Fix safestack issues in ssl.h We fix 3 problems with safestack: - Including an openssl header file without linking against libcrypto can cause compilation failures (even if the app does not otherwise need to link against libcrypto). See issue #8102 - Recent changes means that applications in no-deprecated builds will need to include additional macro calls in the source code for all stacks that they need to use - which is an API break. This changes avoids that necessity. - It is not possible to write code using stacks that works in both a no-deprecated and a normal build of OpenSSL. See issue #12707. Fixes #12707 Contains a partial fix for #8102. A similar PR will be needed for hash to fully fix. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
Mark SSL_CTX_set_ssl_version() as deprecated in 3.0 Also, document its unusual semantics of resetting the cipher list (but preserving other configuration). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/7274)
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
Fix typo for SSL_get_peer_certificate() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12468)
Add SSL_get[01]_peer_certificate() Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8730)
Add support to zeroize plaintext in S3 record layer Some applications want even all plaintext copies beeing zeroized. However, currently plaintext residuals are kept in rbuf within the s3 record layer. This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to optionally enable cleansing of decrypted plaintext data. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12251)
TLSv1.3: additional checks in SSL_set_record_padding_callback Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11589)
Add cipher list ciphersuites which using encryption algorithm in mode CBC. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11984)
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12001)
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCALL error with errno 0. This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores the old behaviour for compatibility's sake. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735)
Constants for new GOST TLS 1.2 ciphersuites Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11709)
Add SSL_new_session_ticket() API This API requests that the TLS stack generate a (TLS 1.3) NewSessionTicket message the next time it is safe to do so (i.e., we do not have other data pending write, which could be mid-record). For efficiency, defer actually generating/writing the ticket until there is other data to write, to avoid producing server-to-client traffic when not needed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11416)
include/openssl/x509v3.h: restore previous stack definition arrangement It turned out that configuration options may affect the definition and use of diverse stacks and how they relate to the underlying types. For example, the configuration option 'no-rfc3779' results in a build error around STACK_OF(IPAddressFamily) and related stacks. Previously, STACK_OF definitions were located near the definition of the underlying type, which are also affected by configuration options, which made this easier to maintain. We relocate the new stack definitions back to those locations for that reason. We apply the same type of relocation in other header files as well, following the general rule that it's better to use DEFINE_OR_DECLARE_STACK_OF after the type it defines a stack for has been defined. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11655)
Fix type cast in SSL_CTX_set1_groups macro The macro casts the glist parameter to char* instead of (int *) like the documentation of the function suggest. Also the function tls1_set_groups that is called from SSL_CTX_ctrl takes an int * argument. This looks like a copy&paste error from SSL_CTX_set1_groups_list function. CLA: trivial Signed-off-by: Arne Schwabe <arne@rfc2549.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11614)
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
TLS Cipher Suite 0xC102 Support For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier, but new identifier 0xc102 was assigned. Because of old software we will support both numbers. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/ Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11403)
TLS: use EVP for HMAC throughout libssl. Backwards compatibility with the old ticket key call back is maintained. This will be removed when the low level HMAC APIs are finally removed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
Introduce SSL_CTX_new_with_libex() We add the ability to specify an OPENSSL_CTX (which may be NULL for the default context) and a property query string for use during algorithm fetch operations. For example, in this way one SSL_CTX could be used the default provider, and another one could be used with the FIPS provider. At this stage we don't use these values. That will come later. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10866)
Update source files for pre-3.0 deprecation Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)