In preparation for moving the DTLS code to use the new write record layer
architecture we first restructure the code to create a dtls_write_records()
function that mirrors the functionality that the record layer will provide.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be removed. The
equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect
against known IV weaknesses because those protocol versions do not have
an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an
explicit IV - so this is not useful there.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
size_t-ify the COMP_METHOD structure and functions.
Get rid of the non-functional COMP_METHODS and return NULL instead.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
Fixes#19371
running config with 'enable-sctp' gave compiler errors.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19398)
We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)
This removes some KTLS specific code from tls_retry_write_records().
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
The KTLS code no longer calls this function so this is not necessary.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
For example in this we add the MAC if we are doing encrypt-then-mac.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
This applies any mac that might be necessary, ensures that we have
enough space in the WPACKET to perform the encryption and sets up the
SSL3_RECORD ready for that encryption.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
Only tls13_meth.c needs to handle adding record padding. All other
*_meth.c files can ignore it.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
The KTLS cipher function is a no-op so it doesn't matter if we call it.
We shouldn't special case KTLS in tls_common.c
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
We introduce a new function to prepare the record header. KTLS has its own
version since this is done by the kernel.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
Remove TLSv1.3 specific processing of the record type out of tls_common.c
and into tls13_meth.c
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
We move some protocol specific code for write buffer and WPACKET allocation
and initialisation out of tls_common.c and into the protocol specific files.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
This field was used to track whether a cipher ctx was valid for writing
or not, and also whether we should write out plaintext alerts. With the new
record layer design we no longer need to track whether a cipher ctx is valid
since the whole record layer will be aborted if it is not. Also we have a
different mechanism for tracking whether we should write out plaintext
alerts. Therefore this field is removed from the SSL object.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
Most of this was unnecessary anyway since DTLS isn't using these codepaths.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
We also clean up some of the KTLS code while we are doing it now that all
users of KTLS have been moved to the new write record layer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
Mostly revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
Create new TLS_GROUP_ENTRY values for these groups.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
This partially reverts commit 0a10825a0 in order to reimplement it in a
simpler way in the next commit. The reverted aspects are all related to
the TLSv1.3 brainpool curves in the supported_groups extension. Rather
than special casing the handling of these curves we simply add new entries
to the groups table to represent them. They can then be handled without
any additional special casing. This makes the code simpler to maintain.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
We also convert to passing COMP_METHOD rather than SSL_COMP to the record
layer. The former is a public type while the latter is internal only - and
the only thing we need from SSL_COMP is the method.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19217)
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.
There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.
Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be
located at TLSEXT_IDX in the array.
This adds a test to ensure extensions are in the correct order.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19269)
Newly computed traffic secrets are now logged upon key update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19241)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19040)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)
Implements the design doc/designs/quic-design/rx-depacketizer.md.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)
Also add internal functionality to get a QUIC_CONNECTION pointer from
an SSL pointer, and setters / getters for the GQX and ACKM fields.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)
Make sure we free the record layer before we free the connection BIOs
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Move the multiblock code into a separate file and introduce the usage of
record_functions_st for some write functions.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
We use the returned data to decide how to split the data we want to write
into records.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
This also means we can convert SSLfatal calls to RLAYERfatal
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
There were a small number of references to the SSL_CONNECTION that can
be removed easily and replaced with record layer equivalents.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Previously we were referencing the block_padding value through the
SSL_CONNECTION. Now it is held within OSSL_RECORD_LAYER.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
We wrap the callback and pass it to the record layer via the dispatch
array, in order to avoid accessing it directly via SSL_CONNECTION.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
