Commit Graph

31783 Commits

Author SHA1 Message Date
Pauli
709d4be78f Limit the size of various MAXCHUNK definitions
The current code has issues when sizeof(long) <> sizeof(size_t).  The two
types are assumed to be interchangeable and them being different will
cause crashes and endless loops.

This fix limits the maximum chunk size for many of the symmetric ciphers
to 2^30 bytes.  This chunk size limits the amount of data that will
be encrypted/decrypted in one lump.  The code internally handles block
of data later than the chunk limit, so this will present no difference
to the caller.  Any loss of efficiency due to limiting the chunking to
1Gbyte rather than more should be insignificant.

Fixes Coverity issues:
    1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533,
    1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 &
    1508571 - 1508582.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18997)
2022-08-19 17:26:12 +10:00
Pauli
e8a557dc3c Coverity: misuses of time_t
Coverity 1508506:

    Fixes a bug in the cookie code which would have caused problems for
    ten minutes before and after the lower 32 bits of time_t rolled over.

Coverity 1508534 & 1508540:

    Avoid problems when the lower 32 bits of time_t roll over by delaying
    the cast to integer until after the time delta has been computed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19004)
2022-08-19 08:25:26 +10:00
Matt Caswell
b85ebc4b27 Check record layer callbacks are non-null
The current libssl code always ensures that the callbacks are non-null.
However, the record layer itself wasn't checkthing this. We ensure it does.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
1704961cf0 Formatting cleanups
Some minor formatting cleanups and other minor tweaks.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
7f7b0be8e3 Remove redefinition of macros
Some macros were redefined in ssl3_cbc.c. We remove the redefinitions

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
226ed5fb39 Remove redefinition of SSL_AD_NO_ALERT
The SSL_AD_NO_ALERT value was defined in two places. We centralise its
definition.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
efc84eacb7 Ensure the rrl object is set to NULL after it is freed
Once we free the rrl object we should NULL it to prevent a dangling ref
to it. Otherwise we could get a double free.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
9b7fb65e15 Rename some functions to be more consistent
Some functions in the record layer were called rlayer_*, but most were
called tls_*. We standardise on the latter.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
f6aab7b1e1 Rename DTLS1_BITMAP to DTLS_BITMAP
The 1 in DTLS1 is confusing and is removed. We also tweak the structure
to always be able to track 64 packets regardless of whether we are on a
32 bit or 64 bit system.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
df60982574 Remove ssl/record/README.md
This file contains design details for the old record layer and is no
longer relevant for the new design.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
279754d419 Standardise type for epoch
The value for epoch was being represented internally via various types:
uint16_t, unsigned short, unsigned int, unsigned long

We standardise on uint16_t

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
9007412c1e Remove the SSL3_RECORD read field
The read field is no longer used and can be safely removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
4a532de98d Add a CHANGES.md entry for the record layer changes
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
d3192c2643 Clean up some SCTP releated issues
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
4566dae723 Ensure various record layer options can be updated
We would like the capability for the options/mode/read_ahead settings
to be updateable after the record layer object has been instantiated.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
19d0044448 Remove some redundant code
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:14 +01:00
Matt Caswell
a16f9d3366 Update the tls13encryptiontest for new read record layer
The tls13encryption is an internal test that reaches inside libssl
to test encryption/decryption of records. It needs to be amended for the
new code structure so that it is testing the equivalent things as before.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
d0b17ea025 Implement a human readable state function for the record layer
This allows querying of the record layer to get a human readable state
string out. This resolves two outstanding TODO comments and enables us
to remove the rstate variable from s->rlayer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
d4ee3456e9 Correct some formatting errors in tls1_meth.c
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
3de7695928 Move SSL_MODE_RELEASE_BUFFERS into the read record layer
This resolves an outstanding "TODO" item.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
1b285ac137 Remove a redundant TODO
If read_ahead data is left over when a record layer closes down, there is
already code present to push into the "next" BIO. So the TODO removed here
is no longer relevant.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
c77d455673 Cleanse the SSLv3 MAC secret when we clean up the read record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
cffafb5f57 Move some fields out of the SSL object and into the record layer object
Fields such as rrlmethod and rrl are entirely related to the record layer,
and so should be in that object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
2f90f85cc0 Remove an unnecessary setup of the read buffer
Now everything has been moved to the record layer the additional check
for setting up the read buffer is not needed and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
b0a9042e0f Clear away some unused fields and cruft in the record layer
Now that the read record layer has moved to the new architecture we can
clear some of the old stuff away.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
8bbf7ef63f Remove some references to rlayer.rstate
This also fixes ssl3_pending while we are at it

