openssl

TLS/SSL and crypto library

Find a file

Matt Caswell 0f1e51ea11 Start using the key_share data to derive the PMS The previous commits put in place the logic to exchange key_share data. We now need to do something with that information. In <= TLSv1.2 the equivalent of the key_share extension is the ServerKeyExchange and ClientKeyExchange messages. With key_share those two messages are no longer necessary. The commit removes the SKE and CKE messages from the TLSv1.3 state machine. TLSv1.3 is completely different to TLSv1.2 in the messages that it sends and the transitions that are allowed. Therefore, rather than extend the existing <=TLS1.2 state transition functions, we create a whole new set for TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time they will be amended. The new TLSv1.3 transitions remove SKE and CKE completely. There's also some cleanup for some stuff which is not relevant to TLSv1.3 and is easy to remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN. I also disable EXTMS for TLSv1.3. Using it was causing some added complexity, so rather than fix it I removed it, since eventually it will not be needed anyway. Reviewed-by: Rich Salz <rsalz@openssl.org>		2016-11-16 10:09:46 +00:00
.github	Add a github pull request template	2016-10-22 14:53:11 +02:00
apps	Introduce PATH_MAX and NAME_MAX	2016-11-15 23:37:22 +01:00
Configurations	Configurations/10-main.conf: remove obsolete flag from solaris-x86-gcc.	2016-11-15 00:23:34 +01:00
crypto	Check return value of some BN functions.	2016-11-15 18:54:28 -05:00
demos	Crude VMS build files for demos/bio/	2016-09-20 18:24:24 +02:00
doc	By default, allow SCT timestamps to be up to 5 minutes in the future	2016-11-15 16:12:41 -05:00
engines	Only build the body of e_padlock when there are lower level routines	2016-11-15 15:14:15 +01:00
external/perl	Copyright consolidation; .pm and Configure	2016-04-20 10:40:05 -04:00
fuzz	Update fuzz corpora	2016-11-12 16:54:51 +01:00
include	Start using the key_share data to derive the PMS	2016-11-16 10:09:46 +00:00
ms	Revert "RT4526: Call TerminateProcess, not ExitProcess"	2016-06-16 17:37:37 +01:00
os-dep	Move Haiku configuration to separate config file to denote	2016-05-19 22:39:52 +02:00
ssl	Start using the key_share data to derive the PMS	2016-11-16 10:09:46 +00:00
test	Start using the key_share data to derive the PMS	2016-11-16 10:09:46 +00:00
tools	Add -h and -help for c_rehash script and app	2016-09-14 08:59:48 -04:00
util	Check that SCT timestamps are not in the future	2016-11-15 16:12:41 -05:00
VMS	VMS: Don't force symbol mixed case when building DSOs	2016-09-11 23:18:03 +02:00
.gitattributes	crypto/pkcs12: facilitate accessing data with non-interoperable password.	2016-08-22 13:52:59 +02:00
.gitignore	Add ossl_shim to .gitignore	2016-11-04 10:38:54 +00:00
.travis-create-release.sh	Remove the -n tar flag from osx dist creation	2016-03-08 20:21:26 +01:00
.travis.yml	Travis: add a strict build	2016-11-04 14:12:06 +01:00
ACKNOWLEDGEMENTS	Refer to website for acknowledgements.	2015-12-08 16:07:09 -05:00
appveyor.yml	Correct installation test in appveyor	2016-10-21 13:46:49 +02:00
AUTHORS	Copyright consolidation: perl files	2016-04-20 09:45:40 -04:00
build.info	Have the VMS shared library file names contain the shared version	2016-07-02 15:49:45 +02:00
CHANGES	Remove heartbeat support	2016-11-13 16:24:02 -05:00
config	Fix support for DragonFly BSD	2016-10-22 04:25:17 -04:00
config.com	VMS: no ENDIF on one line IF statements, in config.com	2016-08-17 10:48:43 +02:00
Configure	Only build the body of e_padlock when there are lower level routines	2016-11-15 15:14:15 +01:00
CONTRIBUTING	Fix grammar-o in CONTRIBUTING	2016-11-01 12:32:11 -04:00
e_os.h	Change default directory for the .rnd file on Windows and VMS	2016-06-20 11:06:40 +02:00
FAQ	Move FAQ to the web.	2015-08-16 19:02:29 -04:00
INSTALL	Make it possible to disable building and running tests	2016-11-15 15:00:56 +01:00
LICENSE	Copyright consolidation 07/10	2016-05-17 14:51:26 -04:00
Makefile.shared	HPUX: Add the forgotten $(DSTDIR) when linking DSOs	2016-11-01 00:51:03 +01:00
NEWS	Update CHANGES and NEWS	2016-11-10 13:04:11 +00:00
NOTES.DJGPP	Slight cleanup of the collection of READMEs, INSTALLs and NOTES	2016-05-23 16:02:53 +02:00
NOTES.PERL	Tweaks to NOTES.PERL	2016-06-03 17:10:16 +01:00
NOTES.VMS	Add a note about a perl issue on VMS and how to work around it	2016-08-06 16:00:13 +02:00
NOTES.WIN	Fix typo	2016-10-14 10:01:54 +01:00
README	Fix typo (reported by Matthias St. Pierre)	2016-10-26 11:48:43 -04:00
README.ECC	Add NSA sublicense info.	2011-05-11 12:50:57 +00:00
README.ENGINE	Remove Ubsec engine	2016-02-26 23:34:25 +00:00
README.FIPS	Remove more (rest?) of FIPS build stuff.	2016-01-06 12:07:26 -05:00

