Updated the construction code to use the new function. Also added some
convenience macros for WPACKET_sub_memcpy().
Reviewed-by: NRich Salz <rsalz@openssl.org>

A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointers can change if the buffer grows. Also dropped support for the
WPACKET_set_packet_len() function. I thought that was going to be needed
but so far it hasn't been. It doesn't really work any more due to the
offsets change.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The PACKET documentation is already in packet_locl.h so it makes sense to
have the WPACKET documentation there as well.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also added the WPACKET_cleanup() function to cleanup a WPACKET if we hit
an error.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

No need to declare an explicit sub-packet. Just start one.
Reviewed-by: NRich Salz <rsalz@openssl.org>

To avoid confusion with the read PACKET structure.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

PACKET contents should be read-only. To achieve this, also
- constify two user callbacks
- constify BUF_reverse.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

SIZE_MAX is a great macro, and does unfortunately not exist everywhere.
Since we check against half of it, using bitwise shift to calculate the
value of half SIZE_MAX should be safe enough.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.

RT#4094
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.

This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.

As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Get rid of the third field that is no longer needed.
Reviewed-by: NRich Salz <rsalz@openssl.org>

It's unused, and the same functionality can be achieved with saving a
copy of the struct.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The bookmark API results in a lot of boilerplate error checking that can
be much more easily achieved with a simple struct copy. It also lays the
path for removing the third PACKET field.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Use each once in s3_srvr.c to show how they work.

Also fix a bug introduced in c3fc7eea
and made apparent by this change:
ssl3_get_next_proto wasn't updating next_proto_negotiated_len
Reviewed-by: NMatt Caswell <matt@openssl.org>

Rewrite ssl3_get_client_hello to use the new methods.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The PACKET should hold a 'const unsigned char*' underneath as well
but the legacy code passes the record buffer around as 'unsigned char*'
(to callbacks, too) so that's a bigger refactor.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.
Reviewed-by: NTim Hudson <tjh@openssl.org>