Commit graph

23660 commits

Author SHA1 Message Date
Tomas Mraz
30d190caf3 Partially revert "Detect EOF while reading in libssl"
This partially reverts commit db943f43a6.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11400)
2020-03-25 14:17:22 +01:00
Richard Könning
d7b9a7a42d Use ctx2 instead ctx.
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11372)

(cherry picked from commit 402b00d57921a0c8cd641b190d36bf39ea5fb592)
2020-03-24 14:01:46 -07:00
Bernd Edlinger
ba4356ae40 Fix error handling in x509v3_cache_extensions and related functions
Basically we use EXFLAG_INVALID for all kinds of out of memory and
all kinds of parse errors in x509v3_cache_extensions.

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10756)
2020-03-22 23:08:56 +01:00
FdaSilvaYY
673692b8d6 Coverity: fix two minor NPD issues.
Found by Coverity.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8274)

(cherry picked from commit 23dc8feba8)
2020-03-20 13:31:21 +01:00
Bernd Edlinger
c307407713 Add a CHANGES entry for BN_generate_prime_ex
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1
when not computing safe primes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9387)
2020-03-19 03:23:22 +01:00
Bernd Edlinger
186b50d24e Update documentation of BN_generate_prime_ex
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9387)
2020-03-19 03:18:14 +01:00
Bernd Edlinger
0032bfea12 Merge probable_prime_dh_safe with bn_probable_prime_dh
This should avoid half of the trial divisions in probable_prime_dh_safe
and avoid bn_probable_prime_dh generating primes with special properties.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9387)
2020-03-19 03:18:14 +01:00
Bernd Edlinger
7eccef2197 Add a parameter to probable_prime if we look for a safe prime
Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.

Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9387)
2020-03-19 03:18:13 +01:00
Matt Caswell
9e1eaa4a40 Prepare for 1.1.1f-dev
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
2020-03-17 14:32:46 +00:00
Matt Caswell
a61eba4814 Prepare for 1.1.1e release
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
2020-03-17 14:31:17 +00:00
Matt Caswell
e7ff223a20 Update copyright year
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11344)
2020-03-17 13:59:29 +00:00
Matt Caswell
48a09ebc27 Update CHANGES for the new release
Reviewed-by: Mark J. Cox <mark@awe.com>
(Merged from https://github.com/openssl/openssl/pull/11342)
2020-03-17 13:43:08 +00:00
Matt Caswell
5a77b55cdc Update NEWS for the new release
Reviewed-by: Mark J. Cox <mark@awe.com>
(Merged from https://github.com/openssl/openssl/pull/11342)
2020-03-17 13:43:08 +00:00
Ben Kaduk
1959913846 sslapitest: don't leak the SSL_CTX pair
We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so
just keep using the original ones.  Also, fix a typo in a comment.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11336)

(cherry picked from commit b3e6d666e351d45e93d29fe3813245b92a0f5815)
2020-03-17 10:00:35 +00:00
Benjamin Kaduk
2f0dab7e59 Add test that changes ciphers on CCS
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate
the switch from the unencrypted to encrypted part of the handshake.
However, it can also be used in cases where there is an existing
session (such as during resumption handshakes) or when changing from
one cipher to a different one (such as during renegotiation when the
cipher list offered by the client has changed).  This test serves
to exercise such situations, allowing us to detect whether session
objects are being modified in cases when they must remain immutable
for thread-safety purposes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)

(cherry picked from commit 3cd14e5e65011660ad8e3603cf871c8366b565fd)
2020-03-13 16:12:18 -07:00
Benjamin Kaduk
44bad9cbf7 Code to thread-safety in ChangeCipherState
The server-side ChangeCipherState processing stores the new cipher
in the SSL_SESSION object, so that the new state can be used if
this session gets resumed.  However, writing to the session is only
thread-safe for initial handshakes, as at other times the session
object may be in a shared cache and in use by another thread at the
same time.  Reflect this invariant in the code by only writing to
s->session->cipher when it is currently NULL (we do not cache sessions
with no cipher).  The code prior to this change would never actually
change the (non-NULL) cipher value in a session object, since our
server enforces that (pre-TLS-1.3) resumptions use the exact same
cipher as the initial connection, and non-abbreviated renegotiations
have produced a new session object before we get to this point.
Regardless, include logic to detect such a condition and abort the
handshake if it occurs, to avoid any risk of inadvertently using
the wrong cipher on a connection.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)

