oweals/openssl.git
13 years agoPR: 2529
Dr. Stephen Henson [Wed, 25 May 2011 15:15:52 +0000 (15:15 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.

13 years agoPR: 2527
Dr. Stephen Henson [Wed, 25 May 2011 15:06:05 +0000 (15:06 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.

13 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:52:44 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

13 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:43:05 +0000 (14:43 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

13 years agoOops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 14:29:55 +0000 (14:29 +0000)]
Oops use up to date patch for PR#2506

13 years agoPR: 2512
Dr. Stephen Henson [Wed, 25 May 2011 12:36:50 +0000 (12:36 +0000)]
PR: 2512
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.

13 years agoPR: 2506
Dr. Stephen Henson [Wed, 25 May 2011 12:28:31 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.

13 years agoPR: 2505
Dr. Stephen Henson [Wed, 25 May 2011 12:24:26 +0000 (12:24 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.

13 years agoupdate date
Dr. Stephen Henson [Thu, 19 May 2011 17:56:47 +0000 (17:56 +0000)]
update date

13 years agoinherit HMAC flags from MD_CTX
Dr. Stephen Henson [Thu, 19 May 2011 17:39:49 +0000 (17:39 +0000)]
inherit HMAC flags from MD_CTX

13 years agoset encodedPoint to NULL after freeing it
Dr. Stephen Henson [Thu, 19 May 2011 16:18:25 +0000 (16:18 +0000)]
set encodedPoint to NULL after freeing it

13 years agono need to include memory.h
Dr. Stephen Henson [Sat, 30 Apr 2011 23:38:24 +0000 (23:38 +0000)]
no need to include memory.h

13 years agocheck buffer is larger enough before overwriting
Dr. Stephen Henson [Wed, 6 Apr 2011 18:07:02 +0000 (18:07 +0000)]
check buffer is larger enough before overwriting

13 years agoPR: 2462
Dr. Stephen Henson [Sun, 3 Apr 2011 17:15:08 +0000 (17:15 +0000)]
PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug

13 years agoPR: 2458
Dr. Stephen Henson [Sun, 3 Apr 2011 16:26:14 +0000 (16:26 +0000)]
PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.

13 years agoPR: 2457
Dr. Stephen Henson [Sun, 3 Apr 2011 15:49:03 +0000 (15:49 +0000)]
PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.

13 years agoCorrections to the VMS build system.
Richard Levitte [Fri, 25 Mar 2011 16:21:39 +0000 (16:21 +0000)]
Corrections to the VMS build system.
Submitted by Steven M. Schweda <sms@antinode.info>

13 years agomake some non-VMS builds work again
Dr. Stephen Henson [Fri, 25 Mar 2011 15:06:50 +0000 (15:06 +0000)]
make some non-VMS builds work again

13 years agoFor VMS, implement the possibility to choose 64-bit pointers with
Richard Levitte [Fri, 25 Mar 2011 09:40:18 +0000 (09:40 +0000)]
For VMS, implement the possibility to choose 64-bit pointers with
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.

13 years agomake update (1.0.0-stable)
Richard Levitte [Tue, 22 Mar 2011 23:56:18 +0000 (23:56 +0000)]
make update (1.0.0-stable)

13 years ago* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
Richard Levitte [Tue, 22 Mar 2011 23:54:13 +0000 (23:54 +0000)]
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h.  Maybe some
  more need to be added...

13 years ago* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
Richard Levitte [Sun, 20 Mar 2011 14:01:20 +0000 (14:01 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
  with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
  here.
* test/clean-test.com: A new script for cleaning up.

13 years ago* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
Richard Levitte [Sun, 20 Mar 2011 13:15:41 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
  directly in main().  'if needed' also includes when argv is a 32 bit
  pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
  =ARGV, but only if it's supported.  Fortunately, DCL is very helpful
  telling us in this case.

