[openssl/openssl] 22d6e8: Remove create_empty_fragment from do_dtls1_write()

Matt Caswell noreply at github.com
Thu Oct 20 13:50:55 UTC 2022


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 22d6e8547f11dae2e4c026be93331e9acfe9b940
      https://github.com/openssl/openssl/commit/22d6e8547f11dae2e4c026be93331e9acfe9b940
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/d1_msg.c
    M ssl/record/rec_layer_d1.c
    M ssl/record/record.h

  Log Message:
  -----------
  Remove create_empty_fragment from do_dtls1_write()

do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be removed. The
equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect
against known IV weaknesses because those protocol versions do not have
an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an
explicit IV - so this is not useful there.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 88bf978eb1766bec720c198deabe8d0a5de157bb
      https://github.com/openssl/openssl/commit/88bf978eb1766bec720c198deabe8d0a5de157bb
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/rec_layer_d1.c

  Log Message:
  -----------
  Create a dlts_write_records() function

In preparation for moving the DTLS code to use the new write record layer
architecture we first restructure the code to create a dtls_write_records()
function that mirrors the functionality that the record layer will provide.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: fc938db6cc46c6b59ab9da39f3c5b9c9a97ad33a
      https://github.com/openssl/openssl/commit/fc938db6cc46c6b59ab9da39f3c5b9c9a97ad33a
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/rec_layer_d1.c

  Log Message:
  -----------
  Move dlts_write_records() function in the record layer

At the this stage we just move the code and don't restructure it to do it
the record layer way yet.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: bf04cbfafe77ddc67f1a9c06ffb044f9bf44057c
      https://github.com/openssl/openssl/commit/bf04cbfafe77ddc67f1a9c06ffb044f9bf44057c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tlsany_meth.c

  Log Message:
  -----------
  Use record layer buffers for DTLS rather than the buffers in s->rlayer

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 4cdd198ec204a4c2ec6b3ec728ebcc8af04abc86
      https://github.com/openssl/openssl/commit/4cdd198ec204a4c2ec6b3ec728ebcc8af04abc86
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/rec_layer_d1.c

  Log Message:
  -----------
  Convert dtls_write_records() to return the correct return values

We now use standard record layer return values for this function. We
also convert the code to use RLAYERfatal instead of SSLfatal.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 602ee1f672a41f984e8923ad7430ca51ca42abde
      https://github.com/openssl/openssl/commit/602ee1f672a41f984e8923ad7430ca51ca42abde
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/recmethod_local.h
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tlsany_meth.c

  Log Message:
  -----------
  Use common tls_write_records() even for DTLS

In practice this just means have a DTLS specific write_records that the
common tls_write_records() just calls. We also replace the use of
ssl3_write_pending() with tls_retry_write_records().

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 248a9bf21ad5a61d911765964e2758e0da3c554c
      https://github.com/openssl/openssl/commit/248a9bf21ad5a61d911765964e2758e0da3c554c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tlsany_meth.c

  Log Message:
  -----------
  Start using WPACKET in the dtls write records code

Previously this was writing to the buffers directly. We use the safer
WPACKET instead

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: b9e37f8f573de1951655f6d8684f2f65ffc6905b
      https://github.com/openssl/openssl/commit/b9e37f8f573de1951655f6d8684f2f65ffc6905b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/recmethod_local.h
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tls_common.c
    M ssl/record/methods/tlsany_meth.c
    M ssl/record/rec_layer_s3.c
    M ssl/ssl_local.h
    M ssl/statem/statem_dtls.c

  Log Message:
  -----------
  Convert dtls_write_records to use standard record layer functions

We have standard functions for most of the work that dtls_write_records
does - so we convert it to use those functions instead.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 4f428e86d8bc68f95446eef96129c6ad98b57104
      https://github.com/openssl/openssl/commit/4f428e86d8bc68f95446eef96129c6ad98b57104
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/ktls_meth.c
    M ssl/record/methods/tls_common.c
    M ssl/record/recordmethod.h
    M ssl/statem/statem_dtls.c

  Log Message:
  -----------
  Ensure the record layer is responsible for calculating record overheads

Don't calculate the potential record layer expansion outside of the
record layer. We move some code that was doing that into the record
layer.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: bed07b187506ded20ef39dcbed56dc323ae44ff4
      https://github.com/openssl/openssl/commit/bed07b187506ded20ef39dcbed56dc323ae44ff4
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M crypto/err/openssl.txt
    M include/openssl/sslerr.h
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/recmethod_local.h
    M ssl/record/methods/ssl3_meth.c
    M ssl/record/methods/tls13_meth.c
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tls_common.c
    M ssl/record/rec_layer_s3.c
    M ssl/record/record_local.h
    M ssl/ssl_err.c

  Log Message:
  -----------
  Consolidate sequence counter incrementing code

The sequence counter was incremented in numerous different ways in
numerous different locations. We introduce a single function to do this
inside the record layer.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 3abc0d3e8504f730117e3b68dfb1aab81c5e51fe
      https://github.com/openssl/openssl/commit/3abc0d3e8504f730117e3b68dfb1aab81c5e51fe
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/tls_common.c

  Log Message:
  -----------
  Remove supurious set of the record type

We already set the record type on the SSL3_RECORD structure. We don't
need to do it again (inconsistently).