(cherry picked from commit 2e3ec2e1578977fca830a47fd7f521e290540e6d)
2020-03-13 16:11:45 -07:00
Benjamin Kaduk
910c8ffaf8 Don't write to the session when computing TLS 1.3 keys
TLS 1.3 maintains a separate keys chedule in the SSL object, but
was writing to the 'master_key_length' field in the SSL_SESSION
when generating the per-SSL master_secret.  (The generate_master_secret
SSL3_ENC_METHOD function needs an output variable for the master secret
length, but the TLS 1.3 implementation just uses the output size of
the handshake hash function to get the lengths, so the only natural-looking
thing to use as the output length was the field in the session.
This would potentially involve writing to a SSL_SESSION object that was
in the cache (i.e., resumed) and shared with other threads, though.

The thread-safety impact should be minimal, since TLS 1.3 requires the
hash from the original handshake to be associated with the resumption
PSK and used for the subsequent connection.  This means that (in the
resumption case) the value being written would be the same value that was
previously there, so the only risk would be on architectures that can
produce torn writes/reads for aligned size_t values.

Since the value is essentially ignored anyway, just provide the
address of a local dummy variable to generate_master_secret() instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)

(cherry picked from commit d74014c4b8740f28a54b562f799ad1e754b517b9)
2020-03-13 15:55:51 -07:00
Benjamin Kaduk
a666af9f9d Fix whitespace nit in ssl_generate_master_secret()
Use a space after a comma.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)

(cherry picked from commit 1866a0d380fc361d9be2ca0509de0f2281505db5)
2020-03-13 15:55:50 -07:00
Benjamin Kaduk
cf900cbc5c doc: fix spelling of TYPE_get_ex_new_index
The generated macros are TYPE_get_ex_new_index() (to match
CRYPTO_get_ex_new_index()), not TYPE_get_new_ex_index(), even though
the latter spelling seems more natural.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)

(cherry picked from commit fe41c06e69613b1a4814b3e3cdbf460f2678ec99)
2020-03-13 15:55:50 -07:00
Benjamin Kaduk
d3133cc77c Additional updates to SSL_CTX_sess_set_get_cb.pod
Generally modernize the language.

Refer to TLS instead of SSL/TLS, and try to have more consistent
usage of commas and that/which.

Reword some descriptions to avoid implying that a list of potential
reasons for behavior is an exhaustive list.

Clarify how get_session_cb() is only called on servers (i.e., in general,
and that it's given the session ID proposed by the client).

Clarify the semantics of the get_cb()'s "copy" argument.
The behavior seems to have changed in commit
8876bc0548, though the behavior prior
to that commit was not to leave the reference-count unchanged if
*copy was not written to -- instead, libssl seemed to assume that the
callback already had incremented the reference count.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)

(cherry picked from commit 06f876837a8ec76b28c42953731a156c0c3700e2)
2020-03-13 15:55:49 -07:00
Jakub Jelen
9011225188 doc: Update the reference from draft to RFC
CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11299)

(cherry picked from commit c08dea30d4d127412097b39d9974ba6090041a7c)
2020-03-13 09:57:53 +01:00
Dr. Matthias St. Pierre
b69c7d352f doc: document that 'openssl rand' is cryptographically secure
(cherry picked from commit 88398d2a358f)

Additionally, remove an outdated paragraph mentioning the .rnd
file, which is obsolete in 1.1.1 since the RANDFILE entry was
removed from openssl.cnf in commit 1fd6afb571.

Also borrow some text from 'openssl(1)/Random State Options'
on master (commit a397aca43598) to emphasize that it is not
necessary anymore to restore and save the RNG state using the
'-rand' and '-writerand' options.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11251)
2020-03-12 13:08:15 +10:00
Matt Caswell
2cb5e08c2c Revert "Create a new embeddedSCTs1 that's signed using SHA256"
This reverts commit b98efebeb2.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11282)
2020-03-11 14:56:05 +00:00
Matt Caswell
63fa6f2e4b Revert "Stop accepting certificates signed using SHA1 at security level 1"
This reverts commit 68436f0a89.

