oweals/openssl.git
13 years agoAdd error checking to PKCS1_MGF1. From HEAD.
Dr. Stephen Henson [Thu, 1 Sep 2011 15:42:38 +0000 (15:42 +0000)]
Add error checking to PKCS1_MGF1. From HEAD.

13 years agoPR: 2340
Dr. Stephen Henson [Thu, 1 Sep 2011 15:02:53 +0000 (15:02 +0000)]
PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.

13 years agomake timing attack protection unconditional
Dr. Stephen Henson [Thu, 1 Sep 2011 14:23:31 +0000 (14:23 +0000)]
make timing attack protection unconditional

13 years agoPR: 2573
Dr. Stephen Henson [Thu, 1 Sep 2011 14:02:02 +0000 (14:02 +0000)]
PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.

13 years agoPR: 2589
Dr. Stephen Henson [Thu, 1 Sep 2011 13:52:27 +0000 (13:52 +0000)]
PR: 2589
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Initialise p pointer.

13 years agoPR: 2588
Dr. Stephen Henson [Thu, 1 Sep 2011 13:48:57 +0000 (13:48 +0000)]
PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.

13 years agoPR: 2586
Dr. Stephen Henson [Thu, 1 Sep 2011 13:45:25 +0000 (13:45 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Zero structure fields properly.

13 years agoPR: 2586
Dr. Stephen Henson [Thu, 1 Sep 2011 13:37:20 +0000 (13:37 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Fix brace mismatch.

13 years agoRemove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
Dr. Stephen Henson [Sun, 14 Aug 2011 13:48:42 +0000 (13:48 +0000)]
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.

13 years agoAlpha assembler fixes from HEAD.
Andy Polyakov [Fri, 12 Aug 2011 12:32:10 +0000 (12:32 +0000)]
Alpha assembler fixes from HEAD.
PR: 2577

13 years agoPR: 2559
Dr. Stephen Henson [Wed, 20 Jul 2011 15:21:52 +0000 (15:21 +0000)]
PR: 2559
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug

13 years agoPR: 2555
Dr. Stephen Henson [Wed, 20 Jul 2011 15:17:33 +0000 (15:17 +0000)]
PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug

13 years agoPR: 2550
Dr. Stephen Henson [Wed, 20 Jul 2011 15:13:16 +0000 (15:13 +0000)]
PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug

13 years agoconfig: detect if assembler supports --noexecstack and pass it down [from HEAD].
Andy Polyakov [Fri, 15 Jul 2011 19:59:18 +0000 (19:59 +0000)]
config: detect if assembler supports --noexecstack and pass it down [from HEAD].

13 years agoPR: 2556 (partial)
Dr. Stephen Henson [Thu, 14 Jul 2011 12:01:25 +0000 (12:01 +0000)]
PR: 2556 (partial)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.

13 years agoms/uplink.c: fix Visual Studio 2010 warning [from HEAD].
Andy Polyakov [Wed, 13 Jul 2011 14:55:11 +0000 (14:55 +0000)]
ms/uplink.c: fix Visual Studio 2010 warning [from HEAD].

13 years agoperlasm/cbc.pl: fix tail processing bug [from HEAD].
Andy Polyakov [Wed, 13 Jul 2011 06:23:25 +0000 (06:23 +0000)]
perlasm/cbc.pl: fix tail processing bug [from HEAD].
PR: 2557

13 years agoFix typo.
Bodo Möller [Mon, 11 Jul 2011 12:13:50 +0000 (12:13 +0000)]
Fix typo.

Submitted by: Jim Morrison

13 years agoPR: 2470
Dr. Stephen Henson [Wed, 22 Jun 2011 15:39:00 +0000 (15:39 +0000)]
PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.

13 years agoPR: 2543
Dr. Stephen Henson [Wed, 22 Jun 2011 15:29:55 +0000 (15:29 +0000)]
PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()

13 years agoPR: 2540
Dr. Stephen Henson [Wed, 22 Jun 2011 15:23:32 +0000 (15:23 +0000)]
PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().

13 years agocorrectly encode OIDs near 2^32
Dr. Stephen Henson [Wed, 22 Jun 2011 15:15:38 +0000 (15:15 +0000)]
correctly encode OIDs near 2^32

13 years agomake EVP_dss() work for DSA signing
Dr. Stephen Henson [Mon, 20 Jun 2011 20:05:38 +0000 (20:05 +0000)]
make EVP_dss() work for DSA signing

13 years agoComplete the version history (include information on unreleased
Bodo Möller [Wed, 15 Jun 2011 14:21:17 +0000 (14:21 +0000)]
Complete the version history (include information on unreleased
version 0.9.8s to show full information).

