Commit Graph

35412 Commits

Author SHA1 Message Date
Matt Caswell
50153ad2bb Suppress a spurious error from the sysdefault test
Running the sysdefault test results in spurious error output - even
though the test has actually passed

Fixes #24383

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24384)
2024-05-15 12:14:24 +02:00
Tomas Mraz
ad3f28c5fb Document that SHAKE-128 and SHAKE-256 have no default digest length
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24105)
2024-05-15 12:10:32 +02:00
Tomas Mraz
b911fef216 Intentionally break EVP_DigestFinal for SHAKE128 and SHAKE256
It will work only if OSSL_DIGEST_PARAM_XOFLEN is set.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24105)
2024-05-15 12:10:32 +02:00
Liu-Ermeng
170620675d fix sm2 encryption implementation bug.
According to the "GB/T 32918.4-2016"
section 6.1 encryption, step A5:
If result of the "KDF" is all zeros, we should go back to
the begin(step A1).

section 7.1 decryption, step B4:
If result of the "KDF" is all zeros, we should raise error and exit.

Signed-off-by: Liu-Ermeng <liuermeng2@huawei.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23210)
2024-05-15 11:17:14 +02:00
Tomas Mraz
f6e4698085 sslapitest.c: With fips skip tests depending on X25519 and X448
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)
2024-05-14 18:10:02 +02:00
Tomas Mraz
d2af5e4c94 90-test_sslapi.t: Fix execution of sslapitest with fips provider
Default configuration of the fips provider for tests is pedantic
which means that sslapitest was not fully executed with fips provider.

The ems check must be switched off for full execution.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)
2024-05-14 18:10:02 +02:00
Tomas Mraz
887572b85d Add 3.2 and 3.3 branches to Provider compat CI
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)
2024-05-14 18:10:02 +02:00
irosay
3e9d933882 Release pkey_ctx on initialization failure
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24366)
2024-05-14 17:58:34 +02:00
Jonathan M. Wilbur
50f2e2146a fix: extension critical definition to default false
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21230)
2024-05-14 16:04:51 +02:00
Trust-Worthy
77a30b70eb evp_test: Added the special private key that triggers bug (CVE-2011-4354)
The bug triggers in 32 bit linux distros running openssl 0.9.8g.

This adds a regression test case.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24235)
2024-05-14 15:57:19 +02:00
Alexandr Nedvedicky
fb323b2775 zeroize rsa->p,rsa->q on error
this is rquired by fipd-186-5 section A.1.6, step 7:
	Zeroize the internally generated values that are not returned

In OpenSSL code we need to zero p, q members of rsa structure. The rsa
structure is provided by ossl_rsa_fips186_4_gen_prob_primes() caller.

The remaining values (variables) mentioned by standard are zeroed
already in functions we call from ossl_rsa_fips186_4_gen_prob_primes().

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24358)
2024-05-14 15:55:41 +02:00
Rajeev Ranjan
b6a5e80167 Add support for integrity-only cipher suites for TLS v1.3
- add test vectors for tls1_3 integrity-only ciphers
- recmethod_local.h: add new member for MAC
- tls13_meth.c: add MAC only to tls 1.3
- tls13_enc.c: extend function to add MAC only
- ssl_local.h: add ssl_cipher_get_evp_md_mac()
- s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
- ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it
- tls13secretstest.c: add dummy test function
- Configure: add integrity-only-ciphers option
- document the new ciphers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22903)
2024-05-14 15:39:15 +02:00
Rajeev Ranjan
61f32392dd cipher_null.c: add NULL check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22903)
2024-05-14 15:38:52 +02:00
naaysayer
f5462572a1 apps/pkcs12: Not writing the private key file until the import password is verified
Fixes #904

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23729)
2024-05-14 15:36:33 +02:00
Frederik Wedel-Heinen
125719ba11 Remove SSL_ENC_FLAG_EXPLICIT_IV which is only set and never read.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24036)
2024-05-14 15:34:07 +02:00
Jacob Champion
a401aaf9ed Add reason codes with the correct offset for two alerts
Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and
SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the
corresponding reason strings.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24351)
2024-05-14 15:27:17 +02:00
Georgi Valkov
d8dd1dfdf5 threads_win: fix build error with VS2010
VC 2010 or earlier compilers do not support static inline.
To work around this problem, we can use the ossl_inline macro.