README

 OpenSSL 1.1.1-dev

 Copyright (c) 1998-2016 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

 DESCRIPTION
 -----------

 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Transport Layer Security (TLS) protocols (including SSLv3) as well as a
 full-strength general purpose cryptographic library.

 OpenSSL is descended from the SSLeay library developed by Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
 OpenSSL license plus the SSLeay license), which means that you are free to
 get and use it for commercial and non-commercial purposes as long as you
 fulfill the conditions of both licenses.

 OVERVIEW
 --------

 The OpenSSL toolkit includes:

 libssl (with platform specific naming):
     Provides the client and server-side implementations for SSLv3 and TLS.

 libcrypto (with platform specific naming):
     Provides general cryptographic and X.509 support needed by SSL/TLS but
     not logically part of it.

 openssl:
     A command line tool that can be used for:
        Creation of key parameters
        Creation of X.509 certificates, CSRs and CRLs
        Calculation of message digests
        Encryption and decryption
        SSL/TLS client and server tests
        Handling of S/MIME signed or encrypted mail
        And more...

 INSTALLATION
 ------------

 See the appropriate file:
        INSTALL         Linux, Unix, Windows, OpenVMS, ...
        NOTES.*         INSTALL addendums for different platforms

 SUPPORT
 -------

 See the OpenSSL website www.openssl.org for details on how to obtain
 commercial technical support. Free community support is available through the
 openssl-users email list (see
 https://www.openssl.org/community/mailinglists.html for further details).

 If you have any problems with OpenSSL then please take the following steps
 first:

    - Download the latest version from the repository
      to see if the problem has already been addressed
    - Configure with no-asm
    - Remove compiler optimisation flags

 If you wish to report a bug then please include the following information
 and create an issue on GitHub:

    - OpenSSL version: output of 'openssl version -a'
    - Any "Configure" options that you selected during compilation of the
      library if applicable (see INSTALL)
    - OS Name, Version, Hardware platform
    - Compiler Details (name, version)
    - Application Details (name, version)
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

 Just because something doesn't work the way you expect does not mean it
 is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
 of query.

 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------

 See CONTRIBUTING

 LEGALITIES
 ----------

 A number of nations restrict the use or export of cryptography. If you
 are potentially subject to such restrictions you should seek competent
 professional legal advice before attempting to develop or distribute
 cryptographic code.