SSL object refactoring using SSL_CONNECTION object

Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented

SSL object refactoring using SSL_CONNECTION object

Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.

It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)

show more ...

Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl

Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17989)

show more ...

The -no_legacy_server_connect option applies to client

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/opens

The -no_legacy_server_connect option applies to client

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)

show more ...

Actually implement UnsafeLegacyServerConnect as documented

Fixes #18295

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https:

Actually implement UnsafeLegacyServerConnect as documented

Fixes #18295

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

str[n]casecmp => OPENSSL_strncasecmp

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)

SSL_conf_cmd: Allow DH Parameters at any position.

Fixes openssl#17326.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h

SSL_conf_cmd: Allow DH Parameters at any position.

Fixes openssl#17326.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18041)

show more ...

apps: Add option -no_ems to s_client/s_server apps

The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dm

apps: Add option -no_ems to s_client/s_server apps

The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17597)

show more ...

Disabling Encrypt-then-MAC extension in s_client/s_server

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/opens

Disabling Encrypt-then-MAC extension in s_client/s_server

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15735)

show more ...

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.

Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)

show more ...

Slightly reformat ssl.h.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:

Slightly reformat ssl.h.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15230)

show more ...

Convert SSL_{CTX}_[gs]et_options to 64

Less tersely: converted SSL_get_options, SSL_set_options,
SSL_CTX_get_options and SSL_CTX_get_options to take and return uint64_t
since we were

Convert SSL_{CTX}_[gs]et_options to 64

Less tersely: converted SSL_get_options, SSL_set_options,
SSL_CTX_get_options and SSL_CTX_get_options to take and return uint64_t
since we were running out of 32 bits.

Fixes: 15145

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15230)

show more ...

Correct ssl_conf logic for "legacy_server_connect"

This option is only useful for the client, but it was previously
marked as only being applicable for servers.

Correct the entr

Correct ssl_conf logic for "legacy_server_connect"

This option is only useful for the client, but it was previously
marked as only being applicable for servers.

Correct the entry to properly mark it as client-only, and update the
s_server/s_client manuals accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

show more ...

Only enable KTLS if it is explicitly configured

It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specific

Only enable KTLS if it is explicitly configured

It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specifically
configured not to. This is problematic because it avoids any crypto
implementations from providers. A user who configures all crypto to use
the FIPS provider may unexpectedly find that TLS related crypto is actually
being performed outside of the FIPS boundary.

Instead we change KTLS so that it is disabled by default.

We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather
than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and
SSL_MODE_NO_KTLS_TX).

Fixes #13794

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14799)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)

Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY

Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY

Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)

show more ...

Remove OPENSSL_NO_EC guards from libssl

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

Add the nist group names as aliases for the normal TLS group names

By recognising the nist group names directly we can avoid having to call
EC_curve_nist2nid in libssl, which is not avai

Add the nist group names as aliases for the normal TLS group names

By recognising the nist group names directly we can avoid having to call
EC_curve_nist2nid in libssl, which is not available in a no-ec build.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Implement a replacement for SSL_set_tmp_dh()

The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function

Implement a replacement for SSL_set_tmp_dh()

The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)

show more ...

Disable the DHParameters config option in a no-deprecated build

This option calls SSL_set_tmp_dh() which does not exist in a no-deprecated
build. We need to implement an alternative.

Disable the DHParameters config option in a no-deprecated build

This option calls SSL_set_tmp_dh() which does not exist in a no-deprecated
build. We need to implement an alternative.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)

show more ...

SSL: refactor all SSLfatal() calls

Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_

SSL: refactor all SSLfatal() calls

Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_add_data() to an SSLfatal_data() call.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)

show more ...

Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://

Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Fix safestack issues in x509.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1

Fix safestack issues in x509.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...