openssl.git
9 years agoPR: 2102
Dr. Stephen Henson [Tue, 5 Jan 2010 17:58:15 +0000 (17:58 +0000)]
PR: 2102
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Remove duplicate definitions.

9 years agoTypo
Dr. Stephen Henson [Tue, 5 Jan 2010 17:50:01 +0000 (17:50 +0000)]
Typo

9 years agoPR: 2132
Dr. Stephen Henson [Tue, 5 Jan 2010 17:33:09 +0000 (17:33 +0000)]
PR: 2132
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.

9 years agoRemove tabs on blank lines: they produce warnings in pod2man
Dr. Stephen Henson [Tue, 5 Jan 2010 17:17:20 +0000 (17:17 +0000)]
Remove tabs on blank lines: they produce warnings in pod2man

9 years agocompress_meth should be unsigned
Dr. Stephen Henson [Tue, 5 Jan 2010 16:46:39 +0000 (16:46 +0000)]
compress_meth should be unsigned

9 years agoClient side compression algorithm sanity checks: ensure old compression
Dr. Stephen Henson [Fri, 1 Jan 2010 14:39:51 +0000 (14:39 +0000)]
Client side compression algorithm sanity checks: ensure old compression
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).

9 years agoCompression handling on session resume was badly broken: it always
Dr. Stephen Henson [Fri, 1 Jan 2010 00:44:36 +0000 (00:44 +0000)]
Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).

9 years agob_sock.c: correct indirect calls on WinSock platforms [from HEAD].
Andy Polyakov [Wed, 30 Dec 2009 12:56:16 +0000 (12:56 +0000)]
b_sock.c: correct indirect calls on WinSock platforms [from HEAD].
PR: 2130
Submitted by: Eugeny Gostyukhin

9 years agoAdapt mingw config for newer mingw environment [from HEAD].
Andy Polyakov [Wed, 30 Dec 2009 11:57:39 +0000 (11:57 +0000)]
Adapt mingw config for newer mingw environment [from HEAD].
PR: 2113

9 years agosha512.c update for esoteric PPC platfrom(s) [from HEAD].
Andy Polyakov [Wed, 30 Dec 2009 11:53:33 +0000 (11:53 +0000)]
sha512.c update for esoteric PPC platfrom(s) [from HEAD].
PR: 1998

9 years agoDeploy multilib config-line parameter [from HEAD].
Andy Polyakov [Tue, 29 Dec 2009 10:46:46 +0000 (10:46 +0000)]
Deploy multilib config-line parameter [from HEAD].

9 years agoTypo
Dr. Stephen Henson [Sun, 27 Dec 2009 23:03:25 +0000 (23:03 +0000)]
Typo

9 years agoUpdate RI to match latest spec.
Dr. Stephen Henson [Sun, 27 Dec 2009 22:59:09 +0000 (22:59 +0000)]
Update RI to match latest spec.

MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.

9 years agoTraditional Yuletide commit ;-)
Dr. Stephen Henson [Fri, 25 Dec 2009 14:12:24 +0000 (14:12 +0000)]
Traditional Yuletide commit ;-)

Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.

9 years agoUse properly local variables for thread-safety.
Bodo Möller [Tue, 22 Dec 2009 11:52:15 +0000 (11:52 +0000)]
Use properly local variables for thread-safety.

Submitted by: Martin Rex

9 years agoConstify crypto/cast.
Bodo Möller [Tue, 22 Dec 2009 11:45:59 +0000 (11:45 +0000)]
Constify crypto/cast.

9 years agoConstify crypto/cast.
Bodo Möller [Tue, 22 Dec 2009 10:58:01 +0000 (10:58 +0000)]
Constify crypto/cast.

9 years agoAlert to use is now defined in spec: update code
Dr. Stephen Henson [Thu, 17 Dec 2009 15:42:43 +0000 (15:42 +0000)]
Alert to use is now defined in spec: update code

9 years agoPR: 2127
Dr. Stephen Henson [Thu, 17 Dec 2009 15:28:45 +0000 (15:28 +0000)]
PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().