The OMC did not vote in favour of backporting this to 1.1.1, so this
change should be reverted.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11282)
2020-03-11 14:56:05 +00:00
James Peach
004f570821 docs: fix typo in SSL functions
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11253)

(cherry picked from commit 9f44e96e245993c8e7aaa9fadf1d6713c9c60915)
2020-03-09 10:47:58 +01:00
Richard Levitte
5341893241 DOC: Make EVP_SignInit.pod conform with man-pages(7)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

(cherry picked from commit 03d65ca2095777cf6314ad813eb7de5779c9b93d)

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11232)
2020-03-08 22:41:25 +01:00
Richard Levitte
eed9d03b4f DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
We change the description to be about the key rather than the
signature.  How the key size is related to the signature is explained
in the description of EVP_SignFinal() anyway.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

(cherry picked from commit 6942a0d6feb8d3dcbbc6a1ec6be9de7ab2df1530)

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11232)
2020-03-08 22:41:25 +01:00
Bastian Germann
9aba5c5ff2 apps x509: passing PKCS#11 URL as -signkey
OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11
engine URL to "-signkey" option. The actual code is ready to take it.

Change the option parsing to allow an engine URL to be passed and modify
the manpage accordingly.

CLA: trivial

(cherry picked from commit 16d560439d8b1be5082228a87576a8f79b3525ac)

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11173)
2020-03-08 16:49:48 +01:00
Matt Caswell
4eca3ec728 Clarify the usage of EVP_PKEY_get_raw_[private|public]_key()
EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() expect
the size of the key buffer to be populated in the |*len| parameter on
entry - but the docs made no mention of this.

Fixes #11245

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11254)

(cherry picked from commit f529fc7d53bf4228fae61cb1efe73d97fe3eb35f)
2020-03-06 20:25:34 +00:00
Richard Levitte
c11f49016e DOC: Fixups of X509_LOOKUP.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11120)
2020-03-06 09:23:00 +01:00
Richard Levitte
8a7b7c9a79 DOC: Add documentation related to X509_LOOKUPs
Most of all, the base X509_LOOKUP functionality is now documented.
Furthermore, the names X509_LOOKUP_METHOD and X509_STORE are added for
reference.

Some functions were moved from X509_LOOKUP_meth_new.pod

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11120)
2020-03-06 09:23:00 +01:00
Patrick Steuer
ded6741604 crypto/ec/curve448/eddsa.c: fix EBCDIC platforms
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11229)

(cherry picked from commit af7f656cd91d99d62567e2b20c61f07cb4d81d0b)
2020-03-05 17:33:35 +01:00
Patrick Steuer
1d53593169 aes-s390x.pl: fix stg offset caused by typo in perlasm
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11234)

(cherry picked from commit 7b2ce4a6e817e4385ff77fea0c6e349294c7b756)
2020-03-05 17:24:43 +01:00
Bernd Edlinger
bf42b99ed4 This works around a gcc-9 crash
It happens when configured with ./config -ftest-coverage

see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94029

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11246)
2020-03-05 16:04:36 +01:00
Scott Arciszewski
93c50f4680 Fix comment placement in ecp_nistp256.ci
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11175)

(cherry picked from commit c590be6f12d0b725863961e41bc64a81c8cf30d6)
2020-02-28 00:41:26 +01:00
Bastian Germann
3bd75cfafd apps x509: restrict CAkeyform option to OPT_FMT_PDE
CAkeyform may be set to PEM, DER or ENGINE, but the current options
are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.

Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting
the option value.

This amends bf4006a6f9 ("Fix regression on x509 keyform argument") which
did the same thing for keyform and changed the manpage synopsis entries
for both keyform and CAkeyform but did not change the option section.
Hence, change the option section.

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11172)
2020-02-27 12:18:03 +01:00
Richard Levitte
605a0c709f VMS: mitigate for the C++ compiler that doesn't understand certain pragmas
This only affects __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H,
which are used automatically by HP and VSI C/C++ compilers.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11159)
2020-02-27 01:21:50 +01:00
Matt Turner
8d87aecfb2 config: Drop linux-alpha-gcc+bwx
Its entry in Configuration/10-main.conf was dropped in commit
7ead0c8918 ("Configure: fold related configurations more aggressively
and clean-up.") probably because all but one of its bn_ops were removed
(RC4_CHAR remained). Benchmarks on an Alpha EV7 indicate that RC4_INT is
better than RC4_CHAR so rather than restoring the configuation, remove
it from config.

