Make sure we use the correct SSL object when making a callback

When processing a callback within libssl that applies to TLS the original
SSL object may have been created for TLS directly

Make sure we use the correct SSL object when making a callback

When processing a callback within libssl that applies to TLS the original
SSL object may have been created for TLS directly, or for QUIC. When making
the callback we must make sure that we use the correct SSL object. In the
case of QUIC we must not use the internal only SSL object.

Fixes #25788

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25874)

show more ...

EVP_MD_size() updates

For SHAKE algorithms we now return 0 from EVP_MD_size().
So all the places that check for < 0 needed to change to <= 0
(Otherwise the behaviour will be to diges

EVP_MD_size() updates

For SHAKE algorithms we now return 0 from EVP_MD_size().
So all the places that check for < 0 needed to change to <= 0
(Otherwise the behaviour will be to digest nothing in most cases).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)

show more ...

Remove trailing whitespace

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb

Remove trailing whitespace

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

show more ...

fix vs2019 warning

windows vs2019 throws warnings when compiling openssl for edk2:

ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\

fix vs2019 warning

windows vs2019 throws warnings when compiling openssl for edk2:

ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : the following warning is treated as an error
WARNING - Compiler #4701 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local variable 'peer_rpk' used
WARNING - Compiler #4703 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local pointer variable 'peer_rpk' used

Explicitly initialize the peer_rpk variable to make the compiler happy.

Yes, it's a false positive, but you have to check the tls_process_rpk()
body in another source file to see that, which apparently is beyond the
compiler's capabilities.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24895)

show more ...

Move stack of compression methods from libssl to OSSL_LIB_CTX

The compression methods are now a global variable in libssl.
This change moves it into OSSL library context.

It is

Move stack of compression methods from libssl to OSSL_LIB_CTX

The compression methods are now a global variable in libssl.
This change moves it into OSSL library context.

It is necessary to eliminate atexit call from libssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24414)

show more ...

Use empty renegotiate extension instead of SCSV for TLS > 1.0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com

Use empty renegotiate extension instead of SCSV for TLS > 1.0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24161)

show more ...

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Lan

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

show more ...

Move increment of dtls epoch to change cipher state function

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/

Move increment of dtls epoch to change cipher state function

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23212)

show more ...

Simplify ssl protocol version comparisons.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Simplify ssl protocol version comparisons.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23163)

show more ...

Make scsv read-only

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged fro

Make scsv read-only

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)

show more ...

set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL

This currently cannot happen without an application overriding
the session with some bogus data so this is an os

set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL

This currently cannot happen without an application overriding
the session with some bogus data so this is an ossl_assert()
check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22418)

show more ...

Fix typos found by codespell

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht

Fix typos found by codespell

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22063)

show more ...

"foo * bar" should be "foo *bar"

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tom

"foo * bar" should be "foo *bar"

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)

show more ...

Change the TLS handshake keys early if we're not doing early data

We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early da

Change the TLS handshake keys early if we're not doing early data

We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early data. However for QUIC we
want to do this as early as possible (after ServerHello). Since we will
never do TLS early data with QUIC we just do it as early as possible if
early data is not being used.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21810)

show more ...

TLS KeyUpdate messages are not allowed in QUIC

We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.

TLS KeyUpdate messages are not allowed in QUIC

We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.

RFC 9001 section 6:
Endpoints MUST treat the receipt of a TLS KeyUpdate message as a connection
error of type 0x010a, equivalent to a fatal TLS alert of unexpected_message;
see Section 4.8.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)

show more ...

[feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siem

[feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20248)

show more ...

Do not send the empty renegotiation info SCSV in QUIC

There is no point in sending that when min_proto_version is >= TLS1_3_VERSION.
So we set that during SSL_CTX initialization and skip

Do not send the empty renegotiation info SCSV in QUIC

There is no point in sending that when min_proto_version is >= TLS1_3_VERSION.
So we set that during SSL_CTX initialization and skip adding the SCSV.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)

show more ...

RFC7250 (RPK) support

Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit t

RFC7250 (RPK) support

Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)

show more ...

Added `CERTIFICATE_VERIFY_MAX_LENGTH` constant

- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
(2 bytes for the algorithm identifier + 2 bytes of signature length
+ 65535 bytes o

Added `CERTIFICATE_VERIFY_MAX_LENGTH` constant

- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
(2 bytes for the algorithm identifier + 2 bytes of signature length
+ 65535 bytes of signature)
- Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH`
in `statem_srvr.c` and `statem_clnt.c`

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20486)

show more ...

first cut at sigalg loading

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19312)

Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Make error reason for disallowed legacy sigalg more specific

The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.

Fixes #19

Make error reason for disallowed legacy sigalg more specific

The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.

Fixes #19867

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)

show more ...

Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash

Those fields are no longer used. Their previous function is now in the new
record layer.

Reviewed-by: Hugo Landau

Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash

Those fields are no longer used. Their previous function is now in the new
record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)

show more ...

Add zlib oneshot compression

Fixes #19520

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/op

Add zlib oneshot compression

Fixes #19520

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19603)

show more ...

Fix coverity 1516094 uninit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)