oweals/openssl.git
13 years agoFIPS DH changes: selftest checks and key range checks.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:47:19 +0000 (15:47 +0000)]
FIPS DH changes: selftest checks and key range checks.

13 years agoFIPS mode DSA changes:
Dr. Stephen Henson [Wed, 26 Jan 2011 15:46:26 +0000 (15:46 +0000)]
FIPS mode DSA changes:

Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.

13 years agoFIPS mode RSA changes:
Dr. Stephen Henson [Wed, 26 Jan 2011 15:37:41 +0000 (15:37 +0000)]
FIPS mode RSA changes:

Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

13 years agoadd new RAND errors
Dr. Stephen Henson [Wed, 26 Jan 2011 15:33:51 +0000 (15:33 +0000)]
add new RAND errors

13 years agoFIPS mode EVP changes:
Dr. Stephen Henson [Wed, 26 Jan 2011 15:25:33 +0000 (15:25 +0000)]
FIPS mode EVP changes:

Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.

13 years agoFIPS mode changes to make RNG compile (this will need updating later as we
Dr. Stephen Henson [Wed, 26 Jan 2011 14:52:04 +0000 (14:52 +0000)]
FIPS mode changes to make RNG compile (this will need updating later as we
need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE

13 years agoAdd fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
Dr. Stephen Henson [Wed, 26 Jan 2011 12:31:30 +0000 (12:31 +0000)]
Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet

13 years agoFIPS_allow_md5() no longer exists and is no longer required
Dr. Stephen Henson [Wed, 26 Jan 2011 12:23:58 +0000 (12:23 +0000)]
FIPS_allow_md5() no longer exists and is no longer required

13 years agoAdd rsa_crpt
Richard Levitte [Wed, 26 Jan 2011 06:51:35 +0000 (06:51 +0000)]
Add rsa_crpt

13 years agoupdate mkerr.pl for use fips directory, add arx.pl script
Dr. Stephen Henson [Wed, 26 Jan 2011 01:35:07 +0000 (01:35 +0000)]
update mkerr.pl for use fips directory, add arx.pl script

13 years agoadd fips_premain.c.sha1
Dr. Stephen Henson [Wed, 26 Jan 2011 01:15:54 +0000 (01:15 +0000)]
add fips_premain.c.sha1

13 years agoadd fips_sha1_selftest.c
Dr. Stephen Henson [Wed, 26 Jan 2011 01:11:12 +0000 (01:11 +0000)]
add fips_sha1_selftest.c

13 years agoadd fips/sha files
Dr. Stephen Henson [Wed, 26 Jan 2011 01:09:52 +0000 (01:09 +0000)]
add fips/sha files

13 years agoadd fips/aes/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 01:05:48 +0000 (01:05 +0000)]
add fips/aes/Makefile

13 years agoadd fips/des/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 01:04:53 +0000 (01:04 +0000)]
add fips/des/Makefile

13 years agoadd fips/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 01:03:54 +0000 (01:03 +0000)]
add fips/Makefile

13 years agoadd some missing fips files
Dr. Stephen Henson [Wed, 26 Jan 2011 00:58:09 +0000 (00:58 +0000)]
add some missing fips files

13 years agoAnd so it begins... again.
Dr. Stephen Henson [Wed, 26 Jan 2011 00:56:19 +0000 (00:56 +0000)]
And so it begins... again.

Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.

In other words: it's experimental ATM, OK?

13 years agoMove RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
Dr. Stephen Henson [Tue, 25 Jan 2011 17:35:10 +0000 (17:35 +0000)]
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
crypto and ENGINE dependencies in RSA library.

13 years agoMove BN_options function to bn_print.c to remove dependency for BIO printf
Dr. Stephen Henson [Tue, 25 Jan 2011 17:10:30 +0000 (17:10 +0000)]
Move BN_options function to bn_print.c to remove dependency for BIO printf
routines from bn_lib.c

13 years agoMove DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
Dr. Stephen Henson [Tue, 25 Jan 2011 16:55:15 +0000 (16:55 +0000)]
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().