CLA: trivial
Bug: https://bugs.gentoo.org/697840


(cherry picked from commit 19ded1a717b6c72c3db241f06787a353f1190755)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11130)
2020-02-26 16:03:13 +01:00
Matt Caswell
22623e0cc2 Teach more BIOs how to handle BIO_CTRL_EOF
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10882)
2020-02-20 17:02:31 +00:00
Matt Caswell
db943f43a6 Detect EOF while reading in libssl
If we hit an EOF while reading in libssl then we will report an error
back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.

Contains a partial fix for #10880

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10882)
2020-02-20 17:02:30 +00:00
Matt Caswell
b22a4996f3 Add *.d.tmp files to .gitignore
These are temporary files generated by the build process that should not
be checked in.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11122)

(cherry picked from commit 7b5108dff4cfde059ca278147a188fb6254603d1)
2020-02-20 16:58:54 +00:00
Simon Cornish
dfbaef60fe Handle max_fragment_length overflow for DTLS
Allow for encryption overhead in early DTLS size check
and send overflow if validated record is too long

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11096)

(cherry picked from commit cc0663f697b05ed121a728241f0502250429802d)
2020-02-19 09:22:09 +01:00
David Benjamin
218e740f85 Do not silently truncate files on perlasm errors
If one of the perlasm xlate drivers crashes, OpenSSL's build will
currently swallow the error and silently truncate the output to however
far the driver got. This will hopefully fail to build, but better to
check such things.

Handle this by checking for errors when closing STDOUT (which is a pipe
to the xlate driver).

This is the OpenSSL 1.1.1 version of
https://github.com/openssl/openssl/pull/10883 and
https://github.com/openssl/openssl/pull/10930.

Reviewed-by: Mark J. Cox <mark@awe.com>
Reviewed-by: Paul Dale David Benjamin <davidben@google.com>
(Merged from https://github.com/openssl/openssl/pull/10931)
2020-02-17 12:21:27 +10:00
Kurt Roeckx
57225c99ef Check that ed25519 and ed448 are allowed by the security level
Signature algorithms not using an MD weren't checked that they're
allowed by the security level.

Reviewed-by: Tomáš Mráz <tmraz@fedoraproject.org>
GH: #11062
2020-02-16 11:55:42 +01:00
Kurt Roeckx
42fc479647 Generate new Ed488 certificates
Create a whole chain of Ed488 certificates so that we can use it at security
level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the
Ed488 certificate using SHA256 (128 bit, level 3).

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #10785
(cherry picked from commit 77c4d3972400adf1bcb76ceea359f5453cc3e8e4)
2020-02-16 11:52:05 +01:00
Richard Levitte
525e2288fa DOC: document in more detail what a BIO_read_ex() via BIO_f_buffer() does
The BIO_f_buffer() documentation tells in enough detail how it affects
BIO_gets(), but not how it affects BIO_read_ex().  This change
remedies that.

Fixes #10859

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10890)

(cherry picked from commit 9a4fd80ee0ad1833879b6a55c9c4673eeb8446a3)
2020-02-15 06:58:24 +01:00
Richard Levitte
cd5acbb475 VMS: Correct error reporting in crypto/rand/rand_vms.c
The future style that's coming with OpenSSL 3.0 was used, we need to
revert that back to "traditional" style.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11088)
2020-02-15 06:48:04 +01:00
Richard Levitte
c781d46beb VMS: Adapt descrip.mms template to the changed inclustion dirs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11088)
2020-02-15 06:48:03 +01:00
Bernd Edlinger
52346fb007 Adjust minimal build config in 1.1.1 branch
Backport of improvements from #9982 to 1.1.1 branch.
Adds some more exclusions which were previously missed.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11059)
2020-02-14 15:12:52 +01:00
Nikolay Morozov
64dc4eeef8 Forgotten GOST2012 support in non-vital places
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11072)
2020-02-12 15:20:41 +03:00