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
db1a505ced Ensure we use a dgram mem BIO for the DTLS record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
499b2c4654 Remove some more redundant TODO(RECLAYER) comments
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
51ccad3f40 Resolve a TODO(RECLAYER) in the SSLv3 code
We remove some code outside of the record layer which is no longer
relevant since its functions are now performed by the new record layer
code. This removes a TODO(RECLAYER) as a result.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
4564b47d75 Remove some TODO(RECLAYER) comments
Some TODO(RECLAYER) comments are no longer necessary and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
81c9ebd909 Remove some unnecessary function pointers from OSSL_RECORD_METHOD
We had some temporary function pointers in OSSL_RECORD_METHOD which were
only necessary during the process of refactoring the read record layer.
These are no longer required so can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
3a7a539ec5 Standardise some DTLS record layer naming
Remove references to dtls1_* and just use dtls_*

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
bfc0f10d06 Remove some remaining SSL object references from DTLS record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
7a15ed64fa Push unprocessed DTLS records from one record layer object to next
We add unprocessed DTLS records to the unprocessed record queue. When
the record layer closes down we write the unprocessed records to the
next record layer object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
222cf410d5 Remove reliance on the SSL object from the DTLS read record layer code
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
eddb067e2c Move some DTLS read code into the read record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
8124ab56d4 Remove some final references to the SSL object in the record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
6366bdd9be Remove the separation betweeen enc_read_ctx and enc_write_ctx
Similarly with read_hash and write_hash. In the new model we have a
separate record layer object for reading and writing. Therefore we don't
need to distinguish between reading and writing inside the record layer
object in the encryption and md ctxs.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
ed0e298fb8 Enable the record layer to call the ssl_security callback
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
3c7b9ef9c5 Use a record layer specific message callback
Don't use the message callback from the SSL object. Instead we use a
wrapper callback so that the record layer does not need to be aware of the
SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
9dd90232d5 Move early data counting out of the SSL object and into the record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:13 +01:00
Matt Caswell
0755722c28 Move the sequence number into the OSSL_RECORD_LAYER object
This removes some references to the SSL object from the record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
ffbd6e6787 Remove use of SSL object for fragment length checking in record layer
Pass the max fragment length to the record layer when it is applicable
to avoid the need to go through the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
651216dd54 Remove use of ossl_statem_in_error() from the record layer
We remove the dependency on the SSL object. Instead we check if the
record layer has already set an alert code.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
7f2f0ac7bf Make the record layer directly aware of EtM
We no longer have to go through the SSL object to discover whether EtM has
been negotiated.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
88d616805c Remove SSL_USE_EXPLICT_IV() from the record layer methods
Instead we introduce RLAYER_USE_EXPLICIT_IV(). This removes a dependency
on the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
9cd9e0978b Remove some use of SSL object from record layer
Remove SSL_IS_TLS13() and hello_retry_request

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
ac837d4d2e Update the oqs-provider submodule to a more recent commit
Also update the oqsprovider.sh file to not run the preptests.sh script
which is no longer required

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
014baa8a6d Disallow SSL2_VERSION record version in an SSLv3 record header
When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the record was received in
SSLv2 format.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
976b263d0a Fix some no-comp compilation failures
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00