Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

This allows to free everything we allocated, so we can detect memory
leaks.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

There was a time it could be NULL, but that was changed to always have it.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

We also split the long string literals into 3 to avoid problems where we
go over the 509 character limit.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This updates the record layer to use the TLSv1.3 style nonce construciton.
It also updates TLSProxy and ossltest to be able to recognise the new
layout.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Commit b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so
SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set
the accept state automatically. We should still do that.

Fixes #1989
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Test suite used from boring, written by David Benjamin.
Test driver converted from C++ to C.
Added a Perl program to check the testsuite file.
Extensive review feedback incorporated (thanks folks).
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This makes S/MIME and CMS signing in MIME format for SHA1 work again.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.
Reviewed-by: NMatt Caswell <matt@openssl.org>

GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The bug was introduced in 80d27cdb,
one too many instructions was removed. It went unnoticed, because
new subroutine introduced in previous commit is called in real-life
RSA/DSA/DH cases, while original code is called only in rare tests.
The bug was caught in test_fuzz.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

GH: #2003

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Don't use what is in supported_versions for the RSA pre-master
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be
removed.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The SSL_IS_TLS13() macro wasn't quite right. It would come back with true
in the case where we haven't yet negotiated TLSv1.3, but it could be
negotiated.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add various different handshake types that are possible.
Reviewed-by: NRich Salz <rsalz@openssl.org>