979 Commits

Author	SHA1	Message	Date
Bob Beck	e70d3b1886	Add util/codespell-check.sh and run it ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28639)	2025-09-26 07:58:44 -04:00
Pauli	3d68b70b9e	tls: explicitly clear the secure extensions on free ... Secure memory clears anyway but best to be explicit about it. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/28413)	2025-09-04 16:03:24 +10:00
Tomas Mraz	eaacf56ba9	Avoid doublefree of OCSP_SINGLERESP ... It is referenced by OCSP_BASICRESP and will be freed when that is freed. Issue and a proposed fix reported by Stanislav Fort (Aisle Research). Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/28300)	2025-08-20 14:59:34 +02:00
Eugene Syromiatnikov	351caebeac	ssl: use array memory (re)allocation routines ... Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28059)	2025-08-08 12:22:10 -04:00
martin	b1b4b154fd	Add support for TLS 1.3 OCSP multi-stapling for server certs ... Co-authored-by: Michael Krueger Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20945)	2025-07-25 17:24:37 +02:00
Tomas Mraz	abdbad370c	libssl: Silence warnings on Win64 builds ... Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27806)	2025-07-02 17:26:26 +02:00
Dmitry Belyavskiy	e7e7950998	Enforce permissions 0600 for SSLKEYLOGFILE ... Fixes #27890 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27893)	2025-06-30 10:45:31 +01:00
Sergey Kandaurov	403ba31a02	Preserve connection custom extensions in SSL_set_SSL_CTX() ... The SSL_set_SSL_CTX() function is used to switch SSL contexts for the given SSL object. If contexts differ, this includes updating a cert structure with custom extensions from the new context. This however overwrites connection custom extensions previously set on top of inherited from the old context. The fix is to preserve connection custom extensions using a newly introduced flag SSL_EXT_FLAG_CONN in custom_ext_copy_conn(). Similar to custom_ext_copy(), it is a no-op if there are no custom extensions to copy. The only such consumer is ossl_quic_tls_configure() used to set the "quic_transport_parameters" extension. Before this change, context switch resulted in transport parameters not being sent due to the missing extension. Initially reported at https://github.com/nginx/nginx/issues/711 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27706)	2025-06-20 15:55:29 +01:00
Andrew Dinh	9bad2b86e8	Reset qtls->local_transport_params_consumed to 0 on SSL_clear() ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27656)	2025-06-03 18:29:21 +02:00
Dr. David von Oheimb	1eee02d3e7	Fix SSL_{set1,add1}_host() handling of host name/IP address and related documentation ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27457)	2025-05-06 15:11:15 +02:00
Matt Caswell	cb5bb8916f	Fix errors on SSL_accept() and SSL_get_error() ... Calling SSL_accept() was raising two errors on the stack if you passed the wrong object type. Similarly SSL_get_error() was adding an error to the stack if the wrong object type was passed and returning the wrong result. We also ensure SSL_set_accept_state() and SSL_set_connect_state() don't raise spurious errors since these are void functions. Fixes #27347 Fixes #27348 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27351)	2025-04-24 20:10:44 +02:00
Graham Leggett	7f6cc862c6	ssl/ssl_lib.c: Avoid crash when SSL_CONNECTION is NULL ... Detection for sc == NULL is performed after sc is used. Add the check to the correct place. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27241)	2025-04-14 15:34:24 +01:00
Matt Caswell	95051052b3	Move the Handshake read secret change earlier in the process for QUIC 0-RTT ... On the server side we were changing the handshake rx secret a little late. This meant the application was forced to call SSL_do_handshake() again even if there was nothing to read in order to get the secret. We move it a little earlier int the process to avoid this. Fixes the issue described in: https://github.com/ngtcp2/ngtcp2/pull/1582#issuecomment-2735950083 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27101)	2025-03-20 20:22:39 +01:00
Matt Caswell	2100cf2ee0	Ensure SSL_get_app_data() continues to work even in SSL_free() ... During SSL_free() we may get a QUIC TLS callback being called to clean up any remaining record data. We should ensure that SSL_get_app_data() continues to work, even in this scenario. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091)	2025-03-20 11:24:26 +01:00
openssl-machine	0c679f5566	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-03-12 13:35:59 +00:00