13 years agoKeep file references in the VMS build files in the same order as they
Richard Levitte [Sat, 19 Mar 2011 10:44:41 +0000 (10:44 +0000)]
Keep file references in the VMS build files in the same order as they
are in the Unix Makefiles

13 years agoChange INSTALL.VMS to reflect the changes done on the build and
Richard Levitte [Sat, 19 Mar 2011 09:45:45 +0000 (09:45 +0000)]
Change INSTALL.VMS to reflect the changes done on the build and
install scripts.  This could need some more work.

13 years agoApply all the changes submitted by Steven M. Schweda <sms@antinode.info>
Richard Levitte [Sat, 19 Mar 2011 09:44:53 +0000 (09:44 +0000)]
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>

13 years agoPR: 2469
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:14 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.

13 years agomake no-dsa work again
Dr. Stephen Henson [Thu, 10 Mar 2011 18:27:56 +0000 (18:27 +0000)]
make no-dsa work again

13 years agos390x-mont.pl: optimize for z196.
Andy Polyakov [Fri, 4 Mar 2011 13:11:54 +0000 (13:11 +0000)]
s390x-mont.pl: optimize for z196.

13 years agodso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
Andy Polyakov [Sat, 12 Feb 2011 16:46:10 +0000 (16:46 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
PR: 2316

13 years agoSync with 0.9.8 branch.
Bodo Möller [Tue, 8 Feb 2011 19:06:57 +0000 (19:06 +0000)]
Sync with 0.9.8 branch.

13 years agostart 1.0.0e-dev
Bodo Möller [Tue, 8 Feb 2011 17:58:45 +0000 (17:58 +0000)]
start 1.0.0e-dev

13 years agoOCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) OpenSSL_1_0_0d
Bodo Möller [Tue, 8 Feb 2011 17:10:53 +0000 (17:10 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Submitted by: Neel Mehta, Adam Langley, Bodo Moeller

13 years agoAdd complete information on 0.9.8 branch.
Bodo Möller [Tue, 8 Feb 2011 08:42:15 +0000 (08:42 +0000)]
Add complete information on 0.9.8 branch.

13 years agoAssorted bugfixes:
Bodo Möller [Thu, 3 Feb 2011 12:04:40 +0000 (12:04 +0000)]
Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)

13 years agofix omission
Bodo Möller [Thu, 3 Feb 2011 11:21:20 +0000 (11:21 +0000)]
fix omission

13 years agoSince FIPS 186-3 specifies we use the leftmost bits of the digest
Dr. Stephen Henson [Tue, 1 Feb 2011 12:54:04 +0000 (12:54 +0000)]
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.

13 years agostop warnings about no previous prototype when compiling shared engines
Dr. Stephen Henson [Sun, 30 Jan 2011 01:05:38 +0000 (01:05 +0000)]
stop warnings about no previous prototype when compiling shared engines

13 years agoPR: 2433
Dr. Stephen Henson [Mon, 24 Jan 2011 16:20:15 +0000 (16:20 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().

13 years agocheck EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 15:08:01 +0000 (15:08 +0000)]
check EC public key isn't point at infinity

13 years agoPR: 1612
Dr. Stephen Henson [Mon, 24 Jan 2011 14:41:58 +0000 (14:41 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.

13 years agostop warning with no-engine
Dr. Stephen Henson [Thu, 13 Jan 2011 15:42:59 +0000 (15:42 +0000)]
stop warning with no-engine

13 years agoThe previous change was incorrect in this branch...
Richard Levitte [Mon, 10 Jan 2011 21:00:25 +0000 (21:00 +0000)]
The previous change was incorrect in this branch...

13 years agoPR: 2425
Richard Levitte [Mon, 10 Jan 2011 20:55:24 +0000 (20:55 +0000)]
PR: 2425
Synchronise VMS build with Unixly build.

