summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* BIO_sendmmsg/BIO_recvmmsg (API only)Hugo Landau2022-08-1912-8/+476
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18923)
* Limit the size of various MAXCHUNK definitionsPauli2022-08-192-2/+2
| | | | | | | | | | | | | | | | | | | | | | The current code has issues when sizeof(long) <> sizeof(size_t). The two types are assumed to be interchangeable and them being different will cause crashes and endless loops. This fix limits the maximum chunk size for many of the symmetric ciphers to 2^30 bytes. This chunk size limits the amount of data that will be encrypted/decrypted in one lump. The code internally handles block of data later than the chunk limit, so this will present no difference to the caller. Any loss of efficiency due to limiting the chunking to 1Gbyte rather than more should be insignificant. Fixes Coverity issues: 1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533, 1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 & 1508571 - 1508582. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18997)
* Coverity: misuses of time_tPauli2022-08-192-13/+11
| | | | | | | | | | | | | | | | Coverity 1508506: Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Coverity 1508534 & 1508540: Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19004)
* Check record layer callbacks are non-nullMatt Caswell2022-08-182-8/+15
| | | | | | | | | The current libssl code always ensures that the callbacks are non-null. However, the record layer itself wasn't checkthing this. We ensure it does. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Formatting cleanupsMatt Caswell2022-08-189-165/+154
| | | | | | | | Some minor formatting cleanups and other minor tweaks. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove redefinition of macrosMatt Caswell2022-08-181-21/+0
| | | | | | | | Some macros were redefined in ssl3_cbc.c. We remove the redefinitions Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove redefinition of SSL_AD_NO_ALERTMatt Caswell2022-08-183-3/+1
| | | | | | | | | The SSL_AD_NO_ALERT value was defined in two places. We centralise its definition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Ensure the rrl object is set to NULL after it is freedMatt Caswell2022-08-181-0/+1
| | | | | | | | | Once we free the rrl object we should NULL it to prevent a dangling ref to it. Otherwise we could get a double free. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Rename some functions to be more consistentMatt Caswell2022-08-183-12/+11
| | | | | | | | | Some functions in the record layer were called rlayer_*, but most were called tls_*. We standardise on the latter. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Rename DTLS1_BITMAP to DTLS_BITMAPMatt Caswell2022-08-184-18/+18
| | | | | | | | | | The 1 in DTLS1 is confusing and is removed. We also tweak the structure to always be able to track 64 packets regardless of whether we are on a 32 bit or 64 bit system. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove ssl/record/README.mdMatt Caswell2022-08-181-73/+0
| | | | | | | | | This file contains design details for the old record layer and is no longer relevant for the new design. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Standardise type for epochMatt Caswell2022-08-188-12/+12
| | | | | | | | | | | The value for epoch was being represented internally via various types: uint16_t, unsigned short, unsigned int, unsigned long We standardise on uint16_t Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove the SSL3_RECORD read fieldMatt Caswell2022-08-183-20/+1
| | | | | | | | The read field is no longer used and can be safely removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Add a CHANGES.md entry for the record layer changesMatt Caswell2022-08-181-0/+4
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Clean up some SCTP releated issuesMatt Caswell2022-08-186-23/+21
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Ensure various record layer options can be updatedMatt Caswell2022-08-186-42/+93
| | | | | | | | | We would like the capability for the options/mode/read_ahead settings to be updateable after the record layer object has been instantiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some redundant codeMatt Caswell2022-08-1810-270/+80
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Update the tls13encryptiontest for new read record layerMatt Caswell2022-08-182-54/+75
| | | | | | | | | | The tls13encryption is an internal test that reaches inside libssl to test encryption/decryption of records. It needs to be amended for the new code structure so that it is testing the equivalent things as before. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Implement a human readable state function for the record layerMatt Caswell2022-08-187-28/+49
| | | | | | | | | | This allows querying of the record layer to get a human readable state string out. This resolves two outstanding TODO comments and enables us to remove the rstate variable from s->rlayer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Correct some formatting errors in tls1_meth.cMatt Caswell2022-08-181-22/+17
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move SSL_MODE_RELEASE_BUFFERS into the read record layerMatt Caswell2022-08-182-8/+6
| | | | | | | | This resolves an outstanding "TODO" item. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove a redundant TODOMatt Caswell2022-08-181-4/+0
| | | | | | | | | | If read_ahead data is left over when a record layer closes down, there is already code present to push into the "next" BIO. So the TODO removed here is no longer relevant. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Cleanse the SSLv3 MAC secret when we clean up the read record layerMatt Caswell2022-08-181-1/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some fields out of the SSL object and into the record layer objectMatt Caswell2022-08-1812-87/+100