Neil Horman	2ce46ad8ce	Change cipher suite alert for 0 length cipher_suites ... From RFC 8446: Note: TLS defines two generic alerts (see Section 6) to use upon failure to parse a message. Peers which receive a message which cannot be parsed according to the syntax (e.g., have a length extending beyond the message boundary or contain an out-of-range length) MUST terminate the connection with a "decode_error" alert. Peers which receive a message which is syntactically correct but semantically invalid (e.g., a DHE share of p - 1, or an invalid enum) MUST terminate the connection with an "illegal_parameter" alert. A zero length cipher suite list I think is considered out of range, and so we should return "decode_error" rather than "illegal_parameter" Fixes #25309 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26781)	2025-02-25 15:31:45 -05:00
Tomas Mraz	a3143c2400	No valid groups is not an error ... Of course TLS-1.3 won't be usable with such configuration. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26801)	2025-02-25 15:34:24 +01:00
Viktor Dukhovni	63a70d63e2	Add hybrid ML-KEM based groups to default TLS groups ... - send two key shares by default - trim down the list of default groups The default TLS group list setting is now: ?*X25519MLKEM768 / ?*X25519:?secp256r1 / ?X448:?secp384r1:?secp521r1 / ?ffdhe2048:?ffdhe3072 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26801)	2025-02-25 15:34:23 +01:00
Andrew Dinh	cec0659fa4	Coverity fixes ... Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643042 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643047 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643089 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643091 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643095 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26845)	2025-02-25 08:55:26 +01:00
Andrew Dinh	704c3d3cd2	Various NULL checks ... Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643035 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643039 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643041 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643044 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643045 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643046 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26840)	2025-02-21 15:07:27 -05:00
Cheng Zhang	db2c54cc92	Added new API to enable 0-RTT for 3rd party QUIC stacks. ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26842)	2025-02-21 12:01:30 +01:00
Andrew Dinh	a1c6e2d1b5	ssl_lib.c: Check for NULL from SSL_CONNECTION_FROM_SSL() ... Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643027 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643028 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26824)	2025-02-20 15:30:25 +01:00
Cheng Zhang	1b3f27f920	Add the SSL_NO_EOED internal macro ... The TLS EndOfEarlyData message is not applicable in some scenarios (e.g., QUIC). This adds a macro to handle this message. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26552)	2025-02-19 17:27:04 +01:00
Frederik Wedel-Heinen	00fbc96988	Adds missing checks of return from XXX_up_ref(). ... Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26294)	2025-02-18 16:32:59 +01:00
Neil Horman	9d6e5a69db	Remove NEW_TOKEN public api ... @sashan and I were discussing the usefulness of the public facing api for NEW_TOKEN support, and he has concerns over its usefulness and our being stuck with it if we need to make changes later. Given that it is a convience api for using multiple CTX-es to share a cache, its fine if we remove it for now, as that seems like a less common use case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517)	2025-02-17 11:27:33 -05:00
Neil Horman	e732f4456a	Remove SSL_TOKEN_STORE_HANDLE type ... Replace it with SSL_TOKEN_STORE and make the structure opaque in the public api Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517)	2025-02-17 11:27:33 -05:00
Neil Horman	f0e516522c	Modify ossl_quic_get_peer_token to return QUIC_TOKEN ... we use this struct internally to track computed tokens, we may as well use it when fetching those tokens, as it allows the removeal of the QTOK type Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517)	2025-02-17 11:27:33 -05:00
Neil Horman	e521131c60	Rename token_store functions to make them consistent ... we use get0 to get a token store, but set to set it. Since the latter takes a refcount, change that to set1. Also rename the interal quic functions to match. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517)	2025-02-17 11:27:33 -05:00
Neil Horman	b1828dc23a	Add public api to create token cache for QUIC NEW_TOKENS ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517)	2025-02-17 11:27:33 -05:00
Neil Horman	7502df20bc	rename new_pending_ssl to new_pending_conn ... Make it clear its only announcing connections, not streams Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26361)	2025-02-17 11:27:33 -05:00
Neil Horman	a607146904	Add a callback to announce newly created ssl waiting acceptance ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26361)	2025-02-17 11:27:33 -05:00
