Stop symlinking, move files to intended directory Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
Make libssl opaque. Move all structures that were previously protected by OPENSSL_NO_SSL_INTERN into internal header files. Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove support for opaque-prf An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: Richard Levitte <levitte@openssl.org>
"#if 0" removal: header files Remove all "#if 0" blocks from header files. Reviewed-by: Tim Hudson <tjh@openssl.org>
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: Tim Hudson <tjh@openssl.org>
Remove SGC restart flag. Reviewed-by: Matt Caswell <matt@openssl.org>
Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
Support TLS_FALLBACK_SCSV. Reviewed-by: Stephen Henson <steve@openssl.org>
Remove serverinfo checks. Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: Emilia Käsper <emilia@openssl.org>
Remove all RFC5878 code. Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
Update value to use a free bit.
Fix for CVE-2014-0224 Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on. (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert. If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
Support retries in certificate callback
Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility) This change normalizes the SSL_CK_DHE_ #defines to use the common term "DHE", while permitting older code that uses the more uncommon "EDH" constants to compile properly.
Fix compilation with no-nextprotoneg. PR#3106
Tidy up comments.
Experimental encrypt-then-mac support. Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.