aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* SHAKE documentation updates for default output length.slontis2022-08-171-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated. Background: All digests algorithms (including XOF's) use the bitlen as the default output length. This results in a security strength of bitlen / 2. This means that SHAKE128 will by default have an output length of 16 bytes and a security strength of 64 bits. For SHAKE256 the default output length is 32 bytes and has a security strength of 128 bits. This behaviour was present in 1.1.1 and has been duplicated in the provider SHAKE algorithms for 3.0. The SHAKE XOF algorithms have a security strength of min(bitlen, output xof length in bits / 2). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18622)
* APPS: genrsa: Support setting propertiesClemens Lang2022-08-171-1/+2
| | | | | | | | | | | | | | | | | | The -provider and -propquery options did not work on genrsa. Fix this and add a test that checks that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
* APPS: dgst: Support properties when signingClemens Lang2022-08-171-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | The -provider and -propquery options did not work on dgst when using it for signing or signature verification (including HMACs). Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' Additionally, modify the behavior of dgst -list to also use the current library context and property query. This reduces the output below the headline "Supported digests" to a list of the digest algorithms that will actually work with the current configuration, which is closer to what users probably expect with this headline. See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
* APPS: pkeyparam: Support setting propertiesClemens Lang2022-08-171-2/+7
| | | | | | | | | | | | | | | | | | The -provider and -propquery options did not work on pkeyparam. Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
* APPS: ecparam: Support setting propertiesClemens Lang2022-08-171-4/+8
| | | | | | | | | | | | | | | | | | The -provider and -propquery options did not work on ecparam. Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
* APPS: dhparam: Support setting propertiesClemens Lang2022-08-171-3/+3
| | | | | | | | | | | | | | | | | | The -provider and -propquery options did not work on dhparam. Fix this and add tests that check that operations that would usually fail with the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously fixed the same problem in dsaparam and gendsa. See also the initial report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18717)
* Fix wrong default algorithm in openssl pkcs12 helpArne Schwabe2022-08-011-1/+1
| | | | | | | | | | | | The default that pkcs12 -export uses is SHA256 and not SHA1. CLA: Trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18904)
* Implement AES-GCM-SIV (RFC8452)Todd Short2022-07-291-2/+3
| | | | | | | | | | | | | | | | | | | | | | | Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
* Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg()Dr. David von Oheimb2022-07-201-24/+70
| | | | | | | | | | Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective tests as well as the -srvcertout CLI option using the new function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18656)
* Fix verify_callback in the openssl s_client/s_server appDmitry Belyavskiy2022-07-201-10/+16
| | | | | | | | | | We need to check that error cert is available before printing its data Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18805)
* apps/x509: add warnings for options ignored when -CA is not specifiedDr. David von Oheimb2022-07-141-3/+13
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
* APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use ↵Dr. David von Oheimb2022-07-144-13/+33
| | | | | | | | | | | random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
* apps/x509: Fix -CAfile option being neglected with -new or -inDr. David von Oheimb2022-07-141-1/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
* speed: Always reset the outlen when calling EVP_PKEY_deriveTomas Mraz2022-07-131-2/+5
| | | | | | | | | Fixes #18768 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18777)
* apps/cmp.c: fix cleanup of CMP_CTX vs. APP_HTTP_TLS_INFO in its http_cb_arg ↵Dr. David von Oheimb2022-07-111-5/+11
| | | | | | | | | | | | | field Prevent crashes on error by making sure the info is freed after OSSL_CMP_CTX_free(), which may call OSSL_HTTP_close() and thus indirectly reference the info. Moreover, should not attempt to reference the cmp_ctx variable when NULL. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18702)
* Add config option for speed commandKan2022-07-111-1/+9
| | | | | | | | Fixed #16986 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18616)
* Fixes OSCP->OCSP typo in ocsp command lineAlexander Scheel2022-07-061-1/+1
| | | | | | | | | | | | | | | | | The existing help text says: > -badsig Corrupt last byte of loaded OSCP response signature (for test) but this should be OCSP. This is the only occurrence within the project of this typo. CLA: trivial Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18684)
* app_http_tls_cb(): fix crash on inconsistency w.r.t. use of TLSDr. David von Oheimb2022-07-061-1/+8
| | | | | | | | | This happens if use_ssl is not set but an SSL_CTX is provided. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18674)
* APPS: dsaparam, gendsa: Support setting propertiesClemens Lang2022-07-012-3/+4
| | | | | | | | | | | | | | | | | The -provider and -propquery options did not work on dsaparam and gendsa. Fix this and add tests that check that operations that are not supported by the FIPS provider work when run with | -provider default -propquery '?fips!=yes' See also https://bugzilla.redhat.com/show_bug.cgi?id=2094956, where this was initially reported. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18576)
* apps/cmp.c: improve print_itavs()Dr. David von Oheimb2022-07-011-19/+27
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18657)
* apps/cmp.c: Fix glitch in -newkeypass warning and extend warnings for genmDr. David von Oheimb2022-07-011-3/+3
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18657)
* Update the default macsaltlen and Add the configure for macsaltlenKan2022-06-301-4/+12
| | | | | | | | | Fixed #18489 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18550)
* Fix the checks of X509_LOOKUP_* functionsPeiwei Hu2022-06-232-7/+7
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18400)
