Commit Graph

36054 Commits

Author SHA1 Message Date
Jonathan M. Wilbur
a6e0d6d5c0 feat: support the authorityAttributeIdentifier X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25244)
2024-09-10 19:17:34 +02:00
Randall S. Becker
ad1d0cc999 Add NonStop KLT Configuration for new platform kernel treading model.
This fix supports the new NonStop KLT threading model, including
configurations and documentation for using this model.

Fixes: fix-24175

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25016)
2024-09-10 19:16:04 +02:00
Neil Horman
d677482b7e Use Jq to add openssl to interop test harness
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25256)
2024-09-10 11:38:15 -04:00
Neil Horman
d2157bbb83 Collapse errors down by using || in run_endpoint.sh
Makes for smaller more consistent coding

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25256)
2024-09-10 11:38:09 -04:00
Neil Horman
e7e48e7f6c Add interop status badge
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25256)
2024-09-10 11:38:09 -04:00
Neil Horman
f984323fcd Need to remove our bash settings as we need to interrogate failures
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25256)
2024-09-10 11:38:09 -04:00
Neil Horman
36d5b38d2b Add local nightly interop running
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25256)
2024-09-10 11:38:09 -04:00
Tomas Mraz
a4954ea01a Reduce footprint of Windows CI
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
2024-09-10 16:36:39 +02:00
Tomas Mraz
ecab977464 Add Windows build with enable-fips no-thread-pool no-quic
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
2024-09-10 16:36:39 +02:00
Tomas Mraz
f0fd24d5f3 Fix no-thread-pool build on Windows
thread/arch/thread_win.c must be included into libcrypto as rcu depends
on ossl_crypto_mutex implementation on Windows.

Fixes #25337

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
2024-09-10 16:36:39 +02:00
Matt Caswell
c9e36a8221 Add a test for the nonce-type sigopt
Check that using the nonce-type sigopt via the dgst app works correctly

Based on the reproducer from #25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
2024-09-09 09:51:50 +02:00
Matt Caswell
d244abb651 Don't restrict the ECDSA settable ctx params unnecessarily
We just allow all possible settables all the time. Some things like the
digest name can't actually be changed in some circumstances - but we already
have checks for those things. It's still possible to pass a digest of the
same name to one that's already been set for example.

Fixes #25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
2024-09-09 09:51:50 +02:00
Matt Caswell
8cc0a97d60 Complain about a missing digest when doing deterministic ECDSA
We need a digest for the none when doing deterministic ECDSA. Give a
better error message if one hasn't been supplied.

See openssl/openssl#25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
2024-09-09 09:51:50 +02:00
icy17
5d6322741a Add missing security rules about NULL check to various manpages
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25083)
2024-09-09 09:40:28 +02:00
ha1215
85eb4f303f Minor WINDOWS.md cleanups
The possessive form of "Windows" has been updated from "Windows's"
to "Windows'".

The function call "a poll(2) call" has been specified as
"a poll(2) system call" for clarity.

The phrase "and supposed" has been corrected to "and was supposed" to
improve sentence structure.

The phrase "However Microsoft has" now includes a comma, revised to
"However, Microsoft has" to enhance readability.

The statement "Supporting these is a pain" has been adjusted to
"Supporting these can be a pain" to better convey potential variability
in user experience.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24242)
2024-09-09 09:23:38 +02:00
XZ-X
a5cd06f7ff rehash.c: handle possible null pointer returned by OPENSSL_strdup
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24980)
2024-09-09 09:20:08 +02:00
erbsland-dev
26521fdcf4 Add note for non-interactive use of s_client
Fixes #8018

Documented the potential issue of premature connection closure in
non-interactive environments, such as cron jobs, when using `s_client`.

Added guidance on using the `-ign_eof` option and input redirection to
ensure proper handling of `stdin` and completion of TLS session data exchange.

