Remove unneccesary KTLS code from non-KTLS specific files

This also moves other protocol specific code to the protocol specific
files.

Reviewed-by: Hugo Landau <hlandau@openssl.

Remove unneccesary KTLS code from non-KTLS specific files

This also moves other protocol specific code to the protocol specific
files.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move ktls.c into the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1813

Move ktls.c into the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Distinguish between fatal and non-fatal errors when creating a record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht

Distinguish between fatal and non-fatal errors when creating a record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Implement KTLS in the new read record layer code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/op

Implement KTLS in the new read record layer code

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move protocol version specific code into separate files

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

Move protocol version specific code into separate files

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Ensure various SSL options are passed down to the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

Ensure various SSL options are passed down to the record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Convert TLSv1.3 code to use the new read side record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/

Convert TLSv1.3 code to use the new read side record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Convert SSLv3 code to use the new read side record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

Convert SSLv3 code to use the new read side record layer

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move Record layer methods code into a sub-directory

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl

Move Record layer methods code into a sub-directory

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Move the TLS1.0/1.1/1.2 record crypto code into the new record layer

Only done for the read side so far. Still need to do TLS1.3 and SSL3.0.
Also need to separate out KTLS.

Revi

Move the TLS1.0/1.1/1.2 record crypto code into the new record layer

Only done for the read side so far. Still need to do TLS1.3 and SSL3.0.
Also need to separate out KTLS.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Convert ssl3_get_record to tls_read_record

We move the old ssl3_get_record function to conform with the new record
layer design.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Convert ssl3_get_record to tls_read_record

We move the old ssl3_get_record function to conform with the new record
layer design.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Add a DTLSv1_listen() test

Add a test to ensure that a connection started via DTLSv1_listen() can
be completed through to handshake success. Previous DTLSv1_listen()
testing only tes

Add a DTLSv1_listen() test

Add a test to ensure that a connection started via DTLSv1_listen() can
be completed through to handshake success. Previous DTLSv1_listen()
testing only tested the function itself and did not confirm that a
connection can actually be achieved using it.

This is important to test some codepaths being affected by the record layer
refactor.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Transfer the functionality from ssl3_read_n to the new record layer

This transfers the low level function ssl3_read_n to the new record layer.
We temporarily make the read_n function a t

Transfer the functionality from ssl3_read_n to the new record layer

This transfers the low level function ssl3_read_n to the new record layer.
We temporarily make the read_n function a top level record layer function.
Eventually, in later commits in this refactor, we will remove it as a top
level function and it will just be called from read_record.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Make settings and options parameters const in recordmethod.h

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.co

Make settings and options parameters const in recordmethod.h

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Add a skeleton TLS record method

It doesn't yet do anything. This is a placeholder which will be filled in
by susbsequent commits.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Add a skeleton TLS record method

It doesn't yet do anything. This is a placeholder which will be filled in
by susbsequent commits.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Fix compilation issues in the imported recordmethod.h

Also, rename the "new" function pointer to "new_record_layer" to avoid a
C++ reserved name

Reviewed-by: Hugo Landau <hlanda

Fix compilation issues in the imported recordmethod.h

Also, rename the "new" function pointer to "new_record_layer" to avoid a
C++ reserved name

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Add the recordmethod header from the draft design

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/o

Add the recordmethod header from the draft design

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

show more ...

Update session timeout code with OSSL_TIME

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Update session timeout code with OSSL_TIME

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18985)

show more ...

Add some documentation for X509_gmtime_adj()

Other very similar functions were documented, but this one was missing.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by:

Add some documentation for X509_gmtime_adj()

Other very similar functions were documented, but this one was missing.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18974)

show more ...

Add CODE-OF-CONDUCT.md

Fixes #18820

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

Add CODE-OF-CONDUCT.md

Fixes #18820

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19002)

show more ...

cms: Create test for for purpose verification in cms application

The tests only cover the correct handling of the codesigning purpose in the certificates
in the context of the cms comman

cms: Create test for for purpose verification in cms application

The tests only cover the correct handling of the codesigning purpose in the certificates
in the context of the cms command line tool.
The interpretation of the certificate purpose is tested in the context of the "verify"
app. The correct handling of the cms objects is tested by other tests in 80-test_cms.t.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)

show more ...

X509: add tests for purpose code signing in verify application

Correct configuration according to CA Browser forum:
KU: critical,digitalSignature
XKU: codeSiging

Note: I

X509: add tests for purpose code signing in verify application

Correct configuration according to CA Browser forum:
KU: critical,digitalSignature
XKU: codeSiging

Note: I did not find any other document formally defining the requirements
for code signing certificates.

Some combinations are explicitly forbidden, some flags can be ignored

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)

show more ...

X509: Add "code sign" as purpose for verification of certificates

Code signing certificates have other properties as for example described in
CA Browser Forum documents. This leads to "u

X509: Add "code sign" as purpose for verification of certificates

Code signing certificates have other properties as for example described in
CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when
verifying signed objects.
This patch adds the purpose "codesign" to the table in X.509 certificate verification and
the verification parameter "code_sign" to X509_VERIFY_PARAM.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)

show more ...

crypto/x509/x509_vpm.c: update format of X509_VERIFY_PARAM default_table

Put "}," on separate lines as suggested in PR #18567

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed

crypto/x509/x509_vpm.c: update format of X509_VERIFY_PARAM default_table

Put "}," on separate lines as suggested in PR #18567

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)

show more ...

Clarify documentation in regards to EC key parameters

Also clarify that EVP_PKEY_fromdata ignores parameters that
are unknown or incorrect for given selection.

Reviewed-by: Paul

Clarify documentation in regards to EC key parameters

Also clarify that EVP_PKEY_fromdata ignores parameters that
are unknown or incorrect for given selection.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)

show more ...