Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Lan

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

show more ...

libssl: Make some global mutable structures constant

x

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://githu

libssl: Make some global mutable structures constant

x

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23450)

show more ...

Rename SSL3_RECORD to TLS_RL_RECORD

The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead
of TLS_RECORD because that type already exists elsewhere.

Review

Rename SSL3_RECORD to TLS_RL_RECORD

The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead
of TLS_RECORD because that type already exists elsewhere.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)

show more ...

Move declarations out of record.h and record_local.h

We move many of the declarations in record.h and record_local.h into
locations inside ssl/record/methods instead. Also many declarati

Move declarations out of record.h and record_local.h

We move many of the declarations in record.h and record_local.h into
locations inside ssl/record/methods instead. Also many declarations were
no longer required and could be removed completely.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)

show more ...

Remove dtls_write_records

The dtls_write_records function, after the previous series of commits,
was functionally equivalent to tls_write_records_default - so it can be
removed compl

Remove dtls_write_records

The dtls_write_records function, after the previous series of commits,
was functionally equivalent to tls_write_records_default - so it can be
removed completely.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Move sequence increment to post encryption processing

This change make dtls_write_records virtuall the same as
tls_write_records_default, which will enable us to merge them in a
subs

Move sequence increment to post encryption processing

This change make dtls_write_records virtuall the same as
tls_write_records_default, which will enable us to merge them in a
subsequent commit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Convert dtls_write_records to use standard record layer functions

We have standard functions for most of the work that dtls_write_records
does - so we convert it to use those functions i

Convert dtls_write_records to use standard record layer functions

We have standard functions for most of the work that dtls_write_records
does - so we convert it to use those functions instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Start using WPACKET in the dtls write records code

Previously this was writing to the buffers directly. We use the safer
WPACKET instead

Reviewed-by: Richard Levitte <levitte@op

Start using WPACKET in the dtls write records code

Previously this was writing to the buffers directly. We use the safer
WPACKET instead

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Use common tls_write_records() even for DTLS

In practice this just means have a DTLS specific write_records that the
common tls_write_records() just calls. We also replace the use of

Use common tls_write_records() even for DTLS

In practice this just means have a DTLS specific write_records that the
common tls_write_records() just calls. We also replace the use of
ssl3_write_pending() with tls_retry_write_records().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Use record layer buffers for DTLS rather than the buffers in s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hug

Use record layer buffers for DTLS rather than the buffers in s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Introduce a step to prepare the BIO before writing

This removes some KTLS specific code from tls_retry_write_records().

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-b

Introduce a step to prepare the BIO before writing

This removes some KTLS specific code from tls_retry_write_records().

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Add a post encryption processing step

For example in this we add the MAC if we are doing encrypt-then-mac.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz

Add a post encryption processing step

For example in this we add the MAC if we are doing encrypt-then-mac.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Add a prepare for encryption step

This applies any mac that might be necessary, ensures that we have
enough space in the WPACKET to perform the encryption and sets up the
SSL3_RECORD

Add a prepare for encryption step

This applies any mac that might be necessary, ensures that we have
enough space in the WPACKET to perform the encryption and sets up the
SSL3_RECORD ready for that encryption.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Move record padding out of tls_common.c

Only tls13_meth.c needs to handle adding record padding. All other
*_meth.c files can ignore it.

Reviewed-by: Hugo Landau <hlandau@openss

Move record padding out of tls_common.c

Only tls13_meth.c needs to handle adding record padding. All other
*_meth.c files can ignore it.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Defer record header preparation to the protocol methods

We introduce a new function to prepare the record header. KTLS has its own
version since this is done by the kernel.

Revi

Defer record header preparation to the protocol methods

We introduce a new function to prepare the record header. KTLS has its own
version since this is done by the kernel.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Abstract out the record type processing

Remove TLSv1.3 specific processing of the record type out of tls_common.c
and into tls13_meth.c

Reviewed-by: Hugo Landau <hlandau@openssl

Abstract out the record type processing

Remove TLSv1.3 specific processing of the record type out of tls_common.c
and into tls13_meth.c

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Defer write buffer and WPACKET allocation/initialisation to protocol code

We move some protocol specific code for write buffer and WPACKET allocation
and initialisation out of tls_common

Defer write buffer and WPACKET allocation/initialisation to protocol code

We move some protocol specific code for write buffer and WPACKET allocation
and initialisation out of tls_common.c and into the protocol specific files.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

show more ...

Enable the ability to query the COMP_METHOD being used in the record layer

We also convert to passing COMP_METHOD rather than SSL_COMP to the record
layer. The former is a public type wh

Enable the ability to query the COMP_METHOD being used in the record layer

We also convert to passing COMP_METHOD rather than SSL_COMP to the record
layer. The former is a public type while the latter is internal only - and
the only thing we need from SSL_COMP is the method.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19217)

show more ...

Restructure the write code

Move the multiblock code into a separate file and introduce the usage of
record_functions_st for some write functions.

Reviewed-by: Hugo Landau <hland

Restructure the write code

Move the multiblock code into a separate file and introduce the usage of
record_functions_st for some write functions.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

show more ...

Tolerate a bad record version in TLSv1.3 plaintext records

When a server responds to a second TLSv1.3 ClientHello it is required to
set the legacy_record_version to 0x0303 (TLSv1.2). The

Tolerate a bad record version in TLSv1.3 plaintext records

When a server responds to a second TLSv1.3 ClientHello it is required to
set the legacy_record_version to 0x0303 (TLSv1.2). The client is required
to ignore that field even if it is wrong. The recent changes to the read
record layer in PR #18132 made the record layer stricter and it was
checking that the legacy_record_version was the correct value. This
caused connection failures when talking to buggy servers that set the
wrong legacy_record_version value.

We make us more tolerant again.

Fixes #19051

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19058)

show more ...

Remove some TODO(RECLAYER) comments

Some TODO(RECLAYER) comments are no longer necessary and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mr

Remove some TODO(RECLAYER) comments

Some TODO(RECLAYER) comments are no longer necessary and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove reliance on the SSL object from the DTLS read record layer code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

Remove reliance on the SSL object from the DTLS read record layer code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move some DTLS read code into the read record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl

Move some DTLS read code into the read record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some final references to the SSL object in the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://git

Remove some final references to the SSL object in the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove unneccesary KTLS code from non-KTLS specific files

This also moves other protocol specific code to the protocol specific
files.

Reviewed-by: Hugo Landau <hlandau@openssl.

Remove unneccesary KTLS code from non-KTLS specific files

This also moves other protocol specific code to the protocol specific
files.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...