13 years agorecalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
Dr. Stephen Henson [Tue, 25 Jan 2011 16:01:29 +0000 (16:01 +0000)]
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)

13 years agorevert Makefile change
Dr. Stephen Henson [Tue, 25 Jan 2011 12:15:10 +0000 (12:15 +0000)]
revert Makefile change

13 years agoPR: 2433
Dr. Stephen Henson [Mon, 24 Jan 2011 16:19:52 +0000 (16:19 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().

13 years agoNew function EC_KEY_set_affine_coordinates() this performs all the
Dr. Stephen Henson [Mon, 24 Jan 2011 16:07:40 +0000 (16:07 +0000)]
New function EC_KEY_set_affine_coordinates() this performs all the
NIST PKV tests.

13 years agocheck EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 15:04:34 +0000 (15:04 +0000)]
check EC public key isn't point at infinity

13 years agoPR: 1612
Dr. Stephen Henson [Mon, 24 Jan 2011 14:41:34 +0000 (14:41 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.

13 years agooops, revert mistakenly committed EC changes
Dr. Stephen Henson [Wed, 19 Jan 2011 14:42:42 +0000 (14:42 +0000)]
oops, revert mistakenly committed EC changes

13 years agoAdd additional parameter to dsa_builtin_paramgen to output the generated
Dr. Stephen Henson [Wed, 19 Jan 2011 14:35:53 +0000 (14:35 +0000)]
Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0

13 years agoadd va_list version of ERR_add_error_data
Dr. Stephen Henson [Fri, 14 Jan 2011 15:13:37 +0000 (15:13 +0000)]
add va_list version of ERR_add_error_data

13 years agostop warning with no-engine
Dr. Stephen Henson [Thu, 13 Jan 2011 15:41:58 +0000 (15:41 +0000)]
stop warning with no-engine

13 years agoPR: 2425
Richard Levitte [Mon, 10 Jan 2011 20:55:21 +0000 (20:55 +0000)]
PR: 2425
Synchronise VMS build with Unixly build.

13 years agoConstify.
Ben Laurie [Sun, 9 Jan 2011 17:50:18 +0000 (17:50 +0000)]
Constify.

13 years agoFix warning.
Ben Laurie [Sun, 9 Jan 2011 17:50:06 +0000 (17:50 +0000)]
Fix warning.

13 years agomissed change in ACKNOWLEDGEMENTS file
Dr. Stephen Henson [Sun, 9 Jan 2011 13:37:09 +0000 (13:37 +0000)]
missed change in ACKNOWLEDGEMENTS file

13 years agomove some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
Dr. Stephen Henson [Sun, 9 Jan 2011 13:32:57 +0000 (13:32 +0000)]
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).

13 years agoadd X9.31 prime generation routines from 0.9.8 branch
Dr. Stephen Henson [Sun, 9 Jan 2011 13:02:14 +0000 (13:02 +0000)]
add X9.31 prime generation routines from 0.9.8 branch

13 years agoPR: 2407
Richard Levitte [Thu, 6 Jan 2011 20:56:02 +0000 (20:56 +0000)]
PR: 2407
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

13 years agoDon't use decryption_failed alert for TLS v1.1 or later.
Dr. Stephen Henson [Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)]
Don't use decryption_failed alert for TLS v1.1 or later.

13 years agoSince DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
Dr. Stephen Henson [Tue, 4 Jan 2011 19:34:20 +0000 (19:34 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.

13 years agooops missed an assert
Dr. Stephen Henson [Mon, 3 Jan 2011 12:54:08 +0000 (12:54 +0000)]
oops missed an assert

13 years agoPR: 2411
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:53 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.

13 years agoFix escaping code for string printing. If *any* escaping is enabled we
Dr. Stephen Henson [Mon, 3 Jan 2011 01:31:24 +0000 (01:31 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).

13 years agoPR: 2410
Dr. Stephen Henson [Mon, 3 Jan 2011 01:22:41 +0000 (01:22 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().

