions on the
underlying DRBG implementation to say when a lock should be acquired and
released. This gives the DRBG implementation no say as to what kind of
lock should obtained (e.g. read/write) or even whether a lock is actually
needed or not.

In reality we know whether a DRBG is supposed to be in locking mode or
not because the "enable_locking()" function will have been called if
locks should be used. Therefore we re-interpret the lock and unlock
functions as "hints" from the EVP layer which we ignore. Instead we
acquire locks only when we need them. By knowing the context we can obtain
either a read or a write lock as appropriate.

This may mean that in some rare cases we acquire the locks more than once
for a single EVP call, if the EVP call makes several calls to the underlying
DRBG. But in practice almost all EVP calls only make one such call.
EVP_RAND_generate() is an example of a call where multiple DRBG calls may
be made. One of these gets the "max_request" parameter (which is constant
for all of our own DRBGs) and it may make several calls to the DRBG generate
call - but only if the requested size is very large which will rarely be
the case.

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20970)
2023-06-02 07:30:04 +10:00
Dr. David von Oheimb
168d93a21d openssl-cmp.pod.in: tweak doc of -subject, -issuer, -keep_alive, and -untrusted
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
5def4bbb4b cmp_mock_srv.c: improve comment on cert to be produced from request template
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
afe7a4311d cmp_client.c: add comment on certConf and add 'ossl_unused' to two functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
586b5407d6 apps.c: add comment to do_X509_sign() referring to question #19805
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
dea5e2632c apps/cmp.c: make management of http_cb_arg pointer more robust
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
6ed117b32c apps/cmp.c: improve warnings on option use
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
7a18574839 CMS_ContentInfo_free(): fix mem leak on encrypted content key
Fixes #21026

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21058)
2023-06-01 09:56:20 +02:00
Dr. David von Oheimb
23450cfb92 SMIME_crlf_copy(): check for NULL pointer arguments
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21058)
2023-06-01 09:56:20 +02:00
Yuri Penkin
dc4ccc7024 Ignore the fetch error when a legacy algorithm is found
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21035)

(cherry picked from commit cb1f87f59d)
2023-06-01 09:50:28 +02:00
Dr. David von Oheimb
d477484d33 CMP: add support for genm/genp messages with id-it-caCerts
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19231)
2023-06-01 09:39:12 +02:00
Pauli
985429f4f4 QUIC: CID conformance
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21078)
2023-06-01 17:24:43 +10:00
Pauli
73f59aa8eb doc: update FIPS provider version information
With 3.0.8 validated, we need to note this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21049)
2023-06-01 16:20:33 +10:00
Pauli
2a6a04406b tags: fix make tags target for out of tree builds
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21079)
2023-06-01 16:13:20 +10:00
Kurt Roeckx
bc07d37186 Add PEM fuzzer
This fuzzer can find CVE-2022-4450

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20242)
2023-06-01 10:04:32 +10:00
Tomas Mraz
3410a72dce Compute RSA-PSS algorithm params in libcrypto for legacy
Fixes regression of RSA signatures for legacy keys caused
by quering the provider for the algorithm id with parameters.

Legacy keys do not have a method that would create the
algorithm id. So we revert to what was done in 3.0.7 and
earlier versions for these keys.

Fixes #21008

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21019)
2023-06-01 10:02:28 +10:00
Xiaokang Qian
09bd0d05a6 Fix arm64 asm code back compatible issue with gcc 4.9.4
Fix: #20963

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20967)
2023-05-31 10:50:28 +10:00
dependabot[bot]
a1c8edcfc9 Bump actions/setup-python from 4.6.0 to 4.6.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21047)
2023-05-30 22:29:50 +02:00
Dr. David von Oheimb
36b91a198a CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
Also remove needless constant_time_* and ERR_clear_error() calls
from OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
2023-05-30 22:02:10 +02:00
Dr. David von Oheimb
fdef95716d ssl/statem_srvr.c: clean up handling of EVP_PKEY_decrypt() outlen
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
2023-05-30 22:02:10 +02:00
Dr. David von Oheimb
3179995f11 cmp_http.c: Remove obsolete comment w.r.t. ERR_clear_error()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
2023-05-30 22:02:10 +02:00
Rajarshi Karmakar
2631a94146 OSSL_sleep(): Calling sleep() function if sleepTime > 1sec
On some systems usleep() func does not support time >1sec.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21010)
2023-05-30 21:10:03 +02:00
Matt Caswell
f53479f98a Optimise locking in rsa_get_blinding()
We optimise locking in rsa_get_blinding() so that we normally take a
read lock, and only fallback to a write lock if we need to. This will
be very slightly slower in the case of single use RSA objects, but should
be significantly better when an RSA object is reused in a multi-threaded
environment. It's probably worth the trade off.

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20953)
2023-05-30 17:39:29 +01:00