This enables us to make changes to in-flight TLSv1.3 messages that appear
after the ServerHello.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

Previously SKE in TLSProxy only knew about one anonymous ciphersuite so
there was never a signature. Extend that to include a ciphersuite that is
not anonymous. This also fixes a bug where the existing SKE processing was
checking against the wrong anon ciphersuite value. This has a knock on
impact on the sslskewith0p test. The bug meant the test was working...but
entirely by accident!
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)

Also updates TLSProxy to be able to understand the format and parse the
contained extensions.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Because extensions were keyed by type which is sparse, we were continually
scanning the list to find the one we wanted. The way we stored them also
had the side effect that we were running initialisers/finalisers in a
different oder to the parsers. In this commit we change things so that we
instead key on an index value for each extension.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This is a regression test for
https://github.com/openssl/openssl/pull/1431. It tests a
maximally-padded record with each possible invalid offset.

This required fixing a bug in Message.pm where the client sending a
fatal alert followed by close_notify was still treated as success.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Test that we handle a TLS ClientHello in an SSLv2 record correctly.
Reviewed-by: NTim Hudson <tjh@openssl.org>

The previous commit fixed a problem where fragmented alerts would cause an
infinite loop. This commit adds a test for these fragmented alerts.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.
Reviewed-by: NTim Hudson <tjh@openssl.org>

- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key
Reviewed-by: NMatt Caswell <matt@openssl.org>

Add ServerHello parsing to TLSProxy.
Also add some (very) limited ServerKeyExchange parsing.
Add the capability to set client and server cipher lists
Fix a bug with fragment lengths
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This commit provides a set of perl modules that support the testing of
libssl. The test harness operates as a man-in-the-middle proxy between
s_server and s_client. Both s_server and s_client must be started using the
"-testmode" option which loads the new OSSLTEST engine.

The test harness enables scripts to be written that can examine the packets
sent during a handshake, as well as (potentially) modifying them so that
otherwise illegal handshake messages can be sent.
Reviewed-by: NRichard Levitte <levitte@openssl.org>