13 years agofix memory leak
Dr. Stephen Henson [Wed, 8 Jun 2011 15:56:20 +0000 (15:56 +0000)]
fix memory leak

13 years agoPR: 2533
Dr. Stephen Henson [Wed, 25 May 2011 15:21:12 +0000 (15:21 +0000)]
PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.

13 years agoPR: 2529
Dr. Stephen Henson [Wed, 25 May 2011 15:15:52 +0000 (15:15 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.

13 years agoPR: 2527
Dr. Stephen Henson [Wed, 25 May 2011 15:06:05 +0000 (15:06 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.

13 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:52:44 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

13 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:43:05 +0000 (14:43 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

13 years agoOops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 14:29:55 +0000 (14:29 +0000)]
Oops use up to date patch for PR#2506

13 years agoPR: 2512
Dr. Stephen Henson [Wed, 25 May 2011 12:36:50 +0000 (12:36 +0000)]
PR: 2512
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.

13 years agoPR: 2506
Dr. Stephen Henson [Wed, 25 May 2011 12:28:31 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.

13 years agoPR: 2505
Dr. Stephen Henson [Wed, 25 May 2011 12:24:26 +0000 (12:24 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.

13 years agoupdate date
Dr. Stephen Henson [Thu, 19 May 2011 17:56:47 +0000 (17:56 +0000)]
update date

13 years agoinherit HMAC flags from MD_CTX
Dr. Stephen Henson [Thu, 19 May 2011 17:39:49 +0000 (17:39 +0000)]
inherit HMAC flags from MD_CTX

13 years agoset encodedPoint to NULL after freeing it
Dr. Stephen Henson [Thu, 19 May 2011 16:18:25 +0000 (16:18 +0000)]
set encodedPoint to NULL after freeing it

13 years agono need to include memory.h
Dr. Stephen Henson [Sat, 30 Apr 2011 23:38:24 +0000 (23:38 +0000)]
no need to include memory.h

13 years agocheck buffer is larger enough before overwriting
Dr. Stephen Henson [Wed, 6 Apr 2011 18:07:02 +0000 (18:07 +0000)]
check buffer is larger enough before overwriting

13 years agoPR: 2462
Dr. Stephen Henson [Sun, 3 Apr 2011 17:15:08 +0000 (17:15 +0000)]
PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug

13 years agoPR: 2458
Dr. Stephen Henson [Sun, 3 Apr 2011 16:26:14 +0000 (16:26 +0000)]
PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.

13 years agoPR: 2457
Dr. Stephen Henson [Sun, 3 Apr 2011 15:49:03 +0000 (15:49 +0000)]
PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.

13 years agoCorrections to the VMS build system.
Richard Levitte [Fri, 25 Mar 2011 16:21:39 +0000 (16:21 +0000)]
Corrections to the VMS build system.
Submitted by Steven M. Schweda <sms@antinode.info>

13 years agomake some non-VMS builds work again
Dr. Stephen Henson [Fri, 25 Mar 2011 15:06:50 +0000 (15:06 +0000)]
make some non-VMS builds work again

13 years agoFor VMS, implement the possibility to choose 64-bit pointers with
Richard Levitte [Fri, 25 Mar 2011 09:40:18 +0000 (09:40 +0000)]
For VMS, implement the possibility to choose 64-bit pointers with
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.

13 years agomake update (1.0.0-stable)
Richard Levitte [Tue, 22 Mar 2011 23:56:18 +0000 (23:56 +0000)]
make update (1.0.0-stable)

13 years ago* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
Richard Levitte [Tue, 22 Mar 2011 23:54:13 +0000 (23:54 +0000)]
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h.  Maybe some
  more need to be added...

13 years ago* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
Richard Levitte [Sun, 20 Mar 2011 14:01:20 +0000 (14:01 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
  with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
  here.
* test/clean-test.com: A new script for cleaning up.

13 years ago* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
Richard Levitte [Sun, 20 Mar 2011 13:15:41 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
  directly in main().  'if needed' also includes when argv is a 32 bit
  pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
  =ARGV, but only if it's supported.  Fortunately, DCL is very helpful
  telling us in this case.

