Remove some more redundant TODO(RECLAYER) comments

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

Remove some more redundant TODO(RECLAYER) comments

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Resolve a TODO(RECLAYER) in the SSLv3 code

We remove some code outside of the record layer which is no longer
relevant since its functions are now performed by the new record layer
c

Resolve a TODO(RECLAYER) in the SSLv3 code

We remove some code outside of the record layer which is no longer
relevant since its functions are now performed by the new record layer
code. This removes a TODO(RECLAYER) as a result.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some TODO(RECLAYER) comments

Some TODO(RECLAYER) comments are no longer necessary and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mr

Remove some TODO(RECLAYER) comments

Some TODO(RECLAYER) comments are no longer necessary and can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some unnecessary function pointers from OSSL_RECORD_METHOD

We had some temporary function pointers in OSSL_RECORD_METHOD which were
only necessary during the process of refactorin

Remove some unnecessary function pointers from OSSL_RECORD_METHOD

We had some temporary function pointers in OSSL_RECORD_METHOD which were
only necessary during the process of refactoring the read record layer.
These are no longer required so can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Standardise some DTLS record layer naming

Remove references to dtls1_* and just use dtls_*

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.

Standardise some DTLS record layer naming

Remove references to dtls1_* and just use dtls_*

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some remaining SSL object references from DTLS record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://git

Remove some remaining SSL object references from DTLS record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Push unprocessed DTLS records from one record layer object to next

We add unprocessed DTLS records to the unprocessed record queue. When
the record layer closes down we write the unproce

Push unprocessed DTLS records from one record layer object to next

We add unprocessed DTLS records to the unprocessed record queue. When
the record layer closes down we write the unprocessed records to the
next record layer object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove reliance on the SSL object from the DTLS read record layer code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

Remove reliance on the SSL object from the DTLS read record layer code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move some DTLS read code into the read record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl

Move some DTLS read code into the read record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some final references to the SSL object in the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://git

Remove some final references to the SSL object in the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove the separation betweeen enc_read_ctx and enc_write_ctx

Similarly with read_hash and write_hash. In the new model we have a
separate record layer object for reading and writing. Th

Remove the separation betweeen enc_read_ctx and enc_write_ctx

Similarly with read_hash and write_hash. In the new model we have a
separate record layer object for reading and writing. Therefore we don't
need to distinguish between reading and writing inside the record layer
object in the encryption and md ctxs.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Enable the record layer to call the ssl_security callback

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

Enable the record layer to call the ssl_security callback

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Use a record layer specific message callback

Don't use the message callback from the SSL object. Instead we use a
wrapper callback so that the record layer does not need to be aware of t

Use a record layer specific message callback

Don't use the message callback from the SSL object. Instead we use a
wrapper callback so that the record layer does not need to be aware of the
SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move early data counting out of the SSL object and into the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https

Move early data counting out of the SSL object and into the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move the sequence number into the OSSL_RECORD_LAYER object

This removes some references to the SSL object from the record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
R

Move the sequence number into the OSSL_RECORD_LAYER object

This removes some references to the SSL object from the record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove use of SSL object for fragment length checking in record layer

Pass the max fragment length to the record layer when it is applicable
to avoid the need to go through the SSL objec

Remove use of SSL object for fragment length checking in record layer

Pass the max fragment length to the record layer when it is applicable
to avoid the need to go through the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove use of ossl_statem_in_error() from the record layer

We remove the dependency on the SSL object. Instead we check if the
record layer has already set an alert code.

Review

Remove use of ossl_statem_in_error() from the record layer

We remove the dependency on the SSL object. Instead we check if the
record layer has already set an alert code.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Make the record layer directly aware of EtM

We no longer have to go through the SSL object to discover whether EtM has
been negotiated.

Reviewed-by: Hugo Landau <hlandau@openssl

Make the record layer directly aware of EtM

We no longer have to go through the SSL object to discover whether EtM has
been negotiated.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove SSL_USE_EXPLICT_IV() from the record layer methods

Instead we introduce RLAYER_USE_EXPLICIT_IV(). This removes a dependency
on the SSL object.

Reviewed-by: Hugo Landau <h

Remove SSL_USE_EXPLICT_IV() from the record layer methods

Instead we introduce RLAYER_USE_EXPLICIT_IV(). This removes a dependency
on the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Remove some use of SSL object from record layer

Remove SSL_IS_TLS13() and hello_retry_request

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@opens

Remove some use of SSL object from record layer

Remove SSL_IS_TLS13() and hello_retry_request

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Update the oqs-provider submodule to a more recent commit

Also update the oqsprovider.sh file to not run the preptests.sh script
which is no longer required

Reviewed-by: Hugo La

Update the oqs-provider submodule to a more recent commit

Also update the oqsprovider.sh file to not run the preptests.sh script
which is no longer required

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Disallow SSL2_VERSION record version in an SSLv3 record header

When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the

Disallow SSL2_VERSION record version in an SSLv3 record header

When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the record was received in
SSLv2 format.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Fix some no-comp compilation failures

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Fix some no-comp compilation failures

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Add support for moving data from one epoch to the next

Sometimes data read by a record layer in one epoch is actually intended for
the next epoch. For example in a TLS with read_ahead, t

Add support for moving data from one epoch to the next

Sometimes data read by a record layer in one epoch is actually intended for
the next epoch. For example in a TLS with read_ahead, the read_ahead data
could contain a KeyUpdate message followed by application data encrypted
with new keys. Therefore we implement a mechanism for passing this data
across the epochs.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Add a test for read_ahead data crossing a key change

If read_ahead is switched on, it should still work even if the data that
is read cross epochs.

Reviewed-by: Hugo Landau <hla

Add a test for read_ahead data crossing a key change

If read_ahead is switched on, it should still work even if the data that
is read cross epochs.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...