Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1832)

This should demonstrate that the atexit() handling is working properly (or
at least not crashing) on process exit.
Reviewed-by: NTim Hudson <tjh@openssl.org>

We should fail if we receive an unrecognised record type
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1815)

This test checks that read_ahead works correctly when dealing with large
records.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in
TLSProxy
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

A BIO_read() 0 return indicates that a failure occurred that may be
retryable. An SSL_read() 0 return indicates a non-retryable failure. Check
that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write().

The asyncio test filter BIO already returns 0 on a retryable failure so we
build on that.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)

Also, fix __wrap_cmd so it doesn't return unnecessary empty strings
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)

So far, apps and test programs, were a bit rigidely accessible as
executables or perl scripts.  But what about scripts in some other
language?  Or what about running entirely external programs?  The
answer is certainly not to add new functions to access scripts for
each language or wrapping all the external program calls in our magic!

Instead, this adds a new functions, cmd(), which is useful to access
executables and scripts in a more generalised manner.  app(), test(),
fuzz(), perlapp() and perltest() are rewritten in terms of cmd(), and
serve as examples how to do something similar for other scripting
languages, or constrain the programs to certain directories.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1707)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The new large message test in sslapitest needs OPENSSL_NO_DTLS guards
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Add the ability to test both server initiated and client initiated reneg.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add update for testing renegotiation. Also change info on CTLOG_FILE
environment variable - which always seems to be required.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

The TLSProxy::Record->new call hard-codes a version, like
70-test_sslrecords.t.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Avoid making the CI blow up.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

This is a regression test for
https://github.com/openssl/openssl/pull/1431. It tests a
maximally-padded record with each possible invalid offset.

This required fixing a bug in Message.pm where the client sending a
fatal alert followed by close_notify was still treated as success.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

A mem leak could occur on an error path. Also the mempacket BIO_METHOD
needs to be cleaned up, because of the newly added DTLS test.

Also fixed a double semi-colon in ssltestlib.c
Reviewed-by: NRich Salz <rsalz@openssl.org>

This would have caught 099e2968. This is
a port of the test added in
https://boringssl.googlesource.com/boringssl/+/7c040756178e14a4d181b6d93abb3827c93189c4Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1496)