13 years agoKeep file references in the VMS build files in the same order as they
Richard Levitte [Sat, 19 Mar 2011 10:44:41 +0000 (10:44 +0000)]
Keep file references in the VMS build files in the same order as they
are in the Unix Makefiles

13 years agoChange INSTALL.VMS to reflect the changes done on the build and
Richard Levitte [Sat, 19 Mar 2011 09:45:45 +0000 (09:45 +0000)]
Change INSTALL.VMS to reflect the changes done on the build and
install scripts.  This could need some more work.

13 years agoApply all the changes submitted by Steven M. Schweda <sms@antinode.info>
Richard Levitte [Sat, 19 Mar 2011 09:44:53 +0000 (09:44 +0000)]
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>

13 years agoPR: 2469
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:14 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.

13 years agomake no-dsa work again
Dr. Stephen Henson [Thu, 10 Mar 2011 18:27:56 +0000 (18:27 +0000)]
make no-dsa work again

13 years agos390x-mont.pl: optimize for z196.
Andy Polyakov [Fri, 4 Mar 2011 13:11:54 +0000 (13:11 +0000)]
s390x-mont.pl: optimize for z196.

13 years agodso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
Andy Polyakov [Sat, 12 Feb 2011 16:46:10 +0000 (16:46 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
PR: 2316

13 years agoSync with 0.9.8 branch.
Bodo Möller [Tue, 8 Feb 2011 19:06:57 +0000 (19:06 +0000)]
Sync with 0.9.8 branch.

13 years agostart 1.0.0e-dev
Bodo Möller [Tue, 8 Feb 2011 17:58:45 +0000 (17:58 +0000)]
start 1.0.0e-dev

13 years agoOCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) OpenSSL_1_0_0d
Bodo Möller [Tue, 8 Feb 2011 17:10:53 +0000 (17:10 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Submitted by: Neel Mehta, Adam Langley, Bodo Moeller

13 years agoAdd complete information on 0.9.8 branch.
Bodo Möller [Tue, 8 Feb 2011 08:42:15 +0000 (08:42 +0000)]
Add complete information on 0.9.8 branch.

13 years agoAssorted bugfixes:
Bodo Möller [Thu, 3 Feb 2011 12:04:40 +0000 (12:04 +0000)]
Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)

13 years agofix omission
Bodo Möller [Thu, 3 Feb 2011 11:21:20 +0000 (11:21 +0000)]
fix omission

13 years agoSince FIPS 186-3 specifies we use the leftmost bits of the digest
Dr. Stephen Henson [Tue, 1 Feb 2011 12:54:04 +0000 (12:54 +0000)]
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.

13 years agostop warnings about no previous prototype when compiling shared engines
Dr. Stephen Henson [Sun, 30 Jan 2011 01:05:38 +0000 (01:05 +0000)]
stop warnings about no previous prototype when compiling shared engines

13 years agoPR: 2433
Dr. Stephen Henson [Mon, 24 Jan 2011 16:20:15 +0000 (16:20 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().

13 years agocheck EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 15:08:01 +0000 (15:08 +0000)]
check EC public key isn't point at infinity

13 years agoPR: 1612
Dr. Stephen Henson [Mon, 24 Jan 2011 14:41:58 +0000 (14:41 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.

13 years agostop warning with no-engine
Dr. Stephen Henson [Thu, 13 Jan 2011 15:42:59 +0000 (15:42 +0000)]
stop warning with no-engine

13 years agoThe previous change was incorrect in this branch...
Richard Levitte [Mon, 10 Jan 2011 21:00:25 +0000 (21:00 +0000)]
The previous change was incorrect in this branch...

13 years agoPR: 2425
Richard Levitte [Mon, 10 Jan 2011 20:55:24 +0000 (20:55 +0000)]
PR: 2425
Synchronise VMS build with Unixly build.

13 years agoPR: 2407
Richard Levitte [Thu, 6 Jan 2011 20:56:07 +0000 (20:56 +0000)]
PR: 2407
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

13 years agoSince DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
Dr. Stephen Henson [Tue, 4 Jan 2011 19:33:22 +0000 (19:33 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.

13 years agooops missed an assert
Dr. Stephen Henson [Mon, 3 Jan 2011 12:53:33 +0000 (12:53 +0000)]
oops missed an assert

13 years agoPR: 2411
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:34 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.

13 years agoFix escaping code for string printing. If *any* escaping is enabled we
Dr. Stephen Henson [Mon, 3 Jan 2011 01:27:00 +0000 (01:27 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).

13 years agoPR: 2410
Dr. Stephen Henson [Mon, 3 Jan 2011 01:22:09 +0000 (01:22 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().

