There are some minor differences in the format of a ServerHello in TLSv1.3.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)

TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not.  This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)

The best way to test the UI interface is currently by using an openssl
command that uses password_callback.  The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)

Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation.  With this
change, the error message will at least show which part went wrong.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)

Reviewed-by: NRich Salz <rsalz@openssl.org>

GH: #2025

Reviewed-by: NRich Salz <rsalz@openssl.org>

GH: #2025

Improves the readability of the code, and reduces the liklihood of errors.
Also made a few minor style changes.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Improves the readability of the code, and reduces the liklihood of errors.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

At the moment the msg callback only received the record header with the
outer record type in it. We never pass the inner record type - we probably
need to at some point.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add some tests for the new record construction
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The fuzzers use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, and actually
get different results based on that. We should have at least some
targets that actually fully use the fuzz corpora.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
  RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
  blinding that has been set up, ...

So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

This allows to free everything we allocated, so we can detect memory
leaks.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

There was a time it could be NULL, but that was changed to always have it.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

We also split the long string literals into 3 to avoid problems where we
go over the 509 character limit.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This updates the record layer to use the TLSv1.3 style nonce construciton.
It also updates TLSProxy and ossltest to be able to recognise the new
layout.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Commit b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>