13 years agoPR: 2407
Richard Levitte [Thu, 6 Jan 2011 20:56:07 +0000 (20:56 +0000)]
PR: 2407
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

13 years agoSince DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
Dr. Stephen Henson [Tue, 4 Jan 2011 19:33:22 +0000 (19:33 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.

13 years agooops missed an assert
Dr. Stephen Henson [Mon, 3 Jan 2011 12:53:33 +0000 (12:53 +0000)]
oops missed an assert

13 years agoPR: 2411
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:34 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.

13 years agoFix escaping code for string printing. If *any* escaping is enabled we
Dr. Stephen Henson [Mon, 3 Jan 2011 01:27:00 +0000 (01:27 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).

13 years agoPR: 2410
Dr. Stephen Henson [Mon, 3 Jan 2011 01:22:09 +0000 (01:22 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().

13 years agoPR: 2413
Dr. Stephen Henson [Mon, 3 Jan 2011 01:07:03 +0000 (01:07 +0000)]
PR: 2413
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve

Fix typo in crypto/bio/bss_dgram.c

13 years agouse fips-dev not dev-fips
Dr. Stephen Henson [Mon, 3 Jan 2011 00:44:14 +0000 (00:44 +0000)]
use fips-dev not dev-fips

13 years agoPR: 2416
Dr. Stephen Henson [Mon, 3 Jan 2011 00:26:05 +0000 (00:26 +0000)]
PR: 2416
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve

Use L suffix in version number.

13 years agoPart of the IF structure didn't get pasted here...
Richard Levitte [Tue, 14 Dec 2010 21:44:36 +0000 (21:44 +0000)]
Part of the IF structure didn't get pasted here...
PR: 2393

13 years agoFirst attempt at adding the possibility to set the pointer size for the builds on...
Richard Levitte [Tue, 14 Dec 2010 19:18:52 +0000 (19:18 +0000)]
First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393

13 years agobss_file.c: refine UTF8 logic [from HEAD].
Andy Polyakov [Sat, 11 Dec 2010 14:53:58 +0000 (14:53 +0000)]
bss_file.c: refine UTF8 logic [from HEAD].
PR: 2382

13 years agoignore leading null fields
Dr. Stephen Henson [Fri, 3 Dec 2010 19:31:06 +0000 (19:31 +0000)]
ignore leading null fields

13 years agoupdate for next release
Dr. Stephen Henson [Thu, 2 Dec 2010 19:37:46 +0000 (19:37 +0000)]
update for next release

13 years agoprepare for release OpenSSL_1_0_0c
Dr. Stephen Henson [Thu, 2 Dec 2010 18:29:04 +0000 (18:29 +0000)]
prepare for release

13 years agomake update
Dr. Stephen Henson [Thu, 2 Dec 2010 18:26:12 +0000 (18:26 +0000)]
make update

13 years agofix for CVE-2010-4180
Dr. Stephen Henson [Thu, 2 Dec 2010 18:24:55 +0000 (18:24 +0000)]
fix for CVE-2010-4180

13 years agoPR: 2386
Dr. Stephen Henson [Thu, 2 Dec 2010 17:59:36 +0000 (17:59 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.

13 years agofix doc typos
Dr. Stephen Henson [Thu, 2 Dec 2010 13:45:15 +0000 (13:45 +0000)]
fix doc typos

13 years agouse consistent FAQ between version
Dr. Stephen Henson [Thu, 2 Dec 2010 00:10:27 +0000 (00:10 +0000)]
use consistent FAQ between version

14 years agoConfigure: make -mno-cygwin optional on mingw platforms [from HEAD].
Andy Polyakov [Tue, 30 Nov 2010 22:19:26 +0000 (22:19 +0000)]
Configure: make -mno-cygwin optional on mingw platforms [from HEAD].
PR: 2381

14 years agoPR: 2385
Dr. Stephen Henson [Tue, 30 Nov 2010 19:37:33 +0000 (19:37 +0000)]
PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.