9 years agoOoops revert stuff which shouldn't have been part of previous commit.
Dr. Stephen Henson [Wed, 16 Dec 2009 20:33:11 +0000 (20:33 +0000)]
Ooops revert stuff which shouldn't have been part of previous commit.

9 years agoNew option to enable/disable connection to unpatched servers
Dr. Stephen Henson [Wed, 16 Dec 2009 20:28:30 +0000 (20:28 +0000)]
New option to enable/disable connection to unpatched servers

10 years agoAllow initial connection (but no renegoriation) to servers which don't support
Dr. Stephen Henson [Mon, 14 Dec 2009 13:55:39 +0000 (13:55 +0000)]
Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.

10 years agoMissing error code.
Ben Laurie [Sat, 12 Dec 2009 15:57:53 +0000 (15:57 +0000)]
Missing error code.

10 years agoUse gcc 4.4.
Ben Laurie [Sat, 12 Dec 2009 15:57:19 +0000 (15:57 +0000)]
Use gcc 4.4.

10 years agoMove SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
Dr. Stephen Henson [Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)]
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL

10 years agoclarify docs
Dr. Stephen Henson [Wed, 9 Dec 2009 18:17:09 +0000 (18:17 +0000)]
clarify docs

10 years agoDocument option clearning functions.
Dr. Stephen Henson [Wed, 9 Dec 2009 18:00:52 +0000 (18:00 +0000)]
Document option clearning functions.

Initial secure renegotiation documentation.

10 years agoAdd patch to crypto/evp which didn't apply from PR#2124
Dr. Stephen Henson [Wed, 9 Dec 2009 15:02:14 +0000 (15:02 +0000)]
Add patch to crypto/evp which didn't apply from PR#2124

10 years agoRevert lhash patch for PR#2124
Dr. Stephen Henson [Wed, 9 Dec 2009 15:00:20 +0000 (15:00 +0000)]
Revert lhash patch for PR#2124

10 years agoCheck s3 is not NULL
Dr. Stephen Henson [Wed, 9 Dec 2009 14:53:51 +0000 (14:53 +0000)]
Check s3 is not NULL

10 years agoPR: 2124
Dr. Stephen Henson [Wed, 9 Dec 2009 13:38:20 +0000 (13:38 +0000)]
PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.

10 years agoAdd ctrls to clear options and mode.
Dr. Stephen Henson [Wed, 9 Dec 2009 13:25:38 +0000 (13:25 +0000)]
Add ctrls to clear options and mode.

Change RI ctrl so it doesn't clash.

10 years agoSend no_renegotiation alert as required by spec.
Dr. Stephen Henson [Tue, 8 Dec 2009 19:06:09 +0000 (19:06 +0000)]
Send no_renegotiation alert as required by spec.

10 years agoAdd ctrl and macro so we can determine if peer support secure renegotiation.
Dr. Stephen Henson [Tue, 8 Dec 2009 13:42:32 +0000 (13:42 +0000)]
Add ctrl and macro so we can determine if peer support secure renegotiation.

10 years agoAdd support for magic cipher suite value (MCSV). Make secure renegotiation
Dr. Stephen Henson [Tue, 8 Dec 2009 13:15:12 +0000 (13:15 +0000)]
Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

10 years agoPR: 2121
Dr. Stephen Henson [Tue, 8 Dec 2009 11:38:18 +0000 (11:38 +0000)]
PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

10 years agoPR: 2111
Dr. Stephen Henson [Wed, 2 Dec 2009 15:28:05 +0000 (15:28 +0000)]
PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c

10 years agoReplace the broken SPKAC certification with the correct version.
Dr. Stephen Henson [Wed, 2 Dec 2009 14:41:24 +0000 (14:41 +0000)]
Replace the broken SPKAC certification with the correct version.

10 years agoCheck it actually compiles this time ;-)
Dr. Stephen Henson [Wed, 2 Dec 2009 14:25:55 +0000 (14:25 +0000)]
Check it actually compiles this time ;-)

10 years agoPR: 2120
Dr. Stephen Henson [Wed, 2 Dec 2009 13:57:03 +0000 (13:57 +0000)]
PR: 2120
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().

