We use the returned data to decide how to split the data we want to write
into records.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
This also means we can convert SSLfatal calls to RLAYERfatal
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
There were a small number of references to the SSL_CONNECTION that can
be removed easily and replaced with record layer equivalents.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Previously we were referencing the block_padding value through the
SSL_CONNECTION. Now it is held within OSSL_RECORD_LAYER.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
We wrap the callback and pass it to the record layer via the dispatch
array, in order to avoid accessing it directly via SSL_CONNECTION.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
In all cases we should be able to replace this with a simple check
against rl->version.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
This flag can now be managed entirely by the new record layer code so we
move it into ossl_record_layer_st.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Now that we are no longer recursively addinng the prefix record this
doesn't seem necessary any more. We always add it every time we do
tls_write_records.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
This calculation is based on lots of information from state machine and
elsewhere that the record layer cannot access. In reality it is sufficient
to simply tell the record layer what version to use.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
We retain a numwpipes for now in the old record layer structure for use
by DTLS. This will eventually be removed when DTLS moves over to the new
way of doing things.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
We use the record layer reference to the BIO rather than the SSL object
reference. This removes an unneeded SSL object usage.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
This removes unnecessary usage of the SSL object from the record layer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
This isn't a record layer responsibility so should be removed from
write_records.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Make sure we set the write record layer method and create the object
where appropriate. Move the newly restructured writing code into the
record layer object.
For now we are cheating and still accessing the underlying SSL_CONNECTION
object. This will be removed in subsequent commits.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
The new write record layer architecture splits record writing into
a "write_records" call and a "retry_write_records" call - where multiple
records can be sent to "write_records" in one go. We restructure the code
into that format in order that future commits can move these functions into
the new record layer more easily.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
If we receive a ClientHello and send back a HelloVerifyRequest, we need
to be able to handle the scenario where the HelloVerifyRequest gets lost
and we receive another ClientHello with the message sequence number set to
0.
Fixes#18635
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18654)
Construction return values are no longer boolean but can return 3 different
values, so we use an enum to represent them.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)
If we can't construct the ticket don't send one. This requires a change
to the TLS state machine to be able to a handle a construction function
deciding not to send a message after all.
Fixes#18977
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18990)
Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c,
ssl/ssl_ciph.c, ssl/statem/statem_srvr.c, and mostly in test/helpers/ssltestlib.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
We automatically dropped Initial keys when receiving a Handshake packet,
but did this regardless of whether the packet was successfully decrypted
and authenticated. Per the RFC, we should only drop Initial keys when
successfully processing a Handshake packet.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19176)
Keep building it for libssl without exposing any symbols.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
This is instead of time_t and struct timeval. Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME internally.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Some of the recently added functions were not documents. This has been addressed.
Also added utility functions for conversions between time_t, seconds and struct timeval
to/from OSSL_TIME.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
Use a single definiton for protocol string defintions.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19122)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19126)
- Adds an RX time field to the OSSL_QRX_PKT structure.
- Adds a timekeeping argument to ossl_demux_new which is used to determine
packet reception time.
- Adds a decoded PN field to the OSSL_QRX_PKT structure.
This has to be decoded by the QRX anyway, and its omission was an oversight.
- Key update support for the TX side.
- Minor refactoring.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18949)
Leak sanitizer reports following leak for ssl-test-new subtest
4-tlsv1_2-both-compress:
==335733==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
#12 0x100e85b in do_handshake_internal test/helpers/handshake.c:1544
#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
#14 0x101d1a7 in test_handshake test/ssl_test.c:543
#15 0x1027875 in run_tests test/testutil/driver.c:370
#16 0x1008393 in main test/testutil/main.c:30
#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
#12 0x1010b09 in do_handshake_internal test/helpers/handshake.c:1550
#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
#14 0x101d1a7 in test_handshake test/ssl_test.c:543
#15 0x1027875 in run_tests test/testutil/driver.c:370
#16 0x1008393 in main test/testutil/main.c:30
#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
SUMMARY: AddressSanitizer: 35456 byte(s) leaked in 2 allocation(s).
Fix this by freeing the SSL3_RECORD structure inside the OSSL_RECORD_LAYER.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19030)
When a server responds to a second TLSv1.3 ClientHello it is required to
set the legacy_record_version to 0x0303 (TLSv1.2). The client is required
to ignore that field even if it is wrong. The recent changes to the read
record layer in PR #18132 made the record layer stricter and it was
checking that the legacy_record_version was the correct value. This
caused connection failures when talking to buggy servers that set the
wrong legacy_record_version value.
We make us more tolerant again.
Fixes#19051
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19058)
This is the initial implementation of the ACK Manager for OpenSSL's QUIC
support, with supporting design documentation and tests.
Because the ACK Manager also depends on the Statistics Manager, it is
also implemented here. The Statistics Manager is quite simple, so this
does not amount to a large amount of extra code.
Because the ACK Manager depends on a congestion controller, it adds a
no-op congestion controller, which uses the previously workshopped
congestion control API.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18676)
There was a copy & paste error in the definition of the
rlayer_skip_early_data callback. The return type is supposed to
be "int" but it was defined as a pointer type. This was causing
test failures on some platforms.
Fixes#19037
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19048)
Otherwise ssl3_cipher() cannot work properly.
Fixes Coverity CID 1509401
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19027)
or on record layer that is to be freed anyway.
Fixes Coverity CID 1509402, 1509403
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19027)
Coverity 1508506:
Fixes a bug in the cookie code which would have caused problems for
ten minutes before and after the lower 32 bits of time_t rolled over.
Coverity 1508534 & 1508540:
Avoid problems when the lower 32 bits of time_t roll over by delaying
the cast to integer until after the time delta has been computed.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19004)
The current libssl code always ensures that the callbacks are non-null.
However, the record layer itself wasn't checkthing this. We ensure it does.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Some minor formatting cleanups and other minor tweaks.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Some macros were redefined in ssl3_cbc.c. We remove the redefinitions
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
The SSL_AD_NO_ALERT value was defined in two places. We centralise its
definition.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Once we free the rrl object we should NULL it to prevent a dangling ref
to it. Otherwise we could get a double free.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
