Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the DHE aspects.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the SRP aspects.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The tls_process_key_exchange() function is too long. This commit starts
the process of splitting it up by moving the PSK preamble code to a
separate function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The function tls_process_key_exchange() is too long. This commit moves
the PSK preamble processing out to a separate function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Narrow the scope of the local vars in preparation for split up this
function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add some more tests for sessions following on from the previous commit
to ensure the callbacks are called when appropriate.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache, e.g. if an alert occurs the
session is supposed to be automatically removed.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

If underlying type is boolean don't check field is NULL.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Don't call strncpy with strlen of the source as the length. Don't call
strlen multiple times. Eventually we will want to replace this with a proper
PACKET style handling (but for construction of PACKETs instead of just
reading them as it is now). For now though this is safe because
PSK_MAX_IDENTITY_LEN will always fit into the destination buffer.

This addresses an OCAP Audit issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the SRP
code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the GOST
code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the ECDHE
code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the DHE
code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The tls_construct_client_key_exchange() function is too long. This splits
out the construction of the PSK pre-amble into a separate function as well
as the RSA construction.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This is in preparation for splitting up this over long function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The parameters should have parens around them when used.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The f_err label is no longer needed so it can be removed.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing from the previous commits, this splits out the GOST code into
a separate function from the process CKE code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing from the previous commits, this splits out the ECDHE code into
a separate function from the process CKE code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing from the previous commit, this splits out the DHE code into
a separate function from the process CKE code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The tls_process_client_key_exchange() function is far too long. This
splits out the PSK preamble processing, and the RSA processing into
separate functions.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

In preparation for splitting this function up into smaller functions this
commit reduces the scope of some of the variables to only be in scope for
the algorithm specific parts. In some cases that makes the error handling
more verbose than it needs to be - but we'll clean that up in a later
commit.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This adds a new target 'build_programs' and makes 'build_apps' and
'build_tests' aliases for it, for backward compatibility.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

PROGRAM_NO_INST, ENGINES_NO_INST, SCRIPTS_NO_INST and LIBS_NO_INST are
to be used to specify program, engines, scripts and libraries that are
not to be installed in the system.  Fuzzers, test programs, that sort
of things are of the _NO_INST type, for example.

For the benefit of build file templates and other templates that use
data from configdata.pm, a new hash table $unified_info{install} is
created.  It contains a set of subhashes, one for each type of
installable, each having an array of file names as values.  For
example, it can look like this:

    "install" =>
        {
            "engines" =>
                [
                    "engines/afalg/afalg",
                    "engines/capi",
                    "engines/dasync",
                    "engines/padlock",
                ],
            "libraries" =>
                [
                    "libcrypto",
                    "libssl",
                ],
            "programs" =>
                [
                    "apps/openssl",
                ],
            "scripts" =>
                [
                    "apps/CA.pl",
                    "apps/tsget",
                    "tools/c_rehash",
                ],
        },
Reviewed-by: NRich Salz <rsalz@openssl.org>

The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also elaborated a comment based on feedback.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Switch on Travis testing of SSLv3.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The logic testing whether a CKE message is allowed or not was a little
difficult to follow. This tries to clean it up.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The static function key_exchange_expected() used to return -1 on error.
Commit 361a1191 changed that so that it can never fail. This means that
some tidy up can be done to simplify error handling in callers of that
function.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

If configuring for anything other than the default TLS protocols then
test failures were occuring.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>