Fixes:
crypto\threads_win.c(171) : error C2054: expected '(' to follow 'inline'
crypto\threads_win.c(172) : error C2085: 'get_hold_current_qp' : not in formal parameter list
crypto\threads_win.c(172) : error C2143: syntax error : missing ';' before '{'
crypto\threads_win.c(228) : warning C4013: 'get_hold_current_qp' undefined; assuming extern returning int
crypto\threads_win.c(228) : warning C4047: '=' : 'rcu_qp *' differs in levels of indirection from 'int'

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24370)
2024-05-14 15:25:38 +02:00
Hongren Zheng
f94d773f94 crypto/riscvcap: fix function declaration for hwprobe_to_cap
error: function declaration isn't a prototype [-Werror=strict-prototypes]

Fixes: 66ad636b9 ("riscv: use hwprobe syscall for capability detection")

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24373)
2024-05-14 15:24:26 +02:00
Daiki Ueno
7860bca22c doc: Fix description of EVP_CIPHER_CTX_dup
This fixes a couple of copy and paste error from EVP_MD_CTX_dup,
where: EVP_CIPHER_CTX_dup is useful to avoid multiple
EVP_CIPHER_fetch (instead of EVP_MD_fetch) and returns
EVP_CIPHER_CTX (instead of EVP_MD_CTX).

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24376)
2024-05-14 09:28:26 +02:00
Georgi Valkov
c02f952b48 quic_multistream_test: fix undefined symbol snprintf with VS2010
As snprintf is not available everywhere, use BIO_snprintf instead.

Fixes:
        IF EXIST test\quic_multistream_test.exe.manifest DEL /F /Q test\quic_multistream_test.exe.manifest
        "link" /nologo /debug setargv.obj /subsystem:console /opt:ref  /nologo /debug @V:\_tmp\nm4.tmp
quic_multistream_test-bin-quic_multistream_test.obj : error LNK2019: unresolved external symbol _snprintf referenced in function _helper_init
test\quic_multistream_test.exe : fatal error LNK1120: 1 unresolved externals
NMAKE : fatal error U1077: '"E:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN\link.EXE"' : return code '0x460'

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24369)
2024-05-14 09:06:49 +02:00
Dimitri John Ledkov
fa338aa7cd fips: zeroization of public security parameters (PSPs)
ISO 19790:2012/Cor.1:2015 7.9 requires cryptographic module to provide
methods to zeroise all unproctected security sensitive parameters
(which inclues both Critical/Private **and** Public security
parameters). And those that are temprorarly stored are required to be
zeroised after they are no longer needed at security levels 2 and
higher.

Comply with the above requirements by always zeroising public security
parameters whenever they are freed.

This is currently done under the FIPS feature, however the requirement
comes from the ISO 19790:2012 which may also be needed in other
jurisdictions. If not always. Note FIPS 140-3 includes ISO 19790:2012
by reference.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24355)
2024-05-13 11:14:11 +02:00
willmafh
fa4ee40434 Typo fixes
and an addition of an empty line to follow the code style

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23721)
2024-05-13 11:10:35 +02:00
Hongren Zheng
87314d24c4 Implement riscv_vlen_asm for riscv32
riscvcap.c: undefined reference to 'riscv_vlen_asm'

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24270)
2024-05-10 17:02:49 +02:00
Tomas Mraz
3de3d481b2 tls_provider_init(): Rename prov_ctx to xor_prov_ctx to clarify
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24103)
2024-05-10 13:51:55 +02:00
Tomas Mraz
2a5d733e64 tls_provider_init(): Fix leaks in error cases
Fixes #24101

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24103)
2024-05-10 13:51:55 +02:00
Jiasheng Jiang
4a5088259e ssl_cipher_get_overhead(): Replace size_t with int and add the checks
Replace the type of "mac", "out", and "blk" with int to avoid implicit
conversion when it is assigned by EVP_MD_get_size(),
EVP_CIPHER_get_iv_length(), and EVP_CIPHER_get_block_size().
Moreover, add the checks to avoid integer overflow.

Fixes: 045bd04706 ("Add DTLS_get_data_mtu() function")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23935)
2024-05-10 11:35:22 +02:00
Hongren Zheng
d318411019 Add OPENSSL_riscvcap man page
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24172)
2024-05-09 10:50:42 +02:00
Hongren Zheng
c1bf576037 Print CPUINFO also for riscv processors
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24172)
2024-05-09 10:50:42 +02:00
Hongren Zheng
66ad636b97 riscv: use hwprobe syscall for capability detection
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24172)
2024-05-09 10:50:42 +02:00
dependabot[bot]
13d37d8f75 Dependabot update: Bump coverallsapp/github-action
CLA: trivial