10 years agocheck DSA_sign() return value properly
Dr. Stephen Henson [Tue, 1 Dec 2009 18:41:50 +0000 (18:41 +0000)]
check DSA_sign() return value properly

10 years agoPR: 2115
Dr. Stephen Henson [Tue, 1 Dec 2009 17:41:42 +0000 (17:41 +0000)]
PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.

10 years agoPR: 1432
Dr. Stephen Henson [Tue, 1 Dec 2009 17:32:33 +0000 (17:32 +0000)]
PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.

10 years agoPR: 2118
Dr. Stephen Henson [Mon, 30 Nov 2009 13:53:42 +0000 (13:53 +0000)]
PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.

10 years agotypo
Dr. Stephen Henson [Sun, 29 Nov 2009 13:45:18 +0000 (13:45 +0000)]
typo

10 years agocms-test.pl: use EXE_EXT (from HEAD).
Andy Polyakov [Thu, 26 Nov 2009 21:12:12 +0000 (21:12 +0000)]
cms-test.pl: use EXE_EXT (from HEAD).
PR: 2107

10 years agobss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD).
Andy Polyakov [Thu, 26 Nov 2009 20:56:05 +0000 (20:56 +0000)]
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD).

10 years agoMake CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
Bodo Möller [Thu, 26 Nov 2009 18:37:11 +0000 (18:37 +0000)]
Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
one in the OpenSSL_0_9_8-stable branch.

10 years agox86_64-xlate.pl: fix typo introduced in last commit.
Andy Polyakov [Mon, 23 Nov 2009 19:51:24 +0000 (19:51 +0000)]
x86_64-xlate.pl: fix typo introduced in last commit.
PR: 2109

10 years agox86_64-xlate.pl: new gas requires sign extension.
Andy Polyakov [Sun, 22 Nov 2009 12:52:18 +0000 (12:52 +0000)]
x86_64-xlate.pl: new gas requires sign extension.
x86masm.pl: fix linker warning.
PR: 2094,2095

10 years agoVC-32.pl: bufferoverlowu.lib only when needed and remove duplicate code
Andy Polyakov [Sun, 22 Nov 2009 12:26:15 +0000 (12:26 +0000)]
VC-32.pl: bufferoverlowu.lib only when needed and remove duplicate code
(update from HEAD).
PR: 2086

10 years agobio_sock.c and bss_dgram.c: update from HEAD.
Andy Polyakov [Sun, 22 Nov 2009 12:24:43 +0000 (12:24 +0000)]
bio_sock.c and bss_dgram.c: update from HEAD.
PR: 2069

10 years agoServers can't end up talking SSLv2 with legacy renegotiation disabled
Dr. Stephen Henson [Wed, 18 Nov 2009 15:09:35 +0000 (15:09 +0000)]
Servers can't end up talking SSLv2 with legacy renegotiation disabled

10 years agoDon't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
Dr. Stephen Henson [Wed, 18 Nov 2009 14:45:32 +0000 (14:45 +0000)]
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation

10 years agoInclude a more meaningful error message when rejecting legacy renegotiation
Dr. Stephen Henson [Wed, 18 Nov 2009 14:19:52 +0000 (14:19 +0000)]
Include a more meaningful error message when rejecting legacy renegotiation

10 years agoPR: 2103
Dr. Stephen Henson [Tue, 17 Nov 2009 13:25:35 +0000 (13:25 +0000)]
PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.

10 years agoPR: 2101 (additional)
Dr. Stephen Henson [Sun, 15 Nov 2009 19:06:21 +0000 (19:06 +0000)]
PR: 2101 (additional)
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org

Another mingw fix.

10 years agoPR: 2095
Dr. Stephen Henson [Fri, 13 Nov 2009 14:23:44 +0000 (14:23 +0000)]
PR: 2095
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org

Fix for out range of signed 32bit displacement error on newer binutils
in file sha1-x86_64.pl

10 years agoPR: 2101
Dr. Stephen Henson [Fri, 13 Nov 2009 13:44:14 +0000 (13:44 +0000)]
PR: 2101
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org

Fixes for tests in cms-test.pl

10 years agoAdd test_cms
Richard Levitte [Fri, 13 Nov 2009 08:45:52 +0000 (08:45 +0000)]
Add test_cms

10 years agoPR: 2088
Dr. Stephen Henson [Thu, 12 Nov 2009 19:57:39 +0000 (19:57 +0000)]
PR: 2088
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org

Fix memory leak in d2i_PublicKey().