13 years agoPR: 2413
Dr. Stephen Henson [Mon, 3 Jan 2011 01:07:35 +0000 (01:07 +0000)]
PR: 2413
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve

Fix typo in crypto/bio/bss_dgram.c

13 years agoavoid verification loops in trusted store when path building
Dr. Stephen Henson [Sat, 25 Dec 2010 20:45:59 +0000 (20:45 +0000)]
avoid verification loops in trusted store when path building

13 years agoPart of the IF structure didn't get pasted here...
Richard Levitte [Tue, 14 Dec 2010 21:44:31 +0000 (21:44 +0000)]
Part of the IF structure didn't get pasted here...
PR: 2393

13 years agoe_capi.c: rearrange #include-s to improve portability.
Andy Polyakov [Tue, 14 Dec 2010 20:39:17 +0000 (20:39 +0000)]
e_capi.c: rearrange #include-s to improve portability.
PR: 2394

13 years agoFirst attempt at adding the possibility to set the pointer size for the builds on...
Richard Levitte [Tue, 14 Dec 2010 19:19:04 +0000 (19:19 +0000)]
First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393

13 years agoSupport routines for ASN1 scanning function, doesn't do much yet.
Dr. Stephen Henson [Mon, 13 Dec 2010 18:15:28 +0000 (18:15 +0000)]
Support routines for ASN1 scanning function, doesn't do much yet.

13 years agoe_capi.c: change from ANSI to TCHAR domain. This makes it compilable on
Andy Polyakov [Sun, 12 Dec 2010 20:26:09 +0000 (20:26 +0000)]
e_capi.c: change from ANSI to TCHAR domain. This makes it compilable on
Windows CE/Mobile, yet keeps it normal Windows loop.
PR: 2350

13 years agoapps/x590.c: harmonize usage of STDout and out_err.
Andy Polyakov [Sun, 12 Dec 2010 10:52:56 +0000 (10:52 +0000)]
apps/x590.c: harmonize usage of STDout and out_err.
PR: 2323

13 years agobss_file.c: refine UTF8 logic.
Andy Polyakov [Sat, 11 Dec 2010 14:53:14 +0000 (14:53 +0000)]
bss_file.c: refine UTF8 logic.
PR: 2382

13 years agoignore leading null fields
Dr. Stephen Henson [Fri, 3 Dec 2010 19:31:34 +0000 (19:31 +0000)]
ignore leading null fields

13 years agoupdate FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 19:55:56 +0000 (19:55 +0000)]
update FAQ

13 years agoPR: 2386
Dr. Stephen Henson [Thu, 2 Dec 2010 18:02:29 +0000 (18:02 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.

13 years agofix doc typos
Dr. Stephen Henson [Thu, 2 Dec 2010 13:44:53 +0000 (13:44 +0000)]
fix doc typos

13 years agouse right version this time in FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 00:08:12 +0000 (00:08 +0000)]
use right version this time in FAQ

13 years agoupdate FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 00:01:44 +0000 (00:01 +0000)]
update FAQ

14 years agoConfigure: make -mno-cygwin optional on mingw platforms.
Andy Polyakov [Tue, 30 Nov 2010 22:18:02 +0000 (22:18 +0000)]
Configure: make -mno-cygwin optional on mingw platforms.
PR: 2381

14 years agoPR: 2385
Dr. Stephen Henson [Tue, 30 Nov 2010 19:37:21 +0000 (19:37 +0000)]
PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.

14 years agoBetter method for creating SSLROOT:.
Richard Levitte [Mon, 29 Nov 2010 22:27:15 +0000 (22:27 +0000)]
Better method for creating SSLROOT:.
Make sure to include the path to evptest.txt.

14 years agoTABLE update.
Andy Polyakov [Mon, 29 Nov 2010 21:17:54 +0000 (21:17 +0000)]
TABLE update.

14 years agos390x assembler pack: adapt for -m31 build, see commentary in Configure
Andy Polyakov [Mon, 29 Nov 2010 20:52:43 +0000 (20:52 +0000)]
s390x assembler pack: adapt for -m31 build, see commentary in Configure
for more details.

14 years agoapply J-PKAKE fix to HEAD (original by Ben)
Dr. Stephen Henson [Mon, 29 Nov 2010 18:32:05 +0000 (18:32 +0000)]
apply J-PKAKE fix to HEAD (original by Ben)

14 years agoSome of the MS_STATIC use in crypto/evp is a legacy from the days when
Dr. Stephen Henson [Sat, 27 Nov 2010 17:37:03 +0000 (17:37 +0000)]
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.

