summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Rename some functions to be more consistentMatt Caswell2022-08-183-12/+11
| | | | | | | | | Some functions in the record layer were called rlayer_*, but most were called tls_*. We standardise on the latter. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Rename DTLS1_BITMAP to DTLS_BITMAPMatt Caswell2022-08-184-18/+18
| | | | | | | | | | The 1 in DTLS1 is confusing and is removed. We also tweak the structure to always be able to track 64 packets regardless of whether we are on a 32 bit or 64 bit system. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove ssl/record/README.mdMatt Caswell2022-08-181-73/+0
| | | | | | | | | This file contains design details for the old record layer and is no longer relevant for the new design. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Standardise type for epochMatt Caswell2022-08-188-12/+12
| | | | | | | | | | | The value for epoch was being represented internally via various types: uint16_t, unsigned short, unsigned int, unsigned long We standardise on uint16_t Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove the SSL3_RECORD read fieldMatt Caswell2022-08-183-20/+1
| | | | | | | | The read field is no longer used and can be safely removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Add a CHANGES.md entry for the record layer changesMatt Caswell2022-08-181-0/+4
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Clean up some SCTP releated issuesMatt Caswell2022-08-186-23/+21
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Ensure various record layer options can be updatedMatt Caswell2022-08-186-42/+93
| | | | | | | | | We would like the capability for the options/mode/read_ahead settings to be updateable after the record layer object has been instantiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some redundant codeMatt Caswell2022-08-1810-270/+80
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Update the tls13encryptiontest for new read record layerMatt Caswell2022-08-182-54/+75
| | | | | | | | | | The tls13encryption is an internal test that reaches inside libssl to test encryption/decryption of records. It needs to be amended for the new code structure so that it is testing the equivalent things as before. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Implement a human readable state function for the record layerMatt Caswell2022-08-187-28/+49
| | | | | | | | | | This allows querying of the record layer to get a human readable state string out. This resolves two outstanding TODO comments and enables us to remove the rstate variable from s->rlayer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Correct some formatting errors in tls1_meth.cMatt Caswell2022-08-181-22/+17
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move SSL_MODE_RELEASE_BUFFERS into the read record layerMatt Caswell2022-08-182-8/+6
| | | | | | | | This resolves an outstanding "TODO" item. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove a redundant TODOMatt Caswell2022-08-181-4/+0
| | | | | | | | | | If read_ahead data is left over when a record layer closes down, there is already code present to push into the "next" BIO. So the TODO removed here is no longer relevant. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Cleanse the SSLv3 MAC secret when we clean up the read record layerMatt Caswell2022-08-181-1/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some fields out of the SSL object and into the record layer objectMatt Caswell2022-08-1812-87/+100
| | | | | | | | | Fields such as rrlmethod and rrl are entirely related to the record layer, and so should be in that object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove an unnecessary setup of the read bufferMatt Caswell2022-08-181-12/+0
| | | | | | | | | Now everything has been moved to the record layer the additional check for setting up the read buffer is not needed and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Clear away some unused fields and cruft in the record layerMatt Caswell2022-08-186-73/+12
| | | | | | | | | Now that the read record layer has moved to the new architecture we can clear some of the old stuff away. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some references to rlayer.rstateMatt Caswell2022-08-183-11/+11
| | | | | | | | This also fixes ssl3_pending while we are at it Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Ensure we use a dgram mem BIO for the DTLS record layerMatt Caswell2022-08-181-1/+4
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some more redundant TODO(RECLAYER) commentsMatt Caswell2022-08-183-12/+0
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Resolve a TODO(RECLAYER) in the SSLv3 codeMatt Caswell2022-08-181-112/+43
| | | | | | | | | | We remove some code outside of the record layer which is no longer relevant since its functions are now performed by the new record layer code. This removes a TODO(RECLAYER) as a result. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some TODO(RECLAYER) commentsMatt Caswell2022-08-1812-31/+7
| | | | | | | | Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some unnecessary function pointers from OSSL_RECORD_METHODMatt Caswell2022-08-1814-226/+73
| | | | | | | | | | We had some temporary function pointers in OSSL_RECORD_METHOD which were only necessary during the process of refactoring the read record layer. These are no longer required so can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Standardise some DTLS record layer namingMatt Caswell2022-08-181-12/+11