(deps): Bump coverallsapp/github-action

Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.3 to 2.3.0.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.2.3...v2.3.0)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24350)
2024-05-09 09:37:47 +02:00
Tomas Mraz
fb6584987a OSSL_LIB_CTX_load_config() must not be called concurrently on same libctx
The semantics of such concurrent call is not defined.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:58 +02:00
Tomas Mraz
3e191f4879 Add tests for conf_diagnostics
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:58 +02:00
Tomas Mraz
64bfdebdc0 Do not overwrite conf diagnostics in OSSL_LIB_CTX if not set in config file
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:58 +02:00
Tomas Mraz
a0d37e200f Add documentation for OSSL_LIB_CTX_set/get_conf_diagnostics
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:58 +02:00
Tomas Mraz
af0561d7e7 Set SSL_CONF_FLAG_SHOW_ERRORS when conf_diagnostics is enabled
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:58 +02:00
Tomas Mraz
a0084946f5 Do not use bit fields for context data flag variables
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:58 +02:00
Tomas Mraz
21819f78b0 Make conf_diagnostics apply also to the SSL conf errors
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24275)
2024-05-09 09:20:25 +02:00
Yangyu Chen
f6ce48f5b8 chacha-riscv64-v-zbb.pl: better format
This patch merged the `add` and `xor` part of chacha_sub_round, which are
same in RISC-V Vector only and Zvkb implementation. There is no change to
the generated ASM code except for the indent.

Signed-off-by: Yangyu Chen <cyy@cyyself.name>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24069)
2024-05-08 11:10:45 +02:00
Yangyu Chen
c857205407 chacha-riscv64-v-zbb.pl: add comment about vector register allocation
Since we can do group operations on vector registers in RISC-V, some vector
registers will be used without being explicitly referenced. Thus, comments
on vector register allocation should be added to improve the code
readability and maintainability.

Signed-off-by: Yangyu Chen <cyy@cyyself.name>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24069)
2024-05-08 11:10:45 +02:00
Yangyu Chen
03ce37e117 riscv: Provide a vector only implementation of Chacha20 cipher
Although we have a Zvkb version of Chacha20, the Zvkb from the RISC-V
Vector Cryptography Bit-manipulation extension was ratified in late 2023
and does not come to the RVA23 Profile. Many CPUs in 2024 currently do not
support Zvkb but may have Vector and Bit-manipulation, which are already in
the RVA22 Profile. This commit provides a vector-only implementation that
replaced the vror with vsll+vsrl+vor and can provide enough speed for
Chacha20 for new CPUs this year.

Signed-off-by: Yangyu Chen <cyy@cyyself.name>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24069)
2024-05-08 11:10:45 +02:00
Viktor Dukhovni
7cbca5a6d6 Avoid memory leak in x509_test error path
Fixes #23897

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23991)
2024-05-08 10:53:54 +02:00
Tomas Mraz
deaa83af70 Fix Coverity issues 1596850, 1596851 and 1596852
These are newly introduced memory leaks and UAF in evp_test.c

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24339)
2024-05-08 09:13:56 +10:00
shridhar kalavagunta
57bb112c07 Move ossl_asn1_string_to_time_t() to libtestutil
It is not used anywhere else than in tests.

Fixes #22965

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23269)
2024-05-07 12:07:49 +02:00
Huiyue Xu
69bd5e4fff Add linux-arm64ilp32-clang target
While clang 15 config target by '--target', not cannot support
'-mabi=ilp32', so add the linux-arm64ilp32-clang target.

Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22666)
2024-05-07 11:48:58 +02:00
Florian Greinacher
0fff6a2cf4 Fix invalid expression syntax
The expression had an extra '$' character which made it always evaluate to true.

See https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/if_always_true.md.

CLA: trivial

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24325)
2024-05-07 09:29:51 +02:00
Craig Lorentzen
1c4f968469 Security hardening: Expose Build flags for Position Independed Execution (PIE)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22596)
2024-05-06 10:56:17 +02:00
Matt Caswell
97c6489b39 Fix undefined behaviour in the event of a zero length session id
Don't attempt to memcpy a NULL pointer if the length is 0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
2024-05-06 10:44:22 +02:00
Matt Caswell
aecaaccaf9 Document the SSL_set_session_secret_cb() function
This function is only useful for EAP-FAST, but was previously undocumented.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
2024-05-06 10:44:22 +02:00
Matt Caswell
91c7ab27ce Set the server sig algs before calling the session_secret_cb
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb

Fixes #24213

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
2024-05-06 10:44:14 +02:00
Matt Caswell
c8dddc61d4 Add a test for the session_secret_cb
Ensure that if a session_secret_cb is being used that a connection can
be successfully made

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
2024-05-06 10:44:14 +02:00