10 years agoset engine to NULL after releasing it
Dr. Stephen Henson [Thu, 12 Nov 2009 19:24:34 +0000 (19:24 +0000)]
set engine to NULL after releasing it

10 years agoCompiling vms.mar doesn't work on other than VAX.
Richard Levitte [Thu, 12 Nov 2009 14:05:04 +0000 (14:05 +0000)]
Compiling vms.mar doesn't work on other than VAX.

10 years agoAnother symbol longer than 31 characters.
Richard Levitte [Thu, 12 Nov 2009 14:04:26 +0000 (14:04 +0000)]
Another symbol longer than 31 characters.

10 years agoTypo
Richard Levitte [Thu, 12 Nov 2009 14:03:57 +0000 (14:03 +0000)]
Typo

10 years agoEverywhere was a little too much.
Richard Levitte [Thu, 12 Nov 2009 14:03:35 +0000 (14:03 +0000)]
Everywhere was a little too much.

10 years agoPR: 2098
Dr. Stephen Henson [Wed, 11 Nov 2009 19:04:56 +0000 (19:04 +0000)]
PR: 2098
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org

For Cygwin enable zlib and mdc2 by default.

10 years agoadd missing parts of reneg port, fix apps patch
Dr. Stephen Henson [Wed, 11 Nov 2009 14:51:29 +0000 (14:51 +0000)]
add missing parts of reneg port, fix apps patch

10 years agocommit missing apps code for reneg fix
Dr. Stephen Henson [Wed, 11 Nov 2009 14:10:09 +0000 (14:10 +0000)]
commit missing apps code for reneg fix

10 years agomake update OpenSSL_1_0_0-beta4
Dr. Stephen Henson [Tue, 10 Nov 2009 13:23:04 +0000 (13:23 +0000)]
make update

10 years agoPrepare for beta4 release
Dr. Stephen Henson [Tue, 10 Nov 2009 13:15:09 +0000 (13:15 +0000)]
Prepare for beta4 release

10 years agoPR: 1686
Dr. Stephen Henson [Tue, 10 Nov 2009 01:52:52 +0000 (01:52 +0000)]
PR: 1686
Submitted by: Hanno BÃ\83¶ck <hanno@hboeck.de>
Approved by: steve@openssl.org

Create engines dir if it doesn't already exist.

10 years agoPR: 2091
Dr. Stephen Henson [Tue, 10 Nov 2009 01:00:23 +0000 (01:00 +0000)]
PR: 2091
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

If an OID has no short name or long name return the numerical representation.

10 years agoPR: 2090
Dr. Stephen Henson [Tue, 10 Nov 2009 00:47:37 +0000 (00:47 +0000)]
PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

Improve error checking in asn1_gen.c

10 years agooops, add missing prototypes
Dr. Stephen Henson [Mon, 9 Nov 2009 18:58:50 +0000 (18:58 +0000)]
oops, add missing prototypes

10 years agofix CHANGES
Dr. Stephen Henson [Mon, 9 Nov 2009 18:46:59 +0000 (18:46 +0000)]
fix CHANGES

10 years agoFirst cut of renegotiation extension. (port to 1.0.0-stable)
Dr. Stephen Henson [Mon, 9 Nov 2009 18:45:42 +0000 (18:45 +0000)]
First cut of renegotiation extension. (port to 1.0.0-stable)

10 years agomake update
Dr. Stephen Henson [Mon, 9 Nov 2009 14:35:30 +0000 (14:35 +0000)]
make update

10 years agoRemove BF_PTR2 from configuration: it doesn't improve performance any more and causes...
Dr. Stephen Henson [Mon, 9 Nov 2009 14:11:13 +0000 (14:11 +0000)]
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range

10 years agoCombat gcc 4.4.1 aliasing rules. (from HEAD)
Dr. Stephen Henson [Mon, 9 Nov 2009 14:09:53 +0000 (14:09 +0000)]
Combat gcc 4.4.1 aliasing rules. (from HEAD)