| | | | | | | | Remove references to dtls1_* and just use dtls_* Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some remaining SSL object references from DTLS record layerMatt Caswell2022-08-188-28/+42
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Push unprocessed DTLS records from one record layer object to nextMatt Caswell2022-08-181-97/+27
| | | | | | | | | | We add unprocessed DTLS records to the unprocessed record queue. When the record layer closes down we write the unprocessed records to the next record layer object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove reliance on the SSL object from the DTLS read record layer codeMatt Caswell2022-08-1813-230/+261
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some DTLS read code into the read record layerMatt Caswell2022-08-1819-909/+1027
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some final references to the SSL object in the record layerMatt Caswell2022-08-1814-232/+170
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove the separation betweeen enc_read_ctx and enc_write_ctxMatt Caswell2022-08-185-85/+52
| | | | | | | | | | | Similarly with read_hash and write_hash. In the new model we have a separate record layer object for reading and writing. Therefore we don't need to distinguish between reading and writing inside the record layer object in the encryption and md ctxs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Enable the record layer to call the ssl_security callbackMatt Caswell2022-08-184-6/+20
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Use a record layer specific message callbackMatt Caswell2022-08-184-16/+30
| | | | | | | | | | Don't use the message callback from the SSL object. Instead we use a wrapper callback so that the record layer does not need to be aware of the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move early data counting out of the SSL object and into the record layerMatt Caswell2022-08-189-26/+128
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move the sequence number into the OSSL_RECORD_LAYER objectMatt Caswell2022-08-187-35/+19
| | | | | | | | This removes some references to the SSL object from the record layer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove use of SSL object for fragment length checking in record layerMatt Caswell2022-08-185-14/+36
| | | | | | | | | Pass the max fragment length to the record layer when it is applicable to avoid the need to go through the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove use of ossl_statem_in_error() from the record layerMatt Caswell2022-08-181-4/+4
| | | | | | | | | We remove the dependency on the SSL object. Instead we check if the record layer has already set an alert code. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Make the record layer directly aware of EtMMatt Caswell2022-08-1814-111/+200
| | | | | | | | | We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove SSL_USE_EXPLICT_IV() from the record layer methodsMatt Caswell2022-08-183-4/+7
| | | | | | | | | Instead we introduce RLAYER_USE_EXPLICIT_IV(). This removes a dependency on the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some use of SSL object from record layerMatt Caswell2022-08-183-1/+5
| | | | | | | | Remove SSL_IS_TLS13() and hello_retry_request Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Update the oqs-provider submodule to a more recent commitMatt Caswell2022-08-182-4/+0
| | | | | | | | | Also update the oqsprovider.sh file to not run the preptests.sh script which is no longer required Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Disallow SSL2_VERSION record version in an SSLv3 record headerMatt Caswell2022-08-181-0/+12
| | | | | | | | | | When validate_record_header() gets called it should be able to rely on the fact that an SSLv2 record version means that the record was received in SSLv2 format. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Fix some no-comp compilation failuresMatt Caswell2022-08-183-9/+9
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Add support for moving data from one epoch to the nextMatt Caswell2022-08-187-37/+123
| | | | | | | | | | | | Sometimes data read by a record layer in one epoch is actually intended for the next epoch. For example in a TLS with read_ahead, the read_ahead data could contain a KeyUpdate message followed by application data encrypted with new keys. Therefore we implement a mechanism for passing this data across the epochs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Add a test for read_ahead data crossing a key changeMatt Caswell2022-08-181-0/+69
| | | | | | | | | If read_ahead is switched on, it should still work even if the data that is read cross epochs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove unneccesary KTLS code from non-KTLS specific filesMatt Caswell2022-08-1812-377/+639
| | | | | | | | | This also moves other protocol specific code to the protocol specific files. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move ktls.c into the record layerMatt Caswell2022-08-184-356/+343
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Distinguish between fatal and non-fatal errors when creating a record layerMatt Caswell2022-08-1813-153/+192
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Implement KTLS in the new read record layer codeMatt Caswell2022-08-1817-174/+443
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move protocol version specific code into separate filesMatt Caswell2022-08-1812-1288/+1360
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
View Lorry Controller Status