13 years agoPR: 2413
Dr. Stephen Henson [Mon, 3 Jan 2011 01:07:03 +0000 (01:07 +0000)]
PR: 2413
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve

Fix typo in crypto/bio/bss_dgram.c

13 years agouse fips-dev not dev-fips
Dr. Stephen Henson [Mon, 3 Jan 2011 00:44:14 +0000 (00:44 +0000)]
use fips-dev not dev-fips

13 years agoPR: 2416
Dr. Stephen Henson [Mon, 3 Jan 2011 00:26:05 +0000 (00:26 +0000)]
PR: 2416
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve

Use L suffix in version number.

13 years agoPart of the IF structure didn't get pasted here...
Richard Levitte [Tue, 14 Dec 2010 21:44:36 +0000 (21:44 +0000)]
Part of the IF structure didn't get pasted here...
PR: 2393

13 years agoFirst attempt at adding the possibility to set the pointer size for the builds on...
Richard Levitte [Tue, 14 Dec 2010 19:18:52 +0000 (19:18 +0000)]
First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393

13 years agobss_file.c: refine UTF8 logic [from HEAD].
Andy Polyakov [Sat, 11 Dec 2010 14:53:58 +0000 (14:53 +0000)]
bss_file.c: refine UTF8 logic [from HEAD].
PR: 2382

13 years agoignore leading null fields
Dr. Stephen Henson [Fri, 3 Dec 2010 19:31:06 +0000 (19:31 +0000)]
ignore leading null fields

13 years agoupdate for next release
Dr. Stephen Henson [Thu, 2 Dec 2010 19:37:46 +0000 (19:37 +0000)]
update for next release

13 years agoprepare for release OpenSSL_1_0_0c
Dr. Stephen Henson [Thu, 2 Dec 2010 18:29:04 +0000 (18:29 +0000)]
prepare for release

13 years agomake update
Dr. Stephen Henson [Thu, 2 Dec 2010 18:26:12 +0000 (18:26 +0000)]
make update

13 years agofix for CVE-2010-4180
Dr. Stephen Henson [Thu, 2 Dec 2010 18:24:55 +0000 (18:24 +0000)]
fix for CVE-2010-4180

13 years agoPR: 2386
Dr. Stephen Henson [Thu, 2 Dec 2010 17:59:36 +0000 (17:59 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.

13 years agofix doc typos
Dr. Stephen Henson [Thu, 2 Dec 2010 13:45:15 +0000 (13:45 +0000)]
fix doc typos

13 years agouse consistent FAQ between version
Dr. Stephen Henson [Thu, 2 Dec 2010 00:10:27 +0000 (00:10 +0000)]
use consistent FAQ between version

13 years agoConfigure: make -mno-cygwin optional on mingw platforms [from HEAD].
Andy Polyakov [Tue, 30 Nov 2010 22:19:26 +0000 (22:19 +0000)]
Configure: make -mno-cygwin optional on mingw platforms [from HEAD].
PR: 2381

13 years agoPR: 2385
Dr. Stephen Henson [Tue, 30 Nov 2010 19:37:33 +0000 (19:37 +0000)]
PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.

13 years agoupdate NEWS
Dr. Stephen Henson [Tue, 30 Nov 2010 13:42:15 +0000 (13:42 +0000)]
update NEWS

13 years agoBetter method for creating SSLROOT:.
Richard Levitte [Mon, 29 Nov 2010 22:27:21 +0000 (22:27 +0000)]
Better method for creating SSLROOT:.
Make sure to include the path to evptest.txt.

13 years agoadd CVE to J-PAKE issue
Dr. Stephen Henson [Mon, 29 Nov 2010 18:21:43 +0000 (18:21 +0000)]
add CVE to J-PAKE issue

13 years agoupdate NEWS
Dr. Stephen Henson [Mon, 29 Nov 2010 16:53:54 +0000 (16:53 +0000)]
update NEWS

13 years agoSome of the MS_STATIC use in crypto/evp is a legacy from the days when
Dr. Stephen Henson [Sat, 27 Nov 2010 17:34:57 +0000 (17:34 +0000)]
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.

14 years agoPR: 2240
Dr. Stephen Henson [Thu, 25 Nov 2010 12:28:28 +0000 (12:28 +0000)]
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.

14 years agoDocument change.
Ben Laurie [Wed, 24 Nov 2010 15:07:56 +0000 (15:07 +0000)]
Document change.

14 years agoJ-PAKE was not correctly checking values, which could lead to attacks.
Ben Laurie [Wed, 24 Nov 2010 13:48:12 +0000 (13:48 +0000)]
J-PAKE was not correctly checking values, which could lead to attacks.