* Fix the checks of X509_REVOKED_add1_ext_i2dPeiwei Hu2022-06-231-5/+5
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18400)
* Add deprecation macro for 3.1 and deprecate OPENSSL_LH_statsHugo Landau2022-06-221-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17937)
* apps/s_server.c: Add check for OPENSSL_strdupJiasheng Jiang2022-06-221-0/+2
| | | | | | | | | | | | As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18595)
* Have set_dateopt() return 1 on success to make -dateopt workHartmut Holzgraefe2022-06-161-1/+3
| | | | | | | | | | Fixes #18553 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18554) (cherry picked from commit 67e1b558e67a3bee1f20f8a9e067211b440404f8)
* Fix the checks of EVP_PKEY_param_checkPeiwei Hu2022-06-022-2/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18424)
* Fix the checks of EVP_PKEY_checkPeiwei Hu2022-06-022-2/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18424)
* Fix the checks of EVP_PKEY_CTX_set/get_* functionsPeiwei Hu2022-06-022-4/+4
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18399)
* Fix the incorrect checks of EVP_CIPHER_CTX_rand_keyPeiwei Hu2022-05-271-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
* Fix the incorrect checks of EVP_CIPHER_CTX_set_key_lengthPeiwei Hu2022-05-271-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
* Fix check of EVP_CIPHER_CTX_ctrlPeiwei Hu2022-05-241-2/+2
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
* Avoid unchecked string concatenationBenny Baumann2022-05-231-17/+13
| | | | | | | | | | | | | | | | To avoid the issue of overflowing the buffer start while building up the help string prefix this rewrite of the string building logic does multiple smaller writes to opt_printf_stderr. While this is slower it completely avoids the buffer overflow issue and does not place any (unchecked) length constraints on the name of passed options. Instead such long options are gracefully wrapped onto the next line. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12265)
* Avoid potential OOB if width > sizeof(start)Benny Baumann2022-05-231-46/+58
| | | | | | | | | | | | | | | | This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH, but wasn't checked for previously. With this patch there still remains one (static) OOB, when the length of the option name and the valtype2param string for that argument overflow the buffer in opt_print. This is kinda unlikely, unless someone intentionally crafts a long option name, in which case this would become some trivial stack buffer overrun with possibility to overwrite pointer to the OPTIONS structure (a long o->name is critical here). I sincerely hope we trust our built-in documentation to not exploit ourselves. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12265)
* s_serve: Report an error if init-connection fails without an attempt to read.Daniel Fiala2022-05-061-4/+42
| | | | | | | | | Fixes: openssl#18047. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18154)
* s_client -proxy / -starttls shouldn't be mutually exclusiveVita Batrla2022-05-051-8/+7
| | | | | | | | | | | | | | | | | | The option -proxy of openssl s_client works fine. The option -starttls also works fine. However, try putting both of them on command line. It breaks, these options don't work together. The problem is that -proxy option is implemented using starttls_proto (the option parsing code sets it to PROTO_CONNECT) and -starttls option overwrites the same variable again based on argument value. The suggested fix is to independently handle -proxy option before -starttls so the s_client can connect through HTTP proxy server and then use STARTTLS command. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17925)
* openssl: dhparam: Print warning if -in argument is ignoredDaniel Fiala2022-05-041-0/+4
| | | | | | | | Fixes: openssl#18146 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18206)
* Fix Coverity 1503314 unchecked return valuePauli2022-05-041-2/+2
| | | | | | Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18013)
* Remove duplicated #include headersJHH202022-05-042-2/+0
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
* Update copyright yearMatt Caswell2022-05-0346-46/+46
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* str[n]casecmp => OPENSSL_strncasecmpDmitry Belyavskiy2022-04-229-26/+25
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Fix a possible NULL pointer dereference in create_cert_store()Zhou Qingyang2022-04-211-0/+4
| | | | | | | | | | | | In create_cert_store(), X509_STORE_new() is called and there is a dereference of it in following function X509_STORE_add_lookup() without check, which could lead to NULL pointer dereference. Fix this by adding a NULL check of X509_STORE_new() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18057)
* Fix wild pointer dereference in make_ocsp_response()Zhou Qingyang2022-04-211-0/+5
| | | | | | | | | | | | | The function OCSP_basic_add1_status() will return NULL on malloc failure. However the return value is not checked before being passed to OCSP_SINGLERESP_add1_ext_i2d(), and there is a wild field pointer, which could lead to wild pointer dereference. Fix this by adding return value check Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18081)
* Do a prelimary check for numbers in openssl prime command.Daniel Fiala2022-04-191-5/+20
| | | | | | | | Fixes openssl#16241. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18092)
* CMS sign digestViktor Söderqvist2022-04-021-9/+43
| | | | | | | | | | | | | CLI changes: New parameter -digest to CLI command openssl cms, to provide pre-computed digest for use with -sign. API changes: New function CMS_final_digest(), like CMS_final() but uses a pre-computed digest instead of computing it from the data. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15348)
* req, x509: Allow printing modulus of RSA-PSS keysTomas Mraz2022-04-012-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17990)
* Size of random output is now a long, also added option to select chunk sizeKevin K Biju2022-03-281-7/+8
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17949)
* Make `openssl check -rsa ...` to work for both RSA and RSA-PSS.Daniel Fiala2022-03-221-1/+1
| | | | | | | | | | Fixes openssl#17167 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17920) (cherry picked from commit 5d1f357a01f668f708c1abd7567175b4a0f18a38)
* Add TFO support to socket BIO and s_client/s_serverTodd Short2022-03-104-12/+73
| | | | | | | | | | | Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 23:36:11 +0000