Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 22d6e8547f11dae2e4c026be93331e9acfe9b940
https://github.com/openssl/openssl/commit/22d6e8547f11dae2e4c026be93331e9acfe9b940
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/d1_msg.c
M ssl/record/rec_layer_d1.c
M ssl/record/record.h
Log Message:
-----------
Remove create_empty_fragment from do_dtls1_write()
do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be removed. The
equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect
against known IV weaknesses because those protocol versions do not have
an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an
explicit IV - so this is not useful there.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 88bf978eb1766bec720c198deabe8d0a5de157bb
https://github.com/openssl/openssl/commit/88bf978eb1766bec720c198deabe8d0a5de157bb
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Create a dlts_write_records() function
In preparation for moving the DTLS code to use the new write record layer
architecture we first restructure the code to create a dtls_write_records()
function that mirrors the functionality that the record layer will provide.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: fc938db6cc46c6b59ab9da39f3c5b9c9a97ad33a
https://github.com/openssl/openssl/commit/fc938db6cc46c6b59ab9da39f3c5b9c9a97ad33a
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Move dlts_write_records() function in the record layer
At the this stage we just move the code and don't restructure it to do it
the record layer way yet.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: bf04cbfafe77ddc67f1a9c06ffb044f9bf44057c
https://github.com/openssl/openssl/commit/bf04cbfafe77ddc67f1a9c06ffb044f9bf44057c
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
Use record layer buffers for DTLS rather than the buffers in s->rlayer
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 4cdd198ec204a4c2ec6b3ec728ebcc8af04abc86
https://github.com/openssl/openssl/commit/4cdd198ec204a4c2ec6b3ec728ebcc8af04abc86
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Convert dtls_write_records() to return the correct return values
We now use standard record layer return values for this function. We
also convert the code to use RLAYERfatal instead of SSLfatal.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 602ee1f672a41f984e8923ad7430ca51ca42abde
https://github.com/openssl/openssl/commit/602ee1f672a41f984e8923ad7430ca51ca42abde
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
Use common tls_write_records() even for DTLS
In practice this just means have a DTLS specific write_records that the
common tls_write_records() just calls. We also replace the use of
ssl3_write_pending() with tls_retry_write_records().
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 248a9bf21ad5a61d911765964e2758e0da3c554c
https://github.com/openssl/openssl/commit/248a9bf21ad5a61d911765964e2758e0da3c554c
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
Start using WPACKET in the dtls write records code
Previously this was writing to the buffers directly. We use the safer
WPACKET instead
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: b9e37f8f573de1951655f6d8684f2f65ffc6905b
https://github.com/openssl/openssl/commit/b9e37f8f573de1951655f6d8684f2f65ffc6905b
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/methods/tlsany_meth.c
M ssl/record/rec_layer_s3.c
M ssl/ssl_local.h
M ssl/statem/statem_dtls.c
Log Message:
-----------
Convert dtls_write_records to use standard record layer functions
We have standard functions for most of the work that dtls_write_records
does - so we convert it to use those functions instead.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 4f428e86d8bc68f95446eef96129c6ad98b57104
https://github.com/openssl/openssl/commit/4f428e86d8bc68f95446eef96129c6ad98b57104
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/recordmethod.h
M ssl/statem/statem_dtls.c
Log Message:
-----------
Ensure the record layer is responsible for calculating record overheads
Don't calculate the potential record layer expansion outside of the
record layer. We move some code that was doing that into the record
layer.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: bed07b187506ded20ef39dcbed56dc323ae44ff4
https://github.com/openssl/openssl/commit/bed07b187506ded20ef39dcbed56dc323ae44ff4
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M crypto/err/openssl.txt
M include/openssl/sslerr.h
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/rec_layer_s3.c
M ssl/record/record_local.h
M ssl/ssl_err.c
Log Message:
-----------
Consolidate sequence counter incrementing code
The sequence counter was incremented in numerous different ways in
numerous different locations. We introduce a single function to do this
inside the record layer.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 3abc0d3e8504f730117e3b68dfb1aab81c5e51fe
https://github.com/openssl/openssl/commit/3abc0d3e8504f730117e3b68dfb1aab81c5e51fe
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/tls_common.c
Log Message:
-----------
Remove supurious set of the record type
We already set the record type on the SSL3_RECORD structure. We don't
need to do it again (inconsistently).
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 421386e392151c267ac7d3de6a2dd23c0ab62aed
https://github.com/openssl/openssl/commit/421386e392151c267ac7d3de6a2dd23c0ab62aed
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
Move sequence increment to post encryption processing
This change make dtls_write_records virtuall the same as
tls_write_records_default, which will enable us to merge them in a
subsequent commit.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: 43dfa5a9319f67cd652fdc3a8711fc53859cd11e
https://github.com/openssl/openssl/commit/43dfa5a9319f67cd652fdc3a8711fc53859cd11e
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
Remove dtls_write_records
The dtls_write_records function, after the previous series of commits,
was functionally equivalent to tls_write_records_default - so it can be
removed completely.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: faa3e66c27a5e88f048f3ed30cfca297eda13eb6
https://github.com/openssl/openssl/commit/faa3e66c27a5e88f048f3ed30cfca297eda13eb6
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/record/rec_layer_s3.c
M ssl/ssl_lib.c
M ssl/t1_enc.c
Log Message:
-----------
Remove some TODO(RECLAYER) comments now that DTLS has been moved
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: e158ada6a74e5903354fdd5a6f56a32bbbba69fd
https://github.com/openssl/openssl/commit/e158ada6a74e5903354fdd5a6f56a32bbbba69fd
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/d1_lib.c
M ssl/record/build.info
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls_common.c
M ssl/record/rec_layer_d1.c
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/record/record_local.h
M ssl/record/ssl3_buffer.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/ssl_utst.c
M ssl/statem/extensions.c
M ssl/statem/statem.c
Log Message:
-----------
Remove the old buffer management code
We no longer use the old buffer management code now that it has all been
moved to the new record layer.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: b92fc4ae189fb0d5b0a2f34bc28e59cd7e1eed5a
https://github.com/openssl/openssl/commit/b92fc4ae189fb0d5b0a2f34bc28e59cd7e1eed5a
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/d1_lib.c
M ssl/record/build.info
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/rec_layer_d1.c
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/record/record_local.h
M ssl/record/recordmethod.h
R ssl/record/ssl3_buffer.c
M ssl/record/ssl3_record.c
R ssl/record/ssl3_record_tls13.c
M ssl/s3_lib.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
M ssl/t1_lib.c
M test/tls13encryptiontest.c
M test/tls13secretstest.c
Log Message:
-----------
Remove some redundant code
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Commit: cd6e89b6b6ebe204cc442da9b563213bd67eb27f
https://github.com/openssl/openssl/commit/cd6e89b6b6ebe204cc442da9b563213bd67eb27f
Author: Matt Caswell <m...@openssl.org>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M ssl/ssl_lib.c
Log Message:
-----------
Move freeing of BIOs as late as possible
Calling SSL_free() will call BIO_free_all() on the rbio and wbio. We
keep references to the rbio and wbio inside the record layer object.
References to that object are held directly, as well as in fragment
retransmission queues. We need to ensure all record layer objects are
cleaned up before we call BIO_free_all() on rbio/wbio - otherwise the
"top" BIO may not have its reference count drop to 0 when BIO_free_all()
is called. This means that the rest of the BIOs in the chain don't get
freed and a memory leak can occur.
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
Compare: https://github.com/openssl/openssl/compare/706fc5f6ebd6...cd6e89b6b6eb
