Allow ignoring unknown sigalgs and groups in the configuration Related to #20789 Signature algorithms and groups in the configuration that are preceded with ? character and are unknown to libssl are just ignored. The handling for them is similar to handling of ciphers. I.e., there should be a failure only in case the configuration produces no valid sigalgs or groups. Also ignore duplicate sigalgs and groups as such confiuration errors should not be fatal. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050)
SSL_set1_groups_list(): Fix memory corruption with 40 groups and more Fixes #23624 The calculation of the size for gid_arr reallocation was wrong. A multiplication by gid_arr array item size was missing. Testcase is added. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23625)
Simplify ssl protocol version comparisons. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23163)
Make nid_to_group read-only Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22828)
Minor fixes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
QUIC SSL: Prohibit readahead-related functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
QUIC: Forbid non-QUIC ciphers Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
Fix supported_groups handing in TLSv1.2 In TLSv1.2 we should not attempt to use a supported_group value that is intended for use with TLSv1.3 - even if both the server and the client support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but not for TLSv1.2. Fixes #21081 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21274)
Add SSL_get0_group_name() to get name of the group used for KEX Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20866)
RFC7250 (RPK) support Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
Update the EVP_PKEY_get_id documentation The documentation didn't mention the development where EVP_PKEY_get_id() returns a negative value for provider-only implementations, and the migration guide didn't mention how to cope with that. Fixes #20497 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20501)
tls1_set_groups_list: freeing *pext before overwriting calling SSL_CTX_set1_groups_list() twice on one SSL_CTX* caused a memory leak visible in valgrind: 4 bytes in 1 blocks are definitely lost in loss record 1 of 1 at 0x4841888: malloc (vg_replace_malloc.c:381) by 0x4B1EE96: CRYPTO_memdup (in libcrypto.so.3) by 0x48993A0: tls1_set_groups_list (in libssl.so.3) by 0x487AA7E: ssl3_ctx_ctrl (in libssl.so.3) by 0x1091EA: main (mem_leak.c:10) LEAK SUMMARY: definitely lost: 4 bytes in 1 blocks Freeing *pext to fix it. CLA: trivial Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20317) (cherry picked from commit fcf3a9f7c6a10acb2d92f03aec5e45df7dd712d5)
first cut at sigalg loading Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
Remove some redundant code Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
Reimplement brainpool TLSv1.3 support group support Create new TLS_GROUP_ENTRY values for these groups. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
Partial revert and reimplement "Enable brainpool curves for TLS1.3" This partially reverts commit 0a10825a0 in order to reimplement it in a simpler way in the next commit. The reverted aspects are all related to the TLSv1.3 brainpool curves in the supported_groups extension. Rather than special casing the handling of these curves we simply add new entries to the groups table to represent them. They can then be handled without any additional special casing. This makes the code simpler to maintain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
ssl: modify libssl so that it uses OSSL_TIME This is instead of time_t and struct timeval. Some public APIs mandate a presence of these two types, but they are converted to OSSL_TIME internally. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19082)
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
Check that IV length is not less than zero As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error should be processed. Also the result of this function shouldn't be assigned to an unsigned variable. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18891)