Highlight potential issues with the `-ign_eof` flag and provide solutions for
graceful disconnection in SMTP and HTTP/1.1 scenarios to avoid indefinite hangs.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25311)
2024-09-09 09:14:21 +02:00
erbsland-dev
d52e92f835 Refactor Password Variables to Use const char[] Arrays
- Converted password declaration from `char*` to `const char[]`.
- Updated `memcpy` and `return` statements accordingly to use `sizeof` instead of predefined lengths.
- Renamed `key_password` into `weak_password` to match test name.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
2024-09-09 08:58:03 +02:00
erbsland-dev
9808ccc53f Refactor Callback Tests for Improved Memory Management
Refactor the callback test code to replace global variables with local structures, enhancing memory management and reducing reliance on redundant cleanup logic.

Using a local struct containing a magic number and result flag to ensure the correct handling of user data and to verify that the callback function is invoked at least once during the test.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
2024-09-09 08:58:03 +02:00
erbsland-dev
5387b71acb Fix Edge Cases in Password Callback Handling
Fixes #8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end.

Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
2024-09-09 08:58:03 +02:00
erbsland-dev
fa6ae88a47 Add test for BIO password callback functionality
Related to #8441

This commit introduces a test suite for the password callback mechanism used when reading or writing encrypted and PEM or DER encoded keys via a BIO in OpenSSL. The test is designed to cover various edge cases, particularly focusing on scenarios where the password callback might return unexpected or malformed data from user code.

By simulating different callback behaviors, including negative returns, zero-length passwords, passwords that exactly fill the buffer and wrongly reported lengths. Also testing for the correct behaviour of binary passwords that contain a null byte in the middle.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
2024-09-09 08:58:03 +02:00
slontis
7845ff7692 Add fips indicator requirements doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23609)
2024-09-08 13:54:39 +10:00
Tomas Mraz
5c82588173 CHANGES.md, NEWS.md: Add 3.5 sections
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25393)
2024-09-06 16:14:52 +02:00
Tomas Mraz
3e3a2bfcf0 libcrypto/libssl.num: Set the numbers for 3_4_0 symbols
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25393)
2024-09-06 16:14:52 +02:00
Tomas Mraz
314c327b14 NEWS.md: Add missing link to 3.4 section
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25393)
2024-09-06 16:14:52 +02:00
Ingo Franzki
dc5afb7e87 s390x: Fix s390x_shake_squeeze() when MSA 12 is available
On the first squeeze call, when finishing the absorb process, also set
the NIP flag, if we are still in XOF_STATE_INIT state. When MSA 12 is
available, the state buffer A has not been zeroed during initialization,
thus we must also pass the NIP flag here. This situation can happen
when a squeeze is performed without a preceding absorb (i.e. a SHAKE
of the empty message).

Add a test that performs a squeeze without a preceding absorb and check
if the result is correct.

Fixes: 25f5d7b85f

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25388)
2024-09-06 11:26:06 +02:00
Ingo Franzki
979dc53001 s390x: Fix s390x_sha3_absorb() when no data is processed by KIMD
If the data to absorb is less than a block, then the KIMD instruction is
called with zero bytes. This is superfluous, and causes incorrect hash
output later on if this is the very first absorb call, i.e. when the
xof_state is still XOF_STATE_INIT and MSA 12 is available. In this case
the NIP flag is set in the function code for KIMD, but KIMD ignores the
NIP flag when it is called with zero bytes to process.

Skip any KIMD calls for zero length data. Also do not set the xof_state
to XOF_STATE_ABSORB until the first call to KIMD with data. That way,
the next KIMD (with non-zero length data) or KLMD call will get the NIP
flag set and will then honor it to produce correct output.

Fixes: 25f5d7b85f

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25388)
2024-09-06 11:26:05 +02:00
dependabot[bot]
8af4c02ea9 Dependabot update
CLA: trivial

(deps): Bump actions/setup-python

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.1 to 5.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.1.1...v5.2.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25328)
2024-09-05 18:12:48 +02:00
dependabot[bot]
65e32c6867 Dependabot update
CLA: trivial

(deps): bump actions/download-artifact

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.7 to 4.1.8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.7...v4.1.8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25385)
2024-09-05 18:08:11 +02:00
PIums
60725f8511 argon2: Fixed an thread availability error string
Correctly display the number of requested threads and the number
of available threads.

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25375)
2024-09-05 17:32:01 +02:00
Jiasheng Jiang
f60b3c5fdc crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for EVP_MD_fetch()
Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer
dereference and memory leak, like "md_fetch".

Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25370)
2024-09-05 17:30:28 +02:00
Viktor Dukhovni
8439337036 Drop redundant non-negative checks on unsigned values
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25341)
2024-09-05 17:28:47 +02:00
Pablo Rodríguez
6fd9bc6568 blank line required to display code in openssl-ts.pod.in
CLA:trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25338)
2024-09-05 17:26:58 +02:00
Alessandro Chitarrini
f2b7a00fbb Fix inaccurate comment about default nonce length in demos/cipher/aesccm.c
Fixes #25270

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25318)
2024-09-05 17:24:32 +02:00
Jonathan M. Wilbur
9183306815 feat: add TCG / platform certificate OIDs
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25312)
2024-09-05 17:22:40 +02:00
Zhihao Yuan
36840ab577 Recycle the TLS key that holds thread_event_handler
Fixes #25278

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25300)
2024-09-05 17:19:53 +02:00
Jiasheng Jiang
09ae1c9f5a Add error return value information for EVP_MD_get_size()
Add error return value information for EVP_MD_get_size() and
EVP_MD_CTX_get_size() to better guide their usages and avoid
the integer overflow, such as
4a50882 ("ssl_cipher_get_overhead(): Replace size_t with int and add the checks")
and ef9ac2f ("test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()").

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25282)
2024-09-05 17:16:45 +02:00
erbsland-dev
d15077d336 Clarify EVP_CipherUpdate() authenticated bytes behavior
Fixes #8310: Document that the number of authenticated bytes returned by EVP_CipherUpdate() varies with the cipher used. Mention that stream ciphers like ChaCha20 can handle 1 byte at a time, while OCB mode requires processing data one block at a time. Ensure it's clear that passing unpadded data in one call is safe.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24961)
2024-09-05 17:14:18 +02:00
Georgi Valkov
71ae466181 threads_win: fix improper cast to long * instead of LONG *
InterlockedExchangeAdd expects arguments of type LONG *, LONG
but the int arguments were improperly cast to long *, long

Note:
- LONG is always 32 bit
- long is 32 bit on Win32 VC x86/x64 and MingW-W64
- long is 64 bit on cygwin64

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24941)
2024-09-05 17:09:50 +02:00
Georgi Valkov
9f4d8c63e8 threads: follow formatting rules
Adjust long lines and correct padding in preprocessor lines to
match the formatting rules

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24941)
2024-09-05 17:09:50 +02:00
Daniel Gustafsson
5efc57caf2 Fix memleak in rsa_cms_sign error path
If the call to X509_ALGOR_set0 fails then the allocated ASN1_STRING
variable passed as parameter leaks.  Fix by explicitly freeing like
how all other codepaths with X509_ALGOR_set0 do.

Fixes #22680

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24868)
2024-09-05 17:04:59 +02:00
FdaSilvaYY
2bb83824bb ssl: rework "e_os.h" inclusions
- Remove e_os.h include from "ssl_local.h"
- Added e_os.h into the files that need it now.
- Move e_os.h to be the very first include

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)
2024-09-05 17:02:51 +02:00
FdaSilvaYY
23b795d34f apps: directly inclusion of "e_os.h when needed
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)
2024-09-05 17:02:51 +02:00
FdaSilvaYY
0022bc81a9 crypto: fix missing <winsock.h> indirection inclusion.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)
2024-09-05 17:02:51 +02:00
FdaSilvaYY
b2ac9c714e Move inclusion of <winsock.h> out of "e_os.h" into a dedicated header file.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)
2024-09-05 17:02:51 +02:00
Tomas Mraz
5472786907 Prepare for 3.4 beta 1
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:38:19 +02:00
Tomas Mraz
2648f68f4c Prepare for release of 3.4 alpha 1
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:37:44 +02:00
Tomas Mraz
13add4d27f make update
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:37:42 +02:00
Tomas Mraz
7ed6de997f Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:35:49 +02:00
Richard Levitte
210dc9a50d util/mkinstallvars.pl: replace List::Util::pairs with out own
Unfortunately, List::Util::pairs didn't appear in perl core modules
before 5.19.3, and our minimum requirement is 5.10.

Fortunately, we already have a replacement implementation, and can
re-apply it in this script.

Fixes #25366

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25367)
2024-09-05 09:04:28 +02:00