SSL object refactoring using SSL_CONNECTION object

Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented

SSL object refactoring using SSL_CONNECTION object

Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.

It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)

show more ...

tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above

This is in line with the NEWS entry (erroneously) announcing such for 3.0.

Fixes #18194

Reviewed-by:

tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above

This is in line with the NEWS entry (erroneously) announcing such for 3.0.

Fixes #18194

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

Currently we do not have any way to retrieve these values once set.

Fixes #18035.

Reviewed-by: Matt Caswell <matt@op

Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

Currently we do not have any way to retrieve these values once set.

Fixes #18035.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18038)

show more ...

[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@opens

[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)

show more ...

[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias

`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This co

[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias

`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)

show more ...

add OSSL_STACK_OF_X509_free() for commonly used pattern

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)

Fix invalid handling of verify errors in libssl

In the event that X509_verify() returned an internal error result then
libssl would mishandle this and set rwstate to SSL_RETRY_VERIFY. Th

Fix invalid handling of verify errors in libssl

In the event that X509_verify() returned an internal error result then
libssl would mishandle this and set rwstate to SSL_RETRY_VERIFY. This
subsequently causes SSL_get_error() to return SSL_ERROR_WANT_RETRY_VERIFY.
That return code is supposed to only ever be returned if an application
is using an app verify callback to complete replace the use of
X509_verify(). Applications may not be written to expect that return code
and could therefore crash (or misbehave in some other way) as a result.

CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>

show more ...

BIO_read_filename: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

BIO_read_filename: fix return check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17033)

show more ...

Change TLS RC4 cipher strength check to be data driven.

This is a same pattern as used in PR #16652

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@ope

Change TLS RC4 cipher strength check to be data driven.

This is a same pattern as used in PR #16652

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16656)

show more ...

cross-reference the DH and RSA SECLEVEL to level of security mappings

Since the DH check is used only in DHE-PSK ciphersuites, it's
easy to miss it when updating the RSA mapping. Add cro

cross-reference the DH and RSA SECLEVEL to level of security mappings

Since the DH check is used only in DHE-PSK ciphersuites, it's
easy to miss it when updating the RSA mapping. Add cross-references
so that they remain consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15853)

show more ...

ssl: do not choose auto DH groups that are weaker than the security level

Fixes #15808

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ssl: do not choose auto DH groups that are weaker than the security level

Fixes #15808

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)

show more ...

Fix NULL access in ssl_build_cert_chain() when ctx is NULL.

Fixes #14294

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from

Fix NULL access in ssl_build_cert_chain() when ctx is NULL.

Fixes #14294

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14295)

show more ...

Remove OPENSSL_NO_DH guards from libssl

This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged

Remove OPENSSL_NO_DH guards from libssl

This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1

Deprecate X509_NAME_hash()
Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_has

Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1

Deprecate X509_NAME_hash()
Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_hash()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)

show more ...

Only disabled what we need to in a no-dh build

no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quit

Only disabled what we need to in a no-dh build

no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quite so
much.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)

show more ...

SSL: refactor all SSLfatal() calls

Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_

SSL: refactor all SSLfatal() calls

Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_add_data() to an SSLfatal_data() call.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)

show more ...

Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://

Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Fix safestack issues in x509.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1

Fix safestack issues in x509.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Add X509 related libctx changes.

- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().

Add X509 related libctx changes.

- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)

show more ...

SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys

Fixes #11720

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl

SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys

Fixes #11720

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11828)

show more ...

coverity 1462581 Dereference after null check

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11651)