Commit Graph

35114 Commits

Author SHA1 Message Date
Neil Horman
1967539e21 Fix threadstest wrapping again
Stochastic failures in the RCU test on MACOSX are occuring.  Due to beta
release, disabling this test on MACOSX until post 3.3 release

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23967)
2024-03-26 10:27:23 -04:00
Tomas Mraz
e7d5d61b66 Update gost-engine submodule to fix the CI
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23773)
2024-03-26 15:09:22 +01:00
Vladimir Kotal
6af739b79b apps/req,crl: exit with 1 on verification failure
Fixes #23771

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23773)
2024-03-26 15:08:36 +01:00
Viliam Lejčík
a4cbffcd89 Add NULL check before accessing PKCS7 encrypted algorithm
Printing content of an invalid test certificate causes application crash, because of NULL dereference:

user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)

Added test cases for pkcs12 bad certificates

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)
2024-03-25 18:26:24 +01:00
Jiasheng Jiang
87e747000f Replace size_t with int and add the check for the EVP_MD_get_size()
Replace the type of "digest_size" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Moreover, add the check for the "digest_size".

Fixes: 29ce1066bc ("Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23924)
2024-03-25 17:49:03 +01:00
Jiasheng Jiang
f13ddaab69 Replace unsigned with int
Replace the type of "digest_length" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Otherwise, it may pass the following check and cause the integer overflow error when EVP_MD_get_size() returns negative numbers.
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23922)
2024-03-25 17:45:33 +01:00
sashan
01eaf20385 fix demos/sslecho/main.c so it builds on OpenBSD too
trying to build `demos/sslecho/main.c` shipped by current openssl
fails with error as follows:
```
cc -I../../include -g -Wall   -c -o main.o main.c
main.c:35:24: error: variable has incomplete type 'struct sockaddr_in'
    struct sockaddr_in addr;
                       ^
main.c:35:12: note: forward declaration of 'struct sockaddr_in'
    struct sockaddr_in addr;
           ^
main.c:46:32: error: use of undeclared identifier 'INADDR_ANY'
        addr.sin_addr.s_addr = INADDR_ANY;
                               ^
main.c:152:24: error: variable has incomplete type 'struct sockaddr_in'
    struct sockaddr_in addr;
                       ^
main.c:152:12: note: forward declaration of 'struct sockaddr_in'
    struct sockaddr_in addr;
           ^
3 errors generated.
gmake: *** [<builtin>: main.o] Error 1
```

including `netinet/in.h` fixes the build

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23936)
2024-03-25 13:49:47 +01:00
Tomas Mraz
7394de95b6 Add 3.3 and 3.2 branches to Coveralls builds
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23938)
2024-03-25 13:44:27 +01:00
Randall S. Becker
4a9e48f727 Correct OSSL_sleep for NonStop PUT model by introducing sleep().
This fix also removes SPT model support as it was previously deprecated.
Upcoming threading models on the platform should be supportable without change
to this method.

Fixes: #23923
Fixes: #23927
Fixes: #23928

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23926)
2024-03-23 09:22:31 -04:00
Yavor Georgiev
24109dca5a Don’t use the recvmmsg dgram method on Android <5
recvmmsg and sendmmsg were only added to Android’s C library in version 5, starting with API Level 21.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23754)
2024-03-22 16:59:41 +01:00
olszomal
f1c14f1853 Fixed a typo and grammar in openssl-ts.pod
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23913)
2024-03-22 16:50:20 +01:00
Dmitry Misharov
395ab201a7 fix uploading artifacts for paramertrized jobs
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23933)
2024-03-22 12:02:58 +01:00
Neil Horman
b50c174ee3 Make counters in rcu/rw threads torture test 64 bit
Its possible in some conditions for the rw/rcu torture tests to wrap the
counter, leading to false positive failures, make them 64 bits to avoid
this

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23724)
2024-03-22 11:06:59 +01:00
Dmitry Misharov
ada9d8c785 Add M1 macOS runner to some workflows
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23724)
2024-03-22 11:06:34 +01:00
Jakov Smolić
347f05e893 riscv: Fix remaining asm checks
There are additional asm checks which don't check for OPENSSL_CPUID_OBJ
causing the build to still fail on riscv [1], so fix them in the same
manner as ff27959769

[1] https://bugs.gentoo.org/923956
Fixes: https://github.com/openssl/openssl/issues/22871

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23752)

(cherry picked from commit daf1f8d64f)
2024-03-22 11:03:36 +01:00
Matt Hauck
53ef123f48 Update FIPS hmac key documentation
The documentation is slightly incorrect about the FIPS hmac key.

