Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Lan

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

show more ...

Removes record_queue struct which is no longer useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

Removes record_queue struct which is no longer useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23571)

show more ...

Move increment of dtls epoch to change cipher state function

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/

Move increment of dtls epoch to change cipher state function

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23212)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Replace ssl3_get_message() with tls_get_message_header() and/or tls_get_message_body()

Update commit messages that previously used ssl3_get_message()
to now use tls_get_message_header()

Replace ssl3_get_message() with tls_get_message_header() and/or tls_get_message_body()

Update commit messages that previously used ssl3_get_message()
to now use tls_get_message_header() and tls_get_message_body()
due to the split in OpenSSL 1.1.0.

CLA: trivial

Fixes #21582

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21886)

show more ...

Always use uint8_t for TLS record type

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Always use uint8_t for TLS record type

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)

show more ...

Allow partially releasing a record for TLS

This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.

Re

Allow partially releasing a record for TLS

This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)

show more ...

Make the data field for get_record() const

Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record

Make the data field for get_record() const

Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
layer. We should not expect that the TLS implementation should be able to
change the underlying buffer. Future record layers may not expect that.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)

show more ...

Resolve a TODO in ssl3_dispatch_alert

Properly handle the case where there is pending write data and we want
to send an alert.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Resolve a TODO in ssl3_dispatch_alert

Properly handle the case where there is pending write data and we want
to send an alert.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19550)

show more ...

Move declarations out of record.h and record_local.h

We move many of the declarations in record.h and record_local.h into
locations inside ssl/record/methods instead. Also many declarati

Move declarations out of record.h and record_local.h

We move many of the declarations in record.h and record_local.h into
locations inside ssl/record/methods instead. Also many declarations were
no longer required and could be removed completely.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)

show more ...

Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash

Those fields are no longer used. Their previous function is now in the new
record layer.

Reviewed-by: Hugo Landau

Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash

Those fields are no longer used. Their previous function is now in the new
record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19586)

show more ...

Remove some redundant code

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged f

Remove some redundant code

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Remove the old buffer management code

We no longer use the old buffer management code now that it has all been
moved to the new record layer.

Reviewed-by: Richard Levitte <levit

Remove the old buffer management code

We no longer use the old buffer management code now that it has all been
moved to the new record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Convert dtls_write_records() to return the correct return values

We now use standard record layer return values for this function. We
also convert the code to use RLAYERfatal instead of

Convert dtls_write_records() to return the correct return values

We now use standard record layer return values for this function. We
also convert the code to use RLAYERfatal instead of SSLfatal.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Move dlts_write_records() function in the record layer

At the this stage we just move the code and don't restructure it to do it
the record layer way yet.

Reviewed-by: Richard L

Move dlts_write_records() function in the record layer

At the this stage we just move the code and don't restructure it to do it
the record layer way yet.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Create a dlts_write_records() function

In preparation for moving the DTLS code to use the new write record layer
architecture we first restructure the code to create a dtls_write_records

Create a dlts_write_records() function

In preparation for moving the DTLS code to use the new write record layer
architecture we first restructure the code to create a dtls_write_records()
function that mirrors the functionality that the record layer will provide.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Remove create_empty_fragment from do_dtls1_write()

do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be remov

Remove create_empty_fragment from do_dtls1_write()

do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be removed. The
equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect
against known IV weaknesses because those protocol versions do not have
an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an
explicit IV - so this is not useful there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)

show more ...

Fix sctp compile errors

Fixes #19371

running config with 'enable-sctp' gave compiler errors.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt

Fix sctp compile errors

Fixes #19371

running config with 'enable-sctp' gave compiler errors.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19398)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

Convert the write record layer to supply proper return values

This also means we can convert SSLfatal calls to RLAYERfatal

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewe

Convert the write record layer to supply proper return values

This also means we can convert SSLfatal calls to RLAYERfatal

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

show more ...

Move numwpipes in the write record layer

We retain a numwpipes for now in the old record layer structure for use
by DTLS. This will eventually be removed when DTLS moves over to the new

Move numwpipes in the write record layer

We retain a numwpipes for now in the old record layer structure for use
by DTLS. This will eventually be removed when DTLS moves over to the new
way of doing things.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

show more ...

Move initial TLS write record layer code into new structure

The new write record layer architecture splits record writing into
a "write_records" call and a "retry_write_records" call - w

Move initial TLS write record layer code into new structure

The new write record layer architecture splits record writing into
a "write_records" call and a "retry_write_records" call - where multiple
records can be sent to "write_records" in one go. We restructure the code
into that format in order that future commits can move these functions into
the new record layer more easily.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

show more ...

Clean up some SCTP releated issues

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/181

Clean up some SCTP releated issues

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some redundant code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

Move some fields out of the SSL object and into the record layer object

Fields such as rrlmethod and rrl are entirely related to the record layer,
and so should be in that object.

Move some fields out of the SSL object and into the record layer object

Fields such as rrlmethod and rrl are entirely related to the record layer,
and so should be in that object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...