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 421386e392151c267ac7d3de6a2dd23c0ab62aed
      https://github.com/openssl/openssl/commit/421386e392151c267ac7d3de6a2dd23c0ab62aed
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/recmethod_local.h
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tlsany_meth.c

  Log Message:
  -----------
  Move sequence increment to post encryption processing

This change make dtls_write_records virtuall the same as
tls_write_records_default, which will enable us to merge them in a
subsequent commit.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: 43dfa5a9319f67cd652fdc3a8711fc53859cd11e
      https://github.com/openssl/openssl/commit/43dfa5a9319f67cd652fdc3a8711fc53859cd11e
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/recmethod_local.h
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tlsany_meth.c

  Log Message:
  -----------
  Remove dtls_write_records

The dtls_write_records function, after the previous series of commits,
was functionally equivalent to tls_write_records_default - so it can be
removed completely.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: faa3e66c27a5e88f048f3ed30cfca297eda13eb6
      https://github.com/openssl/openssl/commit/faa3e66c27a5e88f048f3ed30cfca297eda13eb6
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/record/rec_layer_s3.c
    M ssl/ssl_lib.c
    M ssl/t1_enc.c

  Log Message:
  -----------
  Remove some TODO(RECLAYER) comments now that DTLS has been moved

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: e158ada6a74e5903354fdd5a6f56a32bbbba69fd
      https://github.com/openssl/openssl/commit/e158ada6a74e5903354fdd5a6f56a32bbbba69fd
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/d1_lib.c
    M ssl/record/build.info
    M ssl/record/methods/recmethod_local.h
    M ssl/record/methods/tls_common.c
    M ssl/record/rec_layer_d1.c
    M ssl/record/rec_layer_s3.c
    M ssl/record/record.h
    M ssl/record/record_local.h
    M ssl/record/ssl3_buffer.c
    M ssl/ssl_lib.c
    M ssl/ssl_local.h
    M ssl/ssl_utst.c
    M ssl/statem/extensions.c
    M ssl/statem/statem.c

  Log Message:
  -----------
  Remove the old buffer management code

We no longer use the old buffer management code now that it has all been
moved to the new record layer.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: b92fc4ae189fb0d5b0a2f34bc28e59cd7e1eed5a
      https://github.com/openssl/openssl/commit/b92fc4ae189fb0d5b0a2f34bc28e59cd7e1eed5a
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/d1_lib.c
    M ssl/record/build.info
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/ktls_meth.c
    M ssl/record/methods/tls_common.c
    M ssl/record/rec_layer_d1.c
    M ssl/record/rec_layer_s3.c
    M ssl/record/record.h
    M ssl/record/record_local.h
    M ssl/record/recordmethod.h
    R ssl/record/ssl3_buffer.c
    M ssl/record/ssl3_record.c
    R ssl/record/ssl3_record_tls13.c
    M ssl/s3_lib.c
    M ssl/ssl_lib.c
    M ssl/ssl_local.h
    M ssl/statem/statem_clnt.c
    M ssl/statem/statem_lib.c
    M ssl/statem/statem_srvr.c
    M ssl/t1_lib.c
    M test/tls13encryptiontest.c
    M test/tls13secretstest.c

  Log Message:
  -----------
  Remove some redundant code

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


  Commit: cd6e89b6b6ebe204cc442da9b563213bd67eb27f
      https://github.com/openssl/openssl/commit/cd6e89b6b6ebe204cc442da9b563213bd67eb27f
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-20 (Thu, 20 Oct 2022)

  Changed paths:
    M ssl/ssl_lib.c

  Log Message:
  -----------
  Move freeing of BIOs as late as possible

Calling SSL_free() will call BIO_free_all() on the rbio and wbio. We
keep references to the rbio and wbio inside the record layer object.
References to that object are held directly, as well as in fragment
retransmission queues. We need to ensure all record layer objects are
cleaned up before we call BIO_free_all() on rbio/wbio - otherwise the
"top" BIO may not have its reference count drop to 0 when BIO_free_all()
is called. This means that the rest of the BIOs in the chain don't get
freed and a memory leak can occur.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)


Compare: https://github.com/openssl/openssl/compare/706fc5f6ebd6...cd6e89b6b6eb


More information about the openssl-commits mailing list