10 years agofile t1_reneg.c was added on branch OpenSSL_1_0_0-stable on 2009-11-09 18:45:42 ...
Dr. Stephen Henson [Sun, 8 Nov 2009 14:51:55 +0000 (14:51 +0000)]
file t1_reneg.c was added on branch OpenSSL_1_0_0-stable on 2009-11-09 18:45:42 +0000

10 years agoIf it is a new session don't send the old TLS ticket: send a zero length
Dr. Stephen Henson [Sun, 8 Nov 2009 14:36:32 +0000 (14:36 +0000)]
If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.

10 years agoUpdate ordinals.
Dr. Stephen Henson [Wed, 4 Nov 2009 13:29:58 +0000 (13:29 +0000)]
Update ordinals.

10 years agoPR: 2089
Dr. Stephen Henson [Mon, 2 Nov 2009 13:37:17 +0000 (13:37 +0000)]
PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.

10 years agoAdd missing functions to allow access to newer X509_STORE_CTX status
Dr. Stephen Henson [Sat, 31 Oct 2009 19:21:47 +0000 (19:21 +0000)]
Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.

10 years agoAdd option to allow in-band CRL loading in verify utility. Add function
Dr. Stephen Henson [Sat, 31 Oct 2009 13:34:19 +0000 (13:34 +0000)]
Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.

10 years agoGenerate stateless session ID just after the ticket is received instead
Dr. Stephen Henson [Fri, 30 Oct 2009 14:06:18 +0000 (14:06 +0000)]
Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.

10 years agoMove CHANGES entry to 0.9.8l section
Dr. Stephen Henson [Fri, 30 Oct 2009 13:29:08 +0000 (13:29 +0000)]
Move CHANGES entry to 0.9.8l section

10 years agoFix statless session resumption so it can coexist with SNI
Dr. Stephen Henson [Fri, 30 Oct 2009 13:22:44 +0000 (13:22 +0000)]
Fix statless session resumption so it can coexist with SNI

10 years agoDon't attempt session resumption if no ticket is present and session
Dr. Stephen Henson [Wed, 28 Oct 2009 19:52:35 +0000 (19:52 +0000)]
Don't attempt session resumption if no ticket is present and session
ID length is zero.

10 years agoAdd -no_cache option to s_server
Dr. Stephen Henson [Wed, 28 Oct 2009 17:49:37 +0000 (17:49 +0000)]
Add -no_cache option to s_server

10 years agoDon't replace whole AR line
Dr. Stephen Henson [Wed, 28 Oct 2009 15:33:20 +0000 (15:33 +0000)]
Don't replace whole AR line

10 years agoPR: 2081
Dr. Stephen Henson [Wed, 28 Oct 2009 14:00:41 +0000 (14:00 +0000)]
PR: 2081
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Respect AR and RANLIB environment variables if set.

10 years agoPR: 2080
Dr. Stephen Henson [Wed, 28 Oct 2009 13:55:55 +0000 (13:55 +0000)]
PR: 2080
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Respect MAKE environment variable if set.

10 years agoPR: 2078
Dr. Stephen Henson [Wed, 28 Oct 2009 13:51:56 +0000 (13:51 +0000)]
PR: 2078
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org

Corrections to bn_internal documentation.

10 years agoClarification
Dr. Stephen Henson [Fri, 23 Oct 2009 12:47:01 +0000 (12:47 +0000)]
Clarification

10 years agoSync FAQ with HEAD.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:24:54 +0000 (12:24 +0000)]
Sync FAQ with HEAD.

10 years agoIf not checking all certificates don't attempt to find a CRL
Dr. Stephen Henson [Fri, 23 Oct 2009 12:05:54 +0000 (12:05 +0000)]
If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.

10 years agoNeed to check <= 0 here.
Dr. Stephen Henson [Thu, 22 Oct 2009 23:14:12 +0000 (23:14 +0000)]
Need to check <= 0 here.

10 years agoPR: 2070
Dr. Stephen Henson [Mon, 19 Oct 2009 13:13:14 +0000 (13:13 +0000)]
PR: 2070
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org

Fix wrong cast.