Move from explicit sub-packets to implicit ones

No need to declare an explicit sub-packet. Just start one.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Rename PACKETW to WPACKET

To avoid confusion with the read PACKET structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Convert tls_construct_client_hello() to use PACKETW

Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix leak on error in tls_construct_cke_gost

Don't leak pke_ctx on error.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Indent ssl/

Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <

Indent ssl/

Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

Fix no-ec

Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Modify TLS support for new X25519 API.

When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID j

Modify TLS support for new X25519 API.

When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER

The Change Cipher Spec message in this ancient pre-standard version of DTLS
that Cisco are unfortunately still using in their

Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER

The Change Cipher Spec message in this ancient pre-standard version of DTLS
that Cisco are unfortunately still using in their products, is 3 bytes.

Allow it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

show more ...

peer_tmp doesn't exist if no-ec no-dh.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Correct misspelt OPENSSL_NO_SRP

RT#4619

Reviewed-by: Rich Salz <rsalz@openssl.org>

Update error codes following tls_process_key_exchange() refactor

Reviewed-by: Richard Levitte <levitte@openssl.org>

Tidy up tls_process_key_exchange()

After the refactor of tls_process_key_exchange(), this commit tidies up
some loose ends.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Split out ECDHE from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the ECDHE aspects.

Split out ECDHE from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the ECDHE aspects.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Split out DHE from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the DHE aspects.

Rev

Split out DHE from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the DHE aspects.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Split out SRP from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the SRP aspects.

Rev

Split out SRP from tls_process_key_exchange()

Continuing from the previous commit. Refactor tls_process_key_exchange() to
split out into a separate function the SRP aspects.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Split out the PSK preamble from tls_process_key_exchange()

The tls_process_key_exchange() function is too long. This commit starts
the process of splitting it up by moving the PSK preamb

Split out the PSK preamble from tls_process_key_exchange()

The tls_process_key_exchange() function is too long. This commit starts
the process of splitting it up by moving the PSK preamble code to a
separate function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Move the PSK preamble for tls_process_key_exchange()

The function tls_process_key_exchange() is too long. This commit moves
the PSK preamble processing out to a separate function.

Move the PSK preamble for tls_process_key_exchange()

The function tls_process_key_exchange() is too long. This commit moves
the PSK preamble processing out to a separate function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Narrow scope of locals vars in tls_process_key_exchange()

Narrow the scope of the local vars in preparation for split up this
function.

Reviewed-by: Richard Levitte <levitte@ope

Narrow scope of locals vars in tls_process_key_exchange()

Narrow the scope of the local vars in preparation for split up this
function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Remove sessions from external cache, even if internal cache not used.

If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache

Remove sessions from external cache, even if internal cache not used.

If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache, e.g. if an alert occurs the
session is supposed to be automatically removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Fixup a few SSLerr calls in ssl/statem/

Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix up error codes after splitting up tls_construct_key_exchange()

Reviewed-by: Richard Levitte <levitte@openssl.org>

Some tidy ups after the CKE construction refactor

Reviewed-by: Richard Levitte <levitte@openssl.org>

Split out SRP CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the SRP
code.

Split out SRP CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the SRP
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Split out GOST CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the GOST
code.

Split out GOST CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the GOST
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Split out DHE CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the ECDHE
code.

Split out DHE CKE construction into a separate function

Continuing previous commit to break up the
tls_construct_client_key_exchange() function. This splits out the ECDHE
code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...