Free pre_proc_exts in SSL_free()

Usually it will be freed in tls_early_post_process_client_hello().
However if a ClientHello callback will be used and will return
SSL_CLIENT_HELLO_RE

Free pre_proc_exts in SSL_free()

Usually it will be freed in tls_early_post_process_client_hello().
However if a ClientHello callback will be used and will return
SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello()
may never come to the point where pre_proc_exts is freed.

Fixes #12194

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12330)

show more ...

Don't attempt to duplicate the BIO state in SSL_dup

SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs
configured for it. This did not work.

Firstly the SSL

Don't attempt to duplicate the BIO state in SSL_dup

SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs
configured for it. This did not work.

Firstly the SSL_dup code was passing a BIO ** as the destination
argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that
parameter. Any attempt to use this will either (1) fail silently, (2) crash
or fail in some other strange way.

Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make
this work.

Thirdly, if rbio == wbio in the original SSL object, then an attempt is made
to up-ref the BIO in the new SSL object - even though it hasn't been set
yet and is NULL. This results in a crash.

This appears to have been broken for a very long time with at least some of
the problems described above coming from SSLeay. The simplest approach is
to just remove this capability from the function.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)

show more ...

Ensure that SSL_dup copies the min/max protocol version

With thanks to Rebekah Johnson for reporting this issue.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from h

Ensure that SSL_dup copies the min/max protocol version

With thanks to Rebekah Johnson for reporting this issue.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)

show more ...

Update the various SSL group getting and setting functions

A number of these functions returned a NID or an array of NIDs for the
groups. Now that groups can come from the providers we d

Update the various SSL group getting and setting functions

A number of these functions returned a NID or an array of NIDs for the
groups. Now that groups can come from the providers we do not necessarily
know the NID. Therefore we need to handle this in a clean way.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

show more ...

Modify libssl to discover supported groups based on available providers

Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported

Modify libssl to discover supported groups based on available providers

Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported group list based on the loaded
providers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

show more ...

TLSv1.3: additional checks in SSL_set_record_padding_callback

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.c

TLSv1.3: additional checks in SSL_set_record_padding_callback

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

show more ...

Check that Signature Algorithms are available before using them

We should confirm that Signature Algorithms are actually available
through the loaded providers before we offer or select

Check that Signature Algorithms are available before using them

We should confirm that Signature Algorithms are actually available
through the loaded providers before we offer or select them.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

show more ...

undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Rev

undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)

show more ...

New Russian TLS 1.2 implementation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)

Fix up whitespace nits introduced by PR #11416

Expand a couple literal tabs, and de-indent the body of a function.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged fr

Fix up whitespace nits introduced by PR #11416

Expand a couple literal tabs, and de-indent the body of a function.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11728)

show more ...

Add SSL_new_session_ticket() API

This API requests that the TLS stack generate a (TLS 1.3)
NewSessionTicket message the next time it is safe to do so (i.e., we do
not have other data

Add SSL_new_session_ticket() API

This API requests that the TLS stack generate a (TLS 1.3)
NewSessionTicket message the next time it is safe to do so (i.e., we do
not have other data pending write, which could be mid-record). For
efficiency, defer actually generating/writing the ticket until there
is other data to write, to avoid producing server-to-client traffic when
not needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416)

show more ...

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this. Most of all, ParseC needed to be more
consistent. The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns. There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

Ensure libssl uses the new library context aware CT code

Ensure that when we create a CTLOG_STORE we use the new library context
aware function.

Also ensure that when we create

Ensure libssl uses the new library context aware CT code

Ensure that when we create a CTLOG_STORE we use the new library context
aware function.

Also ensure that when we create a CT_POLICY_EVAL_CTX we associate it with
the library context.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11483)

show more ...

Ignore some fetch failures

Some fetch failurs are ok and should be ignored.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Ignore some fetch failures

Some fetch failurs are ok and should be ignored.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11405)

show more ...

Fix coverity issues

CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code
CID : 1458171 UNCHECKED RET apps/pkeyutl.c
CID : 1

Fix coverity issues

CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code
CID : 1458171 UNCHECKED RET apps/pkeyutl.c
CID : 1458173 DEAD CODE ffc_params_generate.c
CID : 1458174 RESOURCE LEAK ssl_lib.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11048)

show more ...

Fix a mem leak in libssl

Make sure we free up any ENGINE references after we have finished using
them.

Fixes #11064

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix a mem leak in libssl

Make sure we free up any ENGINE references after we have finished using
them.

Fixes #11064

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11070)

show more ...

Fix no-engine

We don't need to check if an engine has a cipher/digest in a no-engine
build.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://gith

Fix no-engine

We don't need to check if an engine has a cipher/digest in a no-engine
build.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11031)

show more ...

Explicitly fetch ciphers and digests in libssl

We modify libssl to use explicitly fetched ciphers, digests and other
algorithms as required based on the configured library context and

Explicitly fetch ciphers and digests in libssl

We modify libssl to use explicitly fetched ciphers, digests and other
algorithms as required based on the configured library context and
property query string for the SSL_CTX that is being used.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10854)

show more ...

Fix SSL_get_servername() and SNI behaviour

The SNI behaviour for TLSv1.3 and the behaviour of SSL_get_servername()
was not quite right, and not entirely consistent with the RFC.

Fix SSL_get_servername() and SNI behaviour

The SNI behaviour for TLSv1.3 and the behaviour of SSL_get_servername()
was not quite right, and not entirely consistent with the RFC.

The TLSv1.3 RFC explicitly says that SNI is negotiated on each handshake
and the server is not required to associate it with the session. This was
not quite reflected in the code so we fix that.

Additionally there were some additional checks around early_data checking
that the SNI between the original session and this session were
consistent. In fact the RFC does not require any such checks, so they are
removed.

Finally the behaviour of SSL_get_servername() was not quite right. The
behaviour was not consistent between resumption and normal handshakes,
and also not quite consistent with historical behaviour. We clarify the
behaviour in various scenarios and also attempt to make it match historical
behaviour as closely as possible.

Fixes #8822

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10018)

show more ...

Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl

Now that libssl knows about libctx we should use it wherever we generate
a random number.

Reviewed-by: Shane Lont

Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl

Now that libssl knows about libctx we should use it wherever we generate
a random number.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10927)

show more ...

Introduce SSL_CTX_new_with_libex()

We add the ability to specify an OPENSSL_CTX (which may be NULL for the
default context) and a property query string for use during algorithm
fetch

Introduce SSL_CTX_new_with_libex()

We add the ability to specify an OPENSSL_CTX (which may be NULL for the
default context) and a property query string for use during algorithm
fetch operations.

For example, in this way one SSL_CTX could be used the default provider,
and another one could be used with the FIPS provider.

At this stage we don't use these values. That will come later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10866)

show more ...

Update source files for pre-3.0 deprecation

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI

This is a wrapper around OSSL_STORE.

This also adds necessary support functions:

- X509_STORE_load_fi

X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI

This is a wrapper around OSSL_STORE.

This also adds necessary support functions:

- X509_STORE_load_file
- X509_STORE_load_path
- X509_STORE_load_store
- SSL_add_store_cert_subjects_to_stack
- SSL_CTX_set_default_verify_store
- SSL_CTX_load_verify_file
- SSL_CTX_load_verify_dir
- SSL_CTX_load_verify_store

and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations,
as they aren't extensible.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)

show more ...

Simplify NO_KTLS path in SSL_sendfile.

Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error. BIO_get_ktls_send()
should nev

Simplify NO_KTLS path in SSL_sendfile.

Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error. BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

show more ...