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23846)
2024-03-22 10:48:14 +01:00
Hugo Landau
9abcf11696 Move artifact upload code into the shell script
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23551)
2024-03-21 17:57:50 +00:00
Hugo Landau
f2db70962c Experimental support for uploading qlog artifacts
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23551)
2024-03-21 17:57:50 +00:00
Matt Caswell
dc9bc6c8e1 Fix unbounded memory growth when using no-cached-fetch
When OpenSSL has been compiled with no-cached-fetch we do not cache
algorithms fetched from a provider. When we export an EVP_PKEY to a
provider we cache the details of that export in the operation cache for
that EVP_PKEY. Amoung the details we cache is the EVP_KEYMGMT that we used
for the export. When we come to reuse the key in the same provider that
we have previously exported the key to, we check the operation cache for
the cached key data. However because the EVP_KEYMGMT instance was not
cached then instance will be different every time and we were not
recognising that we had already exported the key to the provider.

This causes us to re-export the key to the same provider everytime the key
is used. Since this consumes memory we end up with unbounded memory growth.

The fix is to be more intelligent about recognising that we have already
exported key data to a given provider even if the EVP_KEYMGMT instance is
different.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23841)
2024-03-15 18:10:49 +00:00
Bernd Edlinger
bc3eb7b527 Try to fix intermittent CI failures in quic_multistream test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23807)
2024-03-15 17:21:35 +01:00
Alexandr Nedvedicky
707b54bee2 plug potential memory leak in error code path
Function `module_add()` may leak stack of modules when
it fails to initialize newly added module.

Fixes #23835

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23836)
2024-03-15 13:42:57 +01:00
Tomas Mraz
12f5f26e1e Raise the AFL_MAP_SIZE to accommodate future growth
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23851)
2024-03-15 13:37:50 +01:00
Tomas Mraz
33f6d61323 82-test_ocsp_cert_chain.t: Just ignore unrecognized lines in server output
There might be warnings from AFL fuzz checker
or other warnings that we do not care about.

For success it is just required that cert_status: ocsp response sent:
is present.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23851)
2024-03-15 13:37:50 +01:00
Alexandr Nedvedicky
103952d439 Minor docfix for OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3)
Also removal of duplicate assignment and addition of comment
in test/http_test.c

Follow up change to PR #23781

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23837)
2024-03-15 11:36:25 +01:00
Tomas Mraz
13ee569d41 Set AFL_MAP_SIZE to avoid crash in the AFL CI job
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23843)
2024-03-15 10:23:45 +01:00
Tomas Mraz
b7de38e84c Add a test using the bandwidth limit filter
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23588)
2024-03-15 10:19:19 +01:00
Tomas Mraz
37ffd4a1fa Add support for bandwidth limitation in noisydgram BIO filter
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23588)
2024-03-15 10:19:19 +01:00
Tomas Mraz
45d16a44eb bio_f_noisy_dgram_filter(): Fix typo
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23588)
2024-03-15 10:19:19 +01:00
Shakti Shah
9f3a7ca2cf SSL_add_dir_cert_subjects_to_stack(): Documented return values
In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions
returning int have undocumented return values.

Fixes #23171

Signed-off-by: Shakti Shah <shaktishah33@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23433)
2024-03-15 10:15:03 +01:00
Job Snijders
c5e097dec5 Add Content Type OID for id-ct-rpkiSignedPrefixList
References: draft-ietf-sidrops-rpki-prefixlist
Title: "A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)"

OID assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23426)
2024-03-15 09:10:22 +01:00
Tomas Mraz
5c846d32d4 apps/x509.c: No warning reading from stdin if redirected
Fixes #22893

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23526)
2024-03-15 09:07:51 +01:00
Neil Horman
37cd49f57f Fix ASLR to be smaller during asan/tsan/ubsan runs
Recently asan/tsan/ubsan runs have been failing randomly.  It appears
that a recent runner update may have led to the Address Space Layout
Randomization setting in the linux kernel of ubuntu-latest runner
getting set to too high a value (it defaults to 30).  Such a setting
leads to the possibility that a given application will have memory
mapped to an address space that the sanitizer code typically uses to do
its job.  Lowering this value allows a/t/ubsan to work consistently
again