14 years agoPR: 2240
Dr. Stephen Henson [Thu, 25 Nov 2010 12:27:09 +0000 (12:27 +0000)]
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.

14 years agousing_ecc doesn't just apply to TLSv1
Dr. Stephen Henson [Thu, 25 Nov 2010 11:51:31 +0000 (11:51 +0000)]
using_ecc doesn't just apply to TLSv1

14 years agofix typo in HMAC redirection, add HMAC INIT tracing
Dr. Stephen Henson [Wed, 24 Nov 2010 19:14:59 +0000 (19:14 +0000)]
fix typo in HMAC redirection, add HMAC INIT tracing

14 years agoVERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this
Dr. Stephen Henson [Wed, 24 Nov 2010 18:32:06 +0000 (18:32 +0000)]
VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this
stage and probably wont work properly.

14 years agoadd "missing" functions to copy EVP_PKEY_METHOD and examine info
Dr. Stephen Henson [Wed, 24 Nov 2010 16:08:20 +0000 (16:08 +0000)]
add "missing" functions to copy EVP_PKEY_METHOD and examine info

14 years agooops, revert invalid change
Dr. Stephen Henson [Wed, 24 Nov 2010 14:03:25 +0000 (14:03 +0000)]
oops, revert invalid change

14 years agouse generalise mac API for SSL key generation
Dr. Stephen Henson [Wed, 24 Nov 2010 13:16:59 +0000 (13:16 +0000)]
use generalise mac API for SSL key generation

14 years agoconstify EVP_PKEY_new_mac_key()
Dr. Stephen Henson [Wed, 24 Nov 2010 13:13:49 +0000 (13:13 +0000)]
constify EVP_PKEY_new_mac_key()

14 years agoINSTALL.W32: document trouble with symlinks under MSYS.
Andy Polyakov [Tue, 23 Nov 2010 22:56:45 +0000 (22:56 +0000)]
INSTALL.W32: document trouble with symlinks under MSYS.
PR: 2377

14 years agoUse the same directory for architecture dependent header files as in
Richard Levitte [Tue, 23 Nov 2010 02:43:20 +0000 (02:43 +0000)]
Use the same directory for architecture dependent header files as in
the branches OpenSSL-1_0_0-stable and OpenSSL-1_0_1-stable.

14 years agoImplement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Richard Levitte [Tue, 23 Nov 2010 02:12:07 +0000 (02:12 +0000)]
Implement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Make sure we move to '__here' before trying to use it to build local sslroot:

14 years agoPrint openssl version information at the end of the tests
Richard Levitte [Tue, 23 Nov 2010 01:06:08 +0000 (01:06 +0000)]
Print openssl version information at the end of the tests

14 years agoGive the architecture dependent directory higher priority
Richard Levitte [Tue, 23 Nov 2010 01:05:26 +0000 (01:05 +0000)]
Give the architecture dependent directory higher priority

14 years agoDon't define an empty CFLAGS, it's much more honest not to defined it at all.
Richard Levitte [Tue, 23 Nov 2010 01:03:18 +0000 (01:03 +0000)]
Don't define an empty CFLAGS, it's much more honest not to defined it at all.
Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of
[.''ARCH'.CRYPTO]BUILDINF.H

14 years ago* tests.com: Add the symbol openssl_conf, so the openssl application
Richard Levitte [Mon, 22 Nov 2010 23:42:45 +0000 (23:42 +0000)]
* tests.com: Add the symbol openssl_conf, so the openssl application
  stops complaining about a missing configuration file.  Define the logical
  name PERL_ENV_TABLES with values to Perl considers the DCL symbol table
  as part of the environment (see 'man perlvms' for details), so cms-test.pl
  can get the value of EXE_DIR from tests.com, among others.
* cms-test.pl: Make changes to have it work on VMS as well.  Upper or mixed
  case options need to be quoted and the openssl command needs a VMS-specific
  treatment.  It all should work properly on Unix, I hope it does on Windows
  as well...