| | | | | | | | | Fields such as rrlmethod and rrl are entirely related to the record layer, and so should be in that object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove an unnecessary setup of the read bufferMatt Caswell2022-08-181-12/+0
| | | | | | | | | Now everything has been moved to the record layer the additional check for setting up the read buffer is not needed and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Clear away some unused fields and cruft in the record layerMatt Caswell2022-08-186-73/+12
| | | | | | | | | Now that the read record layer has moved to the new architecture we can clear some of the old stuff away. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some references to rlayer.rstateMatt Caswell2022-08-183-11/+11
| | | | | | | | This also fixes ssl3_pending while we are at it Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Ensure we use a dgram mem BIO for the DTLS record layerMatt Caswell2022-08-181-1/+4
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some more redundant TODO(RECLAYER) commentsMatt Caswell2022-08-183-12/+0
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Resolve a TODO(RECLAYER) in the SSLv3 codeMatt Caswell2022-08-181-112/+43
| | | | | | | | | | We remove some code outside of the record layer which is no longer relevant since its functions are now performed by the new record layer code. This removes a TODO(RECLAYER) as a result. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some TODO(RECLAYER) commentsMatt Caswell2022-08-1812-31/+7
| | | | | | | | Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some unnecessary function pointers from OSSL_RECORD_METHODMatt Caswell2022-08-1814-226/+73
| | | | | | | | | | We had some temporary function pointers in OSSL_RECORD_METHOD which were only necessary during the process of refactoring the read record layer. These are no longer required so can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Standardise some DTLS record layer namingMatt Caswell2022-08-181-12/+11
| | | | | | | | Remove references to dtls1_* and just use dtls_* Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some remaining SSL object references from DTLS record layerMatt Caswell2022-08-188-28/+42
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Push unprocessed DTLS records from one record layer object to nextMatt Caswell2022-08-181-97/+27
| | | | | | | | | | We add unprocessed DTLS records to the unprocessed record queue. When the record layer closes down we write the unprocessed records to the next record layer object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove reliance on the SSL object from the DTLS read record layer codeMatt Caswell2022-08-1813-230/+261
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some DTLS read code into the read record layerMatt Caswell2022-08-1819-909/+1027
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some final references to the SSL object in the record layerMatt Caswell2022-08-1814-232/+170
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove the separation betweeen enc_read_ctx and enc_write_ctxMatt Caswell2022-08-185-85/+52
| | | | | | | | | | | Similarly with read_hash and write_hash. In the new model we have a separate record layer object for reading and writing. Therefore we don't need to distinguish between reading and writing inside the record layer object in the encryption and md ctxs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Enable the record layer to call the ssl_security callbackMatt Caswell2022-08-184-6/+20
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Use a record layer specific message callbackMatt Caswell2022-08-184-16/+30
| | | | | | | | | | Don't use the message callback from the SSL object. Instead we use a wrapper callback so that the record layer does not need to be aware of the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move early data counting out of the SSL object and into the record layerMatt Caswell2022-08-189-26/+128
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move the sequence number into the OSSL_RECORD_LAYER objectMatt Caswell2022-08-187-35/+19
| | | | | | | | This removes some references to the SSL object from the record layer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove use of SSL object for fragment length checking in record layerMatt Caswell2022-08-185-14/+36
| | | | | | | | | Pass the max fragment length to the record layer when it is applicable to avoid the need to go through the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove use of ossl_statem_in_error() from the record layerMatt Caswell2022-08-181-4/+4
| | | | | | | | | We remove the dependency on the SSL object. Instead we check if the record layer has already set an alert code. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Make the record layer directly aware of EtMMatt Caswell2022-08-1814-111/+200
| | | | | | | | | We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove SSL_USE_EXPLICT_IV() from the record layer methodsMatt Caswell2022-08-183-4/+7
| | | | | | | | | Instead we introduce RLAYER_USE_EXPLICIT_IV(). This removes a dependency on the SSL object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some use of SSL object from record layerMatt Caswell2022-08-183-1/+5
| | | | | | | | Remove SSL_IS_TLS13() and hello_retry_request Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Update the oqs-provider submodule to a more recent commitMatt Caswell2022-08-182-4/+0
| | | | | | | | | Also update the oqsprovider.sh file to not run the preptests.sh script which is no longer required Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Disallow SSL2_VERSION record version in an SSLv3 record headerMatt Caswell2022-08-181-0/+12
| | | | | | | | | | When validate_record_header() gets called it should be able to rely on the fact that an SSLv2 record version means that the record was received in SSLv2 format. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
View Lorry Controller Status