14 years agoupdate NEWS
Dr. Stephen Henson [Tue, 30 Nov 2010 13:42:15 +0000 (13:42 +0000)]
update NEWS

14 years agoBetter method for creating SSLROOT:.
Richard Levitte [Mon, 29 Nov 2010 22:27:21 +0000 (22:27 +0000)]
Better method for creating SSLROOT:.
Make sure to include the path to evptest.txt.

14 years agoadd CVE to J-PAKE issue
Dr. Stephen Henson [Mon, 29 Nov 2010 18:21:43 +0000 (18:21 +0000)]
add CVE to J-PAKE issue

14 years agoupdate NEWS
Dr. Stephen Henson [Mon, 29 Nov 2010 16:53:54 +0000 (16:53 +0000)]
update NEWS

14 years agoSome of the MS_STATIC use in crypto/evp is a legacy from the days when
Dr. Stephen Henson [Sat, 27 Nov 2010 17:34:57 +0000 (17:34 +0000)]
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.

14 years agoPR: 2240
Dr. Stephen Henson [Thu, 25 Nov 2010 12:28:28 +0000 (12:28 +0000)]
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.

14 years agoDocument change.
Ben Laurie [Wed, 24 Nov 2010 15:07:56 +0000 (15:07 +0000)]
Document change.

14 years agoJ-PAKE was not correctly checking values, which could lead to attacks.
Ben Laurie [Wed, 24 Nov 2010 13:48:12 +0000 (13:48 +0000)]
J-PAKE was not correctly checking values, which could lead to attacks.

14 years agoINSTALL.W32: document trouble with symlinks under MSYS [from HEAD].
Andy Polyakov [Tue, 23 Nov 2010 23:01:01 +0000 (23:01 +0000)]
INSTALL.W32: document trouble with symlinks under MSYS [from HEAD].
PR: 2377

14 years agoImplement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Richard Levitte [Tue, 23 Nov 2010 02:12:11 +0000 (02:12 +0000)]
Implement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Make sure we move to '__here' before trying to use it to build local sslroot:

14 years agoPrint openssl version information at the end of the tests
Richard Levitte [Tue, 23 Nov 2010 01:06:10 +0000 (01:06 +0000)]
Print openssl version information at the end of the tests

14 years agoGive the architecture dependent directory higher priority
Richard Levitte [Tue, 23 Nov 2010 01:05:29 +0000 (01:05 +0000)]
Give the architecture dependent directory higher priority

14 years agoDon't define an empty CFLAGS, it's much more honest not to defined it at all.
Richard Levitte [Tue, 23 Nov 2010 01:04:04 +0000 (01:04 +0000)]
Don't define an empty CFLAGS, it's much more honest not to defined it at all.
Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of
[.CRYPTO._''ARCH'BUILDINF.H

14 years ago* tests.com: Add the symbol openssl_conf, so the openssl application
Richard Levitte [Mon, 22 Nov 2010 23:42:51 +0000 (23:42 +0000)]
* tests.com: Add the symbol openssl_conf, so the openssl application
  stops complaining about a missing configuration file.  Define the logical
  name PERL_ENV_TABLES with values to Perl considers the DCL symbol table
  as part of the environment (see 'man perlvms' for details), so cms-test.pl
  can get the value of EXE_DIR from tests.com, among others.
* cms-test.pl: Make changes to have it work on VMS as well.  Upper or mixed
  case options need to be quoted and the openssl command needs a VMS-specific
  treatment.  It all should work properly on Unix, I hope it does on Windows
  as well...

14 years agos390x.S: fix typo in bn_mul_words [from HEAD].
Andy Polyakov [Mon, 22 Nov 2010 21:57:07 +0000 (21:57 +0000)]
s390x.S: fix typo in bn_mul_words [from HEAD].
PR: 2380

14 years agoPR: 2376
Dr. Stephen Henson [Fri, 19 Nov 2010 00:11:27 +0000 (00:11 +0000)]
PR: 2376
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

Cleanup alloca use, fix Win32 target for OpenWatcom.

