This part failed to compile due to a circular dependency between
internal/e_os.h and internal/time.h, when ossl_sleep() falls back to a
busy wait.  However, djgpp has a usleep function, so it can use the
regular Unix version of ossl_sleep().

It's not great though.  The resolution is only ~55ms, and it may break
when a user program hooks the timer interrupt without periodically
updating BIOS time.  A high-resolution alternative is uclock(), but
that is generally less desirable since it reprograms the system timer.

The circular dependency is still there and may still cause trouble for
other platforms.

CLA: trivial
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)

Build failed on djgpp due to missing config vars 'AR' and 'ARFLAGS'.
Additionally, '-lz' was not added to 'lflags' when zlib support was
enabled.  Inheriting configuration variables from BASE_unix solves both
these issues.

CLA: trivial
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)

Lock the buffers used for throughput measurements into memory.  This removes
some side effects of paging.

Errors from the memory locking functions are ignored since they are not
critical to the application.

This feature is limited to Linux and Windows.
Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19091)

Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be
located at TLSEXT_IDX in the array.

This adds a test to ensure extensions are in the correct order.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19269)

More adaptations are needed for sources in ssl/, which all include
`ssl/ssl_local.h`.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19276)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NTodd Short <todd.short@me.com>
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19277)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19284)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19284)

Older clang versions complain about the explicit initializer
because the first member of the struct is a struct.
But it is not necessary to explicitly initialize it anyway.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19284)

Newly computed traffic secrets are now logged upon key update
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19241)

The IKM was not respected by the s390x specific implementations of X25519 and
X448 keygen.  This caused test failures and wrong results if the PCC
instruction was actually available and supported X25519 and/or X448.

Fixes: 78c44b05 ("Add HPKE DHKEM provider support for EC, X25519 and X448.")
Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19278)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19275)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19275)

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19040)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19257)

Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19025)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

Implements the design doc/designs/quic-design/rx-depacketizer.md.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

Also add internal functionality to get a QUIC_CONNECTION pointer from
an SSL pointer, and setters / getters for the GQX and ACKM fields.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

Make sure we free the record layer before we free the connection BIOs
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Move the multiblock code into a separate file and introduce the usage of
record_functions_st for some write functions.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

We use the returned data to decide how to split the data we want to write
into records.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

This also means we can convert SSLfatal calls to RLAYERfatal
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

There were a small number of references to the SSL_CONNECTION that can
be removed easily and replaced with record layer equivalents.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Previously we were referencing the block_padding value through the
SSL_CONNECTION. Now it is held within OSSL_RECORD_LAYER.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

We wrap the callback and pass it to the record layer via the dispatch
array, in order to avoid accessing it directly via SSL_CONNECTION.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

In all cases we should be able to replace this with a simple check
against rl->version.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

This flag can now be managed entirely by the new record layer code so we
move it into ossl_record_layer_st.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Now that we are no longer recursively addinng the prefix record this
doesn't seem necessary any more. We always add it every time we do
tls_write_records.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

This calculation is based on lots of information from state machine and
elsewhere that the record layer cannot access. In reality it is sufficient
to simply tell the record layer what version to use.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

We retain a numwpipes for now in the old record layer structure for use
by DTLS. This will eventually be removed when DTLS moves over to the new
way of doing things.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

We use the record layer reference to the BIO rather than the SSL object
reference. This removes an unneeded SSL object usage.
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)