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23842)
2024-03-15 08:47:24 +01:00
Frederik Wedel-Heinen
f08be09651 Avoid a memcpy in dtls_get_reassembled_message()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23828)
2024-03-14 18:19:17 +01:00
Vladimirs Ambrosovs
c91f0ca958 Fix dasync_rsa_decrypt to call EVP_PKEY_meth_get_decrypt
Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23825)
2024-03-14 08:49:01 +01:00
Joachim Vandersmissen
3cb0755323 Implement KAT for KBKDF with KMAC128
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23745)
2024-03-13 17:04:31 +01:00
sharad3001
39202836d6 Update tls13ccstest.c, removal of deadcode
tst has been already checked for invalid value in the start of the function with switch statement.

Checked again here, so removed deadcode

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23813)
2024-03-13 17:00:48 +01:00
Frederik Wedel-Heinen
7649b5548e Add fuzzing for DTLS
Update the fuzz corpora submodule with the DTLS fuzz corpus.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23585)
2024-03-12 20:10:40 +01:00
James Muir
cf8422480a s_server: test ocsp with "-cert_chain"
Add a test to exercise the use of s_server with "-cert_chain" to
construct an ocsp request.

This new functionality was added in PR #22192.

Testing:

  make V=1 TESTS='test_ocsp_cert_chain' test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23101)
2024-03-12 19:54:27 +01:00
Alexandr Nedvedicky
7f8aba2f44 Limit the number of http headers when receiving the http response
Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).

Fixes #22264

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)
2024-03-12 19:35:41 +01:00
Jiasheng Jiang
bc930bed20 Add check for xor_get_aid()
Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference.

For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL.

Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23764)
2024-03-12 19:32:32 +01:00
olszomal
7ceb770883 Improve the documentation on -cert_chain and -status_verbose options
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22192)
2024-03-12 14:02:13 +01:00
olszomal
d6aafeb107 Use the untrusted certificate chain to create a valid certificate ID for OCSP_request
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22192)
2024-03-12 14:02:13 +01:00
谭九鼎
52a75f4088 Doc: fix style
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23805)
2024-03-12 06:44:45 +01:00
Jiasheng Jiang
8211ca45e4 PKCS7: Remove one of the duplicate checks
There are two consecutive identical checks "if (i <= 0)".
We can remove one of them to make the code clear.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23741)
2024-03-11 15:19:15 +01:00
Aarni Koskela
1f03d33ef5 Add reformatting commit to .git-blame-ignore-revs
CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23748)
2024-03-11 12:18:03 +00:00
slontis
5df34ca70a Make the generated params_idx.c file deterministic if run multiple
times.

Fixes #23672

There are many name/value pairs currently that have duplicate names e.g.

    'CAPABILITY_TLS_GROUP_MAX_TLS' =>           "tls-max-tls",
    'CAPABILITY_TLS_SIGALG_MAX_TLS' =>          "tls-max-tls",

Stripping the .pm file down to just the above entries and running
multiple times gives different results for the produce_decoder.

On multiple runs any iterations over the unordered hash table keys using
foreach my $name (keys %params) results in a different order on multiple
runs. Because of this the mapping from the hash 'value' back to the
'key' will be different.

Note that the code also uses another mechanism in places that uses
"name1" => "value"
"name2" => "*name1"
Rather than fix all the strings the change done was to sort the keys. If
we were to chose to fix the strings then the perl code should be changed
to detect duplicates.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23688)
2024-03-11 12:08:00 +00:00
Alexandr Nedvedicky
854539889d FAQ.md should be removed
the page the link refers to does not exist.
Anyone objects to delete file?

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23719)
2024-03-11 11:40:25 +00:00
slontis
d60b37506d Fix BIO_get_new_index() to return an error when it is exhausted.
Fixes #23655

BIO_get_new_index() returns a range of 129..255.

It is set to BIO_TYPE_START (128) initially and is incremented on each
call.
>= 256 is reserved for the class type flags (BIO_TYPE_DESCRIPTOR) so it
should error if it reaches the upper bound.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23732)
2024-03-11 11:34:25 +00:00
Neil Horman
53a8728686 Bring SSL_group_to_name docs in line with API definition
docs say the SSL object in this function is const, but the api doesn't
qualify it as such.  Adjust the docs to match the definition

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23785)
2024-03-09 19:05:23 -05:00
Hugo Landau
bf7ae259a4 Add CHANGES
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23584)
2024-03-09 08:56:59 +00:00