14 years agoPR: 2375
Dr. Stephen Henson [Thu, 18 Nov 2010 22:59:42 +0000 (22:59 +0000)]
PR: 2375
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

cleanup/fix e_aep.c for OpenWatcom

14 years agoPR: 2374
Dr. Stephen Henson [Thu, 18 Nov 2010 22:56:42 +0000 (22:56 +0000)]
PR: 2374
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

Don't compile capi ENGINE on mingw32

14 years agoTell the user what test is being performed.
Richard Levitte [Thu, 18 Nov 2010 22:47:01 +0000 (22:47 +0000)]
Tell the user what test is being performed.

14 years agoMake sure the source directory for ASN1TEST is defined.
Richard Levitte [Thu, 18 Nov 2010 22:45:38 +0000 (22:45 +0000)]
Make sure the source directory for ASN1TEST is defined.

14 years agoWe expect these scripts not to bail on error, so make sure that's what happens.
Richard Levitte [Thu, 18 Nov 2010 22:30:55 +0000 (22:30 +0000)]
We expect these scripts not to bail on error, so make sure that's what happens.

14 years agoSynchronise with Unix tests
Richard Levitte [Thu, 18 Nov 2010 22:24:09 +0000 (22:24 +0000)]
Synchronise with Unix tests

14 years agoWe redid the structure on architecture dependent source files, but
Richard Levitte [Thu, 18 Nov 2010 19:59:06 +0000 (19:59 +0000)]
We redid the structure on architecture dependent source files, but
apparently forgot to adapt the copying to the installation directory.

14 years agoadd ACKNOWLEDGEMENTS file to 1.0.0 branch
Dr. Stephen Henson [Thu, 18 Nov 2010 17:26:19 +0000 (17:26 +0000)]
add ACKNOWLEDGEMENTS file to 1.0.0 branch

14 years agocompile cts128.c on VMS
Dr. Stephen Henson [Thu, 18 Nov 2010 17:04:46 +0000 (17:04 +0000)]
compile cts128.c on VMS

14 years agofix no SIGALRM case in speed.c
Dr. Stephen Henson [Thu, 18 Nov 2010 13:22:26 +0000 (13:22 +0000)]
fix no SIGALRM case in speed.c

14 years agoPR: 2372
Dr. Stephen Henson [Thu, 18 Nov 2010 12:28:57 +0000 (12:28 +0000)]
PR: 2372
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve

Fix OpenBSD compilation failure.

14 years agoDon't assume a decode error if session tlsext_ecpointformatlist is not NULL:
Dr. Stephen Henson [Tue, 16 Nov 2010 22:41:07 +0000 (22:41 +0000)]
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL:
it can be legitimately set elsewhere.

14 years agoupdate for next version
Dr. Stephen Henson [Tue, 16 Nov 2010 16:33:35 +0000 (16:33 +0000)]
update for next version

14 years agoprepare for release OpenSSL_1_0_0b
Dr. Stephen Henson [Tue, 16 Nov 2010 13:35:09 +0000 (13:35 +0000)]
prepare for release

14 years agofix CVE-2010-3864
Dr. Stephen Henson [Tue, 16 Nov 2010 13:26:24 +0000 (13:26 +0000)]
fix CVE-2010-3864

14 years agoIf EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
Dr. Stephen Henson [Tue, 16 Nov 2010 12:11:15 +0000 (12:11 +0000)]
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
we should use its method instead of any generic one.

14 years agomake update
Dr. Stephen Henson [Mon, 15 Nov 2010 14:44:50 +0000 (14:44 +0000)]
make update

14 years agoGet correct GOST private key instead of just assuming the last one is
Dr. Stephen Henson [Sun, 14 Nov 2010 13:50:29 +0000 (13:50 +0000)]
Get correct GOST private key instead of just assuming the last one is
correct: this isn't always true if we have more than one certificate.