Reorganise state machine files Pull out the state machine into a separate sub directory. Also moved some functions which were nothing to do with the state machine but were in state machine files. Pulled all the SSL_METHOD definitions into one place...most of those files had very little left in them any more. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Move SSLv3_*method() functions Move these functions into t1_clnt.c, t1_srvr.c and t1_meth.c and take advantage of the existing tls1_get*_method() functions that all the other methods are using. Since these now have to support SSLv3 anyway we might as well use the same set of get functions for both TLS and SSLv3. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Updates following review comments Miscellaneous updates following review comments on the version negotiation rewrite patches. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Server side version negotiation rewrite This commit changes the way that we do server side protocol version negotiation. Previously we had a whole set of code that had an "up front" state machine dedicated to the negotiating the protocol version. This adds significant complexity to the state machine. Historically the justification for doing this was the support of SSLv2 which works quite differently to SSLv3+. However, we have now removed support for SSLv2 so there is little reason to maintain this complexity. The one slight difficulty is that, although we no longer support SSLv2, we do still support an SSLv3+ ClientHello in an SSLv2 backward compatible ClientHello format. This is generally only used by legacy clients. This commit adds support within the SSLv3 code for these legacy format ClientHellos. Server side version negotiation now works in much the same was as DTLS, i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to that then when a ClientHello is received it will work out the most appropriate version to respond with. Also, SSLv23_method and SSLv23_server_method have been replaced with TLS_method and TLS_server_method respectively. The old SSLv23* names still exist as macros pointing at the new name, although they are deprecated. Subsequent commits will look at client side version negotiation, as well of removal of the old s23* code. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
Use appropriate versions of SSL3_ENC_METHOD
Initial incomplete TLS v1.2 support. New ciphersuites added, new version checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
Initial experimental TLSv1.1 support
Let the TLSv1_method() etc. functions return a const SSL_METHOD pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
Initialize SSL_METHOD structures at compile time. This removes the need for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
really fix race conditions Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291
really fix race condition PR: 262
Reorder inclusion of header files: des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR:
Remove NOPROTO definitions and error code comments.
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR:
Fixed some race conditions. Submitted by: Reviewed by: PR:
Change functions to ANSI C.
Fix various stuff: that VC++ 5.0 chokes on: 1. Add *lots* of missing prototypes for static ssl functions. 2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org 3. Add a few missing prototypes in pem.org Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95. Fix mkdef.pl so it doesn't truncate longer names.
Import of old SSLeay release: SSLeay 0.9.0b