Alexandr Nedvedicky	73d7de128b	QUIC Concurrency API: Various minor fixes ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971)	2025-02-17 11:27:32 -05:00
Hugo Landau	db590923c1	QUIC APL: Refine domain flag handling ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971)	2025-02-17 11:27:32 -05:00
Hugo Landau	ae26f1eed6	QUIC APL: Default domain flags ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971)	2025-02-17 11:27:32 -05:00
Hugo Landau	5a6898db3a	QUIC APL: Use domain flag to determine thread assisted mode ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971)	2025-02-17 11:27:32 -05:00
Hugo Landau	50c7796267	QUIC APL: Add support for configuring domain flags ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971)	2025-02-17 11:27:32 -05:00
Hugo Landau	f75b3d1db6	QUIC APL: Add QUIC Domain SSL Object: Implementation ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24971)	2025-02-17 11:27:32 -05:00
Hugo Landau	eda445e13d	Minor updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23487)	2025-02-17 11:27:32 -05:00
Hugo Landau	7efebeb172	QUIC APL: Add TODOs for unfinished listener APIs ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334)	2025-02-17 11:27:32 -05:00
Hugo Landau	a68287adeb	QUIC APL: Add skeleton listener API methods ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334)	2025-02-17 11:27:32 -05:00
Hugo Landau	b67be72a5d	QUIC APL: Add skeleton listener API ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334)	2025-02-17 11:27:32 -05:00
Hugo Landau	bf55326752	libssl: Move SSL object unwrapping macros to separate header ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334)	2025-02-17 11:27:32 -05:00
Hugo Landau	e0ffd21e22	QUIC APL: Introduce QUIC listener SSL object type (QLSO) ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23334)	2025-02-17 11:27:32 -05:00
Dave Kelsey	d69c014608	Add support for multiple key shares ... This PR is the implementation of concluded discussion that occurred in a draft PR #25605. This changes were mainly authored by @martinschmatz with some contribution from myself. It addresses issue #21633 This extends the group list definition to support a more complex definition while still retaining backward compatibility with the simple form of colon separated groups. Details of the agreed format and expected behaviour can be found in #25605 and in the documentation changes. Signed-off-by: Dave Kelsey <d_kelsey@uk.ibm.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26445)	2025-02-10 11:43:56 -05:00
Neil Horman	dc10ffc283	Fix potential use-after-free in REF_PRINT_COUNT ... We use REF_PRINT_COUNT to dump out the value of various reference counters in our code However, we commonly use this macro after an increment or decrement. On increment its fine, but on decrement its not, because the macro dereferences the object holding the counter value, which may be freed by another thread, as we've given up our ref count to it prior to using the macro. The rule is that we can't reference memory for an object once we've released our reference, so lets fix this by altering REF_PRINT_COUNT to accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The eliminates the need to dereference the memory the object points to an allows us to use the call after we release our reference count Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25664)	2024-12-10 14:58:08 +01:00
Andrew Dinh	ef39dd058b	Change "a SSL" to "an SSL" ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25868)	2024-11-13 17:24:40 +01:00
Matt Caswell	40237bf97a	Don't complain with "no cipher match" for QUIC objects ... Calling the functions SSL_CTX_set_cipher_list() or SSL_set_cipher_list() will return the error "no cipher match" if no TLSv1.2 (or below) ciphers are enabled after calling them. However this is normal behaviour for QUIC objects which do not support TLSv1.2 ciphers. Therefore we should suppress that error in this case. Fixes #25878 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25886)	2024-11-08 14:36:17 +01:00
Matt Caswell	dc84829cc5	Make sure we use the correct SSL object when making a callback ... When processing a callback within libssl that applies to TLS the original SSL object may have been created for TLS directly, or for QUIC. When making the callback we must make sure that we use the correct SSL object. In the case of QUIC we must not use the internal only SSL object. Fixes #25788 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25874)	2024-11-07 12:05:34 +01:00
Matt Caswell	f88c2f2d17	Keep hold of a reference to the user SSL in QUIC ... In some cases a QUIC SSL_CONNECTION object needs to get hold of a reference to the original SSL object as created by the user. We should keep a reference to it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25874)	2024-11-07 12:05:23 +01:00
Neil Horman	5b29c71aa4	updating comments in test recipie ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297)	2024-10-21 11:34:35 +01:00