14 years agoBetter way to build tests. Taken from OpenSSL-1_0_1-stable
Richard Levitte [Mon, 22 Nov 2010 22:17:23 +0000 (22:17 +0000)]
Better way to build tests.  Taken from OpenSSL-1_0_1-stable

14 years agoSynchronise with Unix and do all other needed modifications to have it
Richard Levitte [Mon, 22 Nov 2010 22:04:41 +0000 (22:04 +0000)]
Synchronise with Unix and do all other needed modifications to have it
build on VMS again.

14 years agos390x.S: fix typo in bn_mul_words.
Andy Polyakov [Mon, 22 Nov 2010 21:55:07 +0000 (21:55 +0000)]
s390x.S: fix typo in bn_mul_words.
PR: 2380

14 years agoTaken from OpenSSL_1_0_0-stable:
Richard Levitte [Mon, 22 Nov 2010 18:25:04 +0000 (18:25 +0000)]
Taken from OpenSSL_1_0_0-stable:

Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

14 years agoadd pice of PR#2295 not committed to HEAD
Dr. Stephen Henson [Mon, 22 Nov 2010 16:14:56 +0000 (16:14 +0000)]
add pice of PR#2295 not committed to HEAD

14 years agoPR: 2376
Dr. Stephen Henson [Fri, 19 Nov 2010 00:12:01 +0000 (00:12 +0000)]
PR: 2376
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

Cleanup alloca use, fix Win32 target for OpenWatcom.

14 years agoPR: 2375
Dr. Stephen Henson [Thu, 18 Nov 2010 23:00:02 +0000 (23:00 +0000)]
PR: 2375
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

cleanup/fix e_aep.c for OpenWatcom

14 years agoPR: 2374
Dr. Stephen Henson [Thu, 18 Nov 2010 22:57:02 +0000 (22:57 +0000)]
PR: 2374
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

Don't compile capi ENGINE on mingw32

14 years agoTell the user what test is being performed.
Richard Levitte [Thu, 18 Nov 2010 22:46:46 +0000 (22:46 +0000)]
Tell the user what test is being performed.

14 years agoWe expect these scripts not to bail on error, so make sure that's what happens.
Richard Levitte [Thu, 18 Nov 2010 22:44:48 +0000 (22:44 +0000)]
We expect these scripts not to bail on error, so make sure that's what happens.

14 years agoSynchronise with Unix tests
Richard Levitte [Thu, 18 Nov 2010 22:36:16 +0000 (22:36 +0000)]
Synchronise with Unix tests

14 years agoWe redid the structure on architecture dependent source files, but
Richard Levitte [Thu, 18 Nov 2010 20:03:07 +0000 (20:03 +0000)]
We redid the structure on architecture dependent source files, but
apparently forgot to adapt the copying to the installation directory.

14 years agoremove duplicate statement
Dr. Stephen Henson [Thu, 18 Nov 2010 17:33:17 +0000 (17:33 +0000)]
remove duplicate statement

14 years agocompile cts128.c on VMS
Dr. Stephen Henson [Thu, 18 Nov 2010 17:04:18 +0000 (17:04 +0000)]
compile cts128.c on VMS

14 years agofix no SIGALRM case in speed.c
Dr. Stephen Henson [Thu, 18 Nov 2010 13:22:53 +0000 (13:22 +0000)]
fix no SIGALRM case in speed.c

14 years agoPR: 2372
Dr. Stephen Henson [Thu, 18 Nov 2010 12:30:01 +0000 (12:30 +0000)]
PR: 2372
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve

Fix OpenBSD compilation failure.

14 years agooops, reinstate TLSv1 string
Dr. Stephen Henson [Wed, 17 Nov 2010 18:17:08 +0000 (18:17 +0000)]
oops, reinstate TLSv1 string

14 years agoDon't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can...
Dr. Stephen Henson [Wed, 17 Nov 2010 17:37:23 +0000 (17:37 +0000)]
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.

14 years agobring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
Dr. Stephen Henson [Tue, 16 Nov 2010 14:18:51 +0000 (14:18 +0000)]
bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files